Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?

JKnott

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

According to the most recent email I got from the ISP, the CPE only accepts unsolicited RA with unicast destination address.

That's nonsense. Unsolicited RAs only go to the multicast address. If they were only sent to the unicast address, how would the router know the unicast address of something that didn't send a request?

JKnott

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

I really doubt a VP is going to take an appointment with a residential subscriber for a bitch session about their network. lolz

Actually, I went through something similar a few months ago. I had a problem where the cable company's CMTS wasn't working properly. I had determined the failure was not on my network and even identified the failing system by name. I had the office of the President involved and finally got it resolved, after a senior tech proved the problem was with a specific CMTS (mine) at the head end.

JKnott

@Derelict said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

That's pretty non-committal and I haven't found anything more authoritative but that says the response to an RS will be unicast to the host sending the RS being responded to and, if unsolicited, it will be to the all-nodes multicast address.

Here's what it says in IPv6 Essentials 3rd ed, by Silvia Hagen, pg 90:

"By inspecting the IP header of the Router Advertisement message, you can determine
whether this Router Advertisement is periodic or was sent in reply to a Solicitation
message. A periodic advertisement’s Destination address will be the all-nodes multicast
address ff02::1. A solicited advertisement’s Destination address will be the address of the
interface that originated the solicitation message. Again, the hop limit is set to 255."

jahonix

@johnpoz said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

...your post on the other distro board...

This forum is amazing! Just by following/reading this thread I learned a lot.
On the "other distro board" wasn't even a single reply to the question. Tells it all, doesn't it?

Thanks for sharing knowledge and discuss professionally on this forum, really appreciate it!

JKnott

@jahonix said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

On the "other distro board" wasn't even a single reply to the question.

I don't know what that other distro is, but here it's all about networking with pfSense. Many of us here work professionally with networks. This means we tend to know more about networks than users on Linux sites. When I had that problem a few months ago, I found I had to teach both the tier 2 support and senior tech about some of the finer points about IPv6.

jahonix

@JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

I don't know what that other distro is, but ...

The fork of pfSense, maybe?
So it's not that far off the track as "other Linux sites" might be.

johnpoz

@JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

I don't know what that other distro is

hehe - yeah bimmerdriver posted pretty much same question over on the forums for the distro that I will not name ;) I mentioned that in my posted about the juniper setting not being default to not send unsolicated RAs.

Its like 3rd or 4th listing on the google search I stated - if you want to find it.. Its crickets over there for his question..

bimmerdriver

@JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

According to the most recent email I got from the ISP, the CPE only accepts unsolicited RA with unicast destination address.

That's nonsense. Unsolicited RAs only go to the multicast address. If they were only sent to the unicast address, how would the router know the unicast address of something that didn't send a request?

I'm not going to post the email, but that's what I was told.

JKnott

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

I'm not going to post the email, but that's what I was told.

Perhaps it's time to escalate. I find the first level support isn't much good for unusual problems, so I wind up asking for 2nd level right off. Even then, I had to explain how DHCPv6-PD worked to the tier 2 guy, including how the assigned address is not used for routing etc. I walked him through things to try, while I monitored with Packet Capture or Wireshark, tested through my cell phone and more. Then they guys who were responsible for fixing the problem refused, as I had my own equipment beyond the modem, even though the problem was proven to not be at my end. It took a lot of effort, but I finally got the problem resolved. You might have to do the same.

What did that guy say about the RFC that shows how it's supposed to work?

BTW, that book I quoted from is an excellent IPv6 reference.

bimmerdriver

@JKnott I'm not going to dox my contact, but "that guy" is not in first or second or any other level of support. He is an engineer. It's not that he doesn't understand what the RFCs say, but rather that these issues reflect vendor-supplied cpe and edge routers and the respective vendors won't cooperate in a timely manner or at all to resolve them. If I disagree with anything he says, it's that these issues are being tolerated and in some cases accommodated, rather than being corrected.

JKnott

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

If I disagree with anything he says, it's that these issues are being tolerated and in some cases accommodated, rather than being corrected.

What happens with other customers? I doubt pfSense is the only router that has this issue. With that sort of attitude, perhaps it's time to find another ISP. I don't understand the point of offering a service that won't work with most of the devices out there. If you've been following here long enough, you're no doubt aware some providers have some strange ideas.

bimmerdriver

@JKnott said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

If I disagree with anything he says, it's that these issues are being tolerated and in some cases accommodated, rather than being corrected.

What happens with other customers? I doubt pfSense is the only router that has this issue. With that sort of attitude, perhaps it's time to find another ISP. I don't understand the point of offering a service that won't work with most of the devices out there. If you've been following here long enough, you're no doubt aware some providers have some strange ideas.

ISPs usually hide behind the position that if you aren't using their equipment, they are not obligated to provide any support. This is what you would get from first or second level support from virtually any ISP in my experience. You have to admit that only a very small portion of the subscriber base is using anything other than the ISP-supplied CPE.

As for switching ISPs, been there, done that. The only alternative is Shaw and they suck even more than Telus.

Derelict

@bimmerdriver Seems they could un-disable unsolicited RAs to adhere to the standard and their devices could continue to operate outside the standard, send RSs, and get unicast RAs in response. Both should work in that case.

JKnott

@bimmerdriver said in Is there a way to trigger pfSense to periodically send RS on WAN I/F to ISP edge router?:

ISPs usually hide behind the position that if you aren't using their equipment, they are not obligated to provide any support. This is what you would get from first or second level support from virtually any ISP in my experience. You have to admit that only a very small portion of the subscriber base is using anything other than the ISP-supplied CPE.
As for switching ISPs, been there, done that. The only alternative is Shaw and they suck even more than Telus.

I'm on Rogers and use their modem in bridge mode, with a computer running pfSense as my firewall/router. As I mentioned, the guys responsible for maintaining the network didn't want to do anything because I had my own router/firewall, even though I was able to prove the problem was not on my network and could even identify the failing system by name. On top of that, both tier 2 support and a senior tech verified it was a Rogers problem. It was only after the senior tech brought his own modem to my home, found it failed and then took it to the head end and tested with my CMTS and 3 others, but found it only failed with mine, that they finally got around to fixing the problem. If I hadn't stuck with it and even contacted the office of the president, it would likely not be fixed and this was a problem that affected everyone on my node. Since the engineer refuses to be compliant with the RFC, then I'd say escalate to upper management and let them know their engineer is refusing to be compliant with published Internet specifications. Perhaps contacting the CRTC or CCTS might be in order.

jdu-9999

@bimmerdriver were you ever able to figure out a solution for this? I'm assuming the ISP involved is Telus. They appear to be uninterested in changing this behaviour despite my attempts to point out they are not following the RFC. The only solution they've offered is to swap out the network hardware for one of their newer modems that ignores the RFC.

bimmerdriver

@jdu-9999 You're correct, the ISP is Telus. To be honest, I had better things to do, so I basically gave up. I'm curious about who you talked to. Can we take this offline?

jdu-9999

It appears that if you add a cron job to run "/sbin/rtsol -a" once an hour it'll keep the IPv6 connection. I suspect someone read RFC 6275 and decided that "Router advertisements in such networks SHOULD be sent only when solicited" also applied to this network, despite it not technically being a mobile network. (Telus are also a mobile carrier, so it's possible this is where the confusion came from.)