ipv6 - dest net unreachable

[Guest]

I'm new to ipv6 but fairly good with v4. I have a home network and the v4
addresses can ping each other. I enabled v6 on the machines (one 2003 and one
XP). I see the addresses shown in netsh interface ipv6 show addresses and
attempt to ping the address. I get "Destination net unreachable" although
they are on the same subnet (v4 subnet that is).
The v4 addresses are 192.168.1.106 and 192.168.1.108. There are several v6
addresses listed on both machines but I am attempting with the "automatic
tunneling pseudo-interface"s fe80::5efe:192.168.1.108 and
fe80::5efe:192.168.1.106

Any help appreciated.

 

[Ron Lowe]

I'm new to ipv6 but fairly good with v4. I have a home network and the v4
addresses can ping each other. I enabled v6 on the machines (one 2003 and
one
XP). I see the addresses shown in netsh interface ipv6 show addresses and
attempt to ping the address. I get "Destination net unreachable" although
they are on the same subnet (v4 subnet that is).
The v4 addresses are 192.168.1.106 and 192.168.1.108. There are several v6
addresses listed on both machines but I am attempting with the "automatic
tunneling pseudo-interface"s fe80::5efe:192.168.1.108 and
fe80::5efe:192.168.1.106

Any help appreciated.

You are embarking on a bit of an adventure!
You need a book, like 'Understanding IPv6' by Joseph Davies.
And it's not very light reading

A good place to start experimenting with this stuff would be:
Setting up an IPv6 test lab:
http://www.microsoft.com/resources/...ard/proddocs/en-us/sag_IP_v6_imp_lab_node.asp

Look in the tree to the left of this page, there's a bunch of good reading.

First off, you do not have any IPv6 connectivity to the outside world,
and you will struggle to since you are behind NAT.
Read about Teredo NAT traversal.

Within your local LAN, IPv6 will work fine.
You need to read up on IPv6 address scope.

fe80 addresses are link-local, and so are only vaid on one particular
interface.
So if you want to ping a link-local address, you need to specify which link
it's on.

Look at the output of 'netsh interface ipv6 show address'.
You will see each interface has a name and an index number.
For example, on my machine, I have these addresses on my LAN connection:

Interface 4: Local Area Connection

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Temporary Preferred 6d19h48m32s 19h45m45s
2001:8b0:b7:1:c126:3bbb:29fd:301e
Public Preferred infinite infinite
2001:8b0:b7:1:202:b3ff:fe2a:70c0
Link Preferred infinite infinite fe80::202:b3ff:fe2a:70c0

As you see, I have public IPv6 addresses auto-configured from my IPv6
router.
But I also have an auto-configured fe80:: link-local address.

Now, here's me pinging another machine using link-local addresses:

C:\Documents and Settings\Ron.HOMENET>ping fe80::2a0:c9ff:fe1c:7391

Pinging fe80::2a0:c9ff:fe1c:7391 with 32 bytes of data:

Destination net unreachable.
[snip]

But now I specify the Interface Number, 4 in this case:

C:\Documents and Settings\Ron.HOMENET>ping fe80::2a0:c9ff:fe1c:7391%4

Pinging fe80::2a0:c9ff:fe1c:7391%4 with 32 bytes of data:

Reply from fe80::2a0:c9ff:fe1c:7391%4: time<1ms
[snip]

So to use a link-local address, you need to specify which link it's local
to.

 

[Guest]

Thank you Ron, this was quiet help but I have a few more questions (while I
embark on all this learning).

First, I am only interested in getting the ipv6 working on my subnet so
outside connections is something I don't need to worry about currently
(thankfully).

I discovered the index setting after I append yesterday. Both machines have
the addresses on index 2; when I ping from the XP to the 2003 using the %2 at
the end, it works. However, when I ping from the 2003 to the XP using the it
fails. I have a sniffer on the 2003 and it shows the ping going out but no
reply. Both machines are on the same switch.

A bigger concern that I have:
I have a java application (1.4.2) that I would like to get working. It opens
a socket and I get errors trying to open the socket using IPv6. It does not
like the %2 passed in as an address and tells me it is not valid. When I try
without the %2, it tells me the address is not local on the machine or the
remote port is not open. (I am currently trying it on the local machine but
would eventually like to get this to work on the remote machine). This java
application works on Linux with ipv6.

I will continue to read/learn on this subject but any help is appreciated.

 

[Ron Lowe]

Thank you Ron, this was quiet help but I have a few more questions (while
I
embark on all this learning).

First, I am only interested in getting the ipv6 working on my subnet so
outside connections is something I don't need to worry about currently
(thankfully).

