We assumed a nasty 512k CAM issue in the first place but it seems that the Swisscom Webserver is not accessible via IPv6. Anyone else?
F.
On 2014-08-21 19:04, Fredy Kuenzler wrote:
We assumed a nasty 512k CAM issue in the first place but it seems that the Swisscom Webserver is not accessible via IPv6. Anyone else?
Something is listening: 8<------------------- $ telnet 2a02:a90:ffff:ffff::c:10 80 Trying 2a02:a90:ffff:ffff::c:10... Connected to 2a02:a90:ffff:ffff::c:10. Escape character is '^]'. GET / HTTP/1.1 Host: www.swisscom.ch User-Agent: MSIE
Connection closed by foreign host. ------------------->8
It just does not answer with anything that makes sense.
Hmm, longer queries cause pMTU hangs, yeah that is b0rked.
Greets, Jeroen
We assumed a nasty 512k CAM issue in the first place but it seems that the Swisscom Webserver is not accessible via IPv6. Anyone else?
I ran into the same issue. I had just rebooted our router and was testing it when our SIXXS tunnel didn't seem to come up fast enough. I was cursing it under my breath but soon found out that the problems were isolated to swisscom.
I believe some departments at swisscom still consider IPv6 to be an experiment. After using their 6rd Border Relay for years on those VDSL CPEs, they seem to have silently switched it off recently - at least for business customers. SC Support tells me IPv6 is only for private customers. Go figure.
Regards
Jean-Pierre
On 2014-08-22 09:54, Jean-Pierre Schwickerath wrote:
We assumed a nasty 512k CAM issue in the first place but it seems that the Swisscom Webserver is not accessible via IPv6. Anyone else?
I ran into the same issue. I had just rebooted our router and was testing it when our SIXXS tunnel didn't seem to come up fast enough.
More details about this "did not come up fast enough"?
I was cursing it under my breath but soon found out that the problems were isolated to swisscom.
I believe some departments at swisscom still consider IPv6 to be an experiment. After using their 6rd Border Relay for years on those VDSL CPEs, they seem to have silently switched it off recently - at least for business customers. SC Support tells me IPv6 is only for private customers. Go figure.
They likely switched it off as enabling it means that those business customers suddenly have IPv6 which they are not firewalling, hence, not what they want.
The other reason might be that 6rd does not perform that well which thus causes support calls for important paying customers...
Greets, Jeroen
Hi Jeroen
I ran into the same issue. I had just rebooted our router and was testing it when our SIXXS tunnel didn't seem to come up fast enough.
More details about this "did not come up fast enough"?
When I reboot the router, I have no SIXXs tunnel for many minutes after the underlying pppoe session comes up. I was testing IPv6 connectivity with a ping6 to google. When I had no success I tried pointing a browser to a v6 destination - google obviously didn't work, then took swisscom's front page which didn't work either. I realized that maybe the tunnel was to blame. So I took it down and started it again. Then finally when ping6 to google worked, I tried to refresh my browser's page still pointing at swisscom . That's when I started to curse but soon decided to go our own webservers and to sixxs where I was welcomed with IPv6.
I will have to look into the interfaces' configuration - maybe this weekend. Perhaps the problem is that the sixxs tunnel interface is trying to start too soon although it's linked to the ppp-interface and is supposed to wait for it coming up before it activated itself. I shall try again after introducing a delay before the tunnel tries to start. I'll let you know if I still have troubles.
They likely switched it off as enabling it means that those business customers suddenly have IPv6 which they are not firewalling, hence, not what they want.
The other reason might be that 6rd does not perform that well which thus causes support calls for important paying customers...
It was never activated by default on the business CPEs and everyone doing to needed to do it on purpose by entering the 6rd details. So hopefully those people had a firewall concept - but you never know. What makes me the most angry is that they switched it off without prenotice and there is no information about it anywhere, neither on the labs-page nor in the partner portal.
Either I have to switch to a SC wholeseller who offers native v6 or I shall be activating a few tunnels for those customers who are now deprived of 6rd. And I though Martin told us at a swinog event that 6rd was a permanent decision for SC's pppoe customers.
Best Regards
Jean-Pierre
Hi Jean Pierre
It was never activated by default on the business CPEs and everyone doing to needed to do it on purpose by entering the 6rd details. So hopefully those people had a firewall concept - but you never know. What makes me the most angry is that they switched it off without prenotice and there is no information about it anywhere, neither on the labs-page nor in the partner portal.
In fact, the 6rd solution was only implemented for residential customers, but was never thought to be used for SME products. It only worked by chance, as the Border Relays were reachable also from SME IP-ranges. We recently had to scale up the border relays, due to increased traffic (6rd works extremely well and is highly performant, it is about to be enabled for all residential customers by default). At the same time the Border Relays were placed at a different location in our network. This means that they are no longer reachable from the IP ranges of the SME customers. Hence the interruption, I'm sorry it cannot be made to work easily.
