Cannot ping IPv6 MikroTik Cloud

Halfeez92 · Wed Feb 24, 2021 4:10 am

Hi,

I am trying to reach my router thru IPv6 DDNS but when I checked it does not update with the IPv6 so I did a ping. Turns out I got a request timed out when trying to reach cloud2.mikrotik.com on IPv6. Any solution to this? Does my ISP blocking the IP or something? Because I can ping ipv6.google.com with success.

vikinggeek · Wed Feb 24, 2021 9:11 am

Same result here in California.

Halfeez92 · Fri Feb 26, 2021 2:43 am

Ahh I see. So what is the problem? Does the cloud2.mikrotik.com is having problem?

DarkNate · Sun Feb 28, 2021 8:37 am

It's likely your firewall misconfigured.

Use my firewall which I tried my best to conform to various IETF specs, built from scratch: viewtopic.php?f=2&t=172360

sindy · Sun Feb 28, 2021 9:29 am

There's an easy way to find out whether it is a firewall issue (even if the firewall was so selective that it would restrict access to cloud2.mikrotik.com but not to forum.mikrotik.com): use /tool traceroute.

If it shows no response at all, your own firewall or routing is to be blamed (or your ISP's); if it does show some hops responding, the issue is located further in the network (possibly a firewall somewhere else, but more likely a routing issue, or maybe a DNS update issue at Mikrotik side).

I have the following picture, for forum.mikrotik.com:

formatted code

[me@myTik] > /tool traceroute 2a02:610:7501:3000::239
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1 xxxx:xxxx:xxxx::xxxx               0%    2  13.1ms    12.2    11.3    13.1     0.9
 2 yyyy:yyyy:yyyy::yyyy               0%    2    22ms    18.3    14.5      22     3.8
 3                                  100%    2 timeout
 4                                  100%    2 timeout
 5 2001:2034:1:c3::1                  0%    2  41.3ms    43.8    41.3    46.3     2.5
 6                                  100%    2 timeout
 7 2001:2000:3080:21c8::2             0%    2  52.6ms    54.6    52.6    56.6       2
 8                                  100%    2 timeout
 9                                  100%    2 timeout
10                                  100%    2 timeout
11                                  100%    2 timeout
12 2a02:610:7501:3000::239            0%    2  50.3ms    50.3    50.3    50.3       0

For cloud2.mikrotik.com:

formatted code

[me@myTik] > /tool traceroute 2a02:610:7501:1000::201
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1 xxxx:xxxx:xxxx::xxxx               0%    3  13.4ms    12.9    11.8    13.4     0.7
 2 yyyy:yyyy:yyyy::yyyy               0%    3  16.2ms    17.6    16.1    19.1     1.5
 3 zzzz:zzzz:zzz:zzz::zzz             0%    3  19.1ms    18.9    18.4    19.1     0.3
 4                                  100%    3 timeout
 5                                  100%    3 timeout
 6 2001:2034:1:c3::1                  0%    3  42.6ms    43.9    42.6    46.4     1.7
 7 2001:2034:0:85::1                  0%    3  44.1ms    44.1    41.3    46.9     2.3
 8 2001:2000:3080:21c8::2             0%    3  48.4ms    48.9    48.4    49.9     0.7
 9                                  100%    3 timeout
10                                  100%    3 timeout
11                                  100%    3 timeout
12                                  100%    3 timeout
13                                  100%    3 timeout

(and the same for the other address, 2a02:610:7501:4000::251).

So in my case, it's not caused by my firewall.

Halfeez92 · Sun Feb 28, 2021 10:58 am

There's an easy way to find out whether it is a firewall issue (even if the firewall was so selective that it would restrict access to cloud2.mikrotik.com but not to forum.mikrotik.com): use /tool traceroute.

If it shows no response at all, your own firewall or routing is to be blamed (or your ISP's); if it does show some hops responding, the issue is located further in the network (possibly a firewall somewhere else, but more likely a routing issue, or maybe a DNS update issue at Mikrotik side).

I have the following picture, for forum.mikrotik.com:

formatted code

[me@myTik] > /tool traceroute 2a02:610:7501:3000::239
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1 xxxx:xxxx:xxxx::xxxx               0%    2  13.1ms    12.2    11.3    13.1     0.9
 2 yyyy:yyyy:yyyy::yyyy               0%    2    22ms    18.3    14.5      22     3.8
 3                                  100%    2 timeout
 4                                  100%    2 timeout
 5 2001:2034:1:c3::1                  0%    2  41.3ms    43.8    41.3    46.3     2.5
 6                                  100%    2 timeout
 7 2001:2000:3080:21c8::2             0%    2  52.6ms    54.6    52.6    56.6       2
 8                                  100%    2 timeout
 9                                  100%    2 timeout
10                                  100%    2 timeout
11                                  100%    2 timeout
12 2a02:610:7501:3000::239            0%    2  50.3ms    50.3    50.3    50.3       0

For cloud2.mikrotik.com:

formatted code

[me@myTik] > /tool traceroute 2a02:610:7501:1000::201
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1 xxxx:xxxx:xxxx::xxxx               0%    3  13.4ms    12.9    11.8    13.4     0.7
 2 yyyy:yyyy:yyyy::yyyy               0%    3  16.2ms    17.6    16.1    19.1     1.5
 3 zzzz:zzzz:zzz:zzz::zzz             0%    3  19.1ms    18.9    18.4    19.1     0.3
 4                                  100%    3 timeout
 5                                  100%    3 timeout
 6 2001:2034:1:c3::1                  0%    3  42.6ms    43.9    42.6    46.4     1.7
 7 2001:2034:0:85::1                  0%    3  44.1ms    44.1    41.3    46.9     2.3
 8 2001:2000:3080:21c8::2             0%    3  48.4ms    48.9    48.4    49.9     0.7
 9                                  100%    3 timeout
10                                  100%    3 timeout
11                                  100%    3 timeout
12                                  100%    3 timeout
13                                  100%    3 timeout

(and the same for the other address, 2a02:610:7501:4000::251).

So in my case, it's not caused by my firewall.

I can ping and traceroute forum.mikrotik.com with no problem, only cloud2.mikrotik.com I could not ping. I need this for the MikroTik DDNS to sync with my router IPv6 address since it still associate with the old IPv6 address prefix.

sindy · Sun Feb 28, 2021 11:10 am

First, please don't quote complete posts, especially if you react to a directly preceding one. There is no need to do so, this is not an e-mail message, the complete history of the conversation is always shown in the same window here.

Second, what I wanted to say by my post is that it is easy to find out whether the issue with access to cloud2.mikrotik.com is real or caused by your own firewall as @DarkNate suggests. And the conclusion is that at least in certain regions, there is a real issue and that it is likely to be at Mikrotik end given that forum.mikrotik.com can be pinged no problem whereas cloud2.mikrotik.com cannot.

So if it causes you a problem, open a support ticket with Mikrotik, either by sending an e-mail to support@mikrotik.com or, better, by using the web interface. forum.mikrotik.com is a self-help forum of fellow users, not an official input channel of Mikrotik support. You can refer to this forum topic in the ticket.

mozerd · Sun Feb 28, 2021 4:06 pm

Yes the FQDN does not respond nor does the ipv6 address BUT the ipv4 addresses do respond

159.148.172.251
159.148.147.201

MikroTik will need to fix with their provider.