Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

Topic # 101161 25-Apr-2012 14:44 Send private message

Hey guys,
Following on from this thread:
http://www.geekzone.co.nz/forums.asp?forumid=82&topicid=101093

I thought I'd spend today trialling IPv6 on the development version of PFsense. I have it all setup and working except can't get traffic past Orcon's gateway. For the purpose of this exercise I have been given this subnet to connect with them:

2400:4800:4005:8001::/64

I have been given this subnet for our stuff:
2400:4800:4005::0/48 

Orcon's gateway is:
2400:4800:4005:8001::2

And our router is meant to be 2400:4800:4005:8001::1 (with the rest of our addresses routed through this).

Anyway I can ping the Orcon gateway but can't get any further. I also can't get online ipv6 ping testers to reach the Orcon gateway IE try in 2400:4800:4005:8001::2 here:
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php

I conclude that there is something wrong with Orcon's routing. To be honest it seems pretty odd for them to be using a subnet within a range they are routing to us for the linking range (lol inception anyone). I'm not sure but maybe this is standard practice in IPv6?

This is the output from their router they sent to me when they set this up last year:

msprague@nct-cre2_RE0> show route 2400:4800:4005::0/48

 

inet6.0: 6775 destinations, 13496 routes (6770 active, 0 holddown, 7 hidden)

Restart Complete

+ = Active Route, - = Last Active, * = Both

 

2400:4800:4005::/48*[Static/5] 00:00:19

                    > to 2400:4800:4005:8001::1 via ae2.432

2400:4800:4005:8001::/64

                   *[Direct/0] 16w6d 00:53:38

                    > via ae2.432

2400:4800:4005:8001::2/128

                   *[Local/0] 16w6d 00:53:38

                      Local via ae2.432





Create new topic
1143 posts

Uber Geek
+1 received by user: 94

Trusted
Orcon
Subscriber

  Reply # 614994 25-Apr-2012 16:28 Send private message

Looks like its setup wrong on our end, as the /64 subnet configured on the interface is in the same range as the /48 that is statically routed.

What exactly are you wanting?


2329 posts

Uber Geek
+1 received by user: 78


  Reply # 615019 25-Apr-2012 16:57 Send private message

Orcon are in the testing phase of rolling out v6 now? Hmm..



2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 615021 25-Apr-2012 17:08 Send private message

Sounddude: Looks like its setup wrong on our end, as the /64 subnet configured on the interface is in the same range as the /48 that is statically routed.

What exactly are you wanting?



Yea that's what I thought. I am not too experienced with ipv6 and although I knew this wouldn't be something you'd do with ipv4, maybe it would be with ipv6.

Really what I'm wanting is to have a /48 (or /56, I don't really mind). routed to us via a linking address so we can route as we want.

I'm guessing that we need a new, seperate linking range setup with 2400:4800:4005::0/48 routed to one of the addresses on it.

E.g. we get 60.234.XX.192/26 routed via 60.234.XX.162 and so on. Alternatively we could do like BGP with a private AS but probably too complicated compared to static route :)





1143 posts

Uber Geek
+1 received by user: 94

Trusted
Orcon
Subscriber

  Reply # 615181 25-Apr-2012 21:59 Send private message

All good

Will organize you a /112 linking address and will route that /48 to your end of the linking address.




2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 615216 25-Apr-2012 23:28 Send private message

Cheers, thanks Sounddude!







2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 618418 2-May-2012 15:46 Send private message

Hey guys,
Funnily enough all seems to be working today. Super simple to setup too! Here is a traceroute:

C:\Users\Administrator>tracert ipv6.google.com

Tracing route to ipv6.l.google.com [2404:6800:4006:802::1012]
over a maximum of 30 hops:

4 ::1]
5 7800:110:511::15]
6 7 24 ms 24 ms 24 ms 2402:7800:0:1::ca
8 24 ms 25 ms 24 ms ten-0-1-0.bdr01.syd03.nsw.vocusconnect.net.au [2
402:7800:0:1::ce]
9 25 ms 24 ms 25 ms google.syd03.nsw.VOCUS.net.au [2402:7800:0:2::2e
]
10 25 ms 25 ms 31 ms 2001:4860::1:0:9f7
11 25 ms 25 ms 25 ms 2001:4860:0:1::1dd
12 26 ms 25 ms 27 ms 2404:6800:4006:802::1012

Trace complete.

C:\Users\Administrator>
 


And a speedtest:


IPv4
Orconnet
60.234.42.202
47.6 Mbit/s
5.94 Mbytes/s

IPv6
Orconnet
2400:4800:4005:1::2
45.4 Mbit/s
5.67 Mbytes/s







2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 618999 3-May-2012 18:01 Send private message

Got IPSEC tunnel to the US working today using PFsense 2.1 Dev. Very exciting!







