Default system IPv6 address
Moderator: Moderators
Default system IPv6 address
Hello,
There's been a few issues with using IPv6 which I know is just missing more configuration or just the way I have it configured.
The issue is, I have multiple IPv6 addresses aliased to eth0 and it never takes the desired address to connect to other services, thus, when running traceroute6 or other utilities the system just doesn't know what to do (I get a unreachable host from another IPv6 address than the first one/desired primary).
I found half-solution to this: to set the preferred_lft to deprecated for every address other than the desired main source address. This works for outgoing connections that do not set a source address, however, binding to another address that is deprecated... well... doesn't work.
I think this is due to the other addresses being aliased on the eth0 interface, but I can't remember, for the life of me, how I had it configured.
There's been a few issues with using IPv6 which I know is just missing more configuration or just the way I have it configured.
The issue is, I have multiple IPv6 addresses aliased to eth0 and it never takes the desired address to connect to other services, thus, when running traceroute6 or other utilities the system just doesn't know what to do (I get a unreachable host from another IPv6 address than the first one/desired primary).
I found half-solution to this: to set the preferred_lft to deprecated for every address other than the desired main source address. This works for outgoing connections that do not set a source address, however, binding to another address that is deprecated... well... doesn't work.
I think this is due to the other addresses being aliased on the eth0 interface, but I can't remember, for the life of me, how I had it configured.
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC
Re: Default system IPv6 address
This is how we do it on our Debian servers:
Code: Select all
iface eth1 inet6 static
address 2607:fe70:0:14::1:0
netmask 64
pre-up modprobe ipv6
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
post-up ip addr add 2607:fe70:0:14::1:1/64 dev $IFACE preferred_lft 0
post-up ip addr add 2607:fe70:0:14::1:2/64 dev $IFACE preferred_lft 0
post-up ip addr add 2607:fe70:0:14::1:3/64 dev $IFACE preferred_lft 0
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
That is pretty much what I do, except in another fashion because of the fact I don't have a Debian system (I strongly dislike Debian):
Just for clarifying, I did zero out the MAC address on the HWaddr field and the link-local IPv6 address manually. I figure if RN wants to know, they can just look at my servers' port and find out what the MAC address is, exactly
Let's talk about more odd things, I originally tried from a specific address as source, then from the main server address and both failed. I then pinged without setting a source, it succeeded, then sourcing from the main address worked.
This got completely over my head as soon as I couldn't ping6 kame.net with the main address as source and then it pinged after I set no source... I am usually quite good at finding things out myself, but this time I got completely overwhelmed.
Code: Select all
#!/bin/bash
DEVS="eth0"
for IFACE in $DEVS; do
for ADDR in $(ip -6 addr show dev $IFACE | grep inet6 | gawk '{print $2}' | grep 2607 | grep -v '::2'); do
/usr/sbin/ip -6 addr change $ADDR dev $IFACE preferred_lft 0
done
done
unset DEVS IFACE ADDR
Code: Select all
[root@moriko] ~ # ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 7200 qlen 1000
inet6 2607:fe70:17::6/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:17::5/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:17::4/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:17::3/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:17::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::000:00ff:0000:0000/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
[root@moriko] ~ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:74.118.152.82 Bcast:74.118.152.87 Mask:255.255.255.248
inet6 addr: 2607:fe70:17::3/64 Scope:Global
inet6 addr: 2607:fe70:17::5/64 Scope:Global
inet6 addr: 2607:fe70:17::4/64 Scope:Global
inet6 addr: fe80::000:00ff:fe00:0000/64 Scope:Link
inet6 addr: 2607:fe70:17::6/64 Scope:Global
inet6 addr: 2607:fe70:17::2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:7200 Metric:1
RX packets:124464861 errors:0 dropped:0 overruns:0 frame:0
TX packets:169733268 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:625472203 (596.4 Mb) TX bytes:3558880715 (3394.0 Mb)
Interrupt:44 Base address:0xa000
Code: Select all
[root@moriko] ~ # ip -6 route sh
2607:fe70:17::/64 dev eth0 proto kernel metric 256 mtu 7200
fe80::/64 dev eth0 proto kernel metric 256 mtu 7200
default via 2607:fe70:17::1 dev eth0 metric 1 mtu 7200
Let's talk about more odd things, I originally tried from a specific address as source, then from the main server address and both failed. I then pinged without setting a source, it succeeded, then sourcing from the main address worked.
