Re: Losing IPv6 connectivity after 20min, why?
Hi Olaf,
Depending on whether you need the link-local on the other interface
(e.g. eth1), you could try a couple of things:
* remove that address from the interface (which also removes the
fe80::/64 route on that interface)
* remove the fe80::/64 route on eth1 (although the OS might add it
again at some point)
Either of those could mean that stuff like neighbour discovery
probably fails, but I guess you have to check that in your specific
situation.
Could you post the (relevant) output of `ip -6 route` and `ip -6 addr`
during the 20 minutes of 'working' IPv6 (i.e. with 2 fe80::/64 routes
and whether there are temporary addresses assigned to eth0 and eth1)?
Could you also check whether privacy extensions are enabled on eth0
and eth1 (/proc/sys/net/ipv6/conf/*/use_tempaddr)? I have a hunch that
this might explain the 20 minutes lifetime.
~ Gerdriaan
On 19 September 2016 at 12:55, Olaf Schreck <chakl@syscall.de> wrote:
> I have configured a Debian 7 server for IPv6 (in addition to IPv4).
> I can ping6 www.google.com and other addresses, fine. BUT the server
> reproducibly looses IPv6 connectivity after roughly 20min, and I can't
> figure why this happens. Clues anyone?
>
> My hoster (Hetzner) routes the 2a01:4f8:191:XXXX:/64 network to the
> server. Following their instructions, I assign a static address from that
> block and set the default route to fe80::1, either manually
> ip -6 addr add 2a01:4f8:191:XXXX::5/64 dev eth0
> ip -6 route add default via fe80::1 dev eth0
>
> or in /etc/network/interfaces like this
> iface eth0 inet6 static
> address 2a01:4f8:191:XXXX::5
> netmask 64
> gateway fe80::1
>
> This works, I can ping6. But it reproducible stops working after 20min,
> confirmed using this command
> while true; do date; ping6 -c3 -w5 www.google.com; sleep 10; done
>
> I'm sure it's not Google rate-limiting my pings, I get the same results with
> various IPv6 addresses that I'm authorized to ping.
>
> To restore IPv4 connectivity (IPv4 still working), I can either reboot or
> re-add the default route with these commands (order is important):
> ip -6 route del default
> ip -6 route del fe80::1 dev eth0
> ip -6 route add fe80::1 dev eth0
> ip -6 route add default via fe80::1 dev eth0
>
> Which will give another 20min of IPv6. 100% reproducible. And it's just the
> routing that needs to be fixed.
>
> I have exluded:
> - no router advertisements used by the hoster, no such packets seen with
> tcpdump, server is not configured to accept RAs
> - no ip6tables rules, and default ACCEPT everywhere
> - no cronjob or other periodical script that could be responsible
> - no "security software" or similar that would interfere
>
> Important data point: This server has 2 ethernet interfaces, so there are
> 2 link-local fe80::/64 routes to eth0 and eth1. I was suspicious that the
> problem might be related, so I disabled IPv6 on the second interface
> completely with with sysctl net.ipv6.conf.eth1.disable_ipv6 = 1.
>
> And that resulted in stable and flawless IPv6 connectivity!
>
> While this workaround is ok for this server, I have another one that shows
> the same symptoms. But for that server I need IPv6 on the other interfaces,
> so the workaround does not apply.
>
> I'd rather like to learn why this happens, or what config part I may be
> missing. Clues or further debugging hints very welcome. Thanks!
>
> Olaf
>
Reply to: