[AusNOG] Can't bring up 6in4 tunnel (IPv6) because public IP changing on Optus ADSL

Ben Hohnke settra+ausnog at gmail.com
Tue Feb 2 13:29:57 EST 2016


It sounds like when the tunnel comes up, all outbound traffic tries to go
over the tunnel interface instead of the ADSL interface, which causes the
PPP session to drop, and re-establish, causing your IP address to change.

Ben

On Tue, Feb 2, 2016 at 1:09 PM Goran Aleksic <goran.aleksic at gmail.com>
wrote:

> Hi Mark and others
>
> thanks for your helpful comments and recommendations.
>
> I'll try to explain better. The issue here is that my public IP changes as
> soon as I attempt to establish the 6in4 tunnel.
> The worry is that my WAN IP change is triggered by the tunnel somehow.
> Before, my public IP wouldn't change for days.
>
> If I get the dynamic IP update to work, I'm not addressing the actual
> cause of the problem, but soothing the symptoms.
>
> In other words, being able to automatically update my public IP, it's just
> quicker reaction to the public IP re-assignment. Problem is to understand
> as to why it's happening at all?
>
> Yes, it would be nice to be able to dynamically update the tunnel settings
> on HE end, but for proof of concept, I can manually change my public IP in
> both configs.
> Also, if I react to IP change quicker, maybe Optus systems will start
> racing with it (ping-pong) and may cause further problems...
>
> Rebooting the modem/router, for instance, would trigger the public IP
> change.
> What else might?
>
> Cheers,
>
> Goran
>
>
>
>
> On 2 February 2016 at 11:57, Mark Andrews <marka at isc.org> wrote:
>
>>
>> And https://forums.he.net/index.php?topic=1994.0
>>
>> Mark Andrews writes:
>> >
>> > https://forums.he.net/index.php?topic=3153.0
>> >
>> > In message <CAJ0TvN+JKsqML4_=
>> bQD+HBR2GngBkse8kbP_sSAEDZSPG6WXpQ at mail.gmail.com>, Goran Aleksic writes:
>> > > --001a1140f54ed8af8f052abe277f
>> > > Content-Type: text/plain; charset=UTF-8
>> > >
>> > > Hi Mark,
>> > >
>> > > thanks for sharing that. If you could share relevant config as well,
>> that
>> > > would be great.
>> > >
>> > > Cheers,
>> > >
>> > > Goran
>> > >
>> > >
>> > > On 2 February 2016 at 09:57, Mark Andrews <marka at isc.org> wrote:
>> > >
>> > > >
>> > > > In message <CAFDgZgVft=
>>
>
>> > > > pJTHhLzEn+AhQQFbUgEjup-5CHK4zqxrKysTyz0w at mail.gmail.com>, Tom
>> Storey
>> > > > writes:
>> > > > > Is the PPP session dropping by any chance? I think I had something
>> > > > > like this a year or two ago and it turned out to be a buggy JunOS
>> > > > > version, I had to roll back to a previous version.
>> > > > >
>> > > > > I have successfully brought up a he.net tunnel with an SRX110,
>> so its
>> > > > > definitely possible and there should be no unexpected behaviour
>> when
>> > > > > everything is running fine.
>> > > >
>> > > > Additionally HE is setup to authenicate and reconfigure the tunnel
>> > > > using the observed IPv4 address so this will work through NAT from
>> > > > a DMZ host so you don't need to know know your public IPv4 address.
>> > > >
>> > > > I've configured HE tunnels to use RFC 1918 address locally and as
>> > > > long as the packets goes through the NAT both ways it works.
>> > > >
>> > > > Obviously it is better if you only reconfigure on a renumber event
>> > > > but you could just re-authenticate every 15 minutes from cron.
>> > > >
>> > > > Mark
>> > > >
>> > > > > On 1 February 2016 at 06:05, Goran Aleksic <
>> goran.aleksic at gmail.com>
>> > > > > wrote:
>> > > > > > HI all,
>> > > > > >
>> > > > > > I've got Optus ADSL and dynamic public IP.
>> > > > > > Needed 6-in-4 tunnel (IPv6 encapsulated into IPv4 tunnel),
>> tried using
>> > > > > > Hurricane Electric IPv6 provider, as I saw positive reviews.
