Anyone else problems with he tunnel in chicago area

johnpoz · May 23, 2011, 4:06 PM

Was working this fine this morning, then bam went offline. Not sure what happened, looks like my wan IP might of renewed. But now can not get tunnel backup. Can not ping the he tunnel ipv6 endpoint, but can ping its ipv4 address.

My wan IP is the same, I have tried disabled and renable - very strange! HE shows chicago tunnel server UP.

try to ping the he endpoint ipv6 I get this
ping6: UDP connect: No route to host

edit: ok its back up.. but I had to change the mask to /64 vs the /128 that was in the gif interface and the local setting which matches up with the info from he tunnel details.

databeestje · May 23, 2011, 9:34 PM

I made more fixes on the tunnel with gateway front.

Hopefully the gateway survives now.

johnpoz · May 23, 2011, 9:39 PM

so can go back to /128 vs the /64 that was given he tunnel states to use, but ipv6 writeup says use /128 – which was working, but this morning after it died I changed it back to /64 like he states and bam it was online again.

jimp · May 23, 2011, 11:18 PM

It should work fine on /64 now, just like he.net's settings state.

After databeestje's latest fixes it works great when set that way. It really didn't need to be a /128 before but apparently due to the way the code was handling the interfaces/routes, that let it work. Now it works either way, but using the /64 is more intuitive since it matches up with he.net's settings.

databeestje · May 24, 2011, 5:51 AM

Do note that best practices argues to use a smaller network on the interconnect network between you and the ISP.

For example, it is commonly limited to a /120 which would be about 250 hosts, this reduces the impact of port scans and the neighbor table overflowing.

So yes, eventhough they define it to be a /64, they set the link scope smaller to prevent such particular issues. This is similar in spirit as the ARP table overflow that was previously possible on IPv4, and still is.

johnpoz · May 24, 2011, 5:57 AM

I did have it at /128 and was working great, then this morning it went poof! As soon as I changed it to /64 it was online.

So should I leave it at /64 or can I change back to /128 will it work that way and stable, or could it go poof again?

databeestje · May 24, 2011, 7:00 AM

Not really sure.

jimp · May 24, 2011, 12:10 PM

It works fine on either /64 or /128 for me now. Make sure to sync up with the current code before changing anything.