|
Linux IPV6 routing issue with 2 interfaces
Hi
i have centos server with eth0 interfaces and lo default loopback . now i have the subnet of 2a06:1280:bee1::3/64 on eth0 now if i ping 2a06:1280:bee1::3 from anywhere , i can reach it . now assume i add other address like : ip addr add 2a06:1280:bee1::aaaa/64 dev eth0 ip addr add 2a06:1280:bee1::bbbb/64 dev eth0 then the ips 2a06:1280:bee1::aaaa & 2a06:1280:bee1::bbbb are pingable . but i have a problem . say i have other GRE interface that had tunnel ip6-4 with other server. if i put any ip from my subnet to the tunnel interface . it never reach it. as an example if i have gre tunnle : ip tunnel add IPV61 mode sit remote 67.212.83.32 local 185.99.132.3 ttl 255 ip link set IPV61 up ip addr add 2a06:1280:bee1:1000::1/64 dev IPV61 as we see i cant ping that interface !!! but if i put the ip of that tunnel to eth0 it works !!! so i think im here with a problem with routing or interfaces sharing . seems like ping works & connectiviy to outside world works only if i out it on eth0 . any help ?? ============================================ [root@rns ~]# cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 net.ipv4.conf.all.forwarding=1 net.ipv4.conf.default.forwarding=1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 ################### net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.eth0.accept_ra = 1 net.ipv6.conf.eth0.accept_ra_defrtr = 1 net.ipv6.conf.eth0.router_solicitations = 1 ######################### net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.IPV61.accept_ra = 1 net.ipv6.conf.IPV61.accept_ra_defrtr = 1 net.ipv6.conf.IPV61.router_solicitations = 1 [root@rns ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 TYPE=Ethernet UUID=173ca404-2018-4594-98c5-8ab349875a78 ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=xxx PREFIX=24 GATEWAY=xxx DNS1=8.8.8.8 DOMAIN="search.local dns.local" DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=yes NAME="System eth0" IPV6_AUTOCONF=no IPV6_DEFAULTGW=2a06:1280:bee1::dea:1 IPV6ADDR=2a06:1280:bee1::3/64 IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=yes HWADDR=D2:80:52:9A:79:AB DNS2=2001:4860:4860::8888 LAST_CONNECT=1441361689 NETWORKING_IPV6=yes [root@rns ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=rns.nz1.zappiehost.com GATEWAY=xxxx IPV6_DEFAULTGW=2a06:1280:bee1::dea:1 NETWORKING_IPV6=yes any help ??? |
Where are two GRE terminators, on server?
|
yes on same server .
the question is , why only the ip ping-able and able to reach internet only if it was on eth0 ??? i want to ask , do i need other ting to be enabled ? i believe this is normal routing issue and shroud be enabled by default , but dont know why ...any help ? thankx |
GRE tunnel interface should be over a physical interface, shouldn't it? Otherwise, how can packet go to wire?
|
yes u r correct ,
but if i add IPV6 address to that GR tunnel , whey i cant ping it ? but same ip of i put it on the physical (eth0) i can ping it do u have any explanation for that ? |
can u help me wt does this trace mean ??
traceroute6 2602:ffd5:1:100::1 traceroute to 2602:ffd5:1:100::1 (2602:ffd5:1:100::1), 30 hops max, 80 byte packets 1 2602:ffd5:1:dddd:bbbb::1 (2602:ffd5:1:dddd:bbbb::1) 18.209 ms !N 18.108 ms !N 18.082 ms !N root@ca:~# when it die at that host ? |
If there is IPv6 and IPv4 conversion, two physical interfaces are requested, one connect to IPv4 and another connect to IPv6.
You can use GRE tunnel encapsulate IPv4 packet over IPv6 network. |
ok , let me discuss my issue for you shortly and let me explain the issue i have .
