Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29
3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1802129 16-Jun-2017 13:55
One person supports this post
Send private message

Hi all, I recently signed up to Bigpipe and decided to give the IPv6 beta a try. Ubnt edgerouter platform, for the most part all good after a few tweaks to my configuration.

 

 

 

TL;DR: Open question: are the Bigpipe DNS servers firewalled with a whitelist that only includes address space that they are allocating the /60 prefixes from? Should we be able to query Bigpipe DNS servers from /128 autoconfigure addresses on our routers?

 

 

 

When I was first configuring for the prefix-delegation, things didn't seem to be lighting up so I added ipv6 autoconf address to pppoe0 (the WAN interface). Bingo, I saw a new /128 address on that interface and /60 PD lit up straight away and I saw a /64 assignment on the LAN interface that I had selected for testing. I attached a client device and straight away, full noise v6 around the LAN and to the Internet, everything "just works". Excellent!

 

 

 

However, after that I started noticing a delay at the login prompt to the router. Long story short, this is a reverse DNS timeout causing the delay, i.e. the router is attempting to lookup my client IP address (it will show my the qualified hostname or just the IP address in the welcome banner next time I login)

 

 

 

tcpdump to the rescue to have a look at the packet flow. What's the story here?

 

  • Info: the router has learned some IPv6 nameservers so it prefers those now, i.e. Bigpipe DNS 2403:9800:c041:1000::[a|b]
  • Test: Two way DNS traffic? Fail. Queries are going out but no response coming back.
  • Test: Ping? Pass. I get an echo from 2403:9800:c041:1000::a
  • Test: Alternative DNS server (OpenDNS). Pass! I can resolve DNS from my router by using 2620:0:ccc::2
  • Test: LAN IPv6 client device -> Bigpipe DNS. Pass! I get DNS replies over IPv6 from Bigpipe DNS.

So it seems to be specifically querying Bigpipe DNS servers from my router's /128 address will fail with no reply.

 


Related message snips from what I've found in this thread already:

 

AKLWestie:

 

---
I can use linux's host command to do a DNS lookup.

 

thedr@myerl3:~/zone$ host www.geekzone.co.nz
www.geekzone.co.nz has address 104.24.3.14
www.geekzone.co.nz has address 104.24.2.14
www.geekzone.co.nz has IPv6 address 2400:cb00:2048:1::6818:20e
www.geekzone.co.nz has IPv6 address 2400:cb00:2048:1::6818:30e

 

**********

 

However, if I do the same using bigpipe's DNSv6 servers, it said the servers cannot be reached.

 

thedr@myerl3:~/zone$ host www.geekzone.co.nz 2403:9800:c041:1000::a
;; connection timed out; no servers could be reached
thedr@myerl3:~/zone$ host www.geekzone.co.nz 2403:9800:c041:1000::b
;; connection timed out; no servers could be reached

 

**********

 

But the v4 version of DNS servers work.
----

 

 


hashbrown:

 

3. Bigpipe didn't assign you the /128 public on your PPPoE interface.  They assign you a /60 to do with what you will. Your router decided to allocate that address.  Using the MAC is fine for the last 48bits of the address, and is expected behavior.  I'm more interested that it allocated a public address to that interface, as your config doesn't seem to request it and technically it's not necessary.  Probably an edgerouter quirk and unlikely to be hurting anything as it's a /128.

 


 

 

michaelmurfy:

 

 having a /128 allocated on your external interface is normal. If it is all working you'll note /64's allocated on your internal interfaces.

 


Meow
7447 posts

Uber Geek
+1 received by user: 3586

Moderator
Trusted
Lifetime subscriber

  Reply # 1802190 16-Jun-2017 15:49
Send private message

@olim you'll be missing the default route. Check the tutorial in my signature.




3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1802246 16-Jun-2017 16:32
Send private message

@michaelmurfy thanks but no dice, I actually had a read through your info yesterday because you feature frequently in this topic. Awesome write-ups by the way!