2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 625153 14-May-2012 22:42 Send private message

Hey guys,
Just an update. I now have IPv6 at our office too (fibre via layer 2 Telstra) and its working brilliantly! I can't believe how seamless and easy it was getting things working with IPv6, beats IPv4 hands down.








2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 627441 18-May-2012 18:07 Send private message

Hey guys,
Next update. We are now routing around 20GB a day between the datacentre and office over IPv6 so more than 50% of traffic. I also implemented IPSEC using IPv6, again no problems and performance seems good.





7644 posts

Uber Geek
+1 received by user: 254

Trusted
Subscriber

  Reply # 627607 19-May-2012 02:02 Send private message

Nice, pfsense seems to be going from strength to strength.



2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 636745 6-Jun-2012 15:48 Send private message

Further update, today is IPv6 launch day and Google.Facebook ae now running native IPv6 :)

About all that is left now is for Orcon to publish the IPv6 addresses of their recursive DNS servers. Just using their IPv4 now.







2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 640073 13-Jun-2012 10:50 Send private message

Further update - our IPv6 at the office has been down for a day. Not sure if it relates to the failures at their DC but seems they have lost the route to our /48 subnet on their core router. Logged a ticket but still no reply. Checked the contract and 8 hour SLA?







2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 693842 1-Oct-2012 01:14 Send private message

Hey guys a further update. I don't think we will be getting our IPv6 back at our office via Telstra fibre for a long time - the account manager has said that no timeline on IPv6 as its a major project to rollout for their core equipment. Weird as it was working previously and still working at the DC? Anyway going to talk to them on Tuesday about this and IPv6.

We now have live IPv6 via Unleash Telstra fibre circuit in Wellington. There is no route to Orcon DC though! It's routing via Aussie as while Orcon seem to have IPv6 interfaces at APE and WIX, they are not advertising address space. That would be fine but not working via Aussie route. Unleash have alerted Orcon NOC so will see what comes of it!

Unleash will also be putting in circuits to our Auckland office with IPv6, Albany with IPv6 and hopefully Thames with IPv6 so we will be able to get the entire network over even while waiting for Orcon!





1143 posts

Uber Geek
+1 received by user: 94

Trusted
Orcon
Subscriber

  Reply # 693935 1-Oct-2012 10:19 Send private message

Try now :-)



2946 posts

Uber Geek
+1 received by user: 159

Trusted
Subscriber

  Reply # 693969 1-Oct-2012 10:48 Send private message

Ah yup its working now. Thanks Sounddude!



Tracing route to Bia.pbs.local [2400:4800:XXXX:XXXX:9915:3634:6dc8:6660]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 2401:f000:XXXX:XXXX::1
2 4 ms 4 ms 4 ms ge-0-0-1-0.rt-1.mur.wgn.unleash.net.nz [2401:f00
0:32:46::2]
3 15 ms 15 ms 72 ms ge-0-0-0-1.rt-0.fed.akl.unleash.net.nz [2401:f00
0:32:14::7]
4 11 ms 11 ms 11 ms ten-0-0-0-137.bdr01.akl02.akl.vocus.net.au [2402
:7800:110:511::5]
5 32 ms 17 ms 16 ms orcon1.ape.net.nz [2001:7fa:4:c0cb::9a42]
6 17 ms 17 ms 17 ms 2400:4800:2::1d:2
7 17 ms 18 ms 17 ms 2400:4800:2::22:1
8 20 ms 12 ms 12 ms 2400:4800:3::2
9 18 ms 19 ms 19 ms 2400:4800:4005::2
10 13 ms 17 ms 15 ms 2400:4800:XXXX:XXXX:9915:3634:6dc8:6660

Trace complete.





Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Lightbox press event release
Created by freitasm, last reply by Yabanize on 1-Aug-2014 17:41 (125 replies)
Pages... 7 8 9


Are IT staff supposed to know everything
Created by BTR, last reply by haydenmarsh on 1-Aug-2014 16:05 (38 replies)
Pages... 2 3


New Mobile plans coming?
Created by nunasdream, last reply by Quibbler on 1-Aug-2014 17:43 (103 replies)
Pages... 5 6 7


Checking UHF aerial is working
Created by OnceBitten, last reply by B1GGLZ on 28-Jul-2014 21:49 (21 replies)
Pages... 2


2010 Honda Jazz, Suzuki Swift - which has higher maintenance cost?
Created by joker97, last reply by jonathan18 on 31-Jul-2014 10:47 (76 replies)
Pages... 4 5 6


Hierarchy of a mistake: Gerry Brownlee
Created by joker97, last reply by DonGould on 29-Jul-2014 21:57 (93 replies)
Pages... 5 6 7


"keyless" keys - questions
Created by joker97, last reply by MadEngineer on 30-Jul-2014 22:02 (35 replies)
Pages... 2 3


Does acupuncture work?
Created by timmmay, last reply by timmmay on 1-Aug-2014 08:06 (50 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.