Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25
3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1802129 16-Jun-2017 13:55
One person supports this post
Send private message quote this post

Hi all, I recently signed up to Bigpipe and decided to give the IPv6 beta a try. Ubnt edgerouter platform, for the most part all good after a few tweaks to my configuration.

 

 

 

TL;DR: Open question: are the Bigpipe DNS servers firewalled with a whitelist that only includes address space that they are allocating the /60 prefixes from? Should we be able to query Bigpipe DNS servers from /128 autoconfigure addresses on our routers?

 

 

 

When I was first configuring for the prefix-delegation, things didn't seem to be lighting up so I added ipv6 autoconf address to pppoe0 (the WAN interface). Bingo, I saw a new /128 address on that interface and /60 PD lit up straight away and I saw a /64 assignment on the LAN interface that I had selected for testing. I attached a client device and straight away, full noise v6 around the LAN and to the Internet, everything "just works". Excellent!

 

 

 

However, after that I started noticing a delay at the login prompt to the router. Long story short, this is a reverse DNS timeout causing the delay, i.e. the router is attempting to lookup my client IP address (it will show my the qualified hostname or just the IP address in the welcome banner next time I login)

 

 

 

tcpdump to the rescue to have a look at the packet flow. What's the story here?

 

  • Info: the router has learned some IPv6 nameservers so it prefers those now, i.e. Bigpipe DNS 2403:9800:c041:1000::[a|b]
  • Test: Two way DNS traffic? Fail. Queries are going out but no response coming back.
  • Test: Ping? Pass. I get an echo from 2403:9800:c041:1000::a
  • Test: Alternative DNS server (OpenDNS). Pass! I can resolve DNS from my router by using 2620:0:ccc::2
  • Test: LAN IPv6 client device -> Bigpipe DNS. Pass! I get DNS replies over IPv6 from Bigpipe DNS.

So it seems to be specifically querying Bigpipe DNS servers from my router's /128 address will fail with no reply.

 


Related message snips from what I've found in this thread already:

 

AKLWestie:

 

---
I can use linux's host command to do a DNS lookup.

 

thedr@myerl3:~/zone$ host www.geekzone.co.nz
www.geekzone.co.nz has address 104.24.3.14
www.geekzone.co.nz has address 104.24.2.14
www.geekzone.co.nz has IPv6 address 2400:cb00:2048:1::6818:20e
www.geekzone.co.nz has IPv6 address 2400:cb00:2048:1::6818:30e

 

**********

 

However, if I do the same using bigpipe's DNSv6 servers, it said the servers cannot be reached.

 

thedr@myerl3:~/zone$ host www.geekzone.co.nz 2403:9800:c041:1000::a
;; connection timed out; no servers could be reached
thedr@myerl3:~/zone$ host www.geekzone.co.nz 2403:9800:c041:1000::b
;; connection timed out; no servers could be reached

 

**********

 

But the v4 version of DNS servers work.
----

 

 


hashbrown:

 

3. Bigpipe didn't assign you the /128 public on your PPPoE interface.  They assign you a /60 to do with what you will. Your router decided to allocate that address.  Using the MAC is fine for the last 48bits of the address, and is expected behavior.  I'm more interested that it allocated a public address to that interface, as your config doesn't seem to request it and technically it's not necessary.  Probably an edgerouter quirk and unlikely to be hurting anything as it's a /128.

 


 

 

michaelmurfy:

 

 having a /128 allocated on your external interface is normal. If it is all working you'll note /64's allocated on your internal interfaces.

 


6536 posts

Uber Geek
+1 received by user: 2943

Moderator
Trusted
Subscriber

  Reply # 1802190 16-Jun-2017 15:49
Send private message quote this post

@olim you'll be missing the default route. Check the tutorial in my signature.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


 
 
 
 


3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1802246 16-Jun-2017 16:32
Send private message quote this post

@michaelmurfy thanks but no dice, I actually had a read through your info yesterday because you feature frequently in this topic. Awesome write-ups by the way!

 

 

 

I had the default route in there already, I assume through pppoe/autoconf. I also assumed that ping to the DNS servers wouldn't be working (it is) if no route existed. I just tried entering it statically as you suggested but no change in result. All other IPv6 traffic is working as expected, just DNS queries from the WAN router to Bigpipe DNS are failing.

 

show ipv6 route |

 

  • K      ::/0 [0/1024] via fe80::xxxx:xxxx:xxxx:xxxx, pppoe0, 1d03h26m

 

 

FYI the /128 on pppoe0 is in 2403:9800:c041: and the /60 PD delegated is in 2403:9800:c048:

 

Client devices on the LAN side can query the Bigpipe DNS via IPv6 no problem. Leading me to think their DNS servers have a limited (incomplete?) whitelist.

 

The simple solution is disable auto nameservers and use someone else (OpenDNS, Google, etc) or don't use IPv6 resolvers at all. But I thought I'd point out my findings to save someone else doing the head scratching. Contributing my 10cents to the beta!

 

 

 

Perhaps @IPv6pipe can chime in if it's likely to be the application firewall on their DNS servers or something else likely to be at play here?


6536 posts

Uber Geek
+1 received by user: 2943

Moderator
Trusted
Subscriber

  Reply # 1802259 16-Jun-2017 16:43
Send private message quote this post

@olim ah interesting. I did have some IPv6 issues the other day that were confirmed by BigPipe staff so wonder if they're related? I can see DNS appears to be up at home however I'm using dnsmasq on a raspberry pi instead of the ERL. If you do a dig from the ERL itself does it succeed?




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1802266 16-Jun-2017 17:08
Send private message quote this post

michaelmurfy: @olim ah interesting. I did have some IPv6 issues the other day that were confirmed by BigPipe staff so wonder if they're related? I can see DNS appears to be up at home however I'm using dnsmasq on a raspberry pi instead of the ERL. If you do a dig from the ERL itself does it succeed?