 

 

 

I had the default route in there already, I assume through pppoe/autoconf. I also assumed that ping to the DNS servers wouldn't be working (it is) if no route existed. I just tried entering it statically as you suggested but no change in result. All other IPv6 traffic is working as expected, just DNS queries from the WAN router to Bigpipe DNS are failing.

 

show ipv6 route |

 

  • K      ::/0 [0/1024] via fe80::xxxx:xxxx:xxxx:xxxx, pppoe0, 1d03h26m

 

 

FYI the /128 on pppoe0 is in 2403:9800:c041: and the /60 PD delegated is in 2403:9800:c048:

 

Client devices on the LAN side can query the Bigpipe DNS via IPv6 no problem. Leading me to think their DNS servers have a limited (incomplete?) whitelist.

 

The simple solution is disable auto nameservers and use someone else (OpenDNS, Google, etc) or don't use IPv6 resolvers at all. But I thought I'd point out my findings to save someone else doing the head scratching. Contributing my 10cents to the beta!

 

 

 

Perhaps @IPv6pipe can chime in if it's likely to be the application firewall on their DNS servers or something else likely to be at play here?


Meow
7447 posts

Uber Geek
+1 received by user: 3586

Moderator
Trusted
Lifetime subscriber

  Reply # 1802259 16-Jun-2017 16:43
Send private message

@olim ah interesting. I did have some IPv6 issues the other day that were confirmed by BigPipe staff so wonder if they're related? I can see DNS appears to be up at home however I'm using dnsmasq on a raspberry pi instead of the ERL. If you do a dig from the ERL itself does it succeed?




3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 1802266 16-Jun-2017 17:08
Send private message

michaelmurfy: @olim ah interesting. I did have some IPv6 issues the other day that were confirmed by BigPipe staff so wonder if they're related? I can see DNS appears to be up at home however I'm using dnsmasq on a raspberry pi instead of the ERL. If you do a dig from the ERL itself does it succeed?

 

Good point, I probably won't be running DNS forwarding off the router forever, and it can be fixed by using alternate servers anyway.

 

Dig fails using Bigpipe servers, succeeds using OpenDNS

 

 

dig @2403:9800:c041:1000::a www.geekzone.co.nz AAAA

 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @2403:9800:c041:1000::a www.geekzone.co.nz AAAA
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

 

 

 

dig @2620:0:ccc::2 www.geekzone.co.nz AAAA

 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @2620:0:ccc::2 www.geekzone.co.nz AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56654
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

 

;; QUESTION SECTION:
;www.geekzone.co.nz.            IN      AAAA

 

;; ANSWER SECTION:
www.geekzone.co.nz.     300     IN      AAAA    2400:cb00:2048:1::6818:30e
www.geekzone.co.nz.     300     IN      AAAA    2400:cb00:2048:1::6818:20e

 

;; Query time: 53 msec
;; SERVER: 2620:0:ccc::2#53(2620:0:ccc::2)
;; WHEN: Fri Jun 16 17:02:21 2017
;; MSG SIZE  rcvd: 92

 


111 posts

Master Geek
+1 received by user: 34


Reply # 1802624 17-Jun-2017 15:48
Send private message

Interesting that you say that you've had trouble with the BigPipe IPv6 DNS servers not responding.  I'm using a boring old HG659 and I've noticed issues with them too recently. 

 

I've now updated the IPv6 DHCP settings to use OpenDNS and it seems to be better... but I don't like that as a long term solution.

 

Anyone else noticed this? @IPv6pipe are you aware of anything?

 

Cameron


97 posts

Master Geek
+1 received by user: 49

Trusted
BigPipe

  Reply # 1803181 19-Jun-2017 08:32
Send private message

Not aware of any trouble with our v6 DNS servers, no. The relevant questions have been asked of the relevant people, and will reply when I get more info.


