Community discussions

MUM Europe 2020
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

IPv6 packages do not pass the router

Mon Apr 11, 2011 1:09 pm

Hello,

I am a beginner with ROS and I face a problem with IPv6 packages that does not pass the router.

I am sure that there is something trivial missing form the configuration, just I can not see.

The IPv6 works perfectly from the router out to the Internet. can ping trace route works etc.

Within the LAN it works OK
Code:
[admin@MikroTik] > ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 A S dst-address=::/0 gateway=sit1 gateway-status=sit1 reachable distance=1 scope=30 target-scope=10

1 A S dst-address=2000::/3 gateway=sit1 gateway-status=sit1 reachable check-gateway=ping distance=1 scope=30 target-scope=10

2 ADC dst-address=2001:470:27:5b6::/64 gateway=sit1 gateway-status=sit1 reachable distance=0 scope=10


Code:
[admin@MikroTik] > ipv6 firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept protocol=icmpv6

1 chain=input action=accept

2 chain=forward action=accept


Ping out works in does not
Code:
[admin@MikroTik] > ipv6 firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
[admin@MikroTik] > ping 2001:470:27:5b6::1
HOST SIZE TTL TIME STATUS
2001:470:27:5b6::1 56 64 10ms echo reply
2001:470:27:5b6::1 56 64 7ms echo reply
sent=2 received=2 packet-loss=0% min-rtt=7ms avg-rtt=8ms max-rtt=10ms

[admin@MikroTik] > ping 2001:470:27:5b6::100
HOST SIZE TTL TIME STATUS
2001:470:27:5b6::2 104 64 270ms hop limit exceeded
2001:470:27:5b6::2 104 64 291ms hop limit exceeded
sent=2 received=0 packet-loss=100%


While LAN works perfect but towards the router
Code:
[zoli@redhat ~]$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0B:CD:27:FC:12
inet addr:192.168.10.5 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: 2001:470:27:5b6::400/64 Scope:Global
inet6 addr: 2001:470:27:5b6:20b:cdff:fe27:fc12/64 Scope:Global
inet6 addr: fe80::20b:cdff:fe27:fc12/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5985846 errors:0 dropped:0 overruns:0 frame:0
TX packets:5894329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2052418166 (1.9 GiB) TX bytes:3702223330 (3.4 GiB)

[zoli@redhat ~]$ ping6 -c 2 2001:470:27:5b6::400
PING 2001:470:27:5b6::400(2001:470:27:5b6::400) 56 data bytes
64 bytes from 2001:470:27:5b6::400: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 2001:470:27:5b6::400: icmp_seq=2 ttl=64 time=0.053 ms

--- 2001:470:27:5b6::400 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.048/0.050/0.053/0.007 ms
[zoli@redhat ~]$ ping6 -c 2 2001:470:27:5b6::100
PING 2001:470:27:5b6::100(2001:470:27:5b6::100) 56 data bytes
64 bytes from 2001:470:27:5b6::100: icmp_seq=1 ttl=64 time=0.316 ms
64 bytes from 2001:470:27:5b6::100: icmp_seq=2 ttl=64 time=0.340 ms

--- 2001:470:27:5b6::100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.316/0.328/0.340/0.012 ms
[zoli@redhat ~]$ ping6 -c 2 2001:470:27:5b6::2
PING 2001:470:27:5b6::2(2001:470:27:5b6::2) 56 data bytes
From 2001:470:27:5b6::400 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:470:27:5b6::400 icmp_seq=2 Destination unreachable: Address unreachable

--- 2001:470:27:5b6::2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 3000ms

Any help would be appreciated.
Thank you in advance.

Regards,
Z
Last edited by arpadffy on Tue Apr 19, 2011 12:23 pm, edited 1 time in total.
 
mikko
newbie
Posts: 37
Joined: Tue Jan 11, 2011 5:18 pm
Location: Finland

Re: IPv6 packages does not pass the router

Tue Apr 12, 2011 2:28 am

You have to set ipv6 address to your lan interface too. Now you have only set ipv6 address to tunnel interface.

You can find your Hurricane Electric routed prefix on their site. That is the address space that you can use in your lan. They have example config for Mikrotik available too! But it do not mention that you have to set your routed prefix yourself to lan since they can't know what is your lan interface.

