Depending on whether you need the link-local on the other interface
(e.g. eth1), you could try a couple of things:
* remove that address from the interface (which also removes the
fe80::/64 route on that interface)
* remove the fe80::/64 route on eth1 (although the OS might add it
again at some point)
Could you also check whether privacy extensions are enabled on eth0
and eth1 (/proc/sys/net/ipv6/conf/*/use_tempaddr)? I have a hunch that
this might explain the 20 minutes lifetime.
My hoster (Hetzner) routes the 2a01:4f8:191:XXXX:/64 network to the
server. Following their instructions, I assign a static address from that block and set the default route to fe80::1, either manually
ip -6 addr add 2a01:4f8:191:XXXX::5/64 dev eth0
ip -6 route add default via fe80::1 dev eth0
or in /etc/network/interfaces like this
iface eth0 inet6 static
address 2a01:4f8:191:XXXX::5
netmask 64
gateway fe80::1
This works, I can ping6. But it reproducible stops working after 20min, confirmed using this command
while true; do date; ping6 -c3 -w5 www.google.com; sleep 10; done
I'm sure it's not Google rate-limiting my pings, I get the same results with various IPv6 addresses that I'm authorized to ping.
To restore IPv4 connectivity (IPv4 still working), I can either reboot or re-add the default route with these commands (order is important):
ip -6 route del default
ip -6 route del fe80::1 dev eth0
ip -6 route add fe80::1 dev eth0
ip -6 route add default via fe80::1 dev eth0
Important data point: This server has 2 ethernet interfaces, so there are
2 link-local fe80::/64 routes to eth0 and eth1. I was suspicious that the problem might be related, so I disabled IPv6 on the second interface completely with with sysctl net.ipv6.conf.eth1.disable_ipv6 = 1.
And that resulted in stable and flawless IPv6 connectivity!
I have configured a Debian 7 server for IPv6 (in addition to IPv4).
I can ping6 www.google.com and other addresses, fine. BUT the server reproducibly looses IPv6 connectivity after roughly 20min, and I can't
figure why this happens. Clues anyone?
My hoster (Hetzner) routes the 2a01:4f8:191:XXXX:/64 network to the
server. Following their instructions, I assign a static address from that block and set the default route to fe80::1, either manually
ip -6 addr add 2a01:4f8:191:XXXX::5/64 dev eth0
ip -6 route add default via fe80::1 dev eth0
or in /etc/network/interfaces like this
iface eth0 inet6 static
address 2a01:4f8:191:XXXX::5
netmask 64
gateway fe80::1
This works, I can ping6. But it reproducible stops working after 20min, confirmed using this command
while true; do date; ping6 -c3 -w5 www.google.com; sleep 10; done
I'm sure it's not Google rate-limiting my pings, I get the same results with various IPv6 addresses that I'm authorized to ping.
To restore IPv4 connectivity (IPv4 still working), I can either reboot or re-add the default route with these commands (order is important):
ip -6 route del default
ip -6 route del fe80::1 dev eth0
ip -6 route add fe80::1 dev eth0
ip -6 route add default via fe80::1 dev eth0
Which will give another 20min of IPv6. 100% reproducible. And it's just the routing that needs to be fixed.
I have exluded:
- no router advertisements used by the hoster, no such packets seen with
tcpdump, server is not configured to accept RAs
- no ip6tables rules, and default ACCEPT everywhere
- no cronjob or other periodical script that could be responsible
- no "security software" or similar that would interfere
Important data point: This server has 2 ethernet interfaces, so there are
2 link-local fe80::/64 routes to eth0 and eth1. I was suspicious that the problem might be related, so I disabled IPv6 on the second interface completely with with sysctl net.ipv6.conf.eth1.disable_ipv6 = 1.
And that resulted in stable and flawless IPv6 connectivity!
While this workaround is ok for this server, I have another one that shows the same symptoms. But for that server I need IPv6 on the other interfaces, so the workaround does not apply.
