IPv6 6rd issues

Advanced feature discussion, beta programs and unsupported "Labs" features.
2 posts Page 1 of 1
by wwwdrich » Fri Apr 01, 2016 10:04 am
So I had my bonded Pace router upgraded to the latest rev and it gets an IPv6 address via. 6rd correctly (although it doesn't show a subnet size, which is odd). However, since I'm using a port that is forwarded to my home network and my firewalls, it doesn't appear to be passing traffic properly. I have even tried setting up a separate interface on my firewall that *is* using the Pace as a router with no luck.

From my firewall I can ping and trace route to external addresses just fine. Anything behind the firewall on the other hand never gets traffic back. I can see it heading out to the Pace when I tcpdump but I don't see any responses. In addition, traceroute and ping from the outside never make it in, even to the address on the Pace or the firewall interface. The inbound traceroutes stop at an IPv6 IP that I'm not even sure what is is. The Pace is 2602:243:xxxx:xxxx::1, but the traceroute ends at 2602:243:xxxx:xxxx:1::1.

So this led to a couple of questions...
  • Anyone have any ideas WTF is going on?
  • Is there any way to see what is going on on the Pace or it is a complete black box? (i.e. is there a way to do the equivalent of a tcpdump to see if it is eating the traffic or something else is?)
  • Am I getting bitten by the firewall on the Pace?
  • What size is the delegated 6rd network? I was initially assuming a /60, but even going with a /64 and sunbathing it multiple /68s on my end doesn't seem to fix the routing problem.
  • Assuming that this is an issue with the fact that I'm forwarding a port instead of using the Pace as a router, is there a way to reconfigure the tunnel on Sonic's end to allow me to establish it on my firewall instead of the Pace? If I try configuring an interface with 6rd it never gets an address; even if I disable IPv6 in the member dashboard.
The whole reason behind my wanting to put the tunnel endpoint out on the Pace was to allow me to configure CARP between my pair of firewalls and fail-over IPv6. However, if that isn't going to work I would at least like to get 6rd up and running on my firewall itself so I can use IPv6 again on my network w/o going through the old tunnel setup.
by wwwdrich » Tue Apr 05, 2016 11:15 am
I see lots of people reading this, but no one has any suggestions? I'm a little miffed that while the 6rd enable is a "production" server through members.sonic.net, there isn't any support when it doesn't work.

I'm considering giving up on 6rd and just reverting back to my old tunnel. If I could at least get an answer to some of the basic questions it would be a big win. For example, knowing if I'm getting a /60 or a /64 would make this a lot easier to configure.
2 posts Page 1 of 1

Who is online

In total there are 30 users online :: 0 registered, 0 hidden and 30 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 30 guests