Posted: Wed Aug 31, 2022 16:58 Post subject: IPv6 global address on br0
I have had IPv6 working for a while, but occasionally when the router gets reset, it takes several hours or more for things to get back to a stable and working condition.
I'm running using dnsmasq to enable router advertisements for my internal network via the following three lines in my dnsmasq additional options section.
The problem seems to be that br0 doesn't get a global scoped IPv6 address soon after vlan2 is assigned a global scoped IPv6 address.
I can run radvdump on the router and see periodic broadcasts from my ISP, which is how DDWRT knows to assign a global address to the vlan2 address.
Code:
root@Netgear-R7000:~# radvdump
#
# radvd configuration generated by radvdump 2.19
# based on Router Advertisement from fe80::22c:c8ff:fe42:24bf
# received by interface vlan2
#
Now that my system has recovered it's address on the br0 interface, it has a /60 address allocated vs the /64 address on the vlan2 interface. (I'm adding this just for information, since all I care about is that it's working again.)
Code:
root@Netgear-R7000:~# ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100
link/void
3: ctf0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:23:6a:00:00:00 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
5: vlan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
6: vlan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 24.35.91.xxx/26 brd 24.35.91.191 scope global vlan2
valid_lft forever preferred_lft forever
inet6 2604:4080:1304:0:xxxx:xxxx:xxxx:xxxx/64 scope global dynamic flags 100
valid_lft 2591902sec preferred_lft 604702sec
inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
7: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
8: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
9: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
link/sit 0.0.0.0 brd 0.0.0.0
11: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global br0
valid_lft forever preferred_lft forever
inet6 2604:4080:1304:xxxx:xxxx:xxxx:xxxx:xxxx/60 scope global
valid_lft forever preferred_lft forever
inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
13: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN qlen 1
link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
It's interesting seeing the differences on your R7800 vs mine. I have eth0 as my WAN port assignment. I use Xfinity and have DHCPv6 with Prefix Delegation enabled, but I request a /60 because I want to use multiple isolated subnets. I never see a global scoped IPv6 address assigned to eth0. Instead, all four of my bridges br0, br1, br2 and br3 get global IPv6 addresses from a /64. I never have to wait long before the addresses are assigned to bridges. I have a custom DHCPv6 client configuration to apply the prefix to each bridge as follows:-
I really wish I understood what each setting did to make it consistently work. I rebooted my router to make sure it was running local dhcp parameters I wanted in dnsmasq and it lost its IPv6 lease from the ISP. I still don't know if I've got things set wrong or my ISP has flaky equipment regarding IPv6.
I've tried with either Enable or Disable on the "No Release on Reconnect" option and it doesn't seem to change the contents of the /tmp/dhcp6c.conf file.
I notice that your custom configuration has "send ia-pd 1;" while mine has "send ia-pd 0;" That's one more parameter I do not understand. I've been trying to make as few changes from default as possible to make understanding the setup easier.
I've figured out that a global address added to my vlan2 interface seems to happen via SLAAC, and is probably happening because I've allowed pinging my external interface on the security->firewall tab by unchecking "Block Anonymous WAN Requests (ping)"
For a while I realized that I could reboot, and the /60 address was getting assigned to the br0 (internal) interface while the vlan2 (external) interface still only had a link local address. Then later the external would get assigned a /64 address. I figured out that the proper operation seems to have the dhcp6c get an /60 block from the ISP and assign it to the br0 interface. When it does that, the ISP seems to set up the route for that block between their link local address and my link local address.
running "ps" I can see the arguments for dhcp6c. Can anyone tell me how to debug what it's doing? The -T option seems to be --test but I don't know what the LL does, or if there's an easy way to restart the process without rebooting the entire router.
Code:
dhcp6c -c /tmp/dhcp6c.conf -T LL vlan2
My network assignments currently look like this, and IPv6 is definitely not working on my LAN.
If I manually add the /60 address that was previously working to my br0 interface with the command "ip -6 addr add 2604:4080:1304:8010:b27f:b9ff:fe83:6591/60 dev br0" dnsmasq will start sending router advertisments on br0, and my clients will set up their global addresses based on that, but the ISP won't be routing the block to me, so things don't really work correctly.
I made the single change of going from 64 to 60 in the web interface. It immediately dropped my running IPv6 global address and I noticed my clients getting a huge number of router advertisements.
