O ping para o IPv4 funciona, mas o IPv6 não

2

Eu tenho um VPS hospedado em execução no Arch Linux. Eu estou tentando fazer conexões de saída deste servidor, mas todos eles falham. Depois de um pouco de depuração, percebi que o motivo das conexões com falha é que meu servidor não pode acessar endereços IPv6. Ping para endereços IPv4 funcionam, mas não para IPv6. Aqui está uma amostra.

[root@li863-18 /]# nslookup google.com
Server:         103.3.60.20
Address:        103.3.60.20#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.68.100
Name:   google.com
Address: 74.125.68.102
Name:   google.com
Address: 74.125.68.113
Name:   google.com
Address: 74.125.68.139
Name:   google.com
Address: 74.125.68.138
Name:   google.com
Address: 74.125.68.101
Name:   google.com
Address: 2404:6800:4003:c02::8a

[root@li863-18 /]# ping 74.125.68.100
PING 74.125.68.100 (74.125.68.100) 56(84) bytes of data.
64 bytes from 74.125.68.100: icmp_seq=1 ttl=50 time=1.20 ms
64 bytes from 74.125.68.100: icmp_seq=2 ttl=50 time=1.32 ms
64 bytes from 74.125.68.100: icmp_seq=3 ttl=50 time=1.41 ms
^C
--- 74.125.68.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.200/1.311/1.414/0.097 ms
[root@li863-18 /]# 
[root@li863-18 /]# ping 2404:6800:4003:c02::8a
PING 2404:6800:4003:c02::8a(2404:6800:4003:c02::8a) 56 data bytes
^C
--- 2404:6800:4003:c02::8a ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6070ms

Minha configuração de rede. Eu executei os comandos ip a s , ip -6 r s e cat /etc/resolv.conf :

[root@li863-18 /]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether ea:46:ac:25:5b:a3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::99c7:bfde:3127:700c/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f2:3c:91:e4:50:68 brd ff:ff:ff:ff:ff:ff
    inet 139.162.21.18/24 brd 139.162.21.255 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 2400:8901::f914:4433:e826:6f2a/64 scope global mngtmpaddr noprefixroute dynamic 
       valid_lft 2592000sec preferred_lft 604800sec
    inet6 fe80::f03c:91ff:fee4:5068/64 scope link 
       valid_lft forever preferred_lft forever
4: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
    link/void 
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: ip_vti0@NONE: <NOARP> mtu 1428 qdisc noop state DOWN group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
9: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
12: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1
    link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[root@li863-18 /]# ip -6 r s
2400:8901::/64 dev ens4 proto kernel metric 203  mtu 1500 pref medium
fe80::/64 dev ens4 proto kernel metric 256  pref medium
fe80::/64 dev dummy0 proto kernel metric 256  pref medium
default via fe80::1 dev ens4 metric 203  mtu 1500 pref medium
[root@li863-18 /]# cat /etc/resolv.conf
# Generated by resolvconf
domain members.linode.com
nameserver 103.3.60.20
nameserver 139.162.11.5
nameserver 139.162.13.5

Adicionando informações do traceroute.

[root@li863-18 /]# traceroute google.com
traceroute to google.com (74.125.68.138), 30 hops max, 60 byte packets
 1  103.3.60.3 (103.3.60.3)  0.711 ms  0.936 ms  1.085 ms
 2  139.162.0.9 (139.162.0.9)  0.638 ms  0.654 ms 139.162.0.13 (139.162.0.13)  0.606 ms
 3  15169.sgw.equinix.com (27.111.228.30)  0.827 ms  0.826 ms  0.820 ms
 4  108.170.242.66 (108.170.242.66)  1.074 ms 108.170.243.19 (108.170.243.19)  1.122 ms 108.170.240.226 (108.170.240.226)  1.107 ms
 5  209.85.243.215 (209.85.243.215)  1.440 ms 209.85.243.241 (209.85.243.241)  20.269 ms 108.170.240.173 (108.170.240.173)  1.702 ms
 6  209.85.255.217 (209.85.255.217)  7.835 ms 216.239.51.61 (216.239.51.61)  1.884 ms 209.85.243.209 (209.85.243.209)  1.532 ms
 7  216.239.48.73 (216.239.48.73)  4.784 ms 216.239.51.61 (216.239.51.61)  2.075 ms *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * sc-in-f138.1e100.net (74.125.68.138)  1.490 ms  1.653 ms
[root@li863-18 /]# traceroute 74.125.68.138
traceroute to 74.125.68.138 (74.125.68.138), 30 hops max, 60 byte packets
 1  103.3.60.3 (103.3.60.3)  0.889 ms  0.868 ms  1.311 ms
 2  139.162.0.9 (139.162.0.9)  0.709 ms 139.162.0.13 (139.162.0.13)  0.650 ms 139.162.0.9 (139.162.0.9)  0.687 ms
 3  139.162.0.18 (139.162.0.18)  0.658 ms 15169.sgw.equinix.com (27.111.228.30)  0.727 ms 139.162.0.18 (139.162.0.18)  0.625 ms
 4  15169.sgw.equinix.com (27.111.228.30)  0.715 ms 108.170.240.226 (108.170.240.226)  1.488 ms 108.170.240.162 (108.170.240.162)  6.201 ms
 5  108.170.240.236 (108.170.240.236)  1.202 ms 108.170.242.71 (108.170.242.71)  1.114 ms 216.239.42.47 (216.239.42.47)  1.688 ms
 6  209.85.255.80 (209.85.255.80)  3.119 ms 209.85.243.241 (209.85.243.241)  2.212 ms 209.85.242.221 (209.85.242.221)  1.597 ms
 7  209.85.255.80 (209.85.255.80)  7.597 ms  1.422 ms 72.14.236.130 (72.14.236.130)  10.235 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * sc-in-f138.1e100.net (74.125.68.138)  1.869 ms  1.878 ms
[root@li863-18 /]# traceroute 2404:6800:4003:c02::64
traceroute to 2404:6800:4003:c02::64 (2404:6800:4003:c02::64), 30 hops max, 80 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Qualquer ponteiro sobre por que esse é o caso. Eu não gostaria de desabilitar os endereços IPv6 através do kernel, a menos que seja absolutamente necessário.

    
por Neo 05.02.2017 / 10:19

1 resposta

3

Parece que você está tentando usar um endereço de privacidade (RFC 3972, RFC 4941 ou RFC 7217) em um /64 que o Linode está compartilhando entre vários clientes.

Por padrão, uma máquina Linode recebe um único endereço IPv6 com base em seu endereço MAC em um link /64 compartilhado entre todos os clientes no datacenter. O Linode tomou medidas para proteger contra falsificação de IP. Isso significa que você nem verá os pacotes de descoberta do vizinho para outros endereços IP no segmento além do seu.

Por esse motivo, os endereços de privacidade não funcionarão. Tente, em vez disso, usar um endereço IPv6 com base no seu endereço MAC. No seu caso, o endereço IPv6 seria 2400:8901::f03c:91ff:fee4:5068

Se precisar de mais de um endereço, você pode enviar um tíquete para solicitar um /64 roteado que não será compartilhado.

    
por 05.02.2017 / 16:39