Ping to IPv4 works but IPv6 does not

linux linux-networking ipv6 linode
6,161

It appears you are trying to use a privacy address (RFC 3972, RFC 4941, or RFC 7217) in a /64 which Linode is sharing among multiple customers.

By default a Linode machine is allocated a single IPv6 address based on their MAC address inside a link /64 shared between all customers in the datacenter. Linode have taken steps to protect against IP spoofing. This means you won't even see neighbor discovery packets for other IP addresses in the segment than your own.

For that reason privacy addresses are not going to work. Try instead to use an IPv6 address based on your MAC address. In your case the IPv6 address would be 2400:8901::f03c:91ff:fee4:5068

If you need more than one address you can file a ticket to request a routed /64 which is not going to be shared.

Share:
6,161

Related videos on Youtube

Neo
Author by

Neo

Updated on September 18, 2022

Comments

  • Neo
    Neo almost 2 years

    I have a hosted VPS running on arch linux. I'm trying to make outgoing connections from this server, but all of them fail. After a little bit of debugging, I figured that the reason for failed connections is that my server cannot access IPv6 addresses. Ping to IPv4 addresses work, but not to IPv6. Here is a sample.

    [root@li863-18 /]# nslookup google.com
Server:         103.3.60.20
Address:        103.3.60.20#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.68.100
Name:   google.com
Address: 74.125.68.102
Name:   google.com
Address: 74.125.68.113
Name:   google.com
Address: 74.125.68.139
Name:   google.com
Address: 74.125.68.138
Name:   google.com
Address: 74.125.68.101
Name:   google.com
Address: 2404:6800:4003:c02::8a

[root@li863-18 /]# ping 74.125.68.100
PING 74.125.68.100 (74.125.68.100) 56(84) bytes of data.
64 bytes from 74.125.68.100: icmp_seq=1 ttl=50 time=1.20 ms
64 bytes from 74.125.68.100: icmp_seq=2 ttl=50 time=1.32 ms
64 bytes from 74.125.68.100: icmp_seq=3 ttl=50 time=1.41 ms
^C
--- 74.125.68.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.200/1.311/1.414/0.097 ms
[root@li863-18 /]# 
[root@li863-18 /]# ping 2404:6800:4003:c02::8a
PING 2404:6800:4003:c02::8a(2404:6800:4003:c02::8a) 56 data bytes
^C
--- 2404:6800:4003:c02::8a ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6070ms

    My networking configuration. I've run the commands ip a s, ip -6 r s and cat /etc/resolv.conf:

    [root@li863-18 /]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether ea:46:ac:25:5b:a3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::99c7:bfde:3127:700c/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f2:3c:91:e4:50:68 brd ff:ff:ff:ff:ff:ff
    inet 139.162.21.18/24 brd 139.162.21.255 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 2400:8901::f914:4433:e826:6f2a/64 scope global mngtmpaddr noprefixroute dynamic 
       valid_lft 2592000sec preferred_lft 604800sec
    inet6 fe80::f03c:91ff:fee4:5068/64 scope link 
       valid_lft forever preferred_lft forever
4: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
    link/void 
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: ip_vti0@NONE: <NOARP> mtu 1428 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
9: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
12: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1
    link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[root@li863-18 /]# ip -6 r s
2400:8901::/64 dev ens4 proto kernel metric 203  mtu 1500 pref medium
fe80::/64 dev ens4 proto kernel metric 256  pref medium
fe80::/64 dev dummy0 proto kernel metric 256  pref medium
default via fe80::1 dev ens4 metric 203  mtu 1500 pref medium
[root@li863-18 /]# cat /etc/resolv.conf
# Generated by resolvconf
domain members.linode.com
nameserver 103.3.60.20
nameserver 139.162.11.5
nameserver 139.162.13.5

    Adding traceroute info.