Either I have to switch to a SC wholeseller who offers native v6 or I shall be activating a few tunnels for those customers who are now deprived of 6rd. And I though Martin told us at a swinog event that 6rd > > was a permanent decision for SC's pppoe customers.
Again, IPv6 was never officially supported for SME products. An official PPPoE-based solution is being worked on, so I hope you activate a few tunnels in the meantime and we won't lose you as a customer.
Best regards, Martin
Hi Martin
In fact, the 6rd solution was only implemented for residential customers, but was never thought to be used for SME products. It only worked by chance, as the Border Relays were reachable also from SME IP-ranges. We recently had to scale up the border relays, due to increased traffic (6rd works extremely well and is highly performant, it is about to be enabled for all residential customers by default).
Nice to hear the IPv6 adoption is about to make another big step forward.
At the same time the Border Relays were placed at a different location in our network. This means that they are no longer reachable from the IP ranges of the SME customers. Hence the interruption, I'm sorry it cannot be made to work easily.
That explains why the SME support didn't have a clue what I was talking about.
But if it's indeed working as good as you say, why not keep it active for the SME IP range in the meantime?
Again, IPv6 was never officially supported for SME products. An official PPPoE-based solution is being worked on, so I hope you activate a few tunnels in the meantime and we won't lose you as a customer.
Don't worry about me, I'll figure something out. There are still good tunnel brokers out there. Just make sure the CPE / router / firewall vendors and the SC partners get the technical and organizational details in time to be prepared for it.
Thanks for the clarification anyway.
Regards
Jean-Pierre
On 2014-08-22 11:21, Jean-Pierre Schwickerath wrote:
Hi Jeroen
I ran into the same issue. I had just rebooted our router and was testing it when our SIXXS tunnel didn't seem to come up fast enough.
More details about this "did not come up fast enough"?
When I reboot the router, I have no SIXXs tunnel for many minutes after the underlying pppoe session comes up. I was testing IPv6 connectivity with a ping6 to google.
Did you check a traceroute? Or more importantly that you could reach the other side of the tunnel? Google is a few hops away at minimum.
When I had no success I tried pointing a browser to a v6 destination - google obviously didn't work, then took swisscom's front page which didn't work either.
Which just heavily indicates that your connectivity is broken, one way or another (might just be a firewall).
I realized that maybe the tunnel was to blame. So I took it down and started it again.
What do you mean with "starting it again"?
Then finally when ping6 to google worked, I tried to refresh my browser's page still pointing at swisscom . That's when I started to curse but soon decided to go our own webservers and to sixxs where I was welcomed with IPv6.
I will have to look into the interfaces' configuration - maybe this weekend. Perhaps the problem is that the sixxs tunnel interface is trying to start too soon although it's linked to the ppp-interface and is supposed to wait for it coming up before it activated itself. I shall try again after introducing a delay before the tunnel tries to start. I'll let you know if I still have troubles.
Seems you have a strange setup, more technical details would be very useful.
Greets, Jeroen
Hi Jeroen
When I reboot the router, I have no SIXXs tunnel for many minutes after the underlying pppoe session comes up. I was testing IPv6 connectivity with a ping6 to google.
Did you check a traceroute? Or more importantly that you could reach the other side of the tunnel? Google is a few hops away at minimum.
The ping was just simple test I was using to confirm connectivity. I didn't do a traceroute because after trying a few destinations, I was pretty sure the issue was with the tunnel.
When I had no success I tried pointing a browser to a v6 destination - google obviously didn't work, then took swisscom's front page which didn't work either.
Which just heavily indicates that your connectivity is broken, one way or another (might just be a firewall).
I realized that maybe the tunnel was to blame. So I took it down and started it again.
What do you mean with "starting it again"?
ip tunnel del sixxs ip link set sixxs down sleep 1 ip tunnel add sixxs mode sit local 213.180.162.41 remote 213.144.148.74 ip link set sixxs up ip link set mtu 1280 dev sixxs ip tunnel change sixxs ttl 64 ip -6 addr add 2001:1620:f00:3c::2/64 dev sixxs ip -6 route add default via 2001:1620:f00:3c::1 dev sixxs ip -6 route add 2000::/3 via 2001:1620:f00:3c::1 dev sixxs ip -6 route add 2001:1620:f1e::/48 dev lo ip -6 addr add 2001:1620:f1e:1:213:180:162:41/64 dev ppp0
Seems you have a strange setup, more technical details would be very useful.
I'm pretty confident my issue was timing issue. The pppoe session took long to come up and the sixxs interface was trying to start before ppp0 was up and thus couldn't bind to the local endpoint.
Thank you for your help but afaic the issue is sorted out for me. I check for the local endpoint's ipv6 address at the end of the boot sequence. If it's not there I restart the sixxs interface and then it works.
Cheers
Jean-Pierre
-
Fredy Kuenzler -
Jean-Pierre Schwickerath -
Jeroen Massar -
Martin.Gysi@swisscom.com