Most probably it will start working when you set 2001:470:28:5b6::1/64 (check this from HE page) to your lan interface and correct your linux server address according your prefix. And you can set advertise=yes to your lan if you want to use auto-configure ipv6 addresses.

Something like this
/ipv6 address add address=2001:470:28:5b6::1/64 interface=ether2 advertise=yes
Mikko, MTCNA, CCNA
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: IPv6 packages does not pass the router

Thu Apr 14, 2011 5:35 pm

Posting a traceroute might help, if the ping is hitting a hop limit then it looks like it's looping somewhere or going out the wrong path.
brightwifi.com | mikrotik-routeros.com | MTCNA,MTCWE.MTCTCE | Give karma where due
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

Re: IPv6 packages does not pass the router

Tue Apr 19, 2011 12:21 pm

Hello,

here is the concrete configuration
[admin@MikroTik] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                                     INTERFACE                                                       ADVERTISE
 0  G 2001:470:27:5b6::2/64                       sit1                                                            yes
 1 DL fe80::53fb:4443/128                         sit1                                                            no
 2 DL fe80::20c:42ff:fe55:4c0f/64                 ether1-gateway                                                  no
 3 DL fe80::20c:42ff:fe55:4c11/64                 ether3-gateway                                                  no
 4 DL fe80::20c:42ff:fe55:4c10/64                 ether2-local-master                                             no
 5  G 2001:470:27:5b6::12/64                      ether2-local-master                                             yes
use all defaults
[admin@MikroTik] /ipv6> firewall address-list print
Flags: X - disabled, D - dynamic
 #   LIST                                                                       ADDRESS
[admin@MikroTik] /ipv6> firewall connection print
Flags: S - seen reply, A - assured
 #    PROTOCOL SRC-ADDRESS                 DST-ADDRESS                 TCP-STATE
[admin@MikroTik] /ipv6> firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
[admin@MikroTik] /ipv6> firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
traceroute outside works perfect
[admin@MikroTik] > tool traceroute 2001:470:27:5b6::2
 # ADDRESS                                 RT1   RT2   RT3   STATUS
 1 2001:470:27:5b6::2                      1ms   1ms   1ms

[admin@MikroTik] > tool traceroute 2001:470:27:5b6::1
 # ADDRESS                                 RT1   RT2   RT3   STATUS
 1 2001:470:27:5b6::1                      11ms  10ms  9ms

[admin@MikroTik] > tool traceroute 2001:470:0:2f::2
 # ADDRESS                                 RT1   RT2   RT3   STATUS
 1 2001:470:27:5b6::1                      14ms  11ms  9ms
 2 2001:470::11e:0:0:0:1                   8ms   8ms   8ms
 3 2001:470::110:0:0:0:1                   34ms  43ms  33ms
 4 2001:470::1d2:0:0:0:1                   45ms  56ms  45ms
 5 2001:470::128:0:0:0:1                   114ms 122ms 115ms
 6 2001:470::1c6:0:0:0:2                   131ms 132ms 131ms
 7 2001:470::1af:0:0:0:2                   154ms 154ms 157ms
 8 2001:470::2f:0:0:0:2                    187ms 201ms 193ms
let check the nd
[admin@MikroTik] > ipv6 nd print
Flags: X - disabled, I - invalid
 0   interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
     retransmit-interval=unspecified ra-lifetime=30m hop-limit=30 advertise-mac-address=yes advertise-dns=no
     managed-address-configuration=no other-configuration=no
...and indeed it works very well... as some host in the LAN - behind the router got IPv6 address:
[root@redhat ~]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:0B:CD:27:FC:12
          inet addr:192.168.10.5  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: 2001:470:27:5b6:20b:cdff:fe27:fc12/64 Scope:Global
          inet6 addr: fe80::20b:cdff:fe27:fc12/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53379757 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44685565 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1438618123 (1.3 GiB)  TX bytes:1044300900 (995.9 MiB)
But does not work from the host to the router
[root@redhat ~]# ping6 2001:470:27:5b6::1
PING 2001:470:27:5b6::1(2001:470:27:5b6::1) 56 data bytes
From 2001:470:27:5b6:20b:cdff:fe27:fc12 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:470:27:5b6:20b:cdff:fe27:fc12 icmp_seq=3 Destination unreachable: Address unreachable
From 2001:470:27:5b6:20b:cdff:fe27:fc12 icmp_seq=4 Destination unreachable: Address unreachable
^C
--- 2001:470:27:5b6::1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4276ms

