This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 Gateway constantly failing

LHerzog 3 months ago

I need some help to understand why this firewalls IPv6 gateway is constantly reported as failed.

It's XGS126 with SFOS 20.0.1

Because of that Gateway errors I reconfigured it from being an active gateway to a backup failover gateway only.

I have IPv4 and IPv6 bindings both on Port2

If I ping the gateway, I get a "blank" result. Is that normal?

a ping to google v6 is OK

The gateway is always shown as up

This is the event log

I use the gateway IP to determine the state of the Gateway

This thread was automatically locked due to age.

Top Replies

LHerzog 3 months ago in reply to LHerzog +3 verified

LHerzog said: I changed the gateway IPv6 now from the link local fe80::1 to the native IPv6 address of the gateway that fixed it while it should be sufficient to only enter that IP in the availability…

Parents

0 rfcat_vk 3 months ago

Hi,

please try a tracert to the gateway address during failure.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog 3 months ago in reply to rfcat_vk

unfortunately it's too short for manual traceroute - most of the times the XGS reports "down" and one minute later up. Some times, the "OK" alert comes a few minutes later.

I'll try something on the CLI

at least, no alerts since configuring the IPv6 Gateway as failover only

update: no, firewall is still reporting it as failed
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog 3 months ago in reply to LHerzog

XGS126_XN02_SFOS 20.0.1 MR-1-Build342 HA-Primary# route -e -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        fe80::1                                 UG    1      5       80 Port2
::/0                                        ::                                      !n    2      1        0 lo
::/0                                        ::                                      !n    -1     1   256223 lo
::/0                                        fe80::1                                 UG    1      5     8983 Port2

...

...

traceroute6 -6 2001:4860:4860::8844
traceroute to 2001:4860:4860::8844 (2001:4860:4860::8844), 30 hops max, 72 byte packets
1 xxxxxxxxxx (xxxx:xxxx:23::1) 0.676 ms 0.720 ms 0.551 ms
2 xxxxxxxxxxxxxxxxxx (xxxxxxxxe::9f) 1.095 ms 0.832 ms xxxxxxxxxxxxxxxxxxxxx (xxxxxxxxe::9e) 1.343 ms
...
...

I changed the gateway IPv6 now from the link local fe80::1 to the native IPv6 address of the gateway and see if the behavior changes.

route -e -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        xxxx:xxxx:23::1                         UG    1      5       23 Port2
::/0                                        ::                                      !n    2      1        0 lo
::/0                                        ::                                      !n    -1     1   256561 lo
::/0                                        xxxx:xxxx:23::1                         UG    1      4       15 Port2
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LHerzog 3 months ago in reply to LHerzog

XGS126_XN02_SFOS 20.0.1 MR-1-Build342 HA-Primary# route -e -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        fe80::1                                 UG    1      5       80 Port2
::/0                                        ::                                      !n    2      1        0 lo
::/0                                        ::                                      !n    -1     1   256223 lo
::/0                                        fe80::1                                 UG    1      5     8983 Port2

...

...

traceroute6 -6 2001:4860:4860::8844
traceroute to 2001:4860:4860::8844 (2001:4860:4860::8844), 30 hops max, 72 byte packets
1 xxxxxxxxxx (xxxx:xxxx:23::1) 0.676 ms 0.720 ms 0.551 ms
2 xxxxxxxxxxxxxxxxxx (xxxxxxxxe::9f) 1.095 ms 0.832 ms xxxxxxxxxxxxxxxxxxxxx (xxxxxxxxe::9e) 1.343 ms
...
...

I changed the gateway IPv6 now from the link local fe80::1 to the native IPv6 address of the gateway and see if the behavior changes.

route -e -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        xxxx:xxxx:23::1                         UG    1      5       23 Port2
::/0                                        ::                                      !n    2      1        0 lo
::/0                                        ::                                      !n    -1     1   256561 lo
::/0                                        xxxx:xxxx:23::1                         UG    1      4       15 Port2
Cancel
Vote Up 0 Vote Down

Cancel

Children

+1 LHerzog 3 months ago in reply to LHerzog

LHerzog said:

I changed the gateway IPv6 now from the link local fe80::1 to the native IPv6 address of the gateway

that fixed it while it should be sufficient to only enter that IP in the availability check.
Cancel
Vote Up +3 Vote Down

Cancel