IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV)

JKnott

@NogBadTheBad

What speed does yours come up at? Autonegotiation should cause it do come up at the best possible.

Certainly a different cable should be tried. A flaky (pardon the tech jargon ) cable can cause the devices to think they can run at Gb, but the cable only permits 100 Mb.

NogBadTheBad

1 Gig, I think the previous versions ran 10/100 ports.

dg6464

@NogBadTheBad this is an Apple TV issue only when it goes to sleep... this is an Apple TV 4K, but I believe it's the same for all Apple TV's.

On my Meraki switch, it re-negotiates to 10/100 down from it'a usual 1Gbps... then shows CRC errors for the time it's asleep.

Otherwise - I do a speedtest and get 1Gbps down.. have tested cables and such. I've got 3 Cat6 drops in that room to my basement switch... definitely not a cable.

I'll try and find the article where someone else stated this is a common Apple TV "sleep" problem and is the same with multiple vendors switches.

Best Regards,

dg6464

dg6464

@JKnott so I just did a packet capture (albeit too big, it's like 107MB for just 30 seconds or so as I turned it on, booted up Netflix and Plex).

However... before doing so I cleared the NDP entires for the Apple TV.

They haven't come back.

So maybe while I was doing some IPv6 Testing or implementing IPv6 DNS on my pihole, it somehow generated a ton of these entries and they just stayed?

Not sure - but I will monitor moving forward.

dg6464

@NogBadTheBad this might be a way of getting around it... if I just assign a static DHCPv6 for the MAC address. I'll give it a try if the NDP table issue keeps happening.

This will also be a simple way for me to keep the hostnames in check and make it easier to know what is what.

Did you find that the Apple TV's actually received a DHCPv6 address when you configured it?

Where did you configure those static DHCPv6 addresses? When I go to configure one it asks for a DUID and has no specific spot for the MAC Address?

Thanks!

Best Regards,

dg6464

NogBadTheBad

@dg6464

What makes you think my ATV doesn’t go to sleep?

Have you got a spare lan port on your router to try and connect it to directly dos a test.

I originally let my ATV get a random IPv6 address then fixed it using the DUID address in the status - dhcpv6 leases page.

dg6464

@NogBadTheBad I'm not saying it doesn't go to sleep... I'm saying your switch modem may not detect CRC align errors for some reason. It was more commercial gear that seemed to detect the issue.

I've tried multiple switching ports, multiple cables... and everything works perfectly when it's awake. Only when it goes to sleep does it have the issue.

As for the DHCPv6 lease... for some reason the DUID that it assigns won't allow me to assign a reservation:

Either way... the NDP Table only has 1 entry now... the most I have seen yet is 4 entries for it now. Only time will tell.

Not that it helps at all, but the Meraki switch GUI with the CRC errors... you can see the "red" gaps.. that's where it goes to sleep:

It's asleep right now, so it negotiates at 10/100:

Meraki thread about it:

[https://community.meraki.com/t5/Switching/AppleTV-4K-Ethernet-Madness/td-p/41254](link url)

JKnott

@dg6464 said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

if I just assign a static DHCPv6 for the MAC address.

I don't know that would do it. You'd still have the neighbour announcements. With SLAAC, you will have a link local address and at least 1 global address. With DHCPv6, you will have a link local address and 1 global address. I don't see much difference in that.

As for that huge packet capture, what happens if you wait for the dust to settle, before starting it? You should still see neighbour advertisements periodically.

dg6464

@JKnott do you think it's worth running RA in "Managed" mode then, to force DHCPv6? Not sure if I am in a world of hurt for all of the IP's that have been assigned using SLAAC / RA already though (likely my pihole DNS servers IP, unRAID's IPv6 IP and such). Not sure if I turn off Assisted mode and move to Managed if the existing used IP's will show up as leases.

Honestly if most things are compatible with DHCPv6 now and don't require SLAAC / RA's and autoconfigure... i'd almost rather manage the DHCPv6 leases just like I manage the DHCP IPv4 leases today... one by one from the pool as a round-robin and configuring reservations when it makes sense.

I can try another packet capture as well if you'd like and just not boot up Netflix and such.

You think just a cycle from sleep to wake up to sleep again will do the trick?

I can tinker with the options if it makes sense... just thought I'd ask just in case I'm in for a world of hurt by changing from Assisted. Doesn't that basically disable auto-configure / SLAAC?