    [root@li863-18 /]# traceroute google.com
traceroute to google.com (74.125.68.138), 30 hops max, 60 byte packets
 1  103.3.60.3 (103.3.60.3)  0.711 ms  0.936 ms  1.085 ms
 2  139.162.0.9 (139.162.0.9)  0.638 ms  0.654 ms 139.162.0.13 (139.162.0.13)  0.606 ms
 3  15169.sgw.equinix.com (27.111.228.30)  0.827 ms  0.826 ms  0.820 ms
 4  108.170.242.66 (108.170.242.66)  1.074 ms 108.170.243.19 (108.170.243.19)  1.122 ms 108.170.240.226 (108.170.240.226)  1.107 ms
 5  209.85.243.215 (209.85.243.215)  1.440 ms 209.85.243.241 (209.85.243.241)  20.269 ms 108.170.240.173 (108.170.240.173)  1.702 ms
 6  209.85.255.217 (209.85.255.217)  7.835 ms 216.239.51.61 (216.239.51.61)  1.884 ms 209.85.243.209 (209.85.243.209)  1.532 ms
 7  216.239.48.73 (216.239.48.73)  4.784 ms 216.239.51.61 (216.239.51.61)  2.075 ms *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * sc-in-f138.1e100.net (74.125.68.138)  1.490 ms  1.653 ms
[root@li863-18 /]# traceroute 74.125.68.138
traceroute to 74.125.68.138 (74.125.68.138), 30 hops max, 60 byte packets
 1  103.3.60.3 (103.3.60.3)  0.889 ms  0.868 ms  1.311 ms
 2  139.162.0.9 (139.162.0.9)  0.709 ms 139.162.0.13 (139.162.0.13)  0.650 ms 139.162.0.9 (139.162.0.9)  0.687 ms
 3  139.162.0.18 (139.162.0.18)  0.658 ms 15169.sgw.equinix.com (27.111.228.30)  0.727 ms 139.162.0.18 (139.162.0.18)  0.625 ms
 4  15169.sgw.equinix.com (27.111.228.30)  0.715 ms 108.170.240.226 (108.170.240.226)  1.488 ms 108.170.240.162 (108.170.240.162)  6.201 ms
 5  108.170.240.236 (108.170.240.236)  1.202 ms 108.170.242.71 (108.170.242.71)  1.114 ms 216.239.42.47 (216.239.42.47)  1.688 ms
 6  209.85.255.80 (209.85.255.80)  3.119 ms 209.85.243.241 (209.85.243.241)  2.212 ms 209.85.242.221 (209.85.242.221)  1.597 ms
 7  209.85.255.80 (209.85.255.80)  7.597 ms  1.422 ms 72.14.236.130 (72.14.236.130)  10.235 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * sc-in-f138.1e100.net (74.125.68.138)  1.869 ms  1.878 ms
[root@li863-18 /]# traceroute 2404:6800:4003:c02::64
traceroute to 2404:6800:4003:c02::64 (2404:6800:4003:c02::64), 30 hops max, 80 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

    Any pointer as to why this is the case. I would not want to disable IPv6 addresses through kernel unless absolutely necessary.

    • Neo
      Neo over 7 years
      @mkzero - Could you explain in a bit more detail. ping google.com fails as well.
    • Izzy
      Izzy over 7 years
      Well, you ping the Google Web Frontend Servers, not the Google Public DNS Servers. And if ´ping google.com´ fails, you might have a more severe problem. Maybe a router with a too restrictive firewall enabled? Oh and your resolv.conf is missing v6 servers...
    • Neo
      Neo over 7 years
      @mkzero - ping google.com fails because ping resolves google.com to an IPv6 address. And then ofcourse, it cannot route to IPv6 address.
    • Neo
      Neo over 7 years
      ping 2001:4860:4860::8888 fails as well.
    • Michael Hampton
      Michael Hampton over 7 years
      Your default gateway is either wrong or not responding. See if you can ping it, i.e. ping6 fe80::1%ens4 or if you can get a response from the all-routers multicast address, i.e. ping6 ff02::2%ens4.
    • Neo
      Neo over 7 years
      @MichaelHampton - Both commands work. FYI, my archlinux does not have ping6. So I used regular ping.
    • Michael Hampton
      Michael Hampton over 7 years
      I see no reason for this to fail as it is. Are you sure you already contacted Linode before coming here? What was their response?
    • Neo
      Neo over 7 years
      I did not contact linode thinking the problem is in my server's configuration. But as it stands now, I need to open a ticket now.
  • Neo
    Neo over 7 years
    I've opened a ticket with Linode. I don't know much about IPv6, so I'll be passing your answer straight to the support people. The current situation is beyond my capabilities. So can you explain how did you arrive at the IPv6 address 2400:8901::f03c:91ff:fee4:5068 ? Isn't the address provided by dhcp server?
  • kasperd
    kasperd over 7 years
    @Neo I think it is more likely SLAAC than DHCPv6. If it is SLAAC, then the output of cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr may be relevant.
  • Neo
    Neo over 7 years
    cat /proc/sys/net/ipv6/conf/ens4/use_tempaddr gives 0. Note that I've made a slight change to the command according to my situation - changing eth0 to ens4.
  • Michael Hampton
    Michael Hampton over 7 years
    Looks like it might be an RFC7217 address. But @Neo never did show us the networking configuration that I asked for, so...
  • Neo
    Neo over 7 years
    @MichaelHampton - I've already posted output of ip a s, ip -6 r s and cat /etc/resolv.conf. Is some other configuration required as well?
  • Michael Hampton
    Michael Hampton over 7 years
    @Neo Your system didn't get those IP addresses by magic! You had to edit some configuration files. It's those files we need to look at.
  • kasperd
    kasperd over 7 years
    @MichaelHampton I don't see any comments where you are asking for specific configuration files. As for RFC 7217, that may be the case. All I wrote in my answer would apply to RFC 3972 and RFC 7217 addresses as well.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to ssh server via ipv6
IPv6 only works after pinging the default gateway.
How to scan ipv6 enabled hosts on my LAN?
How to completely, dynamically disable IPv4 stack from Linux?
Can't access jboss remotely despite of proper binding of IP address in standalone.xml file
What do "Unknown SSAP" and "Unknown DSAP" mean in tcpdump?
Is net.ipv6.conf.all.forwarding=1 equivalent to enabling forwarding for all individual interfaces?
Configure IPv6 on Debian 9
tcpdump read both ipv4 and ipv6 packets from pcap
How do I deliver an email stuck in my Postfix mail queue?