Browser

IPv6 configuration for EdgeOS?

I have been using a Tomato router for years, and it's worked fine with TWC's IPv6 for the last year or so. I recently got an EdgeRouter X SFP, and am experiencing an oddity I'm hoping someone can help with. The router gets a ::/128 address on its WAN interface, and a ::/64 on the LAN. If I ssh into the router, I can do ping6 google.com and get replies. But I can't do ping -6 google.com from any clients on the LAN.

 

My Win10 laptop, for example, gets a couple of IPv6 addresses on the TWC-assigned 2604:xxx prefix. But pinging Google with IPv6 just gives "request timed out". Similarly, my iPhone gets a couple of IPv6 addresses but can't navigate to ipv6.google.com.

 

Here is the relevant config from the router. eth0 is the WAN port and switch0 is the LAN.

 

david@RoutyMcRouterson# show interfaces ethernet eth0 dhcpv6-pd
 pd 0 {
     interface switch0 {
         service slaac
     }
     prefix-length 64
 }
 rapid-commit enable

david@RoutyMcRouterson# show interfaces switch switch0
address 192.168.4.1/24
description Local
ipv6 {
router-advert {
managed-flag false
prefix ::/64 {
}
send-advert true
}
}
mtu 1500
switch-port {
interface eth1
interface eth2
interface eth3
interface eth4
}

Any ideas? I don't know as much about IPv6 as I probably should, but it always Just Worked with Tomato.

 

Thanks!

 

10 REPLIES 10
Seasoned Contributor

Re: IPv6 configuration for EdgeOS?


@gfunkdave wrote:

david@RoutyMcRouterson# show interfaces ethernet eth0 dhcpv6-pd
 pd 0 {
     interface switch0 {
         service slaac
     }
     prefix-length 64
 }

Any ideas? I don't know as much about IPv6 as I probably should, but it always Just Worked with Tomato.

 

Thanks!

 


You probably should ask over at UBNT ... but if the first block is configuring the PD request you shouldn't use stateless auto config.  Well according to this: http://forums.timewarnercable.com/t5/IPv6/IPv6-connectivity-lost/m-p/103768#M869 you do say slaac despite the inherent contradiction with dhcpv6 and the fact that your WAN address is not assigned by SLAAC.

 

I guess the good news is that it works if you specify unique prefix ids.

Browser

Re: IPv6 configuration for EdgeOS?

Yeah, thanks. I have asked over there and thought I'd try here too, in case there were TWC-specific settings I needed. I suppose my main questions here are:

 

1. Do I want stateless or stateful DHCPv6, or SLAAC?

2. Which flags should be enabled in the RAs?

 

I tried the config in this post, but got the same results.

Highlighted
Seasoned Contributor

Re: IPv6 configuration for EdgeOS?

The critical option not in your snippet is: autonomous-flag true

It is in the example though.

 

If saying slaac is working for people then it's not forbidding DHCPv6 which is what TWC is using.  Perhaps that's just what everyone does as a matter of best practice.  I don't use EdgeMAX products so I don't know.  I do know that bits of config files find their way into places unrelated to the orginal need.

Browser

Re: IPv6 configuration for EdgeOS?

All right, I've removed slaac. Here's the current config, which doesn't behave any differently.

 

    ethernet eth0 {
        address dhcp
        description Internet
        dhcpv6-pd {
            pd 0 {
                interface switch0 {
                    service dhcpv6-stateless
                }
                prefix-length 64
            }
        }
        duplex auto
        firewall {
            in {
                ipv6-name WANv6_IN
                name WAN_IN
            }
            local {
                ipv6-name WANv6_LOCAL
                name WAN_LOCAL
            }
        }
        speed auto

    switch switch0 {
        address 192.168.4.1/24
        description Local
        ipv6 {
            router-advert {
                managed-flag true
                prefix ::/64 {
                }
            }
        }
        mtu 1500
        switch-port {
            interface eth1
            interface eth2
            interface eth3
            interface eth4
        }
    }
}
Seasoned Contributor

Re: IPv6 configuration for EdgeOS?

