Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

Topic # 101161 25-Apr-2012 14:44 Send private message

Hey guys,
Following on from this thread:
http://www.geekzone.co.nz/forums.asp?forumid=82&topicid=101093

I thought I'd spend today trialling IPv6 on the development version of PFsense. I have it all setup and working except can't get traffic past Orcon's gateway. For the purpose of this exercise I have been given this subnet to connect with them:

2400:4800:4005:8001::/64

I have been given this subnet for our stuff:
2400:4800:4005::0/48 

Orcon's gateway is:
2400:4800:4005:8001::2

And our router is meant to be 2400:4800:4005:8001::1 (with the rest of our addresses routed through this).

Anyway I can ping the Orcon gateway but can't get any further. I also can't get online ipv6 ping testers to reach the Orcon gateway IE try in 2400:4800:4005:8001::2 here:
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php

I conclude that there is something wrong with Orcon's routing. To be honest it seems pretty odd for them to be using a subnet within a range they are routing to us for the linking range (lol inception anyone). I'm not sure but maybe this is standard practice in IPv6?

This is the output from their router they sent to me when they set this up last year:

msprague@nct-cre2_RE0> show route 2400:4800:4005::0/48

 

inet6.0: 6775 destinations, 13496 routes (6770 active, 0 holddown, 7 hidden)

Restart Complete

+ = Active Route, - = Last Active, * = Both

 

2400:4800:4005::/48*[Static/5] 00:00:19

                    > to 2400:4800:4005:8001::1 via ae2.432

2400:4800:4005:8001::/64

                   *[Direct/0] 16w6d 00:53:38

                    > via ae2.432

2400:4800:4005:8001::2/128

                   *[Local/0] 16w6d 00:53:38

                      Local via ae2.432





Create new topic
Network Engineer @ Orcon
1198 posts

Uber Geek
+1 received by user: 122

Trusted
Orcon
Subscriber

  Reply # 614994 25-Apr-2012 16:28 Send private message

Looks like its setup wrong on our end, as the /64 subnet configured on the interface is in the same range as the /48 that is statically routed.

What exactly are you wanting?


2329 posts

Uber Geek
+1 received by user: 79


  Reply # 615019 25-Apr-2012 16:57 Send private message

Orcon are in the testing phase of rolling out v6 now? Hmm..



3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 615021 25-Apr-2012 17:08 Send private message

Sounddude: Looks like its setup wrong on our end, as the /64 subnet configured on the interface is in the same range as the /48 that is statically routed.

What exactly are you wanting?



Yea that's what I thought. I am not too experienced with ipv6 and although I knew this wouldn't be something you'd do with ipv4, maybe it would be with ipv6.

Really what I'm wanting is to have a /48 (or /56, I don't really mind). routed to us via a linking address so we can route as we want.

I'm guessing that we need a new, seperate linking range setup with 2400:4800:4005::0/48 routed to one of the addresses on it.

E.g. we get 60.234.XX.192/26 routed via 60.234.XX.162 and so on. Alternatively we could do like BGP with a private AS but probably too complicated compared to static route :)





Network Engineer @ Orcon
1198 posts

Uber Geek
+1 received by user: 122

Trusted
Orcon
Subscriber

  Reply # 615181 25-Apr-2012 21:59 Send private message

All good

Will organize you a /112 linking address and will route that /48 to your end of the linking address.




3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 615216 25-Apr-2012 23:28 Send private message

Cheers, thanks Sounddude!







3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 618418 2-May-2012 15:46 Send private message

Hey guys,
Funnily enough all seems to be working today. Super simple to setup too! Here is a traceroute:

C:\Users\Administrator>tracert ipv6.google.com

Tracing route to ipv6.l.google.com [2404:6800:4006:802::1012]
over a maximum of 30 hops:

4 ::1]
5 7800:110:511::15]
6 7 24 ms 24 ms 24 ms 2402:7800:0:1::ca
8 24 ms 25 ms 24 ms ten-0-1-0.bdr01.syd03.nsw.vocusconnect.net.au [2
402:7800:0:1::ce]
9 25 ms 24 ms 25 ms google.syd03.nsw.VOCUS.net.au [2402:7800:0:2::2e
]
10 25 ms 25 ms 31 ms 2001:4860::1:0:9f7
11 25 ms 25 ms 25 ms 2001:4860:0:1::1dd
12 26 ms 25 ms 27 ms 2404:6800:4006:802::1012

Trace complete.

C:\Users\Administrator>
 


And a speedtest:


IPv4
Orconnet
60.234.42.202
47.6 Mbit/s
5.94 Mbytes/s

IPv6
Orconnet
2400:4800:4005:1::2
45.4 Mbit/s
5.67 Mbytes/s







3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 618999 3-May-2012 18:01 Send private message

Got IPSEC tunnel to the US working today using PFsense 2.1 Dev. Very exciting!