>> > > > > > I got Juniper SRX 110 modem and have implemented configuration
>> as
>> > > > > stated on
>> > > > > >
>> > > > >
>> > > >
>> http://forums.juniper.net/t5/SRX-Services-Gateway/HE-IPv6-tunnel-with-flow
>> > > > > -based-IPv6-in-10-4/td-p/69338/highlight/true/page/3
>> > > > > >
>> > > > > > Issue is  my public IP (on at-1/0/0.0 interface) keeps changing
>> every
>> > > > > time
>> > > > > > I attempt the tunnel.
>> > > > > > This is a twofold problem:
>> > > > > > 1. on Hurricane Electric page, you need to specify one endpoint
>> of the
>> > > > > > tunnel, i.e. your public IP
>> > > > > > 2. In configuration of ip-0/0/0.0 interface (tunnel interface)
>> on
>> > > > > Juniper
>> > > > > > SRX, you need to specify your tunnel source IP (a public IP).
>> There
>> > > > > doesn't
>> > > > > > seem to be a trick like with Cisco, to use ip unnumbered and
>> imply IP
>> > > > > > address from your WAN interface...
>> > > > > >
>> > > > > > Why would an attempt to establish a IPv4 tunnel to another host
>> trigger
>> > > > > my
>> > > > > > public IP to be changed?
>> > > > > >
>> > > > > > I'm wondering if anyone has experienced the same or similar
>> issue?
>> > > > > >
>> > > > > > Thanks,
>> > > > > >
>> > > > > > Alex
>> > > > > >
>> > > > > > _______________________________________________
>> > > > > > AusNOG mailing list
>> > > > > > AusNOG at lists.ausnog.net
>> > > > > > http://lists.ausnog.net/mailman/listinfo/ausnog
>> > > > > >
>> > > > > _______________________________________________
>> > > > > AusNOG mailing list
>> > > > > AusNOG at lists.ausnog.net
>> > > > > http://lists.ausnog.net/mailman/listinfo/ausnog
>> > > >
>> > > > --
>> > > > Mark Andrews, ISC
>> > > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> > > > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>> > > >
>> > >
>>
> > > --001a1140f54ed8af8f052abe277f
>> > > Content-Type: text/html; charset=UTF-8
>> > > Content-Transfer-Encoding: quoted-printable
>> > >
>> > > <div dir=3D"ltr"><div><div><div><div><br></div>Hi
>> Mark,<br><br></div>thanks=
>> > >  for sharing that. If you could share relevant config as well, that
>> would b=
>> > > e great.<br><br></div>Cheers,<br><br></div>Goran<br><br></div><div
>> class=3D=
>> > > "gmail_extra"><br><div class=3D"gmail_quote">On 2 February 2016 at
>> 09:57, M=
>> > > ark Andrews <span dir=3D"ltr"><<a href=3D"mailto:marka at isc.org"
>> target=
>> > > =3D"_blank">marka at isc.org</a>></span> wrote:<br><blockquote
>> class=3D"gma=
>> > > il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc
>> solid;padding-lef=
>> > > t:1ex"><span class=3D""><br>
>> > > In message <CAFDgZgVft=3D<a href=3D"mailto:
>> pJTHhLzEn%2BAhQQFbUgEjup-5CHK=
>> > > 4zqxrKysTyz0w at mail.gmail.com
>> ">pJTHhLzEn+AhQQFbUgEjup-5CHK4zqxrKysTyz0w at mail=
>> > > .gmail.com</a>>, Tom Storey writes:<br>
>> > > > Is the PPP session dropping by any chance? I think I had
>> something<br>
>> > > > like this a year or two ago and it turned out to be a buggy
>> JunOS<br>
>> > > > version, I had to roll back to a previous version.<br>
>> > > ><br>
>> > > > I have successfully brought up a <a href=3D"http://he.net"
>> rel=3D"nore=
>> > > ferrer" target=3D"_blank">he.net</a> tunnel with an SRX110, so
>> its<br>
>> > > > definitely possible and there should be no unexpected behaviour
>> when<b=
>> > > r>
>> > > > everything is running fine.<br>
>> > > <br>
>> > > </span>Additionally HE is setup to authenicate and reconfigure the
>> tunnel<b=
>> > > r>
>> > > using the observed IPv4 address so this will work through NAT from<br>
>> > > a DMZ host so you don't need to know know your public IPv4
>> address.<br>
>> > > <br>
>> > > I've configured HE tunnels to use RFC 1918 address locally and
>> as<br>