 

Good point, I probably won't be running DNS forwarding off the router forever, and it can be fixed by using alternate servers anyway.

 

Dig fails using Bigpipe servers, succeeds using OpenDNS

 

 

dig @2403:9800:c041:1000::a www.geekzone.co.nz AAAA

 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @2403:9800:c041:1000::a www.geekzone.co.nz AAAA
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

 

 

 

dig @2620:0:ccc::2 www.geekzone.co.nz AAAA

 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @2620:0:ccc::2 www.geekzone.co.nz AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56654
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

 

;; QUESTION SECTION:
;www.geekzone.co.nz.            IN      AAAA

 

;; ANSWER SECTION:
www.geekzone.co.nz.     300     IN      AAAA    2400:cb00:2048:1::6818:30e
www.geekzone.co.nz.     300     IN      AAAA    2400:cb00:2048:1::6818:20e

 

;; Query time: 53 msec
;; SERVER: 2620:0:ccc::2#53(2620:0:ccc::2)
;; WHEN: Fri Jun 16 17:02:21 2017
;; MSG SIZE  rcvd: 92

 


88 posts

Master Geek
+1 received by user: 26


Reply # 1802624 17-Jun-2017 15:48
Send private message quote this post

Interesting that you say that you've had trouble with the BigPipe IPv6 DNS servers not responding.  I'm using a boring old HG659 and I've noticed issues with them too recently. 

 

I've now updated the IPv6 DHCP settings to use OpenDNS and it seems to be better... but I don't like that as a long term solution.

 

Anyone else noticed this? @IPv6pipe are you aware of anything?

 

Cameron


69 posts

Master Geek
+1 received by user: 25

Trusted
BigPipe

  Reply # 1803181 19-Jun-2017 08:32
Send private message quote this post

Not aware of any trouble with our v6 DNS servers, no. The relevant questions have been asked of the relevant people, and will reply when I get more info.


7 posts

Wannabe Geek


Reply # 1805467 23-Jun-2017 06:07
Send private message quote this post

Thanks @hashbrown, I'm still very new and am learning a lot about ipv6 and Mikrotik. I have followed your advice but still having no global prefix assigned, only fe80 addresses found in address list. DHCPv6 request is stuck at "searching". I have also made sure that IPv6 is enabled on the PPPoE profile.

 

Click to see full size

 

I have also tried IPoE as suggested by IPv6Pipe, with worse results having with no packets received at all.

 

Click to see full size

 

There are no packets dropped on the firewall, so it shouldn't be the problem. I'm able to provide logs and other information/settings if needed.

 

I've tried to raise PPPoE MTU to 1500 and eth1 MTU to 1520 as it seems to fix problems, but it made no difference.

 

Just wondering, has this got something to do with my being in Hamilton? laughing i.e. different network hardware? -- I realize this is from an Orcon thread, but I don't know about Bigpipe's setup


6536 posts

Uber Geek
+1 received by user: 2943

Moderator
Trusted
Subscriber

  Reply # 1805474 23-Jun-2017 07:39
Send private message quote this post

@treblE87:

 

Ethernet at 1508 MTU
PPPoE at 1500 MTU (an overhead of 8 bytes)

 

IPoE (DHCP) needs to be enabled on your line manually by the BigPipe team.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric KiwiCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


69 posts

Master Geek
+1 received by user: 25

Trusted
BigPipe

  Reply # 1807374 27-Jun-2017 09:04
3 people support this post
Send private message quote this post

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.


863 posts

Ultimate Geek
+1 received by user: 377

Trusted
Subscriber

  Reply # 1807447 27-Jun-2017 10:42
Send private message quote this post

IPv6pipe:

 

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.

 

 

Just whatever you do, don't get water on it!

 

 

 

I like the fact that, due to the context, this may be the most reasonable silly advice I have ever given :D






69 posts

Master Geek
+1 received by user: 25

Trusted
BigPipe

  Reply # 1807489 27-Jun-2017 11:08
One person supports this post
Send private message quote this post

Brumfondl:

 

Just whatever you do, don't get water on it!

 

 

 

 

I've been inside the data centre and seen the core routers. They were physically much bigger than I was expecting, but the racket their fans produce was on par with expectations.

 

I wasn't allowed to bring my water bottle through the security door and had to leave it with the guard. I don't think there's any danger of water being added into the mix. ;)


524 posts

Ultimate Geek
+1 received by user: 70

Trusted
Subscriber

  Reply # 1807861 27-Jun-2017 19:27
Send private message quote this post

IPv6pipe:

 

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.

 

 

That may be why I could not get IPv6 working since moved to UFB a few weeks ago.  Despite trying three different routers!  =-P


73 posts

Master Geek
+1 received by user: 11


  Reply # 1807949 27-Jun-2017 22:29
Send private message quote this post

IPv6pipe:

 

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.

 

 

Was wondering why my Fritz Box, previously working flawlessly for IPv6, is now only getting IPv4 and I came here to ask if others were having the same issue.

 

Thanks for the heads-up, hope it's resolved quickly.


332 posts

Ultimate Geek
+1 received by user: 101


  Reply # 1812349 4-Jul-2017 08:49
Send private message quote this post

There appear to be some connectivity issues with Bigpipe this morning. I am unable to connect to any sites on Akamai CDN. Is this related to the IPv6 beta, or a more general issue?

 

I am able to connect through proxy connections, including an Auckland-based proxy.

 

Note, I'm not currently using IPv6 due to compatibility issues with pfSense.


1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38


Kiwibank wastes $90 million on software – Reseller News
Posted 1-Sep-2017 13:45



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.