Hi Olaf,

Depending on whether you need the link-local on the other interface
(e.g. eth1), you could try a couple of things:
* remove that address from the interface (which also removes the
fe80::/64 route on that interface)
* remove the fe80::/64 route on eth1 (although the OS might add it
again at some point)

Either of those could mean that stuff like neighbour discovery
probably fails, but I guess you have to check that in your specific

Could you post the (relevant) output of `ip -6 route` and `ip -6 addr`
during the 20 minutes of 'working' IPv6 (i.e. with 2 fe80::/64 routes
and whether there are temporary addresses assigned to eth0 and eth1)?

Could you also check whether privacy extensions are enabled on eth0
and eth1 (/proc/sys/net/ipv6/conf/*/use_tempaddr)? I have a hunch that
this might explain the 20 minutes lifetime.

~ Gerdriaan

On 19 September 2016 at 12:55, Olaf Schreck <ch...@syscall.de> wrote:
> I have configured a Debian 7 server for IPv6 (in addition to IPv4).
> I can ping6 www.google.com and other addresses, fine.  BUT the server
> reproducibly looses IPv6 connectivity after roughly 20min, and I can't
> figure why this happens.  Clues anyone?
> My hoster (Hetzner) routes the 2a01:4f8:191:XXXX:/64 network to the
> server.  Following their instructions, I assign a static address from that
> block and set the default route to fe80::1, either manually
>  ip -6 addr add 2a01:4f8:191:XXXX::5/64 dev eth0
>  ip -6 route add default via fe80::1 dev eth0
> or in /etc/network/interfaces like this
>  iface eth0 inet6 static
>   address 2a01:4f8:191:XXXX::5
>   netmask 64
>   gateway fe80::1
> This works, I can ping6.  But it reproducible stops working after 20min,
> confirmed using this command
>  while true; do date; ping6 -c3 -w5 www.google.com; sleep 10; done
> I'm sure it's not Google rate-limiting my pings, I get the same results with
> various IPv6 addresses that I'm authorized to ping.
> To restore IPv4 connectivity (IPv4 still working), I can either reboot or
> re-add the default route with these commands (order is important):
>  ip -6 route del default
>  ip -6 route del fe80::1 dev eth0
>  ip -6 route add fe80::1 dev eth0
>  ip -6 route add default via fe80::1 dev eth0
> Which will give another 20min of IPv6. 100% reproducible. And it's just the
> routing that needs to be fixed.
> I have exluded:
> - no router advertisements used by the hoster, no such packets seen with
>   tcpdump, server is not configured to accept RAs
> - no ip6tables rules, and default ACCEPT everywhere
> - no cronjob or other periodical script that could be responsible
> - no "security software" or similar that would interfere
> Important data point: This server has 2 ethernet interfaces, so there are
> 2 link-local fe80::/64 routes to eth0 and eth1.  I was suspicious that the
> problem might be related, so I disabled IPv6 on the second interface
> completely with with sysctl net.ipv6.conf.eth1.disable_ipv6 = 1.
> And that resulted in stable and flawless IPv6 connectivity!
> While this workaround is ok for this server, I have another one that shows
> the same symptoms.  But for that server I need IPv6 on the other interfaces,
> so the workaround does not apply.
> I'd rather like to learn why this happens, or what config part I may be
> missing. Clues or further debugging hints very welcome. Thanks!
> Olaf

Reply via email to