[root@redhat ~]# traceroute6 2001:470:27:5b6::1
traceroute to 2001:470:27:5b6::1 (2001:470:27:5b6::1), 30 hops max, 80 byte packets
 1  redhat.polarhome.com (2001:470:27:5b6:20b:cdff:fe27:fc12)  3000.174 ms !H  3000.159 ms !H  3000.137 ms !H
...nor in the way back as the packages are looping between the sit1 and the uplink
[admin@MikroTik] > ping 2001:470:27:5b6:20b:cdff:fe27:fc12
HOST                                    SIZE  TTL TIME  STATUS
2001:470:27:5b6::2                      104   64  299ms hop limit exceeded
2001:470:27:5b6::2                      104   64  307ms hop limit exceeded
2001:470:27:5b6::2                      104   64  314ms hop limit exceeded
    sent=3 received=0 packet-loss=100%

[admin@MikroTik] > tool traceroute 2001:470:27:5b6:20b:cdff:fe27:fc12
 # ADDRESS                                 RT1   RT2   RT3   STATUS
 1 2001:470:27:5b6::1                      10ms  20ms  12ms
 2 2001:470:27:5b6::2                      12ms  10ms  13ms
 3 2001:470:27:5b6::1                      22ms  23ms  34ms
 4 2001:470:27:5b6::2                      21ms  16ms  26ms
 5 2001:470:27:5b6::1                      33ms  0ms   0ms
 6 2001:470:27:5b6::2                      31ms  30ms  26ms
 7 ::                                      0ms   0ms   0ms
 8 2001:470:27:5b6::2                      44ms  34ms  36ms
 9 2001:470:27:5b6::1                      54ms  0ms   0ms
10 2001:470:27:5b6::2                      43ms  45ms  57ms
Obviously there must be some problem with the routing... but it looks OK
[admin@MikroTik] > ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 0 A S  dst-address=2000::/3 gateway=sit1 gateway-status=sit1 reachable check-gateway=ping distance=1 scope=30
        target-scope=10

 1 ADC  dst-address=2001:470:27:5b6::/64 gateway=sit1,ether2-local-master
        gateway-status=sit1 reachable,ether2-local-master reachable distance=0 scope=10
I have tried as well to assign an advertised address to ether2-local-master, but did not help :(

What I am doing wrong? ... or is it a bug?

Any help would be appreciated.

Thank you.

Regards,
Z
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: IPv6 packages do not pass the router

Tue Apr 19, 2011 12:31 pm

Setting the address from the same network on tunnel and on local interface is not going to work.
Local interface should have /64 routed or /48 routed network assigned to you by HE.
Read this for more details
http://wiki.mikrotik.com/wiki/Manual:My ... v6_Network
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

Re: IPv6 packages do not pass the router

Tue Apr 19, 2011 4:43 pm

Hello,

thank you for answering.
I have followed the wiki page step by step... there is some progress but still does not work.

Here is the current status (after using /48 in LAN)
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                                     INTERFACE                                                       ADVERTISE
 0 DL fe80::20c:42ff:fe55:4c0f/64                 ether1-gateway                                                  no
 1 DL fe80::20c:42ff:fe55:4c11/64                 ether3-gateway                                                  no
 2 DL fe80::20c:42ff:fe55:4c10/64                 ether2-local-master                                             no
 3 DL fe80::53fb:4443/128                         sit1                                                            no
 4  G 2001:470:27:5b6::2/64                       sit1                                                            no
 5  G 2001:470:dce3::1/64                         ether2-local-master                                             yes
[admin@MikroTik] > ipv6 route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  2000::/3                 2001:470:27:5b6::1       1
 1 ADC  2001:470:27:5b6::/64     sit1                     0
 2 ADC  2001:470:dce3::/64       ether2-local-master      0
both 48 and 64 are routed
core1.fmt1.he.net> traceroute ipv6 2001:470:dce3::1

Sending DNS Query to 65.19.175.2
Sending DNS Query to 65.19.176.2
Sending DNS Query to 209.51.180.102