I discovered the index setting after I append yesterday. Both machines
have
the addresses on index 2; when I ping from the XP to the 2003 using the %2
at
the end, it works. However, when I ping from the 2003 to the XP using the
it
fails. I have a sniffer on the 2003 and it shows the ping going out but no
reply. Both machines are on the same switch.

A bigger concern that I have:
I have a java application (1.4.2) that I would like to get working. It
opens
a socket and I get errors trying to open the socket using IPv6. It does
not
like the %2 passed in as an address and tells me it is not valid. When I
try
without the %2, it tells me the address is not local on the machine or the
remote port is not open. (I am currently trying it on the local machine
but
would eventually like to get this to work on the remote machine). This
java
application works on Linux with ipv6.

I will continue to read/learn on this subject but any help is appreciated.

Easiest way to get this working is to use Site Local addresses.

On the server machine, go to netsh | interface | ipv6.
Do a 'show address' and get the interface index of the LAN.
On my server, it's 4.

Enter this at the ipv6> prompt:

add route fec0:0:0:1::/64 4 pub=yes

(Replace the 4 with your interface index for the LAN.)
This makes the server machine advertise the site-local fec0:0:0:1/64 prefix.

Now do a 'show address' on the server.
It will have given itself a fec0:0:0:1 address.
A 'show route' will show a route to the fec0 via interface 4.

On the XP client, do a 'show address' too.
It will have picked up the router announcements and
given itself a fec0 address too.
Try a 'show route' on the XP client too.

Now, ping the server by it's fec0::1: address.

You can now ping without usnig interface identifiers (%4 etc. )

The most likely reason you can't ping the other way
( from the server toXP) is the windows firewall settings on XP.

If the XP box is SP2, the firewall settings ase shared with theIPv4 firewall
in the GUI.
Enable ICMP echo requests.

If it's pre-SP2, then you need to use the netsh command to configure the
firewall to permit IPv6 pings.

 

[Ron Lowe]

Oh, and I forgot:

On the server, before adding the route, you need to set the
interface to make the advertisements.

At the ipv6> prompt, do this:

set interface 4 advertise=enabled

Where 4 is the LAN interface index.
( Use the Interface Index for your LAN interface. )

Then add the fec0:0:0:1::/64 route as I showed.

PS: You will get bored of typing IPv6 addresses real fast.
Either set up the DNS server on the 2003 server, or else use the HOSTS file.
I think both XP and 2k3 support AAAA entries in HOSTS.

 

[Guest]

Thank you again. My problem with the pings was the firewall setting on the XP
box.

I have having problems getting the site local address(es) to work.
On the server machine, I issue the "add route" but I don't see an additional
address added. When I look at the XP box, it also doesn't show a new address.

Although long, I'm appending my cmd history is hopes that my error will
stand out:

netsh interface ipv6>show address
Querying active state...


Interface 6: AGN Virtual Network Adapter

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Preferred infinite infinite fe80::200:ff:fe00:1

Interface 4: Local Area Connection 2

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Duplicate infinite infinite fe80::20d:60ff:fe7e:246a

Interface 2: Automatic Tunneling Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Preferred infinite infinite fe80::5efe:192.168.1.102

Interface 1: Loopback Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Loopback Preferred infinite infinite ::1
Link Preferred infinite infinite fe80::1

netsh interface ipv6>add route fec0:0:0:1::/64 pub-yes
Element not found.

netsh interface ipv6>add route fec0:0:0:1::/64 2 pub=yes
Ok.

netsh interface ipv6>show address
Querying active state...


Interface 6: AGN Virtual Network Adapter

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Preferred infinite infinite fe80::200:ff:fe00:1

Interface 4: Local Area Connection 2

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Duplicate infinite infinite fe80::20d:60ff:fe7e:246a

Interface 2: Automatic Tunneling Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Link Preferred infinite infinite fe80::5efe:192.168.1.102

Interface 1: Loopback Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Loopback Preferred infinite infinite ::1
Link Preferred infinite infinite fe80::1

netsh interface ipv6>

 

[Ron Lowe]

Thank you again. My problem with the pings was the firewall setting on the
XP
box.

I have having problems getting the site local address(es) to work.
On the server machine, I issue the "add route" but I don't see an
additional
address added. When I look at the XP box, it also doesn't show a new
address.

Yes, sorry, I forgot to set the interface to advertise the route.

Without the prefix advertisements, the machines won't
pick up the prefix and assign themselves an adderss.

I'm testing on my LAN which is already fully IPv6 routed.
So I don't see the exact same behaviour as you do.

 

[Ron Lowe]

Interface 4: Local Area Connection 2

Interface 2: Automatic Tunneling Pseudo-Interface
netsh interface ipv6>add route fec0:0:0:1::/64 2 pub=yes
Ok.

