Lit Fibre (UK) IPv6 stopped after powercut

F022Y

@JKnott Must admit i was expecting it too lol

Yes thats just on cellular with the wifi disabled. Tethering works fine but same result

I've dropped an email to their support and referenced this forum post

F022Y

Got my first response.

I have advised that traceroutes are hitting an address outside of my local range so see what is said.

Does it matter at all that the service is CG-Nat but i pay for a static IPv4? CG-Nat isn't something i'm hugely familar with

F022Y

Looks like it's my config but i can't see where as I thought tracking the WAN interface for LAN should work.

WAN interface:-

LAN interface:-

Should the prefix ID here be set to 48 also?

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

I have advised that traceroutes are hitting an address outside of my local range so see what is said.

Yeah, it can be fun dealing with an ISP's help(?) desk. About 6 years ago, I had a problem with IPv6 on mine. I was able to use my cell phone to help prove things. I was able to demonstrate to someone on 2nd level support (I rarely waste my time with 1st level) that the problem was not on my end, but those who should have investigated further didn't do anything. I did more testing on my own, with Wireshark, and saw an error message in the DHCP6 sequence which identified the failing equipment by host name. Even then, they wouldn't do anything. Eventually, a senior tech came to my home with his own computer and cable modem and also experienced the same failure. He then went to the office I was connected to and tried with 4 different CMTS. It failed only on the one I was connected to and precisely the one I had identified. Only then was the problem resolved. Also, in all this, I found I had to teach the people at my ISP about IPv6, because I knew more about it than they did!

Side note, 2 years ago, I was doing some work in that ISP's office and actually found the CMTS I was connected to.

Does it matter at all that the service is CG-Nat but i pay for a static IPv4? CG-Nat isn't something i'm hugely familar with

CGNAT is how you get IPv4 and should have nothing to do with IPv6. However, static IPv4 and CGNAT are contradictory. If you have a static address, it shouldn't be through NAT. Is your address in the range 100.64.0.0 to 100.127.255.255, as normally used for CGNAT?
BTW, I would expect CGNAT to be used on your cell phone. If your cell provider supports IPv6, I would expect your phone's IPv4 address to be something like 192.0.0.4, which is used with something called 464XLAT, which is used to convert IPv4 to IPv6 for an IPv6 only network, as I have with my cell phone.

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

Should the prefix ID here be set to 48 also?

No. On a /48, it could be anything between 0 & 65,535, your choice. You'd use a different number for each local network interface you have. For example, my main LAN is 0 and my guest WiFi is 3. I also have a VPN, which is 255.

F022Y

@JKnott Sorry i miss spoke there, by default it is CG-NAT but as i couldn't host service to the world wide web i paid to get a static IP so not affected by the CG-NAT but wondered if affected IPv6.

I left networking several years ago because cisco licensing was getting ridiculus and seeing similar performance at a lower cost in HPE or Aruba kit was getting to much. Now i stick to Backups, RHEL and Windows Server.

So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.

JKnott

@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:

So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.

It means they're saying you're not requesting a prefix. However, here it is in the request packet:

Given it works sometimes and you're not changing anything, it's likely not a problem with pfSense. Also, the same info is in the reply packet, which means they received the request and responded to it.

Are you familiar with Wireshark? It's an excellent tool when resolving network problems. For something like this, you might want to leave it running and filtering on DHCP6. You can then create a history and see what changes when it fails. However, to do that, you'd need a data tap, as I describe. I used that when I was working on that problem 6 years ago.

F022Y

@JKnott ah ok i see it now.

I am familar need to bust out my old Kali laptop (if i still have it) as not touched it in like 8 years and i'll have a play and ereport back.

JKnott

@F022Y

It doesn't have to be a laptop. Any computer capable of running Wireshark will do.

Gertjan

@F022Y

This :

is related to your Lit Fibre IPv6 pfSense access ?
Or your phone ?
I presume your fiber access for now.

If this is your pfSense, then your ISP told only half the situation : a device on your side (== pfSense= got an (one !) IPv6 ! the "2a10:bcc0:ccc:1::7e" (the /128 means : one (1) IP).
That's great, your pfSense can now communicate with the Internet using IPv6.
But only your pfSense.
Waaaay more important is, and I hope they just forgot to tell you that your pfSense did also request some prefixes.
To be exact : your pfSense, as per your instructions, is asking for /48 prefixes = 65535.
Now, /48 is the official, as stated by the RFC, the amount of prefixes to be made available to an ISP client. /48 means that you were asking for 65535 prefixes of /64 - recall that /64 means : 1 8446 744 073 709 551 616 individual IPv6 address per /64 = 1 prefix.
Each prefix can be assigned to one pfSense 'LAN' which means that a /48 can handle up to 65535 LAN's ....
These days, when a ISP give you 256 prefixes, or a /56, is already good enough to start with, and probably enough for some decades ^^ A /48 is also fine, and just huge.

Useless extra info : the number "65535 x 1 8446 744 073 709 551 616" is bigger as the number of sand grains in the African Sahara.

So : set / check :

and restart your WAN connection.
Then have a look at the pfSense DHCP logs again.
Search for these :

The process called "dhcp6c" is the one you're looking for and now you can see that it obtained a IPv6 for the WAN
and also the prefix negotiation.
You were asking for a /48.
What did you get ?

If you got none, then it's fully understandable that your LANs don't have any IPv6 capabilities.
For Tracking to work, pfSense (dhcp6c) must obtain these prefixes.

Does your ISP has any documentation ?

Do you use a ISP router ? And if so, does this router shows info ?
Mine (ISP router in front of pfSense) tells me :

I can see the ISP router (LAN) IPv6.
The number of prefixes available = /56
The prefix that the ISP router has given to the attached router (== pfSense) : one /64 out of the /56.

My pfSense was asking for one (1) /64, or :

F022Y

@JKnott I'll see what i have kicking about to make a data tap on my switch (QNAP QSW-M2116P-2T2S)

F022Y

So go home from the office today and walked into a pissed wife lol as the internet was dead, after a check it wasn't dead just not processing IPv4 so her mobile and work mobile stopped working and work laptop dropped too.

Appears that at some point today only IPv6 traffic worked and IPv4 was a no go so this just gets weirder.

First thing i did when i got is was boot up PC as it's wired and start recording bits.

First step was to check the internet was actually down

From this i could see it up but ping was using IPv6 so did an ipconfig to see if maybe i had no IP but this was fine, so the pfsense dashboard was checked.

All looked ok except I noticed that the LAN interface had no IPv6 address. At this point i thought i may as well run some of the test you suggested @Gertjan

Packet cap of the DHCP6 from pfsense

PfSense DHCP6c logs.txt

Now it's been 15 minutes since I did all that and guess what......... its all working.

I'm at a loss, i'm not touching anything apart from a router reboot, ISP are advising from a network point they can't see an issue and to plug the Calix RG router back in.

The topology is pretty simple:-

I'm in 2 minds.

1. Try figure it out.
2. Not piss off the wife

I'm hugely at a loss.