Tracing the route to IPv6 node 2001:470:dce3::1 from 1 to 30 hops

  1     8 ms   <1 ms   <1 ms 10gigabitethernet1-2.core1.sjc2.he.net [2001:470:0:2f::2]
  2    30 ms   40 ms   29 ms 10gigabitethernet3-3.core1.den1.he.net [2001:470:0:1b4::2]
  3    71 ms  210 ms  505 ms 10gigabitethernet1-1.core1.chi1.he.net [2001:470:0:1af::1]
  4   190 ms   85 ms  100 ms 10gigabitethernet7-2.core1.nyc4.he.net [2001:470:0:1c6::1]
  5   148 ms  149 ms  185 ms 10gigabitethernet3-3.core1.lon1.he.net [2001:470:0:128::2]
  6   176 ms  195 ms  149 ms 10gigabitethernet4-2.core1.fra1.he.net [2001:470:0:1d2::2]
  7   189 ms  175 ms  179 ms 10gigabitethernet1-1.core1.sto1.he.net [2001:470:0:110::2]
  8   177 ms  175 ms  174 ms 1g-eth0.tserv24.sto1.ipv6.he.net [2001:470:0:11e::2]
  9   191 ms  184 msSending DNS Query to 65.19.176.2
Sending DNS Query to 209.51.180.102
  194 ms 2001:470:dce3::1# Entry cached for another 23 seconds.


core1.fmt1.he.net> traceroute ipv6 2001:470:27:5b6::2

Sending DNS Query to 65.19.175.2

Tracing the route to IPv6 node polarhome-2-pt.tunnel.tserv24.sto1.ipv6.he.net(2001:470:27:5b6::2)from 1 to 30 hops

  1    10 ms   <1 ms   <1 ms 10gigabitethernet1-2.core1.sjc2.he.net [2001:470:0:2f::2]
  2    27 ms   27 ms   40 ms 10gigabitethernet3-3.core1.den1.he.net [2001:470:0:1b4::2]
  3    84 ms   70 ms   58 ms 10gigabitethernet1-1.core1.chi1.he.net [2001:470:0:1af::1]
  4    73 ms   79 ms   70 ms 10gigabitethernet7-2.core1.nyc4.he.net [2001:470:0:1c6::1]
  5   167 ms  150 ms  155 ms 10gigabitethernet3-3.core1.lon1.he.net [2001:470:0:128::2]
  6   164 ms  159 ms  150 ms 10gigabitethernet4-2.core1.fra1.he.net [2001:470:0:1d2::2]
  7   173 ms  194 ms  178 ms 10gigabitethernet1-1.core1.sto1.he.net [2001:470:0:110::2]
  8   193 ms  204 ms  193 ms 1g-eth0.tserv24.sto1.ipv6.he.net [2001:470:0:11e::2]
  9   195 ms  183 ms  192 ms polarhome-2-pt.tunnel.tserv24.sto1.ipv6.he.net [2001:470:27:5b6::2]# Entry cached for another 54 seconds.
... as as we may expect the ping out works perfect.

From other side ND works as well. The host got the new IP address automatically
[root@redhat ~]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:0B:CD:27:FC:12
          inet addr:192.168.10.5  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: 2001:470:dce3:0:20b:cdff:fe27:fc12/64 Scope:Global
          inet6 addr: fe80::20b:cdff:fe27:fc12/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54862221 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45921850 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2704887655 (2.5 GiB)  TX bytes:1426432468 (1.3 GiB)
It can even reach the router
[root@redhat ~]# ping6 -c 2 2001:470:dce3::1
PING 2001:470:dce3::1(2001:470:dce3::1) 56 data bytes
64 bytes from 2001:470:dce3::1: icmp_seq=1 ttl=64 time=0.228 ms
64 bytes from 2001:470:dce3::1: icmp_seq=2 ttl=64 time=0.208 ms

--- 2001:470:dce3::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.208/0.218/0.228/0.010 ms
[root@redhat ~]# traceroute6 2001:470:dce3::1
traceroute to 2001:470:dce3::1 (2001:470:dce3::1), 30 hops max, 80 byte packets
 1  2001:470:dce3::1 (2001:470:dce3::1)  0.239 ms  0.255 ms  0.298 ms
... but not through the router
[root@redhat ~]# ping6 -c 2 2001:470:0:2f::2
PING 2001:470:0:2f::2(2001:470:0:2f::2) 56 data bytes
From 2001:470:dce3:0:20b:cdff:fe27:fc12 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:470:dce3:0:20b:cdff:fe27:fc12 icmp_seq=2 Destination unreachable: Address unreachable

