Weird dpinger and IPv6 issue?
-
Hiya,
Apologies if something like this has been bought up before but I had a little Google around and wasn't able to find anyone experiencing a similar issue to mine.
Recently FTTP became available to me here in the UK via a smaller alt net called CommunityFibre. I'm on the gig one package and pretty much getting my symmetrical gigabit internet no problems via pfSense. However since they also provide a /48 IPv6 address, I thought I'd delve into that a little bit.
Setup:
On my WAN interface I have DHCP6 enabled with the following options and am getting an IPv6 IP:
Problem: By default, the gateway seems to be picked up as a fe80 link local address by pfSense, although I can ping out via v6 from pfSense I've used Traceroute, identified the correct gateway address and have manually setup a v6 gateway and confirmed that I can still ping out. The issue I am experiencing is that dpinger shows that I get packet loss, no matter what monitor IP I use, it's the same whether it's Google, Cloudflare, or the Gateway itself however if I SSH into my pfSense box and run a ping6 I get no packet loss whatsoever.
Has anyone else experienced anything similar? The loss ranges from 2%-10% but as far as I can tell it's only dpinger which has this issue, pinging out from SSH on v6 works absolutely fine. I've tried to mess with the monitoring intervals on the gateway but no joy so far.
Would appreciate any input on this one. :)
Setup: I'm running pfSense 2.5.2 (amd64) on a ESXi host, also worth noting that IPv4 gateway is rock solid, no loss whatsoever.
VM setup: VMXNET3 NICs
6GB of RAM assigned with 8vCPUsThanks in advance!
-
@pfsensation said in Weird dpinger and IPv6 issue?:
By default, the gateway seems to be picked up as a fe80 link local address by pfSense
Entirely normal. Link local addresses are often used in routing to the next hop. In fact, you don't actually need a WAN address as it plays no part in routing to your network.
-
@jknott said in Weird dpinger and IPv6 issue?:
@pfsensation said in Weird dpinger and IPv6 issue?:
By default, the gateway seems to be picked up as a fe80 link local address by pfSense
Entirely normal. Link local addresses are often used in routing to the next hop. In fact, you don't actually need a WAN address as it plays no part in routing to your network.
Interesting, that's good to know that I don't need to have that manual gateway setup. That being said, any ideas on why dpinger maybe showing loss when ping6 via SSH doesn't?
-
No, I have never used dpinger.
-
@jknott said in Weird dpinger and IPv6 issue?:
No, I have never used dpinger.
Interesting, in that case what do you use for gateway monitoring?
-
Whatever is built into pfsense, but generally I don't worry about it. With only a single Internet connection, it doesn't do much other than marking the interface down. When I have a problem, I run a shell script on my Linux computer that pings the gateway and records the failures.
-
@jknott said in Weird dpinger and IPv6 issue?:
Whatever is built into pfsense
which is dpinger ;) heheh
-
@pfsensation said in Weird dpinger and IPv6 issue?:
if I SSH into my pfSense box and run a ping6 I get no packet loss whatsoever.
Are you pinging with zero size? Dpinger I do believe out of the box uses a zero sized ping.. Have you tried changing your dpinger to use something other than zero?
I finally noticed that my he tunnel monitor was showing some low packet loss.. Going back through the history, it had been doing it for months.. Yet I was not having any issues with ipv6 during testing, and ping tests, etc. I don't normally use ipv6 for normal stuff anyway, served up some ntp via the pool for it, etc.
I then changed the pop I was connected to and the dpinger has now gone back to zero packet loss. Now this is bit different than what your seeing..
It was getting worse over time - it was very odd.. Previously going back as much history as I have about 4 years.. Loss of pings were actual outages, etc.. See from the above graph..
I had been on the same pop for years and years and never seen such an issue - I could find no reports of anything wrong with that pop.. But I changed to another one which was only a couple of ms different in overall time and so far the ping loss has gone away. This is different than your issue for sure - I could understand the loss of pings If I was also seeing loss of pings on my ipv4 network since I run a tunnel.. I put it down to something wrong with that pop specific, or my path to the pop having issues.
But for your testing, I would run your manual pings with the zero to your Ipv6 gateway, or change your dpinger to not use zero sized pings and see if that changes your reported loss.
-
@johnpoz said in Weird dpinger and IPv6 issue?:
@pfsensation said in Weird dpinger and IPv6 issue?:
if I SSH into my pfSense box and run a ping6 I get no packet loss whatsoever.
Are you pinging with zero size? Dpinger I do believe out of the box uses a zero sized ping.. Have you tried changing your dpinger to use something other than zero?
But for your testing, I would run your manual pings with the zero to your Ipv6 gateway, or change your dpinger to not use zero sized pings and see if that changes your reported loss.
Hi John,
Thanks for the response. When you mention zero sized pings, do you mean the packet size?
I've tried pinging from SSH using -s to set the packet size to zero, but I get a warning saying that its an illegal value.
How would I go about running a manual ping with the size set as zero? To be honest I wasn't aware that was even a thing.
