Mike Leber wrote:
We don't operate any 6to4 gateways.
This I suspected, and actually took as evidence based on the results from traceroutes.
However, what is likely happening is a random 6to4 gateway operator may have seen fit to rate limit or filter ICMP.
This may very well be true. I have nothing but love for he.net. However, the anycast nature of 6to4 does have it's issues. This was just a passing example that I noticed. Packets go through the network, but your network couldn't send ICMPv6 back. Actually not a concern for me, but I doubt it's the only 6to4 issue seen across the network.
To properly diagnose 6to4 problems you potentially need as many as 4 traceroutes, IPv6 traceroutes from the source and destination endpoints and a IPv4 traceroutes to the 6to4 gateway addresses from the source and destination endpoint. There a few other tips I'm forgetting at the moment, however if you send us email (to ipv6@he.net) we will make sure to research it thoroughly.
Will do. Not that I care, but might be something you'll want to check into anyways.
Because 6to4 gateways are *anycast* the gateways you use in any part of the world in any part of a specific network may be different.
This makes debugging it "interesting".
Definitely, and another reason I am heavily against 6to4 except in cases where it's absolutely necessary.
Jack, it seems you are saying traffic passes end to end just fine, you just don't get ICMP responses from some of the hops in the middle. Is this correct?
Correct, traceroute and ping find a void on the 2 routers I pass before I hit NTT's network in the test case I was doing. I haven't tested this in 1/2 a week, though.
If you would like, please send email to ipv6@he.net with the detail regarding what you are seeing with all of the endpoint information and the traceroutes and we will work from our side to see where the "interesting" 6to4 gateway is that is affecting your traceroute. We will probably also need you to have access to the destination side as well.
Will do. Be abit. The "interesting" part is primarily what it was mentioned. Though in another response I agreed that anyone using IPv6 from an end network should consider have 6to4 relays so as not to depend on someone else. In some cases, though, it's just not practical. FYI: Outside of testing, my link to he.net was to take what little 6to4 traffic I had on the network to non-6to4 addresses and give it a better chance. My nearest IPv4 anycast 6to4 was beyond horrid (major isolation). Heaviest traffic load appears to be p2p to teredo destinations. Jack