i will post full topology shortly of wt i want to do thanks |
Hi ,
i have linux server that already contacin ipv6 address/64 and able to reach ipv6 destination without any problem. but i want to cut some ips of that main server and give it to other server by tunnel so that other server be able to reach ipv6 websites . i was able to do the tunnel between them and ping all the networks/ips between them. my main problem is , the remote server that has some ips cutted from the /64 and put in it as /128 , is unable to reach internet . and seems like the traceroute die on the main server and dont exit it . hope you can help me . let me explain what i did so far : ==================== server1-which is the main server has : inet addr:162.250.189.177 inet6 addr: 2602:ffd5:1:112:999::1/64 Scope:Global we can say 2602:ffd5:1:112::/64 subnet ========================== server2-which is the remote server that will use the main server as ipv6 gateway has : 67.212.83.32 ========================== here below i will post the settings i useed for tunnel : server1-main one : ip tunnel add IPV6 mode sit remote 67.212.83.32 local 162.250.189.177 ttl 255 ip link set IPV6 up ifconfig IPV6 inet add 2602:ffd5:1:dddd:bbbb::1/64 ip route add 2602:ffd5:1:112:112::/80 dev IPV6 server2-client one : ip tunnel add IPV6 mode sit remote 162.250.189.177 local 67.212.83.32 ttl 255 ip link set IPV6 up ip route add ::/0 dev IPV6 ifconfig IPV6 inet add 2602:ffd5:1:dddd:bbbb::2/64 ifconfig lo inet add 2602:ffd5:1:112:112::aaa/128 ======================= as we see above we have the tunnel point-point subnet as 2602:ffd5:1:dddd:bbbb::0/64 and i cut the ip from /64 to be 2602:ffd5:1:112:112::aaa/128 on the remte server so that it go with it the internet and i let the clietn to use the main server as default gateway. ============= ping between two servers all working : 1-ping from the main to client server : [root@localhost ~]# ping6 2602:ffd5:1:dddd:bbbb::2 PING 2602:ffd5:1:dddd:bbbb::2(2602:ffd5:1:dddd:bbbb::2) 56 data bytes 64 bytes from 2602:ffd5:1:dddd:bbbb::2: icmp_seq=1 ttl=64 time=1.50 ms 64 bytes from 2602:ffd5:1:dddd:bbbb::2: icmp_seq=2 ttl=64 time=0.886 ms ^C --- 2602:ffd5:1:dddd:bbbb::2 ping statistics --- 2 packets transmitted, 2 received, 0 packet loss, time 1454ms rtt min/avg/max/mdev = 0.886/1.193/1.501/0.309 ms [root@localhost ~]# ping6 2602:ffd5:1:dddd:bbbb::1 PING 2602:ffd5:1:dddd:bbbb::1(2602:ffd5:1:dddd:bbbb::1) 56 data bytes 64 bytes from 2602:ffd5:1:dddd:bbbb::1: icmp_seq=1 ttl=64 time=0.056 ms 64 bytes from 2602:ffd5:1:dddd:bbbb::1: icmp_seq=2 ttl=64 time=0.087 ms ^C --- 2602:ffd5:1:dddd:bbbb::1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1512ms rtt min/avg/max/mdev = 0.056/0.071/0.087/0.017 ms [root@localhost ~]# ping6 2602:ffd5:1:112:112::aaa PING 2602:ffd5:1:112:112::aaa(2602:ffd5:1:112:112::aaa) 56 data bytes 64 bytes from 2602:ffd5:1:112:112::aaa: icmp_seq=1 ttl=64 time=1.58 ms 64 bytes from 2602:ffd5:1:112:112::aaa: icmp_seq=2 ttl=64 time=1.02 ms ^C --- 2602:ffd5:1:112:112::aaa ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1750ms rtt min/avg/max/mdev = 1.023/1.303/1.583/0.280 ms [root@localhost ~]# ping6 google.com -n PING google.com(2607:f8b0:4006:80c::1000) 56 data bytes 64 bytes from 2607:f8b0:4006:80c::1000: icmp_seq=1 ttl=58 time=20.1 ms 64 bytes from 2607:f8b0:4006:80c::1000: icmp_seq=2 ttl=58 time=19.4 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1507ms rtt min/avg/max/mdev = 19.420/19.776/20.133/0.383 ms [root@localhost ~]# as we see , server main is able to reach all ips on server2 and reach internet ==================== 2-ping from server 2 root@ca:~# ping6 2602:ffd5:1:dddd:bbbb::2 PING 2602:ffd5:1:dddd:bbbb::2(2602:ffd5:1:dddd:bbbb::2) 56 data bytes 64 bytes from 2602:ffd5:1:dddd:bbbb::2: icmp_seq=1 ttl=64 time=0.027 ms ^C --- 2602:ffd5:1:dddd:bbbb::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.027/0.027/0.027/0.000 ms root@ca:~# ping6 2602:ffd5:1:dddd:bbbb::1 PING 2602:ffd5:1:dddd:bbbb::1(2602:ffd5:1:dddd:bbbb::1) 56 data bytes 64 bytes from 2602:ffd5:1:dddd:bbbb::1: icmp_seq=1 ttl=64 time=1.40 ms ^C --- 2602:ffd5:1:dddd:bbbb::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.409/1.409/1.409/0.000 ms root@ca:~# ping6 google.com -n PING google.com(2607:f8b0:400d:c06::71) 56 data bytes ^C --- google.com ping statistics --- 13 packets transmitted, 0 received, 100% packet loss, time 12095ms root@ca:~# traceroute6 google.com traceroute to google.com (2607:f8b0:400d:c06::8b), 30 hops max, 80 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * root@ca:~# ip -6 route show unreachable 2602:ffd5:1:112:112::aaa dev lo proto kernel metric 256 error -101 2602:ffd5:1:dddd::/64 dev IPV6 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev IPV6 proto kernel metric 256 default dev IPV6 metric 1024 root@ca:~# agian the gateway of the client is the main , server , but it cant exit the maon sever to internet where could be possible my mistake ??? note that all ipv4,ipv6 & selinux are disabled on both servers. cheers |
What's ip route output for IPv4 and IPv6 on server1-main?