-
@pfsensation yeah is it really zero? hmmm
But just sniffing for the monitoring you can see
Maybe they changed it to 1? Because some stuff will not respond if zero.. I thought it use to be 0.. But looks like the default now is 1
I know it use to be zero - here is old thread where I have a screenshot and the default for sure use to be zero
-
@johnpoz said in Weird dpinger and IPv6 issue?:
@pfsensation yeah is it really zero? hmmm
But just sniffing for the monitoring you can see
Maybe they changed it to 1? Because some stuff will not respond if zero.. I thought it use to be 0.. But looks like the default now is 1
I know it use to be zero - here is old thread where I have a screenshot and the default for sure use to be zero
I've changed the payload from 1 to 10, that may have been the magic value. Not seeing anymore loss, will continue to monitor and report back as this could help someone else in the future.
That's still pretty weird though, so on IPv6 the gateway doesn't like a smaller payload?
-
@pfsensation yeah its really odd to be sure, I have seen in the past device not answering zero at all. Maybe that is why they changed it to 1? But intermittent not really sure, it could be they just get dropped if really small?
But it is a good test to do if your saying normal pings from your client not having loss, I believe normal ping size is like 32 bytes.. At least on windows, linux might be different but 32 is what I believe the standard default is.
Generally when using ping that you send 24/7/365 every half second or so - you would want to keep those with zero or very low data.. It does add up ;)
-
@johnpoz said in Weird dpinger and IPv6 issue?:
@pfsensation yeah its really odd to be sure, I have seen in the past device not answering zero at all. Maybe that is why they changed it to 1? But intermittent not really sure, it could be they just get dropped if really small?
But it is a good test to do if your saying normal pings from your client not having loss, I believe normal ping size is like 32 bytes.. At least on windows, linux might be different but 32 is what I believe the standard default is.
Generally when using ping that you send 24/7/365 every half second or so - you would want to keep those with zero or very low data.. It does add up ;)
Many thanks for the pointers and yep I figured, trying to keep the value as low as possible would be nice when it's running twice a second. With some trial and error I've figured out that a payload of 7 is the lowest amount that works without showing any loss. I'll stick to this as it now seems to be working perfectly.
Thanks again for your help John! Hopefully this thread can help others if they run into something similar in the future.
-
@pfsensation So that is pretty crazy, so if you use payload of 6 you show loss but if you change it to 7 you no reported loss? Very odd for sure..
-
@johnpoz said in Weird dpinger and IPv6 issue?:
@pfsensation So that is pretty crazy, so if you use payload of 6 you show loss but if you change it to 7 you no reported loss? Very odd for sure..
Yep, that's exactly it. Only thing I can think of is that this is some weird quirk in the ISPs network, but then how is it only affecting IPv6 ICMP traffic. Odd one for sure, it seems to be reporting no loss now.
-
@johnpoz said in Weird dpinger and IPv6 issue?:
which is dpinger ;) heheh
Well, as I said, I don't use it as I don't see the need with only a single Internet connection. It might be useful if it could do something beyond marking an interface down, such as call a script.
-
@jknott said in Weird dpinger and IPv6 issue?:
It might be useful
It is very useful - it monitors the response time to your gateway, and loss to your gateway - so simple easy health check... If your seeing 10% packet loss on your connection - could explain why your having issues, etc.
Easy way to show your ISP, look having problems starting here date and time, etc. See before when there was no issue..
Yes in general it main function could be to switch your connection to a backup link, etc. But just because you only have 1 connection doesn't mean it can not be useful information.
-
@jknott said in Weird dpinger and IPv6 issue?:
@johnpoz said in Weird dpinger and IPv6 issue?:
which is dpinger ;) heheh
Well, as I said, I don't use it as I don't see the need with only a single Internet connection. It might be useful if it could do something beyond marking an interface down, such as call a script.
You're probably using it whether you've noticed or not, dpinger by default is used by pfSense to monitor a gateway and see if its up. It's not just something for multiple connections. If you have the widget on the dashboard you can see the latency etc.
I personally got it monitoring my VPN links, Internet connection and now my IPv6 gateway, but that's all good. We all configure more/less on pfSense based on needs, that's what's amazing about it.
-
I just set it up. the IPv4 monitor address was straight forward, but on IPv6, I had to use the first GUA that traceroute showed, as the gateway link local address wouldn't work, even when I added the interface after the address. I can't even ping that address, so it may not be responding to pings. It also doesn't return an address with traceroute6.
-
@jknott said in Weird dpinger and IPv6 issue?:
I just set it up. the IPv4 monitor address was straight forward
There is nothing to setup to be honest - you would of had to purposely disable it, since out of the box it would monitor the gateway your wan interface has for IPv4.
As to IPv6, I would think it would of done the same thing.. Mine auto came up when I created the tunnel.. If that was link local that didn't answer ping, then it would of shown your gateway as offline and you would have to had to on purpose disable it if you want the gateway to come up, etc.
Since my gateway via the tunnel is a GUA address, I am not sure about what would happen with only a link-local address etc..
But out of the box monitoring comes up on its own.. And would either show offline or pending for your gateways, etc.