You are not logged in.

#1 2017-02-05 09:11:42

amitoj
Member
Registered: 2015-01-12
Posts: 9

Ping to IPv4 works but IPv6 does not

I have a hosted VPS running on arch linux. I'm trying to make outgoing connections from this server, but all of them fail. After a little bit of debugging, I figured that the reason for failed connections is that my server cannot access IPv6 addresses. Ping to IPv4 addresses work, but not to IPv6. Here is a sample.

[root@li863-18 /]# nslookup google.com
Server:         103.3.60.20
Address:        103.3.60.20#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.68.100
Name:   google.com
Address: 74.125.68.102
Name:   google.com
Address: 74.125.68.113
Name:   google.com
Address: 74.125.68.139
Name:   google.com
Address: 74.125.68.138
Name:   google.com
Address: 74.125.68.101
Name:   google.com
Address: 2404:6800:4003:c02::8a

[root@li863-18 /]# ping 74.125.68.100
PING 74.125.68.100 (74.125.68.100) 56(84) bytes of data.
64 bytes from 74.125.68.100: icmp_seq=1 ttl=50 time=1.20 ms
64 bytes from 74.125.68.100: icmp_seq=2 ttl=50 time=1.32 ms
64 bytes from 74.125.68.100: icmp_seq=3 ttl=50 time=1.41 ms
^C
--- 74.125.68.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.200/1.311/1.414/0.097 ms
[root@li863-18 /]# 
[root@li863-18 /]# ping 2404:6800:4003:c02::8a
PING 2404:6800:4003:c02::8a(2404:6800:4003:c02::8a) 56 data bytes
^C
--- 2404:6800:4003:c02::8a ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6070ms

My networking configuration. I've run the commands ip a s, ip -6 r s and cat /etc/resolv.conf:

[root@li863-18 /]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether ea:46:ac:25:5b:a3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::99c7:bfde:3127:700c/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f2:3c:91:e4:50:68 brd ff:ff:ff:ff:ff:ff
    inet 139.162.21.18/24 brd 139.162.21.255 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 2400:8901::f914:4433:e826:6f2a/64 scope global mngtmpaddr noprefixroute dynamic 
       valid_lft 2592000sec preferred_lft 604800sec
    inet6 fe80::f03c:91ff:fee4:5068/64 scope link 
       valid_lft forever preferred_lft forever
4: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
    link/void 
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: ip_vti0@NONE: <NOARP> mtu 1428 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
9: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
12: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1
    link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[root@li863-18 /]# ip -6 r s
2400:8901::/64 dev ens4 proto kernel metric 203  mtu 1500 pref medium
fe80::/64 dev ens4 proto kernel metric 256  pref medium
fe80::/64 dev dummy0 proto kernel metric 256  pref medium
default via fe80::1 dev ens4 metric 203  mtu 1500 pref medium
[root@li863-18 /]# cat /etc/resolv.conf
# Generated by resolvconf
domain members.linode.com
nameserver 103.3.60.20
nameserver 139.162.11.5
nameserver 139.162.13.5

Any pointer as to why this is the case. I would not want to disable IPv6 addresses through kernel unless absolutely necessary.

Last edited by amitoj (2017-02-05 09:33:34)

Offline

#2 2017-02-05 15:56:07

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: Ping to IPv4 works but IPv6 does not

fe80::: addresses are not routable, they are only for use on the local network and are self assigned by the device itself (I think -- I am still learning this IPv6 stuff)
Can you ping other things on the LAN by IPv6 address?
What does the journal have to say about dhcpcd and IPv6?  I don't think you have a working DHCP server speaking IPv6

Edit: Oh, I really closed your other thread and linked it here.  In the future, go ahead and use the report link and make a request of the moderators.  Even better, you could have edited your thread title and just carried on.

Edit 2:  Damn, I missed the 2400::: address on eno2

Last edited by ewaller (2017-02-05 15:59:26)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2017-02-11 09:16:12

severach
Member
Registered: 2015-05-23
Posts: 192

Re: Ping to IPv4 works but IPv6 does not

The mechanism for getting your packet from here to there is the same. How the parts of the mechanism fall into place is very different from ipv4.

I'd say load up WireShark but that won't be possible on hosting. Load up tcpdump. This is from a system set up statically. It's static because this is the DHCPv6 server for multiple networks. Getting one system to work static will teach you a lot about ipv6.

