I can't ping ipv6 from the internet, only locally

corianito · ‎07-31-2021

Sorry for the translation, I'm Spanish.

I have a problem. I have configured IPv6 and everything works fine only locally. If I ping from outside, I can't get access. Can you think of what can happen?

I put my configuration in case it helps you to guide me.

ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated

interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description PUERTO-LAN
ip address 192.168.1.239 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description PUERTO-LAN-PUBLICAS
ip address ***.***.***.254 255.255.255.0
duplex auto
speed auto
ipv6 address 20**:***:***:FFFF::/64
ipv6 enable
!
interface GigabitEthernet0/2
description PUERTO-WAN-***
ip address 9*.***.***.162 255.255.255.252
duplex auto
speed auto
ipv6 address 2***:***:1:2::B/64
ipv6 enable
!
!
router bgp 2***3
bgp router-id 1**.***.***.0
bgp log-neighbor-changes
neighbor 2***:***:1:2::A remote-as 3***
neighbor 2***:***:1:2::A password *****
neighbor 9*.***.***.161 remote-as 3***
neighbor 9*.***.***.161 password *****
!
address-family ipv4
network 1**.***.***.0
network 1**.***.***.0 mask 255.255.255.0
no neighbor 2***:***:1:2::A activate
neighbor 9*.***.***.161 activate
exit-address-family
!
address-family ipv6
network 2***:***:FF4::/48
neighbor 2***:****:1:2::A activate
exit-address-family
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ipv6 route 2***:***:FF4::/48 GigabitEthernet0/1
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

balaji.bandi · ‎07-31-2021

Since we do not know the full IPv6 IP, is this public routable? or Private IPv6 space :

below information may help you Translation :

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/113275-nat-ptv6.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

corianito · ‎07-31-2021

Hi there!

IPv6 is a / 48 range that we have been assigned. We are announcing it to our neighbors over BGP, so it should be publicly accessible.

The IPv4 we have announced and routed correctly. The one that we cannot route is the IPv6 from the outside. If we ping locally, everything works as it should, but we can't do it from the outside.

We are still a bit new to IPv6 so this is getting complex to us, but we would like to leave IPv6 configured.

Do you see something wrong with the settings we have indicated?

We see that the IPv6 with which we make the BGP connection, if they ping from the outside.
Both ours: 2A00:***:1:2::B

Like the neighbor's: 2A00:***:1:2::A

But the one in the / 48 range is the one we can't route: 2001:67**:FF4::/48

ngkin2010 · ‎08-01-2021

Hi,

Okay, the /48 IPv6 global prefix that advertised from your router via your WAN (or the ISP) should be seen from others Internet Service Provider if everything is right.

Have a check on BGP Looking Glass provided by any ISP and verify if they can see your /48 route or not. If not, ask your ISP to check.

For example, Equinix's Looking Glass

https://metal.equinix.com/developers/looking-glass/

Georg Pauwen · ‎08-02-2021

Hello,

for the sake of testing, can you configure a default route (marked in bold) ?

ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description PUERTO-LAN
ip address 192.168.1.239 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description PUERTO-LAN-PUBLICAS
ip address ***.***.***.254 255.255.255.0
duplex auto
speed auto
ipv6 address 20**:***:***:FFFF::/64
ipv6 enable
!
interface GigabitEthernet0/2
description PUERTO-WAN-***
ip address 9*.***.***.162 255.255.255.252
duplex auto
speed auto
ipv6 address 2***:***:1:2::B/64
ipv6 enable
!
router bgp 2***3
bgp router-id 1**.***.***.0
bgp log-neighbor-changes
neighbor 2***:***:1:2::A remote-as 3***
neighbor 2***:***:1:2::A password *****
neighbor 9*.***.***.161 remote-as 3***
neighbor 9*.***.***.161 password *****
!
address-family ipv4
network 1**.***.***.0
network 1**.***.***.0 mask 255.255.255.0
no neighbor 2***:***:1:2::A activate
neighbor 9*.***.***.161 activate
exit-address-family
!
address-family ipv6
network 2***:***:FF4::/48
neighbor 2***:****:1:2::A activate
exit-address-family
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ipv6 route 2***:***:FF4::/48 GigabitEthernet0/1
--> ipv6 route ::/0 GigabitEthernet0/1
!
control-plane
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end