Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY

lohphat

@jknott Well I'm left with the residual problem that I can't enter in a specific monitoring address in the WAN_DHCP6 gateway config.

Currently it's just monitoring the link-local address but having link doesn't mean you have transit if there's a fault in the CPE (Verizon ONT).

I can't even enter in the next hop as a monitoring address.

This is a change of behavior between Spectrum and Verizon. Both offer IPv6 natively, and I could use any valid IPv6 address for the Monitoring host with Spectrum.

I shall continue to play with it...

JKnott

@lohphat

It shouldn't matter who your ISP is, an address is an address. Maybe someone who has your version can help. I have the CE version here.

Bob.Dig

@jknott I think he meant that he can not have gateway-monitoring to a public IPv6-address because WAN has no public IPv6-address with this ISP, which is a bummer.

JKnott

@bob-dig

I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.

Bob.Dig

@jknott Interesting.

Or it is maybe this:

Static route
Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior.

JKnott

@bob-dig

I suspect the problem is with a link local WAN address, there is no usable subnet and the non local gateway may be a way around that. I don't think removing a static route would fix that.

lohphat

@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

I wonder if Use non-local gateway, under Advanced, would help with this. Given he can ping an outside address means he's using a LAN side address for that.

About that. I'm using the WAN i/f in the ping and it works fine. That's what's really confusing me.

Update: Aha!

I tried the ping from the WAN and LAN and noticed that ping is using the LAN interface even though WAN is selected -- so that may explain why the monitor IP is failing as it doesn't know to use the LAN interface instead.

lohphat

@bob-dig said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

@jknott Interesting.

Or it is maybe this:

Static route
Do not add static route for gateway monitor IP address via the chosen interface By default the firewall adds static routes for gateway monitor IP addresses to ensure traffic to the monitor IP address leaves via the correct interface. Enabling this checkbox overrides that behavior.

Just tried this. Didn't work.

JKnott

@lohphat

Have you tried what I suggested about the non-local gateway?

lohphat

@jknott said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

Have you tried what I suggested about the non-local gateway?

Yes. No joy -- didn't work.

JKnott

@lohphat

Well, I guess you'll have to rely on the IPv4 monitor then. I have no idea why some ISPs don't provide a WAN address. It's not as though there's an address shortage.

Bob.Dig

@lohphat said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

Just tried this. Didn't work.

What happens if you uncheck that and then create your own static route to that same external IP...

lohphat

@bob-dig said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

What happens if you uncheck that and then create your own static route to that same external IP...

Will try that shortly.

Related question: Why doesn't the WAN config for Ipv6 offer a place to assign a Prefix ID like the other i/f configs do since they're tracking the WAN IPv6 config delegation?

It seems that the WAN config should be able to assign the external WAN i/f an address. Or is that controlled by the ISP's RA?

Perhaps I can ask Verizon to have their side assign one...

JKnott

@lohphat

That would really mess up routing. You'd have your internal prefix on the WAN interface.

MikeV7896

@jknott How would it mess up routing?? The whole prefix is being routed to the router by the ISP anyway... For a while I had a virtual IP set up on my WAN interface using the "ff" prefix ID... I just had to manually change the VIP every time the prefix changed, which got old (and is part of why I'm not doing it anymore). But the IP worked just fine and could be pinged from the internet (since I allow pinging "WAN address" in my rules).

Verizon even does it in their own routers... taking the "ff" prefix ID and using the ::1 address for the WAN interface on the router.

Bob.Dig

@mikev7896 Yeah, have read that here before, there is even a rfc for that if I remember correctly. But you loose one whole /64 just for one WAN address. Connection still would run over that fe80 address.

JKnott

@mikev7896 said in Just flipped from Spectrum to FiOS in NYC and have IPv6 out of the box FINALLY:

How would it mess up routing??

What prefix were you planning on using? Are you going to use an alias?Will that alias start doing router solicitations? It's a situation where you want to be very careful.

lohphat

@bob-dig This is why I expect the ISP to issue a WAN interface IPv6 address not related to the /56 prefix they assigned my gateway. Spectrum did, Verizon does not.

lohphat

@jknott Spectrum would issue me a /56 prefix AND assign an address from another pool to my external WAN interface so that the link between they the ISP and my CPE was a routable segment.

Verizon on the other hand makes the link between their CO router and my CPE a bridged connection using just link-local addresses.

I just spent 45min on a Verizon chat to no resolution having to wade though three tiers of escalation to finally get someone who understood the request to have me call the router group directly @ 866 -849-3768

JKnott

@lohphat

I'm on Rogers and get a /56. While they provide a global WAN IP, it's not used for routing.