What's eth0 IPv4 and IPv6 address setting on server2-client? |
main server side :
[main-server ~]# ip route show 10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 10.8.0.0/24 via 10.8.0.2 dev tun0 162.250.189.0/24 dev eth0 proto kernel scope link src 162.250.189.177 192.169.1.0/24 dev tap_vpn1 proto kernel scope link src 192.169.1.1 169.254.0.0/16 dev eth0 scope link metric 1002 default via 162.250.189.1 dev eth0 [main-server ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable 2002:a00::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 unreachable 2002:e000::/19 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 2602:ffd5:1:112:112::/80 dev IPV6 metric 1024 mtu 1480 advmss 1420 hoplimit 4294967295 2602:ffd5:1:112::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 2602:ffd5:1:dddd::/64 via :: dev IPV6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295 2602:ffd5:1::/48 dev eth0 proto kernel metric 256 expires 0sec mtu 1500 advmss 1440 hoplimit 4294967295 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 via :: dev IPV6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295 default via fe80::768e:f8ff:fe61:e241 dev eth0 proto kernel metric 1024 expires 0sec mtu 1500 advmss 1440 hoplimit 64 [main-server ~]# client side : client]~# ~# ifconfig IPV6 Link encap:IPv6-in-IPv4 inet6 addr: 2602:ffd5:1:dddd:bbbb::2/64 Scope:Global inet6 addr: fe80::43d4:5320/64 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:90 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:832 (832.0 B) TX bytes:7752 (7.5 KiB) eth0 Link encap:Ethernet HWaddr 00:16:3e:b0:97:25 inet addr:67.212.83.32 Bcast:67.212.83.63 Mask:255.255.255.192 inet6 addr: fe80::216:3eff:feb0:9725/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:156855170 errors:0 dropped:0 overruns:0 frame:0 TX packets:93980727 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:133424391804 (124.2 GiB) TX bytes:131559112024 (122.5 GiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host inet6 addr: 2602:ffd5:1:112:112::aaa/128 Scope:Global UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:2734 errors:0 dropped:0 overruns:0 frame:0 TX packets:2734 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:254379 (248.4 KiB) TX bytes:254379 (248.4 KiB) client]~# |
any help ?
|
IPv6 default route is missed.
|
here is the default route from the client :
root@ca:~# ip -6 route show unreachable 2602:ffd5:1:112:112::aaa dev lo proto kernel metric 256 error -101 2602:ffd5:1:dddd::/64 dev IPV6 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev IPV6 proto kernel metric 256 default dev IPV6 metric 1024 root@ca:~# |
and here is internet from the server to google :
ping6 google.com PING google.com(lga15s48-in-x02.1e100.net) 56 data bytes 64 bytes from lga15s48-in-x02.1e100.net: icmp_seq=1 ttl=58 time=8.62 ms 64 bytes from lga15s48-in-x02.1e100.net: icmp_seq=2 ttl=58 time=8.29 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 received, 0 packet loss, time 1510ms rtt min/avg/max/mdev = 8.295/8.460/8.626/0.189 ms [root@localhost ~]# tracepath6 -n google.com 1?: [LOCALHOST] pmtu 1500 1: 2602:ffd5:1:100::1 1.053ms 1: 2602:ffd5:1:100::1 0.250ms 2: 2001:590::451f:8e41 1.519ms asymm 3 3: 2001:668:0:2::1:1bb2 15.483ms agian let me say agian : ping from sever to anythung is 100 % ok ping between server and client in ipv6 is 100 % ping between client to server in ipv6 is 100 % the problem is when the client try to reach the internet any help ? |
| All times are GMT -5. The time now is 12:21 AM. |