The AdvAutonomous bit (autonomous-flag) has to be set for the advertised prefix for autoconfig to work on your network. Hosts running a dhcpv6 client will get addresses if dhcpv6 is running but others won't (unless they're broken).

I don't know if autonomous-flag defaults to true but it's explicityly set in the posted example.

Of course that doesn't quite explain what you're seeing so it's time for WireShark.
Spectator

Re: IPv6 configuration for EdgeOS?

interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        dhcp-options {
            default-route update
            default-route-distance 210
            name-server no-update
        }
        dhcpv6-pd {
            pd 0 {
                interface eth1 {
                    host-address ::1
                    prefix-id :1
                    service slaac
                }
                prefix-length /56
            }
            rapid-commit enable
        }
        duplex auto
        firewall {
            in {
                ipv6-name WANv6_IN
                name WAN_IN
            }
            local {
                ipv6-name WANv6_LOCAL
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.0.1/24
        description Local
        duplex auto
        ipv6 {
            dup-addr-detect-transmits 1
            router-advert {
                cur-hop-limit 64
                link-mtu 0
                managed-flag false
                max-interval 600
                other-config-flag false
                prefix ::/64 {
                    autonomous-flag true
                    on-link-flag true
                    valid-lifetime 2592000
                }
                radvd-options "RDNSS 2001:470:20::2 2001:4860:4860::8888 2001:4860:4860::8844 {};"
                reachable-time 0
                retrans-timer 0
                send-advert true
            }
        }
        speed auto
    }

This is what my working Edgerouter-Lite config looked like (before TWC nuked IPv6 on SB6183).  I used SLAAC with RFC6106 RA options because I never found a working config for DHCPv6 on the LAN side that properly properly re-advertised the DHCPv6-PD prefix.  But also, if you have any Android devices, DHCPv6 doesn't work.   

 

Just make make sure you are permitting icmpv6 and dhcpv6 (ports 546 and 547) into the WAN6_LOCAL rules. 

Browser

Re: IPv6 configuration for EdgeOS?

Thanks! I was finally able to get it to work a little bit ago. I had to actually reboot the router, and add a host-address directive. I don't have any Android devices, but perhaps there's a better way to set things up than what I have. I think I'm using DHCPv6...still don't really understand a lot of IPv6.

 

My final working config is:

 

david@RoutyMcRouterson# show interfaces ethernet eth0
 address dhcp
 description Internet
 dhcpv6-pd {
     no-dns
     pd 0 {
         interface switch0 {
             host-address ::1
         }
         prefix-length 64
     }
     rapid-commit enable
 }
 duplex auto
 firewall {
     in {
         ipv6-name WANv6_IN
         name WAN_IN
     }
     local {
         ipv6-name WANv6_LOCAL
         name WAN_LOCAL
     }
 }
speed auto

david@RoutyMcRouterson# show interfaces switch switch0
 address 192.168.4.1/24
 description Local
 ipv6 {
     router-advert {
         managed-flag true
         prefix ::/64 {
         }
         send-advert true
     }
 }
 mtu 1500
 switch-port {
     interface eth1
     interface eth2
     interface eth3
     interface eth4
 }

david@RoutyMcRouterson# show firewall ipv6-name
 ipv6-name WANv6_IN {
     default-action drop
     enable-default-log
     rule 10 {
         action accept
         description "allow established/related"
         state {
             established enable
             related enable
         }
     }
     rule 20 {
         action drop
         description "Drop invalid"
         state {
             invalid enable
         }
     }
     rule 30 {
         action accept
         description "Allow ICMPv6"
         protocol ipv6-icmp
     }
 }
 ipv6-name WANv6_LOCAL {
     default-action drop
     description "WAN inbound to router"
     enable-default-log
     rule 10 {
         action accept
         description "Allow established/related"
         state {
             established enable
             related enable
         }
     }
     rule 20 {
         action drop
         description "Drop invalid"
         state {
             invalid enable
         }
     }
     rule 30 {
         action accept
         description "Allow IPv6 ICMP"
         protocol ipv6-icmp
     }
     rule 40 {
         action accept
         description "Allow DHCPv6"
         destination {
             port 546
         }
         protocol udp
         source {
             port 547
         }
     }
 }
[edit]
Spectrum Employee

Re: IPv6 configuration for EdgeOS?