Code:
Sep 7 22:02:24 WimPi4-Dev dhcpcd[564]: eth0: Router Advertisement from fe80::b27f:b9ff:fe83:6591
Sep 7 22:02:24 WimPi4-Dev dhcpcd[564]: wlan0: Router Advertisement from fe80::b27f:b9ff:fe83:6591
I checked the router status and the dhcpdc file had gone from what I showed earlier in the thread to this:
This is the same configuration that has been running, which leads me to believe that my problem simply has to do with timing of sending the IA-PD request on the vlan2 interface. My ISP was giving me a /60 prefix and dnsmasq was properly sending out router advertisments with that data until I rebooted my router, and then when it wasn't working, decided to update to the latest firmware.
Once again, I seem to have wasted too much time on IPv6 without getting a firm understanding of what is broken on my system. Looking at your configuration I've recognized a few things after reading lots of man pages, but mostly: https://www.freebsd.org/cgi/man.cgi?query=dhcp6c.conf.
The line "send ia-pd 1;" is your request to the upstream dhcp6 server for a Prefix Delegation, while the line "send ia-na 0;" is a second request for a Non-temporary Address. Assuming that all of your traffic goes from your DDWRT box to your ISP router, I don't believe the Non-Temporary Address would ever be used unless you are remotely connecting to the DDWRT box itself from the internet using IPv6.
What appears to be happening on my machine is that the vlan2 interface is assigning a global address using SLAC from the router advertisement from my ISP that's visible on vlan2 and the br0 is never getting assigned a global address. I really don't care about having a global address on my vlan2 interface, because it should be a simple hop between neighbors using the link scoped addresses of my router and my isp router.
Code:
root@Netgear-R7000:~# radvdump
#
# radvd configuration generated by radvdump 2.19
# based on Router Advertisement from fe80::22c:c8ff:fe42:24bf
# received by interface vlan2
#
prefix 2604:4080:1304::/64
{
AdvValidLifetime 2592000;
AdvPreferredLifetime 604800;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
}; # End of interface definition
In the DDWRT IPv6 web interface, I've got a prefix length of 64 entered, and DHCPv6 Client Deamon Custom Configuration disabled, which produces the following configuration:
When I changed the prefix length to 60, the sla-len value in the configuration was changed to 4 and nothing else was changed. When I changed the prefix to 56 it was changed to 8.
I still don't have IPv6 working. I think my problem is related to something broken at my ISP, or at least the communication between the dhcp6c process on my router and the dhcp6 server process on the ISP. If there's a way to monitor the dhcpv6 messages from my ddrwt to the ISP, I'd appreciate a pointer.
As far as I can tell, the former wasn't working, and the latter is. Now clients get an address within the range between <the prefix delegation from ISP>::10, and <the prefix delegation from ISP>::1ff.
The biggest problem I've got is that when IPv6 isn't assigning global addresses on the local hosts, my Raspian Linux boxes don't seem able to access the shares on my windows server. I don't want to make any registry changes on the windows machines, and haven't been able to find a solution to that problem beyond getting IPv6 working correctly.
I've not found anyone knowledgeable in tech support at my ISP about IPv6. Sometimes they even say they don't support it. I think my problems when IPv6 are not working are based on flaky hardware on the ISP end of things. They seem to have IPv6 router advertisements working correctly which is great for SLAAC, but the DHCPv6 responding to IA-PD requests with prefixes is much more unreliable. My understanding of networking would mean that when it gives out a prefix, it also configures a route for that prefix to the link local address.
Yesterday, after I was tired of my local network not working, I manually gave my br0 interface the address it had last been using when everything was working.
Code:
ip -6 addr add 2604:4080:1304:8010:b27f:b9ff:fe83:6591/60 dev br0
Almost immediately DDWRT started sending router advertisements on br0 and the local hosts allocated global addresses.
Code:
root@Netgear-R7000:~# radvdump
#
# radvd configuration generated by radvdump 2.19
# based on Router Advertisement from fe80::b27f:b9ff:fe83:6591
# received by interface br0
#
prefix 2604:4080:1304:8010::/64
{
AdvValidLifetime 1800;
AdvPreferredLifetime 1800;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS fe80::b27f:b9ff:fe83:6591
{
AdvRDNSSLifetime 1800;
}; # End of RDNSS definition
}; # End of interface definition
What's interesting, is that they can also communicate over the internet using IPv6. What that tells me is that the ISP is still routing the /60 prefix to my router. At some times when I've been fighting this problem in the past I could assign the global address to the local interface and it would fix my local problems, but I could not reach devices on the internet via IPv6.
I don't understand why IPv6 doesn't seem to support subnetting with a /68 instead of going with a smaller mask at /60 when the default address seems to be using a /64 mask. Or dynamic routing using SLAAC. Maybe I'm thinking of masking off the wrong end of the address to separate the network from the host? Either way, it seems to me that if the router manages to get a /64 address itself using SLAAC, that's half of the 128 bit address space being directed to it.