Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

CentOS 7 Router and IPv6
New on LowEndTalk? Please Register and read our Community Rules.

CentOS 7 Router and IPv6

LittleCreekLittleCreek Member, Patron Provider

I use a CentOS machine as my router at the data center. Its doesn't do any NAT. It just routes my public ips. The DC routes my blocks of ips to the WAN interface and the router passes them through to the LAN interface. All has been going well for many years using IPv4.

I recently was given a block of IPv6 addresses and I set up the same router very similarly. I can ping ipv6 on the outside from the router. I can ping ipv6 on the inside from the router. I can ping ipv6 on router from the inside.

However when I try to ping the outside from the inside it pings either 5 or 6 times and then pauses for 27 seconds. It does this over and over again. I have tried it from different machines on the inside and they all ping and pause at the exact same time. And it always pings 5 or 6 times and pauses for 27 seconds.

I have run tcpdump on the router to watch for the traffic. When I run it against the LAN interface I continually see the ping traffic trying to get through. When I run tcpdump on the WAN interface I only see the ping traffic get through when there is successful pings.

Its not just pings. I tried using wget to retrieve a ipv6 web site and same thing happens. Sometimes its successful immediately and sometimes it has to wait until the router allows it.

So something on the router is blocking ipv6 traffic for 27 seconds at a time. I have no idea what that could be. I don't think I have anything special running on it. I have turned off everything I could think of. I turned off the firewall just to check.

I do have in /etc/sysctl.conf and reloaded it:

Is there a problem with routing ipv4 and ipv6 at the same time? Any help would be appreciated.


  • brueggusbrueggus Member, IPv6 Advocate

    I used to do the same some time ago and spent quite some time on try and error.

    Few thoughts on this:

    The DC routes my blocks of ips to the WAN interface and the router passes them through to the LAN interface.

    Are you sure they're routing the whole block? Otherwise you'd need to mess around with IPv6 neighbor discovery.

    Are you using plain ip6tables to do the routing or are you using something like Quagga?

  • LittleCreekLittleCreek Member, Patron Provider

    Not using iptables or ipv6tables at all. Never been needed for ipv4. These are all public ips. Its been working fine for years on ipv4. Even after adding ipv6 the ipv4 addresses still work fine. Its only the ipv6 that hits a wall every few seconds that last for 27 seconds. The only thing that was needed for ipv4 was net.ipv4.ip_forward=1. I think iptables is needed for NAT only.

    The WAN interface has a single DC ipv4 and has a default gateway to the DC's equipment. The LAN has one of my public ip's that acts as the gateway for my servers on the inside. Works perfectly.

    I added net.ipv6.conf.all.forwarding=1. The DC gave me an ipv6 to add to the WAN interface and they route the ipv6 block to that ip. I added one of my ipv6 ips that the DC gave me to the LAN interface to act as the gateway for the servers on the inside. Again just like I did with ipv4.

    From the router pinging ipv6 to outside and inside work fine. From inside pinging ipv6 on both LAN and WAN works fine. But pinging from the inside to the outside through the router I hit a 27 second block.

    They said "2600:xxxx:xxxx:3::/64 has been routed to 2600:xxxx:xxxx:1::4"

    2600:xxxx:xxxx:1::4 is on my WAN interface. I can use 2600:xxxx:xxxx:3::/64 on the inside. I set up 2600:xxxx:xxxx:3::1/64 on the WAN Both work fine from the outside. But getting to the inside works 6 times and then is blocked for 27 seconds.

  • LittleCreekLittleCreek Member, Patron Provider

    @LittleCreek said:
    But getting to the inside works 6 times and then is blocked for 27 seconds.

    I meant getting to the outside from the inside. But really getting to the inside from the outside is the same. But from the router itself is fine. It seems that only when its forwarding is there a problem.

  • LittleCreekLittleCreek Member, Patron Provider

    I set up a test environment at home and everything worked as expected so I just need to replace the router because something is not right with it. I would have like to have solved the problem (I love solving problems) but I some point I have to move on.

  • are sure you don't have RADVD or autoconfiguration/ND causing some kind of overriding route taking down it?

Sign In or Register to comment.