ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas
-
@JKnott: here you go
-
Here's what it shows:
There is no response to multiple solicits.
Here's what it should look like:
This indicates a problem at the ISP. They're not responding to the solicits.
-
@JKnott:
Thanks for the reply. Can you turn on the SRC and DST ports display in your Wireshark captures of "how it should be"?Also, if you look at the next to the last packet in the posted file you can see a UDP packet containing all the DHCPv6 prefix info coming from my ISP. But that is destined for port 547. Should it not instead be destined to port 546? What exactly is that exchange from the ISP where source and destination ports are both 547. And it is saying dhcp-relay if I recall.
-
The ISP has been trying some things on their side for the last couple of days. They reboot their router at 2:00 AM, so it's the next day before I can test the result.
Initially, before their latest "update" Monday night (or 2:00 AM Tuesday morning, actually), I never got anything containing any sort of prefix reply. After the latest change, I started getting that dhcp-relay reply packet containing a prefix delegation string. But that is being sent to the wrong port (547 instead of 546), and I believe it is actually traffic for a DHCPv6 Relay Agent that I should possibly not be seeing at all on my end.
Do you mind sharing a PCAP file from a successful prefix delegation DHCPv6 exchange from your ISP? If you had rather do so privately, send me a PM here on the forum and I will respond with an email address. I would like to see what things should look like to help me understand what may be wrong on my ISP's side.
-
@bmeeks said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
Thanks for the reply. Can you turn on the SRC and DST ports display in your Wireshark captures of "how it should be"?
Also, if you look at the next to the last packet in the posted file you can see a UDP packet containing all the DHCPv6 prefix info coming from my ISP. But that is destined for port 547. Should it not instead be destined to port 546? What exactly is that exchange from the ISP where source and destination ports are both 547. And it is saying dhcp-relay if I recall.
There is no port columns in Wireshark. You have to look in the expanded packets to see what the port numbers are. However, the protocol is listed in these examples.
As for 546 vs 547, that depends on which end is sending. 546 is the source port for the client, but 547 for the server.
The last packet in your capture is a neighbor advertisement, which could have come from any device. There is nothing back from your ISP for DHCPv6.
Correction, the last packet is destination unreachable.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@bmeeks said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
Do you mind sharing a PCAP file from a successful prefix delegation DHCPv6 exchange from your ISP? If you had rather do so privately, send me a PM here on the forum and I will respond with an email address. I would like to see what things should look like to help me understand what may be wrong on my ISP's side.
I've attached the file. Don't worry about revealing my addresses, as this capture was made before I got my current prefix.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@JKnott said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
There is no port columns in Wireshark. You have to look in the expanded packets to see what the port numbers are. However, the protocol is listed in these examples.
As for 546 vs 547, that depends on which end is sending. 546 is the source port for the client, but 547 for the server.
The last packet in your capture is a neighbor advertisement, which could have come from any device. There is nothing back from your ISP for DHCPv6.
Correction, the last packet is destination unreachable.
I found the port columns. You can turn it on by right clicking down in the details display and choosing "Apply as column". Just makes it easier to see who is talking from and to where in the top window.
I'm talking about lines #31 and #32 in the top window of the Wireshark display at times 140.049081 and 140.071568. Notice that reply from my ISP side that is sourced from port 547 (which is correct) and destined for port 547 (which is incorrect as I think it should be 546). Note also this says it is a Relay-reply message type.
About to load and examine your capture. I found another on the web of a DHCPv6 session and it clearly shows the ISP's server replies should be sent to port 546 "from" port 547.
-
@JKnott said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
I've attached the file. Don't worry about revealing my addresses, as this capture was made before I got my current prefix.
Thanks for the file. It confirms what I suspected. My ISP has something not configured correctly with regards to their DHCPv6 Relay Agents.
It is clear in your capture that your ISP replied back with the prefix delegation info using a UDP packet source from port 547 and sent to port 546. That matches what the RFC says because DHCPv6 clients listen only on port 546 for incoming replies.
My ISP has a misconfiguration in their DHCPv6 setup as their Relay Agent appears to be sending the info back with port 547 as the destination instead of 546. Thus my firewall DHCPv6 client is failing to see the returned data (as it's the wrong port). Consequently, my firewall is responding back in that last packet with an ICMPv6 "port unreachable" message to the ISP's Relay Agent or DHCPv6 server.
-
@bmeeks said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
I'm talking about lines #31 and #32 in the top window of the Wireshark display at times 140.049081 and 140.071568. Notice that reply from my ISP side that is sourced from port 547 (which is correct) and destined for port 547 (which is incorrect as I think it should be 546). Note also this says it is a Relay-reply message type.
I see that replay reply, which I have never seen before. I have no idea what it's about.
-
@JKnott said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
@bmeeks said in ISP offering and testing an IPv6 BETA program, but it's not working and need some ideas:
I'm talking about lines #31 and #32 in the top window of the Wireshark display at times 140.049081 and 140.071568. Notice that reply from my ISP side that is sourced from port 547 (which is correct) and destined for port 547 (which is incorrect as I think it should be 546). Note also this says it is a Relay-reply message type.
I see that replay reply, which I have never seen before. I have no idea what it's about.
Yeah, me neither. I've sent your capture and mine to the consulting engineer for my ISP. I think perhaps setting all this up is new for him as well. Hence the BETA program. So, likely a learning curve for the both of us
.Thank you for your input. You validated what I thought I understood. Just wanted another more experienced IPv6 user's view.
