Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY

lohphat

In my former apartment in 2019, there was no IPv6 service with FiOS. They were not forthcoming with IPv6 functionality.

I moved in April 2019 to another building in Manhattan with Spectrum service only. Fast Forward to 2022 and FiOS was just installed over the summer and a few weeks ago their sales/provisioning system just allowed for an install appointment booking the next day .

I was able to just swap the WAN connection and reboot and the prior IPv6 config from Spectrum worked fine (delegated /56).

Went from Spectrum 350mb/12mb 17ms latency to 1gb/1gb 3ms latency. I can finally backup my 6TB NAS over the wire again in a reasonable time.

I remember when a copper T3 (45MB/s) was $25,000/month in the 1990s.

In short, Verizon finally got their act together after years of playing kick the can with IPv6 -- it seems the logjam has broken. I'm curious about other markets to see if it's just a regional roll-out or finally system-wide.

MikeV7896

This isn't the place to discuss Verizon specifically unless related to a pfSense setup (this is the pfSense site!), but to answer your question, it is network wide. They started in late April in DC/MD/VA, then worked their way north. The NYC metro area in NY was the last area to start seeing IPv6, with first reports from Queens and Manhattan on September 8th.

Businesses with static addresses will eventually get static prefixes, but that is still to come. But dynamic IPv6 for consumers and businesses seems to be available in a significant portion of their Fios service area.

JKnott

@lohphat

Maybe you can post your configuration, so that others can benefit from your experience.

lohphat

@mikev7896 said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

This isn't the place to discuss Verizon specifically unless related to a pfSense setup

Well I initially (in my last apartment where FiOS was available) waste a lot of time trying to get IPv6 working not knowing that in 2017 a major ISP wasn't offering IPv6. I thought it was my config and I was missing something in the pfSense config.

lohphat

@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

Maybe you can post your configuration, so that others can benefit from your experience.

On the "Interfaces / WAN" config page:

In "General Configuration" section:

Set "IPv6 Configuration Type" to "DHCP6"

In the "DHCP6 Client Configuration" section:

Set the "DHCPv6 Prefix Delegation size" to "56".

Then on each internal interface I want IPv6 service:

In "General Configuration" section:

Set "IPv6 Configuration Type" to "Track Interface"

In "Track IPv6 Interface" section:

Set "IPv6 Interface" to "WAN"
Set "IPv6 Prefix ID" to the same number as the 3rd octet in the 192.168.x.0/24 IPv4 address for that segment. (I have 3 internal routed networks: LAN, WIFI, IOT -- each on a separate segment).

I've also noted that Spectrum would always give me the same /56 after every reboot, but Verizon gives me a different one each time.

JKnott

@lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

I've also noted that Spectrum would always give me the same /56 after every reboot, but Verizon gives me a different one each time.

What about Do not allow PD/Address release on the WAN page?

lohphat

@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

Do not allow PD/Address release

In the Status / Interfaces page? There's no such setting on the Interfaces / WAN page.

Also, I can't use a monitor address in the WAN_DHCP6 gateway settings as I could with Spectrum. Just being able to see the gateway doesn't mean transit is happening so I enter a well-known DNS server to make sure there's transit -- but with Verizon it doesn't work with any IPv6 address I use in the field -- even though I can use the Diagnostic / Ping tool and ping from the WAN fine.

JKnott

@lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

There's no such setting on the Interfaces / WAN page.

As for the monitor, I don't know what Verizon uses, but many ISPs use a link local address which will not work for the monitor. What I did was traceroute to Google and used the first global address it passed through.

lohphat

@jknott The setting doesn't appear in my 22.05 install:

Screenshot 2022-11-05 211100.png

I too was just trying to ping cloudflare's DNS -- I can ping it from the shell and the ping tool but it doesn't work when I set it as the monitor address.

Screenshot 2022-11-05 211455.png

And when I try to use it as the monitor address:

Screenshot 2022-11-05 211632.png

JKnott

@lohphat

I'm on v2.6.0. I guess there's difference between yours and the CE version. Hopefully it's implemented by default.

In the screen capture, it appears you're using a link local address (starts with fe80). As I mentioned above, you can't use those. I don't know what's happening with Cloudeflare. Try the method I did to find the first global address and see what happens. Regardless, unless you have multiple WAN connections, that monitor doesn't do much.

lohphat

@jknott What's interesting is that the WAN segment doesn't get an IPv6 assignment so that there's an external gateway address.

lohphat

This post is deleted!

MikeV7896

The setting is in System > Advanced > Networking in 22.05... so it could apply to all interfaces on the system (and I think I need to update my original config post to note that)...

However, I don't believe it helps any, as I recently reloaded my pfSense box (had package installer issues) and reused the configuration, and every time I rebooted, a new prefix was received. So I think Verizon is doing something else. And I have a static DUID set in System > Advanced > Networking too.

Bob.Dig

@mikev7896 said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

The setting is in System > Advanced > Networking in 22.05... so it could apply to all interfaces on the system

Thanks for pointing that out! Didn't know that it is there now.

I don't use it for myself though.

JKnott

@lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

@jknott What's interesting is that the WAN segment doesn't get an IPv6 assignment so that there's an external gateway address.

Some ISPs don't provide a global WAN address, as it's not needed. Routing is often done with link local addresses. If you need a global address for VPN, etc., you can use the address on the LAN interface. I have a global WAN address, but it plays no part in routing to my network.

lohphat

@jknott Well I'm left with the residual problem that I can't enter in a specific monitoring address in the WAN_DHCP6 gateway config.

Currently it's just monitoring the link-local address but having link doesn't mean you have transit if there's a fault in the CPE (Verizon ONT).

I can't even enter in the next hop as a monitoring address.

This is a change of behavior between Spectrum and Verizon. Both offer IPv6 natively, and I could use any valid IPv6 address for the Monitoring host with Spectrum.

I shall continue to play with it...

JKnott

@lohphat

It shouldn't matter who your ISP is, an address is an address. Maybe someone who has your version can help. I have the CE version here.

Bob.Dig

@jknott I think he meant that he can not have gateway-monitoring to a public IPv6-address because WAN has no public IPv6-address with this ISP, which is a bummer.

JKnott

@bob-dig

I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.

Bob.Dig

@jknott Interesting.

Or it is maybe this:

Static route
Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior.