IPv6 only works after pinging the default gateway.

dexstar asked:

We now have 2013 and I thought it is long overdue to activate IPv6 on my server. But unfortunately, I ran in some problems. To be honest I only have litte experience with IPv6 So I hope you can help me with my “small” problem.

A small remark: The following addresses are obfuscated, it is not what I’ve used in my configs 😉

I am running a Debian squeeze (Debian 2.6.32-46) and I got a /64 IPv6 block from my provider: 2a01:4f8:a0:aaaa::/64

So I changed the /etc/network/interfaces file as follows (which is also the way my provider recommends it):

# Loopback device:
auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address   85.10.xxx.zz
  broadcast 85.10.xxx.yy
  gateway   85.10.xxx.1

iface eth0 inet6 static
  # Main IPv6 Address of the server
  address 2a01:4f8:a0:aaaa::2
  netmask 64
  gateway fe80::1

auto eth0:1
iface eth0:1 inet static
        address 85.10.xxxx.uu

# default route to access subnet
up route add -net 85.10.xxx.0 netmask gw 85.10.xxx.1 eth0

After a reboot (I am lazy and don’t wanted to add everyhthing using route or ip) my eth0 interface looks like this:

eth0      < first line removed >  
          inet addr:85.10.xxx.zz  Bcast:85.10.xxx.yy  Mask:
          inet6 addr: 2a01:4f8:a0:aaaa::2/64 Scope:Global
          inet6 addr: fe80::bbbb:cccc:dddd:eeee/64 Scope:Link <--- from MAC address
          RX packets:24133 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21712 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3464246 (3.3 MiB)  TX bytes:5776451 (5.5 MiB)
          Interrupt:25 Base address:0x2000 

and the routes ip -6 route look like this:

2a01:4f8:a0:aaaa::/64 dev eth0  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vboxnet0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::1 dev eth0  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295

Now, my problem is that my IPv6 isn’t working properly. If I try to ping an IPv6 address e.g. ping6 ipv6.google.com. I get: “Destination unreachable: Address unreachable”

Which looks like this in tcpdump -i eth0 ip6:

00:29:05.386500 IP6 2a01:4f8:a0:aaaa::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has fe80::1, length 32
00:29:05.390869 IP6 2a01:4f8:a0:bbbb::1 > 2a01:4f8:a0:aaaa::2: ICMP6, neighbor advertisement, tgt is fe80::1, length 32

2a01:4f8:a0:bbbb::1 is btw. listed as my gateway (at my provider’s online admin console).

I think, the reason for all this is the missing NDP entry / the missing MAC address of fe80::1. Because ip -6 neigh gives me:

fe80::1 dev eth0  router FAILED 

I think so because if I do: ping6 -I eth0 fe80::1 I get a proper echo reply and the desired mac address for my fe80::1 address as well as a perfectly working IPv6 stack:

$ip -6 neigh
fe80::1 dev eth0 lladdr ll:mm:nn:oo:pp:qq router REACHABLE

Here is also again the dump from tcpdump -i eth0 ip6:

00:30:37.555702 IP6 fe80::bbbb:cccc:dddd:eeee > fe80::1: ICMP6, echo request, seq 1, length 64
00:30:37.560219 IP6 fe80::1 > fe80::bbbb:cccc:dddd:eeee: ICMP6, echo reply, seq 1, length 64

(again: fe80::bbbb:cccc:dddd:eeee is my link-local address, derived from the MAC address)

From this point on, I can use IPv6: I can ping6 websites, I can connect to services using IPv6 or even connect to my server via ssh using IPv6.

So, what am I doing wrong here? I’ve spend a lot of time trying to find out how to “fix” this. I bet it can be solved using two commands. This is by the way the first time I am dealing with IPv6 on a server. So please forgive me for my inexperience. Btw. I also tried to alter some sysctl net.ipv6.* flags, but without success. If it is necessary for the solution, I can also post my configuration here.

Every hint is more than welcome!

Thank you very much in advance!

My answer:

Try using one of the actual addresses of the router as the default gateway, instead of fe80::1.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.