1

EDIT: Fixed by switching internet service provider ¯\(°_o)/¯

I have this annoying issue where some of the machines on my network will hang when looking up connecting to certain IPv6 addresses, in particular the ones from Google (but I've also seen issues with others when on the IPv6-enabled network).

sadbox $ ping -6c1 -W10 fonts.googleapis.com
PING fonts.googleapis.com(arn09s11-in-x0a.1e100.net (2a00:1450:400f:807::200a)) 56 data bytes

--- fonts.googleapis.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

sadbox $ ssh happybox
Last login: Wed Apr 25 10:28:48 2018 from 192.168.1.140
happybox $ ping -6c1 -W10 fonts.googleapis.com
PING fonts.googleapis.com(arn09s11-in-x0a.1e100.net (2a00:1450:400f:807::200a)) 56 data bytes
64 bytes from arn09s11-in-x0a.1e100.net (2a00:1450:400f:807::200a): icmp_seq=1 ttl=55 time=25.6 ms

--- fonts.googleapis.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 25.675/25.675/25.675/0.000 ms

Both give the exact same answers for host fonts.googleapis.com and nslookup fonts.googleapis.com, and for the relevant parts of dig output.

Some times the hosts will be connected to just fine on sadbox though, and some times I get a response if I wait long enough.

It's not just ping that's affected, I noticed it because Firefox was waiting forever for fonts.googleapis.com on some site.

The http://test-ipv6.com/ site gives full scores on sadbox, and I can ping and connect to other IPv6 addresses (e.g. sixxs.net) just fine.

All my computers are running Xubuntu 17.10, and the router is running LEDE Reboot (17.01.4, r3560-79f57e422d).

What could the issue be? How do I debug something like this?

EDIT: Contents of sadbox:/etc/nsswitch.conf, comment-lines removed:

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

and comparing to happybox:

sadbox $ diff /etc/nsswitch.conf <(ssh -q happybox cat /etc/nsswitch.conf)
11c11
< hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
---
> hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname

EDIT2: Pinging hangs on the IP too, e.g. ping -6 2a00:1450:400f:807::200a, so this is not DNS, but an IPv6 transport issue (thanks Patrick Mevzek!). I'll get traceroutes once I'm back on the network.

Traceroutes:

From the router itself it works fine:

sadbox $ ssh ruter traceroute6 fonts.googleapis.com
traceroute to fonts.googleapis.com (2a00:1450:400f:807::200a), 30 hops max, 16 byte packets
 1  2a02:fe0:c900:1::1 (2a02:fe0:c900:1::1)  4.753 ms  5.894 ms  5.709 ms
 2  2a02:fe0::a:47:a:13:4 (2a02:fe0::a:47:a:13:4)  5.944 ms  8.850 ms  14.108 ms
 3  ae11-0.poh-pe1.stv.no.ip.tdc.net (2a02:228:41:100::127:0:9)  26.056 ms  15.009 ms  14.018 ms
 4  stkm3nqp7.se.ip.tdc.net (2001:6c8:40::20)  22.371 ms  22.220 ms  21.974 ms
 5  peer-as15169.stkm3nqp7.se.ip.tdc.net (2001:6c8:81:2000::9)  24.504 ms  25.047 ms  28.025 ms
 6  2001:4860:0:1344::1 (2001:4860:0:1344::1)  26.118 ms  23.686 ms  24.075 ms
 7  2001:4860:0:1::15cf (2001:4860:0:1::15cf)  22.793 ms  24.702 ms  23.859 ms
 8  arn09s11-in-x0a.1e100.net (2a00:1450:400f:807::200a)  25.886 ms  35.837 ms  36.413 ms

and the other working computer gives about the same:

sadbox $ ssh happybox traceroute6 fonts.googleapis.com
traceroute to ���2>V (2a00:1450:400f:807::200a) from 2a02:fe0:c910:5120:8011:3799:6dc0:2b58, 30 hops max, 24 byte packets
 1  2a02:fe0:c910:5120::1 (2a02:fe0:c910:5120::1)  1,123 ms  1,247 ms  3,537 ms
 2  2a02:fe0:c900:1::1 (2a02:fe0:c900:1::1)  6,958 ms  9,566 ms  6,955 ms
 3  2a02:fe0:0:a:47:a:13:4 (2a02:fe0:0:a:47:a:13:4)  9,985 ms  6,303 ms  8,719 ms
 4  ae11-0.poh-pe1.stv.no.ip.tdc.net (2a02:228:41:100:0:127:0:9)  6,811 ms  6,304 ms  6,741 ms
 5  stkm3nqp7.se.ip.tdc.net (2001:6c8:40::20)  25,882 ms  26,625 ms  27,079 ms
 6  peer-as15169.stkm3nqp7.se.ip.tdc.net (2001:6c8:81:2000::9)  27,169 ms  28,319 ms  28,931 ms
 7  2001:4860:0:1343::1 (2001:4860:0:1343::1)  46,643 ms  28,799 ms  25,976 ms
 8  2001:4860:0:1::b23 (2001:4860:0:1::b23)  29,373 ms  37,344 ms  28,207 ms
 9  arn09s11-in-x0a.1e100.net (2a00:1450:400f:807::200a)  27,72 ms  26,274 ms  27,764 ms

But from sadbox not so good:

sadbox $ traceroute6 fonts.googleapis.com
traceroute to ���V (2a00:1450:400f:807::200a) from 2a02:fe0:c910:5120:95b:58:ab20:d31e, 30 hops max, 24 byte packets
 1  2a02:fe0:c910:5120::1 (2a02:fe0:c910:5120::1)  4,095 ms  4,632 ms  1,558 ms
 2  2a02:fe0:c900:1::1 (2a02:fe0:c900:1::1)  11,822 ms  15,528 ms  10,568 ms
 3  2a02:fe0:0:a:47:a:13:2 (2a02:fe0:0:a:47:a:13:2)  8,823 ms  6,119 ms  10,068 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  *

– it just keeps giving me stars (also, what's with that ���V?). A sudo traceroute -6 -T from sadbox gives the same.