--- 2001:470:0:2f::2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 3000ms

[root@redhat ~]# traceroute6 2001:470:0:2f::2
traceroute to 2001:470:0:2f::2 (2001:470:0:2f::2), 30 hops max, 80 byte packets
 1  redhat.polarhome.com (2001:470:dce3:0:20b:cdff:fe27:fc12)  3000.232 ms !H  3000.217 ms !H  3000.194 ms !H

NOW I realized that the ND does not advertise the gateway address correctly...
The next hop should be 2001:470:dce3::1

Tried the following: if I force the following configuration (on a Fedora 13 system)
IPV6_DEFAULTGW=2001:470:dce3::1/64
IPV6_DEFROUTE=yes
IPV6ADDR=2001:470:dce3::500/64
IPV6INIT=yes


It will result that ND will not be used and voila - the routing works:
[root@redhat ~]# ping6 -c 2 2001:470:0:2f::2
PING 2001:470:0:2f::2(2001:470:0:2f::2) 56 data bytes
64 bytes from 2001:470:0:2f::2: icmp_seq=1 ttl=56 time=194 ms
64 bytes from 2001:470:0:2f::2: icmp_seq=2 ttl=56 time=187 ms

--- 2001:470:0:2f::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1187ms
rtt min/avg/max/mdev = 187.362/191.133/194.904/3.771 ms
[root@redhat ~]# traceroute6 2001:470:0:2f::2
traceroute to 2001:470:0:2f::2 (2001:470:0:2f::2), 30 hops max, 80 byte packets
 1  2001:470:dce3::1 (2001:470:dce3::1)  0.225 ms  0.243 ms  0.281 ms
 2  polarhome-2.tunnel.tserv24.sto1.ipv6.he.net (2001:470:27:5b6::1)  21.974 ms  23.379 ms  20.434 ms
 3  gige-g2-20.core1.sto1.he.net (2001:470:0:11e::1)  23.488 ms  23.403 ms  23.464 ms
 4  10gigabitethernet3-3.core1.fra1.he.net (2001:470:0:110::1)  48.311 ms  48.304 ms  48.224 ms
 5  10gigabitethernet5-3.core1.lon1.he.net (2001:470:0:1d2::1)  66.623 ms  66.651 ms  66.683 ms
 6  10gigabitethernet4-4.core1.nyc4.he.net (2001:470:0:128::1)  127.259 ms 10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:3e::1)  127.141 ms  127.160 ms
 7  10gigabitethernet8-3.core1.chi1.he.net (2001:470:0:1c6::2)  142.767 ms  141.487 ms  137.993 ms
 8  10gigabitethernet3-2.core1.den1.he.net (2001:470:0:1af::2)  169.681 ms  169.173 ms  169.723 ms
 9  10gigabitethernet1-2.core1.sjc2.he.net (2001:470:0:2f::2)  199.164 ms  199.018 ms  198.969 ms
Now we know that the routing and the router is OK when ND is not used.

ND config looks like below:
[admin@MikroTik] > ipv6 nd print detail
Flags: X - disabled, I - invalid
 0   interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
     retransmit-interval=unspecified ra-lifetime=30m hop-limit=30 advertise-mac-address=yes advertise-dns=no
     managed-address-configuration=no other-configuration=no
[admin@MikroTik] > ipv6 nd prefix print
Flags: X - disabled, I - invalid, D - dynamic
 0  D prefix=2001:470:dce3::/64 interface=ether2-local-master on-link=yes autonomous=yes valid-lifetime=4w2d
      preferred-lifetime=1w
The question is, what is missing here or what parameter needs to be used in order to advertise the default IPv6 gateway address too?

Thank you.

Regards,
Z
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: IPv6 packages do not pass the router

Tue Apr 19, 2011 5:07 pm

Two wild guesses, gotta admit I didn't read too carefully.

Did you wait a long enough time for a new RA to be generated? Just in case?