I'd rather like to learn why this happens, or what config part I may be missing. Clues or further debugging hints very welcome. Thanks!
Olaf
Could you also check whether privacy extensions are enabled on eth0
and eth1 (/proc/sys/net/ipv6/conf/*/use_tempaddr)? I have a hunch that
this might explain the 20 minutes lifetime.
~ Gerdriaan
I have DEFINITELY run into that problem. To the point where I generally disable the privacy extension stuff to prevent it. A whole lot of equipment doesn't handle it right and breaks everything.
Check ip neigh output. Does the entry for your default gateway go
STALE after those 20 minutes?
Also check the lifetime of any SLAAC ip addresses given in ip addr
output.
Do you really need to meddle with the fe80::1 route?
Do you really
need an explicit route for fe80::1%eth0? Will it work without?
Does adding a route for 2000/3 via fe80::1 dev eth0 help,
or is it
really necessary to remove the default route and to re-add it?
No need, an fe80::/64 IP address is only valid when an interface is[...]
added:
Is the other interface connected? eth1 should not play a role here at
all.
As someone else asked, showing us the output of 'ip -6 a' and 'ip -6
r' could be helpful.
I had no plans to fiddle with link-local addresses, and of course eth1 settings should not matter. I just disabled IPv6 on eth1 for debugging,
and suddenly IPv6 worked >20min. Maybe coincidence rather than causality.
I'd like to learn what's going on here, thanks for your comments.
As someone else asked, showing us the output of 'ip -6 a' and 'ip -6
r' could be helpful.
Ok, sorry. I don't see anything special here:
# ip -6 ro
2a01:4f8:191:XXXX::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev vif1.0 proto kernel metric 256
fe80::/64 dev vif2.0 proto kernel metric 256
fe80::/64 dev vif3.0 proto kernel metric 256
fe80::/64 dev vif4.0 proto kernel metric 256
default via fe80::1 dev eth0 metric 1024
# ip -6 ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2a01:4f8:191:XXXX::4/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5246:5dff:fe9f:f752/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 fe80::6a05:caff:fe18:596/64 scope link
valid_lft forever preferred_lft forever
4: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
5: vif2.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
6: vif3.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
7: vif4.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 32
inet6 fe80::fcff:ffff:feff:ffff/64 scope link
valid_lft forever preferred_lft forever
Check ip neigh output. Does the entry for your default gateway go
STALE after those 20 minutes?
Yes, exactly:
# ip -6 nei
fe80::1 dev eth0 lladdr 0c:86:10:ed:31:ca router STALE
Do you really need to meddle with the fe80::1 route?
I had no plans to do so. I just learned during debugging that this would reestablish IPv6 connectivity without reboot.
Do you really
need an explicit route for fe80::1%eth0? Will it work without?
My hosters docs (Hetzner) recommend that. They don't specify an IPv6
default gateway.
or is it
really necessary to remove the default route and to re-add it?
yep, connectivity is back
No need, an fe80::/64 IP address is only valid when an interface is[...]
added:
Is the other interface connected? eth1 should not play a role here at
all.
I had no plans to fiddle with link-local addresses, and of course eth1 settings should not matter. I just disabled IPv6 on eth1 for debugging,
and suddenly IPv6 worked >20min. Maybe coincidence rather than causality.
I'd like to learn what's going on here,
thanks for your comments.
"We didn't change anything". Yeah, sure.
Olaf
Hello Olaf,
I've run at the exactly same issue, but delay on my end is around ~1 min.
I'm also on fresh/brand-new Hetzner root server, no changes applied, ipv6 wasn't working from the beginning.
Also for some weird reason fe80::1missing lladdr (MAC) in neighbour:
# ip neigh
fe80::1 dev eth0 FAILED
176.9.XX.XX dev eth0 lladdr 00:31:XX:XX:XX:XX REACHABLE
Anyways could you tell - have you solved this issue? If so, how?
Sincerely.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 62:09:24 |
Calls: | 6,654 |
Files: | 12,200 |
Messages: | 5,331,623 |