Lit Fibre (UK) IPv6 stopped after powercut

JKnott

@F022Y

That packet capture shows you're pinging a link local address:

Are you pinging the ISPs MAC on the WAN interface? Or something on your local LAN? Link local packets do not pass through a router, so it has to be something directly connected to whichever network you're on.

In that traceroute, I see 4 successful hops, then nothing. This could indicate a routing problem beyond that last one.

F022Y

@JKnott android on 4G and any attempts to ping or routetrace bbc.co.uk it defaults to IPv4.

Address i'm pinging is either bbc or netgate i'll do another now pinging bbc.co.uk...........

Just for giggles i've done 2 for comparison.

Capture the LAN port
packetcapture-igc0-20250318212104.pcap

Capture the WAN port
packetcapture-igc1-20250318211922.pcap

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

android on 4G and any attempts to ping or routetrace bbc.co.uk it defaults to IPv4.

Try test-ipv6.com. You should have IPv6 with 4G. However, your cell company may be preventing tethering from working.

Also, you should be trying this when connected to the cell network and not your WiFi, as the pfSense problem would affect it too.

F022Y

@JKnott just tested, WiFi off and still not playing

Image doesn't want to appear so I'll share when back on desktop.

Gertjan

@F022Y

Wow, that's imho quiet unique : an Phone 4G/5G ISP without IPv6 ... ?

What does this mean :

as I always considered that "test-ipv6.com" is clean and exempt of publicity or other stiff.

F022Y

@Gertjan it's brave browser so the left icon is that the the inbuilt "shields" are active the right one is Brave rewards.

Gertjan

@F022Y

Yeah, get that
And why the red triangle with the warning ?
"test-ipv6.com is script based, and the script ... tests the IPv6 capabilities. If something failed, it shows you are IPv4 only, and maybe this isn't the case.

I find it still hard to believe yo use a phone connection without IPv6 ... There are no free IPv6 IPv4 ! left, no where, and people didn't stop buying phones, so IPv6 isn't really an option these days.

Are you sure IPv6 isn't disabled in your phone ? Just asking, as I don't recognize what phone OS you are using, it doesn't look like mine.

F022Y

@Gertjan sorry not following.

The right icon, the triangle is brave rewards so the warning is that brave rewards is not contributing to the page.

"I find it still hard to believe yo use a phone connection without IPv6 ... There are no free IPv6 left, no where, and people didn't stop buying phones, so IPv6 isn't really an option these days."

I presume you meant IPv4 here?

As for phone OS, bog standard Android 15 with March security patches on a pixel 9 pro and ipv6 is enabled as test-ipv6.com worked fine when fibre service was.

Gertjan

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

I presume you meant IPv4 here?

Great, yeah, you're right.

edit : your phone OS seems recent.
So it's your "phone data carrier ISP" ....
Very soon, they will have IPv6 - or leave the market.

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

Image doesn't want to appear so I'll share when back on desktop.

That's surprising. That's on your cell network, not WiFi?

Maybe you should ask your cell carrier about that. Also, depending on your plan, you may or may not have tethering. You can ask about that too.

As I said yesterday, I suspect your IPv6 problem may be due to the work your ISP is doing to merge companies. Maybe you can ask them about that too.

The reason the cell networks are supposed to have IPv6 is they're moving to VoIP, with VoLTE on 4G and VoNR on 5G. That requires a network working the way the network gods intended, without crap like NAT getting in the way.

F022Y

@JKnott Must admit i was expecting it too lol

Yes thats just on cellular with the wifi disabled. Tethering works fine but same result

I've dropped an email to their support and referenced this forum post

F022Y

Got my first response.

I have advised that traceroutes are hitting an address outside of my local range so see what is said.

Does it matter at all that the service is CG-Nat but i pay for a static IPv4? CG-Nat isn't something i'm hugely familar with

F022Y

Looks like it's my config but i can't see where as I thought tracking the WAN interface for LAN should work.

WAN interface:-

LAN interface:-

Should the prefix ID here be set to 48 also?

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

I have advised that traceroutes are hitting an address outside of my local range so see what is said.

Yeah, it can be fun dealing with an ISP's help(?) desk. About 6 years ago, I had a problem with IPv6 on mine. I was able to use my cell phone to help prove things. I was able to demonstrate to someone on 2nd level support (I rarely waste my time with 1st level) that the problem was not on my end, but those who should have investigated further didn't do anything. I did more testing on my own, with Wireshark, and saw an error message in the DHCP6 sequence which identified the failing equipment by host name. Even then, they wouldn't do anything. Eventually, a senior tech came to my home with his own computer and cable modem and also experienced the same failure. He then went to the office I was connected to and tried with 4 different CMTS. It failed only on the one I was connected to and precisely the one I had identified. Only then was the problem resolved. Also, in all this, I found I had to teach the people at my ISP about IPv6, because I knew more about it than they did!