Are you using a switch chip in a RouterBOARD? What version of RouterOS are you running? There used to be RA/ND issues with those. If you convert all ports to routed ports it works fine.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

Re: IPv6 packages do not pass the router

Tue Apr 19, 2011 5:46 pm

Hello,

Thank you for your answer... yes I did wait enough and the host interface was restarted in order to get new IP etc.

Here are the router details:
[admin@MikroTik] > system routerboard print
       routerboard: yes
             model: "450G"
     serial-number: "2796018814B8"
  current-firmware: "2.29"
  upgrade-firmware: "2.29"
[admin@MikroTik] > system resource print
                   uptime: 1w3d19h43m39s
                  version: "5.1"
              free-memory: 238380KiB
             total-memory: 257120KiB
                      cpu: "MIPS 24Kc V7.4"
                cpu-count: 1
            cpu-frequency: 680MHz
                 cpu-load: 2%
           free-hdd-space: 479688KiB
          total-hdd-space: 520192KiB
  write-sect-since-reboot: 157905
         write-sect-total: 716436
               bad-blocks: 0%
        architecture-name: "mipsbe"
               board-name: "RB450G"
                 platform: "MikroTik"
Hope it helps to determine what might be the problem.

Thank you.

Regards,
Z
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: IPv6 packages do not pass the router

Wed Apr 20, 2011 4:34 am

[admin@MikroTik] > ipv6 nd print
Flags: X - disabled, I - invalid
0   interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
     retransmit-interval=unspecified ra-lifetime=30m hop-limit=30 advertise-mac-address=yes advertise-dns=no
     managed-address-configuration=no other-configuration=no
I believe this should be:
Edit: Correction, should only be different for the interface you want to hand addressing on.
/ipv6 nd add
     interface=ether2-local-master  ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
     retransmit-interval=unspecified ra-lifetime=30m hop-limit=30 advertise-mac-address=yes advertise-dns=no
     managed-address-configuration=yes other-configuration=no
brightwifi.com | mikrotik-routeros.com | MTCNA,MTCWE.MTCTCE | Give karma where due
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: IPv6 packages do not pass the router

Wed Apr 20, 2011 8:35 am

When RADV is used clients install default route with gateway as <link local address of the router>%interface

It is unclear whether you have switch configured or not as port have namings master and slave like in default config, but link local addresses are present for all interfaces.
Check if client installs default route with link local address of master port (if switch/bridge is configured)
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

Re: IPv6 packages do not pass the router

Wed Apr 20, 2011 10:42 am

Hello,

I have tried to force nd interface=ether2-local-master.

..and the result is the same. There is no route.
[root@redhat ~]# route -A inet6 -n
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
2001:470:dce3::/64                          ::                                      U     256    1        0 eth1
fe80::/64                                   ::                                      U     256    0        0 eth1
::/0                                        ::                                      U     1024   0        0 eth1
::1/128                                     ::                                      U     0      0        1 lo
2001:470:dce3::500/128                      ::                                      U     0      0        1 lo
2001:470:dce3:0:20b:cdff:fe27:fc12/128      ::                                      U     0      0        1 lo
fe80::20b:cdff:fe27:fc12/128                ::                                      U     0      0        1 lo
ff02::1/128                                 ff02::1                                 UC    0      1        0 eth1
ff00::/8                                    ::    
While with defined IPV6GATEWAY it looks like below:
[root@redhat ~]# route -A inet6 -n
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
2001:470:dce3::/64                          ::                                      UA    256    0        0 eth1
fe80::/64                                   ::                                      U     256    0        0 eth1
::/0                                        fe80::20c:42ff:fe55:4c10                UGDA  1024   41       0 eth1
::1/128                                     ::                                      U     0      1        1 lo
2001:470:dce3::500/128                      ::                                      U     0      40       1 lo
2001:470:dce3:0:20b:cdff:fe27:fc12/128      ::                                      U     0      0        1 lo
fe80::20b:cdff:fe27:fc12/128                ::                                      U     0      2        1 lo
ff02::1/128                                 ff02::1                                 UC    0      1        0 eth1
ff02::1:ff00:500/128                        ff02::1:ff00:500                        UC    0      1        0 eth1
ff00::/8                                    ::                                      U     256    0        0 eth1
I have a feeling that ND does not advertise the gateway as the ::/0 is empty when auto configuration is used.
I doubt that the Fedora 13 ipv6 stack could has a problem, because earlier I run the similar configuration with a Linux gateway running radvd and it worked perfect (even within the same /64 subnet)

Thank you.