7 posts

Wannabe Geek


Reply # 1805467 23-Jun-2017 06:07
Send private message

Thanks @hashbrown, I'm still very new and am learning a lot about ipv6 and Mikrotik. I have followed your advice but still having no global prefix assigned, only fe80 addresses found in address list. DHCPv6 request is stuck at "searching". I have also made sure that IPv6 is enabled on the PPPoE profile.

 

Click to see full size

 

I have also tried IPoE as suggested by IPv6Pipe, with worse results having with no packets received at all.

 

Click to see full size

 

There are no packets dropped on the firewall, so it shouldn't be the problem. I'm able to provide logs and other information/settings if needed.

 

I've tried to raise PPPoE MTU to 1500 and eth1 MTU to 1520 as it seems to fix problems, but it made no difference.

 

Just wondering, has this got something to do with my being in Hamilton? laughing i.e. different network hardware? -- I realize this is from an Orcon thread, but I don't know about Bigpipe's setup


Meow
7447 posts

Uber Geek
+1 received by user: 3586

Moderator
Trusted
Lifetime subscriber

  Reply # 1805474 23-Jun-2017 07:39
Send private message

@treblE87:

 

Ethernet at 1508 MTU
PPPoE at 1500 MTU (an overhead of 8 bytes)

 

IPoE (DHCP) needs to be enabled on your line manually by the BigPipe team.





97 posts

Master Geek
+1 received by user: 49

Trusted
BigPipe

  Reply # 1807374 27-Jun-2017 09:04
3 people support this post
Send private message

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.


911 posts

Ultimate Geek
+1 received by user: 402

Trusted
Subscriber

  Reply # 1807447 27-Jun-2017 10:42
Send private message

IPv6pipe:

 

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.

 

 

Just whatever you do, don't get water on it!

 

 

 

I like the fact that, due to the context, this may be the most reasonable silly advice I have ever given :D






97 posts

Master Geek
+1 received by user: 49

Trusted
BigPipe

  Reply # 1807489 27-Jun-2017 11:08
One person supports this post
Send private message

Brumfondl:

 

Just whatever you do, don't get water on it!

 

 

 

 

I've been inside the data centre and seen the core routers. They were physically much bigger than I was expecting, but the racket their fans produce was on par with expectations.

 

I wasn't allowed to bring my water bottle through the security door and had to leave it with the guard. I don't think there's any danger of water being added into the mix. ;)


571 posts

Ultimate Geek
+1 received by user: 74

Trusted
Lifetime subscriber

  Reply # 1807861 27-Jun-2017 19:27
Send private message

IPv6pipe:

 

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.

 

 

That may be why I could not get IPv6 working since moved to UFB a few weeks ago.  Despite trying three different routers!  =-P


73 posts

Master Geek
+1 received by user: 11


  Reply # 1807949 27-Jun-2017 22:29
Send private message

IPv6pipe:

 

Some of you may have noticed that if your connection drops for whatever reason (router reboot, weather event, DLM, etc), when you reconnect you may no longer obtain v6 from us, or that even after you've had it enabled you can't get it working.

 

We've identified the source - it looks as though a gremlin has moved in to one of our core routers in the process of software upgrades. The network team are investigating to find and banish the gremlin at the moment, but we don't yet have an ETA at this stage.

 

I'll update the thread when the gremlin has been evicted. Sorry for any inconvenience that may have been caused.

 

 

Was wondering why my Fritz Box, previously working flawlessly for IPv6, is now only getting IPv4 and I came here to ask if others were having the same issue.

 

Thanks for the heads-up, hope it's resolved quickly.


392 posts

Ultimate Geek
+1 received by user: 130


  Reply # 1812349 4-Jul-2017 08:49
Send private message

There appear to be some connectivity issues with Bigpipe this morning. I am unable to connect to any sites on Akamai CDN. Is this related to the IPv6 beta, or a more general issue?

 

I am able to connect through proxy connections, including an Auckland-based proxy.

 

Note, I'm not currently using IPv6 due to compatibility issues with pfSense.


1 | ... | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.