Let's see if we can get to your gateway. FE80::1 need not be a real address but the router that gave it to you needs to respond to it. If it does not you can try to hit it with another DHCPv6 request. I don't use FE80::1 because I've found it to be unreliable. Here are the responses the way I set them up.

$ ip address
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fc:4d:d4:d2:a4:72 brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.10/24 brd 192.168.50.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fd00::6/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::29f8:8344:df28:fbf8/64 scope link
       valid_lft forever preferred_lft forever

$ ip -6 route
fd00::/64 dev eno1 proto kernel metric 256  pref medium
fe80::209:fff:fe29:5200 dev eno1 proto static metric 100  pref medium
fe80::/64 dev eno1.100 proto kernel metric 256  pref medium
fe80::/64 dev eno1.102 proto kernel metric 256  pref medium
fe80::/64 dev eno1.101 proto kernel metric 256  pref medium
fe80::/64 dev eno1 proto kernel metric 256  pref medium
default via fe80::209:fff:fe29:5200 dev eno1 proto static metric 100  pref medium

$ ip -6 neighbor
fe80::1 dev eno1  FAILED
fe80::209:fff:fe29:5200 dev eno1 lladdr 00:09:0f:29:52:00 router STALE

$ ping FE80::1%eno1
PING fe80::1%eno1(fe80::1%eno1) 56 data bytes
From fe80::29f8:8344:df28:fbf8%eno1 icmp_seq=1 Destination unreachable: Address unreachable

# Getting it to kick out a neighbor advertisement for the gateway on demand is tricky.
# Deleting the route kills ipv6 connectivity and the constant chatter.
$ ip -6 route delete default via fe80::209:fff:fe29:5200 dev eno1
$ ip -6 neigh del fe80::209:fff:fe29:5200 dev eno1

$ ping fe80::209:fff:fe29:5200%eno1
PING fe80::209:fff:fe29:5200%eno1(fe80::209:fff:fe29:5200%eno1) 56 data bytes
64 bytes from fe80::209:fff:fe29:5200%eno1: icmp_seq=1 ttl=64 time=0.598 ms

$ ip -6 route add default via fe80::209:fff:fe29:5200 dev eno1

$ ping ipv6.google.com
PING ipv6.google.com(ord36s04-in-x0e.1e100.net (2607:f8b0:4009:800::200e)) 56 data bytes
64 bytes from ord36s04-in-x0e.1e100.net (2607:f8b0:4009:800::200e): icmp_seq=1 ttl=54 time=34.8 ms
64 bytes from ord36s04-in-x0e.1e100.net (2607:f8b0:4009:800::200e): icmp_seq=2 ttl=54 time=29.6 ms

# Meanwhile in another window running tcpdump.

$ tcpdump -i eno1 'icmp6'
03:05:24.697923 IP6 fe80::29f8:8344:df28:fbf8 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has fe80::1, length 32
(crickets, no response)

03:23:14.919009 IP6 fe80::29f8:8344:df28:fbf8 > ff02::1:ff29:5200: ICMP6, neighbor solicitation, who has fe80::209:fff:fe29:5200, length 32
03:23:14.919236 IP6 fe80::209:fff:fe29:5200 > fe80::29f8:8344:df28:fbf8: ICMP6, neighbor advertisement, tgt is fe80::209:fff:fe29:5200, length 32
03:23:14.919251 IP6 fe80::29f8:8344:df28:fbf8 > fe80::209:fff:fe29:5200: ICMP6, echo request, seq 1, length 64
03:23:14.919585 IP6 fe80::209:fff:fe29:5200 > fe80::29f8:8344:df28:fbf8: ICMP6, echo reply, seq 1, length 64

04:08:34.515608 IP6 fd00::6 > ord36s04-in-x0e.1e100.net: ICMP6, echo request, seq 1, length 64
04:08:34.550183 IP6 fe80::209:fff:fe29:5200 > ff02::1:ff00:6: ICMP6, neighbor solicitation, who has fd00::6, length 32
04:08:34.550225 IP6 fd00::6 > fe80::209:fff:fe29:5200: ICMP6, neighbor advertisement, tgt is fd00::6, length 32
04:08:34.550421 IP6 ord36s04-in-x0e.1e100.net > fd00::6: ICMP6, echo reply, seq 1, length 64
04:08:35.516871 IP6 fd00::6 > ord36s04-in-x0e.1e100.net: ICMP6, echo request, seq 2, length 64
04:08:35.546493 IP6 ord36s04-in-x0e.1e100.net > fd00::6: ICMP6, echo reply, seq 2, length 64

Offline

Board footer

Powered by FluxBB