Regards,
Z
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: IPv6 packages do not pass the router

Wed Apr 20, 2011 10:56 am

ND is not advertising gateway. It is a task of host to determine gateway:
On receipt of a valid Router Advertisement, a host extracts the source address of the packet and adds it to Default Router List.
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

Re: IPv6 packages do not pass the router

Wed Apr 20, 2011 11:41 am

Hello,

fortunately I have access to quite wide range of operating systems and I made a brief test on linux, solaris, aix, netbsd and freebsd.
The interface shows on all hosts that it is auto configured... but the packages does not go through the router.

Here is the freebsd interface.
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::250:baff:feb2:1b52%vr0 prefixlen 64 scopeid 0x1
        inet 192.168.10.3 netmask 0xffffff00 broadcast 192.168.10.255
        inet6 2001:470:dce3:0:250:baff:feb2:1b52 prefixlen 64 autoconf
        ether 00:50:ba:b2:1b:52
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
bash-2.05b#  ping6 -c 2 2001:470:dce3::1
PING6(56=40+8+8 bytes) 2001:470:dce3:0:250:baff:feb2:1b52 --> 2001:470:dce3::1
16 bytes from 2001:470:dce3::1, icmp_seq=0 hlim=64 time=9.562 ms
16 bytes from 2001:470:dce3::1, icmp_seq=1 hlim=64 time=0.370 ms

--- 2001:470:dce3::1 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.370/4.966/9.562/4.596 ms

bash-2.05b# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
127.0.0.1          127.0.0.1          UH          0        7    lo0
192.168.10         link#1             UC          0        0    vr0
192.168.10.1       00:0c:42:55:4c:10  UHLW        1       49    vr0   1175
192.168.10.5       00:0b:cd:27:fc:12  UHLW        1       57    vr0   1085
192.168.10.36      00:21:85:3d:b4:c9  UHLW        1        6    vr0   1192

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0 =>
default                           fe80::20c:42ff:fe55:4c10%vr0  UG          vr0
::1                               ::1                           UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2001:470:27:5b6::/64              link#1                        UC          vr0
2001:470:27:5b6:250:baff:feb2:1b52 00:50:ba:b2:1b:52             UHL         lo0
2001:470:1f00:956::300            00:50:ba:b2:1b:52             UHL         lo0
2001:470:dce3::/64                link#1                        UC          vr0
2001:470:dce3::1                  00:0c:42:55:4c:10             UHLW        vr0
2001:470:dce3:0:250:baff:feb2:1b52 00:50:ba:b2:1b:52             UHL         lo0
2001:470:dce3:1::/64              link#1                        UC          vr0
2001:470:dce3:1:250:baff:feb2:1b52 00:50:ba:b2:1b:52             UHL         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%vr0/64                     link#1                        UC          vr0
fe80::20c:42ff:fe55:4c10%vr0      00:0c:42:55:4c:10             UHLW        vr0
fe80::250:baff:feb2:1b52%vr0      00:50:ba:b2:1b:52             UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   U           lo0
fe80::1%lo0                       link#3                        UHL         lo0
ff01::/32                         ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%vr0/32                     link#1                        UC          vr0
ff02::%lo0/32                     ::1                           UC          lo0
It is remarkable that the solaris host was the only one that managed to get a route and worked perfect.
I need to investigate a bit more... because all these hosts worked well earlier when, the Linux gateway running radvd took care of the IP addresses.

Thank you for the help.
I'll send the update.

Regards,
Z
 
arpadffy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 17, 2011 1:52 am
Location: Stockholm, Sweden
Contact:

Re: IPv6 packages do not pass the router

Tue Apr 26, 2011 4:48 pm

Thank you very much for all help.
Seems, it works now very well.

After the correct ipv6 subnet configuration it was needed to restart the whole networking (on some hosts reboot was needed) in order to get the right ipv6 routes.

What is the most important... that ROS 5.1 works well with 6to4 interface, ipv6 routing and ND - and the only important fact is, as we learnd from mrz
Setting the address from the same network on tunnel and on local interface is not going to work.
Local interface should have /64 routed or /48 routed network assigned to you by HE.
Regards,
Z

Who is online

Users browsing this forum: No registered users and 34 guests