Code: Select all
[root@moriko] ~ # ping6 -I 2607:fe70:17::5 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::5 : 56 data bytes
From abyss.simplysam.us icmp_seq=2 Destination unreachable: Address unreachable
From abyss.simplysam.us icmp_seq=3 Destination unreachable: Address unreachable
From abyss.simplysam.us icmp_seq=4 Destination unreachable: Address unreachable
^C
--- www.kame.net ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5009ms
[root@moriko] ~ # ping6 -I 2607:fe70:17::2 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::2 : 56 data bytes
From moriko.simplysam.us icmp_seq=1 Destination unreachable: Address unreachable
From moriko.simplysam.us icmp_seq=2 Destination unreachable: Address unreachable
^C
--- www.kame.net ping statistics ---
3 packets transmitted, 0 received, +2 errors, 100% packet loss, time 2007ms
[root@moriko] ~ # ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=160 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=180 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=47 time=158 ms
^C
--- www.kame.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 158.227/166.452/180.225/9.805 ms
[root@moriko] ~ # ping6 -I 2607:fe70:17::2 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::2 : 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=165 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=155 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=47 time=149 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=47 time=159 ms
^C
--- www.kame.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 149.477/157.420/165.123/5.775 ms
[root@moriko] ~ # ping6 -I 2607:fe70:17::5 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::5 : 56 data bytes
^C
--- www.kame.net ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 9999ms
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC
Re: Default system IPv6 address
Hmm, quite odd since I can verify it works on our web server:
I will have to test this more on my personal colo'd server.
Code: Select all
sethm@web:~$ ip -6 addr show dev eth1
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2607:fe70:0:14::1:3/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:0:14::1:2/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:0:14::1:1/64 scope global deprecated
valid_lft forever preferred_lft forever
inet6 2607:fe70:0:14::1:0/64 scope global
valid_lft forever preferred_lft forever
Code: Select all
sethm@web:~$ ping6 -c 5 -I 2607:fe70:0:14::1:3 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:0:14::1:3 : 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=136 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=136 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=47 time=136 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=47 time=158 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=5 ttl=47 time=135 ms
--- www.kame.net ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4014ms
rtt min/avg/max/mdev = 135.225/140.508/158.289/8.913 ms
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
You have no link-local IPv6 address?
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC
Re: Default system IPv6 address
There is one, I just didn't include it in the post.user00265 wrote:You have no link-local IPv6 address?
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
Well, I've gone through and exhausted all I could to try and find out whats up with this, but to no avail. I am out of ideas and can't figure this out for the life of me. Maybe it lies on the sysctl settings? Does it need IPv6 forwarding (though I doubt it since its on the same interface that has bare network access)... I just don't know.
If there is something else to try, I'm all for it.
If there is something else to try, I'm all for it.
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC
Re: Default system IPv6 address
I'll try setting up a test server using the same OS and version as yours and see what I can come up with. I haven't been able to duplicate the issue on ours.
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
Can we try changing your MTU back to 1500 everywhere?
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
Its set.
Code: Select all
eth0 Link encap:Ethernet HWaddr 00:25:90:00:72:B4
inet addr:74.118.152.82 Bcast:74.118.152.87 Mask:255.255.255.248
inet6 addr: 2607:fe70:17::3/64 Scope:Global
inet6 addr: 2607:fe70:17::5/64 Scope:Global
inet6 addr: 2607:fe70:17::4/64 Scope:Global
inet6 addr: fe80::225:90ff:fe00:72b4/64 Scope:Link
inet6 addr: 2607:fe70:17::6/64 Scope:Global
inet6 addr: 2607:fe70:17::2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:139941667 errors:0 dropped:0 overruns:0 frame:0
TX packets:126046987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1082303040 (1032.1 Mb) TX bytes:1690429448 (1612.1 Mb)
Interrupt:44 Base address:0x2000
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC
Re: Default system IPv6 address
Hmm, well, that didn't seem to make a difference. It was just an idea anyway. I'll keep working on it. For now just leave the MTU at 1500.
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
Hey Seth,
Since we couldn't find this out, can we just switch the port back to jumbo frames and Gigabit?
-Sam
Since we couldn't find this out, can we just switch the port back to jumbo frames and Gigabit?
-Sam
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC
Re: Default system IPv6 address
I've set the port MTU back to 9000. Speed negotiation is always 10/100/1000 regardless of the MTU.
Seth Mattinen, Roller Network LLC
Re: Default system IPv6 address
Just as a follow-up, I've been messing with this and it seems to be related to ip6tables entries. I'm narrowing down the suspects. Seems that the default DROP policy for INPUT is the culprit, not matching some packets, even when there is a explicit rule to allow them through.
Elisamuel Resto
Simply Sam, LLC
Simply Sam, LLC