So I had my bonded Pace router upgraded to the latest rev and it gets an IPv6 address via. 6rd correctly (although it doesn't show a subnet size, which is odd). However, since I'm using a port that is forwarded to my home network and my firewalls, it doesn't appear to be passing traffic properly. I have even tried setting up a separate interface on my firewall that *is* using the Pace as a router with no luck.
From my firewall I can ping and trace route to external addresses just fine. Anything behind the firewall on the other hand never gets traffic back. I can see it heading out to the Pace when I tcpdump but I don't see any responses. In addition, traceroute and ping from the outside never make it in, even to the address on the Pace or the firewall interface. The inbound traceroutes stop at an IPv6 IP that I'm not even sure what is is. The Pace is 2602:243:xxxx:xxxx::1, but the traceroute ends at 2602:243:xxxx:xxxx:1::1.
So this led to a couple of questions...
From my firewall I can ping and trace route to external addresses just fine. Anything behind the firewall on the other hand never gets traffic back. I can see it heading out to the Pace when I tcpdump but I don't see any responses. In addition, traceroute and ping from the outside never make it in, even to the address on the Pace or the firewall interface. The inbound traceroutes stop at an IPv6 IP that I'm not even sure what is is. The Pace is 2602:243:xxxx:xxxx::1, but the traceroute ends at 2602:243:xxxx:xxxx:1::1.
So this led to a couple of questions...
- Anyone have any ideas WTF is going on?
- Is there any way to see what is going on on the Pace or it is a complete black box? (i.e. is there a way to do the equivalent of a tcpdump to see if it is eating the traffic or something else is?)
- Am I getting bitten by the firewall on the Pace?
- What size is the delegated 6rd network? I was initially assuming a /60, but even going with a /64 and sunbathing it multiple /68s on my end doesn't seem to fix the routing problem.
- Assuming that this is an issue with the fact that I'm forwarding a port instead of using the Pace as a router, is there a way to reconfigure the tunnel on Sonic's end to allow me to establish it on my firewall instead of the Pace? If I try configuring an interface with 6rd it never gets an address; even if I disable IPv6 in the member dashboard.