You are adding the route to the wrong interface.
You need to add it to the LAN interface 4.

You are not dealing with tunneling.
You are using native IPv6 on the LAN.

Delete the wrong route with the route delete command.
( delete route fec0:0:0:1::/64 2 )

Add it to the correct interface:

set interface 4 advertise=enabled
add route fec0:0:0:1::/64 4 pub=yes

Do a show route and ensure the route is on the LAN interface.
Then do a show address and ensure the address is added.

 

[Guest]

First (and again) let me express my appreciation for you help. I am anxiously
waiting for the book you recommended to arrive and without your help I would
not be making any progress at all.

I was able to get the server to show the expected results. I enabled
advertising on interface 4; added a route to fec0:0:0:1::/64 on interface 4
and set it to publish; I showed the addresses and a new address was displayed.

I've added a few new machines to my subnet; I went to the original XP client
and did a show address but no new address was displayed. I went to the
non-server 2003 machine and also no new address was displayed. I might have
dug myself in deeper but I tried issuing the set advertise=enabled and add
routes on the client machines but it didn't add a fec0 address. I tried
issuing a ping to the new address on the server machine (from client
machines) and get "Invalid source route specified"

 

[Ron Lowe]

First (and again) let me express my appreciation for you help. I am
anxiously
waiting for the book you recommended to arrive and without your help I
would
not be making any progress at all.

I was able to get the server to show the expected results. I enabled
advertising on interface 4; added a route to fec0:0:0:1::/64 on interface
4
and set it to publish; I showed the addresses and a new address was
displayed.

I've added a few new machines to my subnet; I went to the original XP
client
and did a show address but no new address was displayed. I went to the
non-server 2003 machine and also no new address was displayed. I might
have
dug myself in deeper but I tried issuing the set advertise=enabled and add
routes on the client machines but it didn't add a fec0 address. I tried
issuing a ping to the new address on the server machine (from client
machines) and get "Invalid source route specified"

Well, it looks like the server is working properly if it's given
itself an address based on your route.

On the server , just make a few quick checks:

(The screen-dumps here are a little fabricated, because my IPv6
infrastructure
is a little more complex than yours, and I've tried to chop it down to what
you should see. )

Show Route should show a line saying

Publish Type Met Prefix Idx Gateway/Interface
Name
------- -------- ---- ------------------------ --- ---------------------
yes Manual 0 fec0:0:0:1::/64 4 Local Area Connection

Show Address should have a line like this:

Interface 4: Local Area Connection

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Public Preferred infinite infinite
fec0:0:0:1:202:b3ff:fe2a:70c0
Link Preferred infinite infinite fe80::202:b3ff:fe2a:70c0

Does this look OK?

One thing I didn't have you do was to enable forwarding on the LAN interface
of the server. Since we're not actually forwarding anything, I don't think
that's necessary, but it's possible the server needs forwarding enabled
before it considers itself a router.

At the IPv6 prompt: set interface 4 forw=enabled adv=enabled



I don't know what you've done on the clients.
I'd un-install IPv6 , reboot, and re-install it, to restore the defaults.

Now, on the XP client, it should do a router solicitation and pick up the
route.

If not, try disabling then re-enabling the LAN connection in the Network
Connections folder. That should force a round of router solicitation /
advertising.

Then the client should look a bit like this:
( I've snipped the other interfaces.)

netsh interface ipv6>show route
Querying active state...

Publish Type Met Prefix Idx Gateway/Interface
Name
------- -------- ---- ------------------------ --- ---------------------
no Autoconf 8 fec0:0:0:1::/64 4 Local Area Connection

netsh interface ipv6>show address
Querying active state...

Interface 4: Local Area Connection

Addr Type DAD State Valid Life Pref. Life Address
--------- ---------- ------------ ------------ -----------------------------
Public Preferred infinite infinite
fec0:0:0:1:202:b3ff:fe2a:70c0
Link Preferred infinite infinite fe80::202:b3ff:fe2a:70c0

 

[Guest]

Things are looking much better. It appars on the server machine I had two
active interfaces on the same subnet; I disabled one and things are much
better.

As this point, I have 3 2003 machines (I've taken the XP machines out of the
picture). Two of the 2003 machines are working perfectly. They can ping using
the fec0 addresses and route shows fec0 route.

However, the 3rd machine is a different story. I've
uninstalled/rebooted/reinstalled ipv6 on it. At this point, it is not picking
up the advertisement for the fec0 subnet and is not showing a fec0 address.
The only thing "odd" (other than the fact its not working) is that the
address on Interface 4 (LAN Conn 2) shows a DAD State of Duplicate. It only
lists this one address of type "Link" fe80::20d:60ff:fe7e:246a