Tuesday, July 29, 2014

linux - IPv6 only works after pinging the default gateway.



We now have 2013 and I thought it is long overdue to activate IPv6 on my server. But unfortunately, I ran in some problems. To be honest I only have litte experience with IPv6 So I hope you can help me with my "small" problem.



A small remark: The following addresses are obfuscated, it is not what I've used in my configs ;)



I am running a Debian squeeze (Debian 2.6.32-46) and I got a /64 IPv6 block from my provider: 2a01:4f8:a0:aaaa::/64




So I changed the /etc/network/interfaces file as follows (which is also the way my provider recommends it):



# Loopback device:
auto lo
iface lo inet loopback

# device: eth0
auto eth0
iface eth0 inet static
address 85.10.xxx.zz

broadcast 85.10.xxx.yy
netmask 255.255.255.224
gateway 85.10.xxx.1


iface eth0 inet6 static
# Main IPv6 Address of the server
address 2a01:4f8:a0:aaaa::2
netmask 64
gateway fe80::1



auto eth0:1
iface eth0:1 inet static
address 85.10.xxxx.uu
netmask 255.255.255.224

# default route to access subnet
up route add -net 85.10.xxx.0 netmask 255.255.255.224 gw 85.10.xxx.1 eth0



After a reboot (I am lazy and don't wanted to add everyhthing using route or ip) my eth0 interface looks like this:



eth0      < first line removed >  
inet addr:85.10.xxx.zz Bcast:85.10.xxx.yy Mask:255.255.255.224
inet6 addr: 2a01:4f8:a0:aaaa::2/64 Scope:Global
inet6 addr: fe80::bbbb:cccc:dddd:eeee/64 Scope:Link <--- from MAC address
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24133 errors:0 dropped:0 overruns:0 frame:0
TX packets:21712 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000
RX bytes:3464246 (3.3 MiB) TX bytes:5776451 (5.5 MiB)
Interrupt:25 Base address:0x2000


and the routes ip -6 route look like this:



2a01:4f8:a0:aaaa::/64 dev eth0  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vboxnet0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295

default via fe80::1 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295


Now, my problem is that my IPv6 isn't working properly. If I try to ping an IPv6 address e.g. ping6 ipv6.google.com. I get: "Destination unreachable: Address unreachable"



Which looks like this in tcpdump -i eth0 ip6:



00:29:05.386500 IP6 2a01:4f8:a0:aaaa::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has fe80::1, length 32
00:29:05.390869 IP6 2a01:4f8:a0:bbbb::1 > 2a01:4f8:a0:aaaa::2: ICMP6, neighbor advertisement, tgt is fe80::1, length 32



2a01:4f8:a0:bbbb::1 is btw. listed as my gateway (at my provider's online admin console).



I think, the reason for all this is the missing NDP entry / the missing MAC address of fe80::1. Because ip -6 neigh gives me:



fe80::1 dev eth0  router FAILED 


I think so because if I do: ping6 -I eth0 fe80::1 I get a proper echo reply and the desired mac address for my fe80::1 address as well as a perfectly working IPv6 stack:




$ip -6 neigh
fe80::1 dev eth0 lladdr ll:mm:nn:oo:pp:qq router REACHABLE


Here is also again the dump from tcpdump -i eth0 ip6:



00:30:37.555702 IP6 fe80::bbbb:cccc:dddd:eeee > fe80::1: ICMP6, echo request, seq 1, length 64
00:30:37.560219 IP6 fe80::1 > fe80::bbbb:cccc:dddd:eeee: ICMP6, echo reply, seq 1, length 64



(again: fe80::bbbb:cccc:dddd:eeee is my link-local address, derived from the MAC address)



From this point on, I can use IPv6: I can ping6 websites, I can connect to services using IPv6 or even connect to my server via ssh using IPv6.



So, what am I doing wrong here? I've spend a lot of time trying to find out how to "fix" this. I bet it can be solved using two commands. This is by the way the first time I am dealing with IPv6 on a server. So please forgive me for my inexperience. Btw. I also tried to alter some sysctl net.ipv6.* flags, but without success. If it is necessary for the solution, I can also post my configuration here.



Every hint is more than welcome!



Thank you very much in advance!


Answer




I gave the whole problem another try today, a couple of weeks later. And what can I say, I fixed it. Can someone please explain me why adding a ipv6 loopback fixed my problem? Here is what I've added to my /etc/network/interfaces file:



iface lo inet6 loopback


I have no ideas why I've forgot to add it in the first place!^^ Thank you all for your responses!


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...