@gfunkdave wrote:

Thanks! I was finally able to get it to work a little bit ago. I had to actually reboot the router, and add a host-address directive. I don't have any Android devices, but perhaps there's a better way to set things up than what I have. I think I'm using DHCPv6...still don't really understand a lot of IPv6.

 

My final working config is:

 

david@RoutyMcRouterson# show interfaces ethernet eth0
 address dhcp
 description Internet
 dhcpv6-pd {
     no-dns
     pd 0 {
         interface switch0 {
             host-address ::1
         }
         prefix-length 64
     }
     rapid-commit enable
 }
 duplex auto
 firewall {
     in {
         ipv6-name WANv6_IN
         name WAN_IN
     }
     local {
         ipv6-name WANv6_LOCAL
         name WAN_LOCAL
     }
 }
speed auto

david@RoutyMcRouterson# show interfaces switch switch0
 address 192.168.4.1/24
 description Local
 ipv6 {
     router-advert {
         managed-flag true
         prefix ::/64 {
         }
         send-advert true
     }
 }
 mtu 1500
 switch-port {
     interface eth1
     interface eth2
     interface eth3
     interface eth4
 }

david@RoutyMcRouterson# show firewall ipv6-name
 ipv6-name WANv6_IN {
     default-action drop
     enable-default-log
     rule 10 {
         action accept
         description "allow established/related"
         state {
             established enable
             related enable
         }
     }
     rule 20 {
         action drop
         description "Drop invalid"
         state {
             invalid enable
         }
     }
     rule 30 {
         action accept
         description "Allow ICMPv6"
         protocol ipv6-icmp
     }
 }
 ipv6-name WANv6_LOCAL {
     default-action drop
     description "WAN inbound to router"
     enable-default-log
     rule 10 {
         action accept
         description "Allow established/related"
         state {
             established enable
             related enable
         }
     }
     rule 20 {
         action drop
         description "Drop invalid"
         state {
             invalid enable
         }
     }
     rule 30 {
         action accept
         description "Allow IPv6 ICMP"
         protocol ipv6-icmp
     }
     rule 40 {
         action accept
         description "Allow DHCPv6"
         destination {
             port 546
         }
         protocol udp
         source {
             port 547
         }
     }
 }
[edit]

 

Theres a couple things you can change/add.

 

For PD, change /64 to /56 in your pd 0 block. You're requesting a /64 and delagating that /64 which is probably why adding host ::1 worked.

 

# backup your config - use these at your own risk, etc, etc
# also a good idea to enable config-managment if you havent

#delete host address - optional/not required config delete interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 host-address ::1 #request /56 instead delete interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length 64 set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length 56

 

You'll also want to add DAD to your ipv6 block under switch0

 

set interfaces ethernet switch switch0 ipv6 dup-addr-detect-transmits 1

 

And always double check the work 

 

 

# show the changes
compare

# always a good idea to leave a comment
commit comment "updating dhcpv6-pd"
save

# rollback if something broke
rollback

 


I am a TWC employee and my postings on this site are my own and don’t necessarily represent TWC’s strategies or opinions.
I am posting of my own volition; not on the clock nor being paid to share this post

Spectrum Employee

Re: IPv6 configuration for EdgeOS?


@bodosom wrote:
The AdvAutonomous bit (autonomous-flag) has to be set for the advertised prefix for autoconfig to work on your network. Hosts running a dhcpv6 client will get addresses if dhcpv6 is running but others won't (unless they're broken).

I don't know if autonomous-flag defaults to true but it's explicityly set in the posted example.

Of course that doesn't quite explain what you're seeing so it's time for WireShark.

Its the default setting for radvd, at at least used by edgeos. I think most options are enabled by default. Heres a link to the radvd.conf man page http://linux.die.net/man/5/radvd.conf

 

FW on my ERL is 1.8 and the included radvd is 2.11. hth

 

 

 


I am a TWC employee and my postings on this site are my own and don’t necessarily represent TWC’s strategies or opinions.
I am posting of my own volition; not on the clock nor being paid to share this post