Radvd.conf suddenly contains bad preifx length
-
I was gone from home for several days and when I returned, I noticed IPv6 was no longer working. None of the clients (Windows, Linux, Android) were picking up the route from the router advertisements despite the fact that the service was indeed running on pfsense.
I peeked at the the radvd.conf file and noticed that it's sending the wrong prefix size!
Here is the file's contents:
$ cat /var/etc/radvd.conf # Automatically Generated, do not edit # Generated config for dhcp6 delegation from wan on lan interface re1 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; AdvLinkMTU 1500; AdvOtherConfigFlag on; prefix 2601:xxxx:xxxx:xxxx::/60 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; RDNSS 2601:xxxx:xxxx:xxxx:yyyy:yyff:feyy:yyyy { }; DNSSL localdomain { }; };Under WAN, I have DHCPv6 Prefix Delegation size set to 60 and Send IPv6 prefix hint checked. For reference, here is another pfsense system I have with the same settings and ISP but still functions correctly:
$ cat /var/etc/radvd.conf # Automatically Generated, do not edit # Generated config for dhcp6 delegation from wan on lan interface vr0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; AdvLinkMTU 1500; AdvOtherConfigFlag on; prefix 2601:zzzz:zzzz:zzzz::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; RDNSS 2601:zzzz:zzzz:zzzz:zzzz:zzff:fezz:zzzz { }; DNSSL localdomain { }; };Something happened to my router to break the radvd.conf file. The prefix changed from /64 to /60 which is wrong! Here's the worst part, regardless of what I set "DHCPv6 Prefix Delegation size" and "Send IPv6 prefix hint" to, the radvd.conf file remains broken. It just breaks in different ways. If I set DHCPv6 Prefix Delegation size to 64 for example, then the prefix is shown as /57!
Has anyone seen this before or can help?
Edit: I forgot to mention, this is with pfsense v2.1.5, ISP is Comcast, and IPv6 ping works from pfsense itself on either WAN or LAN interface addresses.
-
I figured it out. Turns out Comcast now offers me a /56 through PD. I think this is because I technically have their business class internet.
I think all residential accounts are offered a /64 and if they use a prefix hint, can get a /60. Business always gets a /56.
I noticed that even a fresh install of pfsense was exhibiting the problem I described earlier. It was setting the route for the LAN as /56 and radvd was advertising the /56. Once the DHCPv6 Prefix Delegation size was set to 56, then it set the route and advertisements to /64 on LAN.
-
Do you have a Comcast provided router or your own? My SMC router is only giving /64 PD's. I think customer routers/modems are getting /56's according to Comcast, but still collecting info.
-
Comcast residential service provides a single /64 unless you specify a smaller prefix (as low as /60).
Comcast business service might be able to request a smaller prefix for more subnets, but I'm not certain about that.
-
@virgiliomi:
Comcast residential service provides a single /64 unless you specify a smaller prefix (as low as /60).
Comcast business service might be able to request a smaller prefix for more subnets, but I'm not certain about that.
Comcast Business provides a dynamic /56 for the Comcast provided "production" modems (SMC, Netgear and Cisco). However, even though they are dual stack today, the configs still aren't fully working. the SMC allocates a /56, but there are only two /64's provided. One for the WAN and then one that can be delegated–except the route back to the SMC for that delegated prefix isn't working.
the Netgear and Cisco have different issues also, so just trying to get data on what's working or not.
I'm in the 3 day window of waiting for the DHCP server upstream to forget the DUIDs pfSense is sending for the LAN. I think it got a prefix I can't work with while I was testing selection of "send hint" or not. It appears for pfSense, I still need to pick a /56 but not send the hint. That way when I actually get the WAN /64, I can then select the 00 - ff (assume I can't use 00 since that's the prefix in use by the WAN) based on what I get back for an XID response to the IA_PD request.
-
Do you have a Comcast provided router or your own? My SMC router is only giving /64 PD's. I think customer routers/modems are getting /56's according to Comcast, but still collecting info.
I'm using my own equipment only.
-
Do you have a Comcast provided router or your own? My SMC router is only giving /64 PD's. I think customer routers/modems are getting /56's according to Comcast, but still collecting info.
Any device being used as a MODEM (either leased or owned) can have whatever router is connected request whatever prefix size is available based on your class of service (residential /60 or business /56).
Any device being used as a GATEWAY - a modem and router combined into one unit - will only likely request a /64. If a GATEWAY device is put into BRIDGE MODE (some allow you to do this in the web-based GUI, some require calling Comcast), this essentially makes it function similar to a MODEM, and your own router can request whatever prefix size is available based on your class of service.
Comcast has been moving away from renting regular modems, and mostly rents gateway devices now. This has allowed them to raise their rental fees ("We're renting you more than just a modem now, we're renting you a modem AND router!") as well as have some management control over the router portion.