Side note, 2 years ago, I was doing some work in that ISP's office and actually found the CMTS I was connected to.

Does it matter at all that the service is CG-Nat but i pay for a static IPv4? CG-Nat isn't something i'm hugely familar with

CGNAT is how you get IPv4 and should have nothing to do with IPv6. However, static IPv4 and CGNAT are contradictory. If you have a static address, it shouldn't be through NAT. Is your address in the range 100.64.0.0 to 100.127.255.255, as normally used for CGNAT?
BTW, I would expect CGNAT to be used on your cell phone. If your cell provider supports IPv6, I would expect your phone's IPv4 address to be something like 192.0.0.4, which is used with something called 464XLAT, which is used to convert IPv4 to IPv6 for an IPv6 only network, as I have with my cell phone.

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

Should the prefix ID here be set to 48 also?

No. On a /48, it could be anything between 0 & 65,535, your choice. You'd use a different number for each local network interface you have. For example, my main LAN is 0 and my guest WiFi is 3. I also have a VPN, which is 255.

F022Y

@JKnott Sorry i miss spoke there, by default it is CG-NAT but as i couldn't host service to the world wide web i paid to get a static IP so not affected by the CG-NAT but wondered if affected IPv6.

I left networking several years ago because cisco licensing was getting ridiculus and seeing similar performance at a lower cost in HPE or Aruba kit was getting to much. Now i stick to Backups, RHEL and Windows Server.

So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.

It means they're saying you're not requesting a prefix. However, here it is in the request packet:

Given it works sometimes and you're not changing anything, it's likely not a problem with pfSense. Also, the same info is in the reply packet, which means they received the request and responded to it.

Are you familiar with Wireshark? It's an excellent tool when resolving network problems. For something like this, you might want to leave it running and filtering on DHCP6. You can then create a history and see what changes when it fails. However, to do that, you'd need a data tap, as I describe. I used that when I was working on that problem 6 years ago.

F022Y

@JKnott ah ok i see it now.

I am familar need to bust out my old Kali laptop (if i still have it) as not touched it in like 8 years and i'll have a play and ereport back.

JKnott

@F022Y

It doesn't have to be a laptop. Any computer capable of running Wireshark will do.

Gertjan

@F022Y

This :

is related to your Lit Fibre IPv6 pfSense access ?
Or your phone ?
I presume your fiber access for now.

If this is your pfSense, then your ISP told only half the situation : a device on your side (== pfSense= got an (one !) IPv6 ! the "2a10:bcc0:ccc:1::7e" (the /128 means : one (1) IP).
That's great, your pfSense can now communicate with the Internet using IPv6.
But only your pfSense.
Waaaay more important is, and I hope they just forgot to tell you that your pfSense did also request some prefixes.
To be exact : your pfSense, as per your instructions, is asking for /48 prefixes = 65535.
Now, /48 is the official, as stated by the RFC, the amount of prefixes to be made available to an ISP client. /48 means that you were asking for 65535 prefixes of /64 - recall that /64 means : 1 8446 744 073 709 551 616 individual IPv6 address per /64 = 1 prefix.
Each prefix can be assigned to one pfSense 'LAN' which means that a /48 can handle up to 65535 LAN's ....
These days, when a ISP give you 256 prefixes, or a /56, is already good enough to start with, and probably enough for some decades ^^ A /48 is also fine, and just huge.

Useless extra info : the number "65535 x 1 8446 744 073 709 551 616" is bigger as the number of sand grains in the African Sahara.

So : set / check :

and restart your WAN connection.
Then have a look at the pfSense DHCP logs again.
Search for these :

The process called "dhcp6c" is the one you're looking for and now you can see that it obtained a IPv6 for the WAN
and also the prefix negotiation.
You were asking for a /48.
What did you get ?

If you got none, then it's fully understandable that your LANs don't have any IPv6 capabilities.
For Tracking to work, pfSense (dhcp6c) must obtain these prefixes.

Does your ISP has any documentation ?

Do you use a ISP router ? And if so, does this router shows info ?
Mine (ISP router in front of pfSense) tells me :

I can see the ISP router (LAN) IPv6.
The number of prefixes available = /56
The prefix that the ISP router has given to the attached router (== pfSense) : one /64 out of the /56.

My pfSense was asking for one (1) /64, or :