3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 625153 14-May-2012 22:42 Send private message

Hey guys,
Just an update. I now have IPv6 at our office too (fibre via layer 2 Telstra) and its working brilliantly! I can't believe how seamless and easy it was getting things working with IPv6, beats IPv4 hands down.








3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 627441 18-May-2012 18:07 Send private message

Hey guys,
Next update. We are now routing around 20GB a day between the datacentre and office over IPv6 so more than 50% of traffic. I also implemented IPSEC using IPv6, again no problems and performance seems good.





7780 posts

Uber Geek
+1 received by user: 326

Trusted
Subscriber

  Reply # 627607 19-May-2012 02:02 Send private message

Nice, pfsense seems to be going from strength to strength.



3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 636745 6-Jun-2012 15:48 Send private message

Further update, today is IPv6 launch day and Google.Facebook ae now running native IPv6 :)

About all that is left now is for Orcon to publish the IPv6 addresses of their recursive DNS servers. Just using their IPv4 now.







3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 640073 13-Jun-2012 10:50 Send private message

Further update - our IPv6 at the office has been down for a day. Not sure if it relates to the failures at their DC but seems they have lost the route to our /48 subnet on their core router. Logged a ticket but still no reply. Checked the contract and 8 hour SLA?







3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 693842 1-Oct-2012 01:14 Send private message

Hey guys a further update. I don't think we will be getting our IPv6 back at our office via Telstra fibre for a long time - the account manager has said that no timeline on IPv6 as its a major project to rollout for their core equipment. Weird as it was working previously and still working at the DC? Anyway going to talk to them on Tuesday about this and IPv6.

We now have live IPv6 via Unleash Telstra fibre circuit in Wellington. There is no route to Orcon DC though! It's routing via Aussie as while Orcon seem to have IPv6 interfaces at APE and WIX, they are not advertising address space. That would be fine but not working via Aussie route. Unleash have alerted Orcon NOC so will see what comes of it!

Unleash will also be putting in circuits to our Auckland office with IPv6, Albany with IPv6 and hopefully Thames with IPv6 so we will be able to get the entire network over even while waiting for Orcon!





Network Engineer @ Orcon
1198 posts

Uber Geek
+1 received by user: 122

Trusted
Orcon
Subscriber

  Reply # 693935 1-Oct-2012 10:19 Send private message

Try now :-)



3046 posts

Uber Geek
+1 received by user: 223

Trusted
Subscriber

  Reply # 693969 1-Oct-2012 10:48 Send private message

Ah yup its working now. Thanks Sounddude!



Tracing route to Bia.pbs.local [2400:4800:XXXX:XXXX:9915:3634:6dc8:6660]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 2401:f000:XXXX:XXXX::1
2 4 ms 4 ms 4 ms ge-0-0-1-0.rt-1.mur.wgn.unleash.net.nz [2401:f00
0:32:46::2]
3 15 ms 15 ms 72 ms ge-0-0-0-1.rt-0.fed.akl.unleash.net.nz [2401:f00
0:32:14::7]
4 11 ms 11 ms 11 ms ten-0-0-0-137.bdr01.akl02.akl.vocus.net.au [2402
:7800:110:511::5]
5 32 ms 17 ms 16 ms orcon1.ape.net.nz [2001:7fa:4:c0cb::9a42]
6 17 ms 17 ms 17 ms 2400:4800:2::1d:2
7 17 ms 18 ms 17 ms 2400:4800:2::22:1
8 20 ms 12 ms 12 ms 2400:4800:3::2
9 18 ms 19 ms 19 ms 2400:4800:4005::2
10 13 ms 17 ms 15 ms 2400:4800:XXXX:XXXX:9915:3634:6dc8:6660

Trace complete.





Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

forgot how to unlock a car door
Created by joker97, last reply by benokobi on 18-Dec-2014 22:08 (38 replies)
Pages... 2 3


Has Spark (Telecom) locked their iphone 6 ?
Created by anewguy2014, last reply by michaelmurfy on 17-Dec-2014 14:32 (25 replies)
Pages... 2


In defence of cats
Created by Rikkitic, last reply by DarthKermit on 17-Dec-2014 15:40 (68 replies)
Pages... 3 4 5


How is iParcel these days?
Created by peejayw, last reply by surfisup1000 on 18-Dec-2014 21:45 (19 replies)
Pages... 2


Couriers starting to charge for redelivery
Created by mattwnz, last reply by raytaylor on 18-Dec-2014 02:27 (77 replies)
Pages... 4 5 6


Just checking that this DIY electrical connection is not allowed?
Created by joker97, last reply by joker97 on 18-Dec-2014 21:44 (35 replies)
Pages... 2 3


Google Chromecast now available in New Zealand
Created by freitasm, last reply by markl on 18-Dec-2014 15:36 (153 replies)
Pages... 9 10 11


How to upload 150GB of photos to iCloud?
Created by josephhinvest, last reply by timbosan on 17-Dec-2014 15:05 (35 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.