>> > > long as the packets goes through the NAT both ways it works.<br>
>> > > <br>
>> > > Obviously it is better if you only reconfigure on a renumber event<br>
>> > > but you could just re-authenticate every 15 minutes from cron.<br>
>> > > <br>
>> > > Mark<br>
>> > > <div class=3D"HOEnZb"><div class=3D"h5"><br>
>> > > > On 1 February 2016 at 06:05, Goran Aleksic <<a href=3D"mailto:
>> goran=
>> > > .aleksic at gmail.com">goran.aleksic at gmail.com</a>><br>
>> > > > wrote:<br>
>> > > > > HI all,<br>
>> > > > ><br>
>> > > > > I've got Optus ADSL and dynamic public IP.<br>
>> > > > > Needed 6-in-4 tunnel (IPv6 encapsulated into IPv4 tunnel),
>> tried =
>> > > using<br>
>> > > > > Hurricane Electric IPv6 provider, as I saw positive
>> reviews.<br>
>> > > > > I got Juniper SRX 110 modem and have implemented
>> configuration as=
>> > > <br>
>> > > > stated on<br>
>> > > > ><br>
>> > > > <a href=3D"
>> http://forums.juniper.net/t5/SRX-Services-Gateway/HE-IPv6-t=
>> > > unnel-with-flow" rel=3D"noreferrer" target=3D"_blank">
>> http://forums.juniper=
>> > > .net/t5/SRX-Services-Gateway/HE-IPv6-tunnel-with-flow</a><br>
>> > > > -based-IPv6-in-10-4/td-p/69338/highlight/true/page/3<br>
>> > > > ><br>
>> > > > > Issue is=C2=A0 my public IP (on at-1/0/0.0 interface) keeps
>> chang=
>> > > ing every<br>
>> > > > time<br>
>> > > > > I attempt the tunnel.<br>
>> > > > > This is a twofold problem:<br>
>> > > > > 1. on Hurricane Electric page, you need to specify one
>> endpoint o=
>> > > f the<br>
>> > > > > tunnel, i.e. your public IP<br>
>> > > > > 2. In configuration of ip-0/0/0.0 interface (tunnel
>> interface) on=
>> > > <br>
>> > > > Juniper<br>
>> > > > > SRX, you need to specify your tunnel source IP (a public
>> IP). The=
>> > > re<br>
>> > > > doesn't<br>
>> > > > > seem to be a trick like with Cisco, to use ip unnumbered
>> and impl=
>> > > y IP<br>
>> > > > > address from your WAN interface...<br>
>> > > > ><br>
>> > > > > Why would an attempt to establish a IPv4 tunnel to another
>> host t=
>> > > rigger<br>
>> > > > my<br>
>> > > > > public IP to be changed?<br>
>> > > > ><br>
>> > > > > I'm wondering if anyone has experienced the same or
>> similar i=
>> > > ssue?<br>
>> > > > ><br>
>> > > > > Thanks,<br>
>> > > > ><br>
>> > > > > Alex<br>
>> > > > ><br>
>> > > > > _______________________________________________<br>
>> > > > > AusNOG mailing list<br>
>> > > > > <a href=3D"mailto:AusNOG at lists.ausnog.net">
>> AusNOG at lists.ausnog.ne=
>> > > t</a><br>
>> > > > > <a href=3D"http://lists.ausnog.net/mailman/listinfo/ausnog"
>> rel=
>> > > =3D"noreferrer" target=3D"_blank">
>> http://lists.ausnog.net/mailman/listinfo/=
>> > > ausnog</a><br>
>> > > > ><br>
>> > > > _______________________________________________<br>
>> > > > AusNOG mailing list<br>
>> > > > <a href=3D"mailto:AusNOG at lists.ausnog.net">
>> AusNOG at lists.ausnog.net</a>=
>> > > <br>
>> > > > <a href=3D"http://lists.ausnog.net/mailman/listinfo/ausnog"
>> rel=3D"nor=
>> > > eferrer" target=3D"_blank">
>> http://lists.ausnog.net/mailman/listinfo/ausnog<=
>> > > /a><br>
>> > > <br>
>> > > </div></div><span class=3D"HOEnZb"><font color=3D"#888888">--<br>
>> > > Mark Andrews, ISC<br>
>> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
>> > > PHONE: <a href=3D"tel:%2B61%202%209871%204742"
>> value=3D"+61298714742">+61 2=
>> > >  9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0
>> =C2=
>> > > =A0INTERNET: <a href=3D"mailto:marka at isc.org">marka at isc.org</a><br>
>> > > </font></span></blockquote></div><br></div>
>> > >
>> > > --001a1140f54ed8af8f052abe277f--
>>
>
>> > --
>> > Mark Andrews, ISC
>> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160202/1ad3dfb1/attachment.html>


More information about the AusNOG mailing list