Default system IPv6 address

Need help? Ask here.

Moderator: Moderators

user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Default system IPv6 address

Post by user00265 »

Hello,

There's been a few issues with using IPv6 which I know is just missing more configuration or just the way I have it configured.

The issue is, I have multiple IPv6 addresses aliased to eth0 and it never takes the desired address to connect to other services, thus, when running traceroute6 or other utilities the system just doesn't know what to do (I get a unreachable host from another IPv6 address than the first one/desired primary).

I found half-solution to this: to set the preferred_lft to deprecated for every address other than the desired main source address. This works for outgoing connections that do not set a source address, however, binding to another address that is deprecated... well... doesn't work.

I think this is due to the other addresses being aliased on the eth0 interface, but I can't remember, for the life of me, how I had it configured.
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

This is how we do it on our Debian servers:

Code: Select all

iface eth1 inet6 static
    address 2607:fe70:0:14::1:0
    netmask 64
    pre-up modprobe ipv6
    pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
    post-up ip addr add 2607:fe70:0:14::1:1/64 dev $IFACE preferred_lft 0
    post-up ip addr add 2607:fe70:0:14::1:2/64 dev $IFACE preferred_lft 0
    post-up ip addr add 2607:fe70:0:14::1:3/64 dev $IFACE preferred_lft 0
Seth Mattinen, Roller Network LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

That is pretty much what I do, except in another fashion because of the fact I don't have a Debian system (I strongly dislike Debian):

Code: Select all

#!/bin/bash
DEVS="eth0"
for IFACE in $DEVS; do
    for ADDR in $(ip -6 addr show dev $IFACE | grep inet6 | gawk '{print $2}' | grep 2607 | grep -v '::2'); do
        /usr/sbin/ip -6 addr change $ADDR dev $IFACE preferred_lft 0
    done
done
unset DEVS IFACE ADDR
Just for clarifying, I did zero out the MAC address on the HWaddr field and the link-local IPv6 address manually. I figure if RN wants to know, they can just look at my servers' port and find out what the MAC address is, exactly :)

Code: Select all

[root@moriko] ~ # ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 7200 qlen 1000
    inet6 2607:fe70:17::6/64 scope global deprecated
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:17::5/64 scope global deprecated
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:17::4/64 scope global deprecated
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:17::3/64 scope global deprecated
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:17::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::000:00ff:0000:0000/64 scope link
       valid_lft forever preferred_lft forever

Code: Select all

[root@moriko] ~ # ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:74.118.152.82  Bcast:74.118.152.87  Mask:255.255.255.248
          inet6 addr: 2607:fe70:17::3/64 Scope:Global
          inet6 addr: 2607:fe70:17::5/64 Scope:Global
          inet6 addr: 2607:fe70:17::4/64 Scope:Global
          inet6 addr: fe80::000:00ff:fe00:0000/64 Scope:Link
          inet6 addr: 2607:fe70:17::6/64 Scope:Global
          inet6 addr: 2607:fe70:17::2/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:7200  Metric:1
          RX packets:124464861 errors:0 dropped:0 overruns:0 frame:0
          TX packets:169733268 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:625472203 (596.4 Mb)  TX bytes:3558880715 (3394.0 Mb)
          Interrupt:44 Base address:0xa000

Code: Select all

[root@moriko] ~ # ip -6 route sh
2607:fe70:17::/64 dev eth0  proto kernel  metric 256  mtu 7200
fe80::/64 dev eth0  proto kernel  metric 256  mtu 7200
default via 2607:fe70:17::1 dev eth0  metric 1  mtu 7200

Let's talk about more odd things, I originally tried from a specific address as source, then from the main server address and both failed. I then pinged without setting a source, it succeeded, then sourcing from the main address worked.

Code: Select all

[root@moriko] ~ # ping6 -I 2607:fe70:17::5 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::5 : 56 data bytes
From abyss.simplysam.us icmp_seq=2 Destination unreachable: Address unreachable
From abyss.simplysam.us icmp_seq=3 Destination unreachable: Address unreachable
From abyss.simplysam.us icmp_seq=4 Destination unreachable: Address unreachable
^C
--- www.kame.net ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5009ms

[root@moriko] ~ # ping6 -I 2607:fe70:17::2 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::2 : 56 data bytes
From moriko.simplysam.us icmp_seq=1 Destination unreachable: Address unreachable
From moriko.simplysam.us icmp_seq=2 Destination unreachable: Address unreachable
^C
--- www.kame.net ping statistics ---
3 packets transmitted, 0 received, +2 errors, 100% packet loss, time 2007ms