The IPv4 traceroute -4 works fine from all machines, including sadbox.

Here's mtr from a working machine:

sadbox $ ssh happybox mtr --report fonts.googleapis.com
Start: Tue May  1 20:41:57 2018
HOST: happybox                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 2a02:fe0:c910:5120::1      0.0%    10    0.7   1.0   0.7   2.3   0.5
  2.|-- 2a02:fe0:c900:1::1         0.0%    10    7.4   9.0   6.2  14.2   2.6
  3.|-- 2a02:fe0:0:a:47:a:13:4     0.0%    10    7.4   8.0   5.6  11.9   1.9
  4.|-- ae11-0.poh-pe1.stv.no.ip.  0.0%    10    7.8   8.2   6.2  10.9   1.3
  5.|-- stkm3nqp7.se.ip.tdc.net    0.0%    10   29.3  26.8  24.8  29.4   1.6
  6.|-- peer-as15169.stkm3nqp7.se  0.0%    10   25.9  40.6  24.6 135.7  34.8
  7.|-- 2001:4860:0:1344::1        0.0%    10   63.9  35.4  26.1  63.9  13.8
  8.|-- 2001:4860:0:1::15cf        0.0%    10   26.1  28.1  24.7  36.4   3.2
  9.|-- arn09s11-in-x0a.1e100.net  0.0%    10   26.7  26.8  24.8  31.4   1.9

while poor sadbox still gets no profit:

sadbox $ mtr --report fonts.googleapis.com
Start: Tue May  1 20:35:59 2018
HOST: sadbox                      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 2a02:fe0:c910:5120::1      0.0%    10    1.9  27.3   0.6 134.6  55.7
  2.|-- 2a02:fe0:c900:1::1         0.0%    10   96.6  33.6   6.0  96.6  32.1
  3.|-- 2a02:fe0:0:a:47:a:13:2     0.0%    10    7.8   8.0   6.4  14.0   2.1
  4.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
unhammer
  • 326
  • 4
  • 13
  • What is sadbox? – Rui F Ribeiro Apr 25 '18 at 09:38
  • Are you sure `sadbox` has proper IPv6 connectivity? Make sure to specify if it is the resolution that takes time or the application. As your problem looks like more as the application tries IPv6 first (so the resolution was ok) but this fails for some host/network reason and hence after some timeout the application falls back to IPv4. – Patrick Mevzek Apr 26 '18 at 00:07
  • @RuiFRibeiro `sadbox` is the machine which hangs on pinging, `happybox` the one that pings fine, cf. the logs at the top of the post – unhammer Apr 26 '18 at 06:39
  • 1
    @PatrickMevzek what command would show this? As I said, http://test-ipv6.com/ gives full marks, and I can ping *some* ipv6 hosts fine. Also, `curl https://v6.ifconfig.co/ip` gives a v6 IP for `sadbox` (differing from the one the router has). – unhammer Apr 26 '18 at 06:46
  • Re: timeouts, I let ping run for nearly 20 minutes on `sadbox` now without a reply: `1094 packets transmitted, 0 received, 100% packet loss, time 1119227ms` – unhammer Apr 26 '18 at 07:00
  • 1
    If there's not a delay at the start of ping because of name resolution ("looking up certain IPv6 addresses" made be believe this was the case), but there's a problem in *reaching* certain *numerical* IPv6 addresses from sadbox as compared to happybox, then the problem is not DNS, but somewhere in the routing. In other words, look at to what sadbox and happybox are connected, look at their IPv6 routes, look at what happens on the (different?) routers they are connected to. – dirkt Apr 26 '18 at 10:45
  • OK, so `ping -6 2a00:1450:400f:807::200a` has the same effects as `ping -6 fonts.googleapis.com` – works fine on happybox but hangs on sadbox. They're on the same wifi network on the same router. – unhammer Apr 26 '18 at 20:36
  • It's time for a traceroute. – Michael Hampton Apr 26 '18 at 21:58
  • 1
    Please update your question with all this additional details , as your latest comment shows this is not a DNS issue in fact but an IPv6 transport issue (try however not to rely too much on ping it could give you false results, use something like tcptraceroute instead). – Patrick Mevzek Apr 27 '18 at 02:52
  • See latest edit, heading # Traceroutes – unhammer May 01 '18 at 16:23
  • Since this makes some sites unusable, but I still want ipv6 for syncthing, I've resorted to disabling ipv6 via `network.dns.disableIPv6` in Firefox `about:config` for now :-/ – unhammer May 08 '18 at 08:30
  • As an update, this seems to happen also when I plug the computer straight into the wall modem, completely skipping the router. Getting in touch with my net provider … – unhammer Nov 10 '18 at 12:55

0 Answers0