Odd ipv6 ping results.
-
Ok, So i have some sites I host which are dual stack.
First of all, Pings from my pfsense to one of the sites:
IPV4:
Ping output: PING tandyuk.com (109.169.6.99): 56 data bytes 64 bytes from 109.169.6.99: icmp_seq=0 ttl=52 time=8.646 ms 64 bytes from 109.169.6.99: icmp_seq=1 ttl=52 time=8.736 ms 64 bytes from 109.169.6.99: icmp_seq=2 ttl=52 time=9.161 ms --- tandyuk.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.646/8.848/9.161/0.225 msIPV6:
Ping output: PING6(56=40+8+8 bytes) 2001:4d48:ad00:532f:21c:25ff:fe4d:f77d --> 2001:1b40:5000:22:1::85 16 bytes from 2001:1b40:5000:22:1::85, icmp_seq=0 hlim=55 time=9.124 ms 16 bytes from 2001:1b40:5000:22:1::85, icmp_seq=1 hlim=55 time=8.418 ms 16 bytes from 2001:1b40:5000:22:1::85, icmp_seq=2 hlim=55 time=9.405 ms --- tandyuk.com ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 8.418/8.982/9.405/0.415 msSo roughly the same times for ipv4 and v6 pinging from the pfsense.
Now the same test from a windows 8.1 machine behind the pfsense:
IPv4:
C:\WINDOWS\system32>ping -4 tandyuk.com Pinging tandyuk.com [109.169.6.99] with 32 bytes of data: Reply from 109.169.6.99: bytes=32 time=13ms TTL=51 Reply from 109.169.6.99: bytes=32 time=12ms TTL=51 Reply from 109.169.6.99: bytes=32 time=13ms TTL=51 Reply from 109.169.6.99: bytes=32 time=18ms TTL=51 Ping statistics for 109.169.6.99: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 18ms, Average = 14msIPv6:
C:\WINDOWS\system32>ping -6 tandyuk.com Pinging tandyuk.com [2001:1b40:5000:22:1::85] with 32 bytes of data: Reply from 2001:1b40:5000:22:1::85: time=1ms Reply from 2001:1b40:5000:22:1::85: time=1ms Reply from 2001:1b40:5000:22:1::85: time=1ms Reply from 2001:1b40:5000:22:1::85: time=2ms Ping statistics for 2001:1b40:5000:22:1::85: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 2ms, Average = 1msNow suddenly ipv6 claims to has 1ms ping to my remote system.
A traceroute is even stranger….
IPv4:
C:\WINDOWS\system32>tracert -4 tandyuk.com Tracing route to tandyuk.com [109.169.6.99] over a maximum of 30 hops: 1 2 ms 1 ms 1 ms pfsense.office.tandyukservers.co.uk [192.168.65.1] 2 9 ms 9 ms 10 ms lns16.the.dsl.enta.net [188.39.0.22] 3 13 ms 13 ms 12 ms gi1-6.the.dist.dsl.enta.net [188.39.0.21] 4 12 ms 12 ms 11 ms te2-2.telehouse-east3.dsl.enta.net [78.33.141.81] 5 15 ms 13 ms 15 ms te5-6.telehouse-east2.core.enta.net [62.249.192.125] 6 11 ms 9 ms 9 ms te4-4.telehouse-east.core.enta.net [188.39.127.75] 7 10 ms 10 ms 9 ms te8-4.core1.thn.as20860.net [195.66.224.207] 8 12 ms 14 ms 13 ms 593.net1.north.dc5.as20860.net [62.233.127.174] 9 12 ms 12 ms 20 ms 87.117.211.50 10 21 ms 13 ms 10 ms tandyuk.com [109.169.6.99] Trace complete.All normal so far, but now for IPv6:
C:\WINDOWS\system32>tracert -6 tandyuk.com Tracing route to tandyuk.com [2001:1b40:5000:22:1::85] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:4d48:ad53:2f00:1:: Trace complete.So ipv6, gets 1 response from the pfsense, and thinks it reached its destination.
This issue causes major issues if the ipv6 gateway is down (or the pfsense thinks it is), as ALL ipv6 pings come back ok, even though the packet cant get past the pfsense.
The result is browsers etc just sitting there trying to connect via v6, but not getting the proper host/network unreachable response from the pfsense.Any clues why this is happening and how I can get ipv6 ping/traceroutes to work properly.