[root@moriko] ~ # ping6 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=160 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=180 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=47 time=158 ms
^C
--- www.kame.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 158.227/166.452/180.225/9.805 ms

[root@moriko] ~ # ping6 -I 2607:fe70:17::2 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::2 : 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=165 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=155 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=47 time=149 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=47 time=159 ms
^C
--- www.kame.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 149.477/157.420/165.123/5.775 ms
[root@moriko] ~ # ping6 -I 2607:fe70:17::5 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:17::5 : 56 data bytes
^C
--- www.kame.net ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 9999ms
This got completely over my head as soon as I couldn't ping6 kame.net with the main address as source and then it pinged after I set no source... I am usually quite good at finding things out myself, but this time I got completely overwhelmed.
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

Hmm, quite odd since I can verify it works on our web server:

Code: Select all

sethm@web:~$ ip -6 addr show dev eth1
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2607:fe70:0:14::1:3/64 scope global deprecated 
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:0:14::1:2/64 scope global deprecated 
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:0:14::1:1/64 scope global deprecated 
       valid_lft forever preferred_lft forever
    inet6 2607:fe70:0:14::1:0/64 scope global 
       valid_lft forever preferred_lft forever

Code: Select all

sethm@web:~$ ping6 -c 5 -I 2607:fe70:0:14::1:3 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) from 2607:fe70:0:14::1:3 : 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=47 time=136 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=47 time=136 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=47 time=136 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=4 ttl=47 time=158 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=5 ttl=47 time=135 ms

--- www.kame.net ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4014ms
rtt min/avg/max/mdev = 135.225/140.508/158.289/8.913 ms
I will have to test this more on my personal colo'd server.
Seth Mattinen, Roller Network LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

You have no link-local IPv6 address?
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

user00265 wrote:You have no link-local IPv6 address?
There is one, I just didn't include it in the post.
Seth Mattinen, Roller Network LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

Well, I've gone through and exhausted all I could to try and find out whats up with this, but to no avail. I am out of ideas and can't figure this out for the life of me. Maybe it lies on the sysctl settings? Does it need IPv6 forwarding (though I doubt it since its on the same interface that has bare network access)... I just don't know.

If there is something else to try, I'm all for it.
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

I'll try setting up a test server using the same OS and version as yours and see what I can come up with. I haven't been able to duplicate the issue on ours.
Seth Mattinen, Roller Network LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

Can we try changing your MTU back to 1500 everywhere?
Seth Mattinen, Roller Network LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

Its set.

Code: Select all

eth0      Link encap:Ethernet  HWaddr 00:25:90:00:72:B4
          inet addr:74.118.152.82  Bcast:74.118.152.87  Mask:255.255.255.248
          inet6 addr: 2607:fe70:17::3/64 Scope:Global
          inet6 addr: 2607:fe70:17::5/64 Scope:Global
          inet6 addr: 2607:fe70:17::4/64 Scope:Global
          inet6 addr: fe80::225:90ff:fe00:72b4/64 Scope:Link
          inet6 addr: 2607:fe70:17::6/64 Scope:Global
          inet6 addr: 2607:fe70:17::2/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:139941667 errors:0 dropped:0 overruns:0 frame:0
          TX packets:126046987 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1082303040 (1032.1 Mb)  TX bytes:1690429448 (1612.1 Mb)
          Interrupt:44 Base address:0x2000
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

Hmm, well, that didn't seem to make a difference. It was just an idea anyway. I'll keep working on it. For now just leave the MTU at 1500.
Seth Mattinen, Roller Network LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

Hey Seth,

Since we couldn't find this out, can we just switch the port back to jumbo frames and Gigabit?

-Sam
Elisamuel Resto
Simply Sam, LLC
Seth
Site Admin
Posts: 309
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: Default system IPv6 address

Post by Seth »

I've set the port MTU back to 9000. Speed negotiation is always 10/100/1000 regardless of the MTU.
Seth Mattinen, Roller Network LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

Good enough for me. Thanks, Seth!
Elisamuel Resto
Simply Sam, LLC
user00265
Posts: 18
Joined: Wed Apr 28, 2010 7:45 pm
Location: Chatfield, MN
Contact:

Re: Default system IPv6 address

Post by user00265 »

Just as a follow-up, I've been messing with this and it seems to be related to ip6tables entries. I'm narrowing down the suspects. Seems that the default DROP policy for INPUT is the culprit, not matching some packets, even when there is a explicit rule to allow them through.
Elisamuel Resto
Simply Sam, LLC
Post Reply