IPv6 ICMP to/from the internet with public IP

Question

Hi,

My setup is as follows:

1. An Azure virtual network with private IPv4 and IPv6 space
2. A subnet with a security group that allows all ICMP
3. A Virtual Machine in that subnet
4. Public IPv4 and IPv6 addresses attached to the network interface of the VM

When I'm logged into that VM, I can ping any IPv4 address on the public internet just fine. So ICMP works for v4.

I can also make outbound TCP connections over IPv4 and IPv6. "telnet google.com 80" and "telnet -6 google.com 80" both work just fine. So TCP works fine for both v4 and v6.

UDP works fine over IPv6 too. I can do DNS queries over IPv6 to authoritative nameservers on the internet and I get responses.

What doesn't work, though, is ICMP over IPv6. I can't ping any public IPv6 address from my Azure VM. I've tried several IPv6 addresses. They are pingable from my home machine, but not from my Azure VM.

Has anyone else gotten this to work? What happens when you run "ping -6 google.com" from your Azure VM? Does it work for you?

Thanks!

Answer 1

@Ben Cottrell Apologize for the delay. ICMP with Ipv6 to an internet endpoint is not currently supported.

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

----------------------------------------------------------------------------------------------------------------------------------------------------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Answer 2

This now appears to be working, for outbound ping from on IPv6.

Note that this Azure virtual machine with a public IPv6 only, but no public IPv4, so IPv4 does not work. (I can SSH into the machine, on the public IPv6, then ping outwards on the IPv6

iotadmin@vmlwm2m001:~$ ping -6 google.com  
PING google.com(syd09s17-in-x0e.1e100.net (2404:6800:4006:80b::200e)) 56 data bytes  
64 bytes from syd09s17-in-x0e.1e100.net (2404:6800:4006:80b::200e): icmp_seq=1 ttl=115 time=3.11 ms  
64 bytes from syd09s17-in-x0e.1e100.net (2404:6800:4006:80b::200e): icmp_seq=2 ttl=115 time=2.14 ms  
^C  
--- google.com ping statistics ---  
2 packets transmitted, 2 received, 0% packet loss, time 1001ms  
rtt min/avg/max/mdev = 2.149/2.631/3.113/0.482 ms  
iotadmin@vmlwm2m001:~$ ping -4 google.com  
PING google.com (142.250.66.174) 56(84) bytes of data.  
^C  
--- google.com ping statistics ---  
5 packets transmitted, 0 received, 100% packet loss, time 4086ms  

Interestingly, local DNS resolution only supports IPv4 (Azure VMs must be dual-stack, so there is private IPv4 and private IPv6 ULA ranges). Although IPv6 DNS resolution to an actual IPv6 DNS server does work (as per the original post).

iotadmin@vmlwm2m001:~$ host -4 google.com  
google.com has address 172.217.167.78  
google.com has IPv6 address 2404:6800:4006:804::200e  
google.com mail is handled by 10 smtp.google.com.  
iotadmin@vmlwm2m001:~$ host -6 google.com  
;; connection timed out; no servers could be reached  
iotadmin@vmlwm2m001:~$ host -6 google.com 2001:4860:4860::8888  
Using domain server:  
Name: 2001:4860:4860::8888  
Address: 2001:4860:4860::8888#53  
Aliases:   
  
google.com has address 172.217.24.46  
google.com has IPv6 address 2404:6800:4006:804::200e  
google.com mail is handled by 10 smtp.google.com.  

However, I don't think IPv6 PING into the machine is working (this is fro my local dual-stack machine, the one I have SSHed in from):

sly@sigil:~$ ping lwm2m-0xacc5-dev.australiaeast.cloudapp.azure.com  
PING lwm2m-0xacc5-dev.australiaeast.cloudapp.azure.com(2603:1010:2::d (2603:1010:2::d)) 56 data bytes  
^C  
--- lwm2m-0xacc5-dev.australiaeast.cloudapp.azure.com ping statistics ---  
9 packets transmitted, 0 received, 100% packet loss, time 8190ms  

There is no firewall on the box itself, and then NSG rules just allow ICMP. I'll have to check IPv4 (set up the machine with a public IPv4), but I'm pretty sure IPv4 PING works fine.