Existing Configuration for DHCPv6 and RA:

Thanks!

Best Regards,

dg6464

JKnott

@dg6464 said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

do you think it's worth running RA in "Managed" mode then, to force DHCPv6?

I doubt it would make any difference. RAs are required, whether SLAAC, DHCPv6 or manual config. RAs are the IPv6 equivalent of ARP and without them, it won't work.

JKnott

@johnpoz said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

Name one mainstream anything that requires I have an IPv6 address.. Just 1...

Here's one example. IIRC, the Xbox requires IPv6. It had used Teredo, but I believe that's been turned down or will be shortly.

IsaacFL

@dg6464

I have 2 older 1080p AppleTvs On a dual stack network and haven’t seen what you are seeing. I am using them currently on WiFi but I have used them wired in the past with no issue

They work fine with my ipv6 network. I use SLAAC only (unmanaged) but they also work as “assisted”.

About the only thing I have ever had to do to them is restart them if I reconfigure my network.

I have noticed that they don’t update their network configuration unless you restart them and that includes ipv4 too. Pulling the plug doesn’t work.

I have seen multiple ipv6 addresses (>600) once on a Windows machine but that was due to a router problem.

IsaacFL

@dg6464 said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

@JKnott do you think it's worth running RA in "Managed" mode then, to force DHCPv6? Not sure if I am in a world of hurt for all of the IP's that have been assigned using SLAAC / RA already though (likely my pihole DNS servers IP, unRAID's IPv6 IP and such). Not sure if I turn off Assisted mode and move to Managed if the existing used IP's will show up as leases.

Honestly if most things are compatible with DHCPv6 now and don't require SLAAC / RA's and autoconfigure... i'd almost rather manage the DHCPv6 leases just like I manage the DHCP IPv4 leases today... one by one from the pool as a round-robin and configuring reservations when it makes sense.

I find that "unmanaged" SLAAC mode works the best with most devices like these media devices and IOT type devices. DHCPv6 implementation on some of these types of devices are hit or miss, but SLAAC always seems to work.

The support for SLAAC in the RFCs are mandatory for hosts, whereas DHCPv6 host support is "optional".

IsaacFL

@JKnott said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

@johnpoz said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

This is perfect example of when you just disable IPv6 for this network..

My choice would be to get rid of the Apple crap. I'm allergic to the stuff. Disabling IPv6 is short sighted, as the world has to move to IPv6, to get rid of that NAT nonsense.

Take the complaint to Apple and let them fix it. They're the ones who caused the problem.

Apple works perfectly fine with ipv6, actually, one of the best. I think the issue here is the network itself is misconfigured..

NogBadTheBad

Personally I think the issue lies with the Meraki switch, I can't understand why the speed changes to 100 Mbps when the ATV sleeps, my screenshots occured what the ATV was asleep.

I have 1 ATV connected to ethernet & 1 connected via Wi-Fi both don't have the issue you're seeing.

I'm using switches from the Linksys Business range.

Do you have a spare port on the router that you could set up as a new test lan and connect the ATV directly to it?

dg6464

@NogBadTheBad Thanks for the insight - I've also got the same setup... my one Apple-TV 4K, connected via LAN and the other Apple TV connected via WiFi.

The issue (as per the Meraki thread) seems to persist beyond just Meraki switches when the Apple TV sleeps... and is only an issue for wired clients.

You may be correct, however in that the Apple TV could be giving the issue because it's wired specifically, so likely it would fix the issue to just move totally to wireless, but what is the fun in that? :).

I've attached some screenshots of the NDP table as of this morning... the ATV4 is gradually grabbing more IPv6 IP's via RA / SLAAC it seems.

I can run some experiments and see if the other ATV does the same on wireless, as well as wired if need be, I can capture packets from both the pfSense box, as well as all packets on the switch ports (there's a make .pcap function on the switch... so I assume I'd also see the L2 switch negotiation messages if I get the .pcap from the switch.

There IS a DHCP lease that contains the ATV4's MAC address in it (as part of the DUID), but doesn't actually specifically show that as the MAC Address as an entry in the DHCPv6 lease table (screenshot attached). When I try to create a reservation for that DUID it gives me an error as well, not sure why... seems my DUID formatting is wrong (but it came directly from clicking the "+" and trying to add via the pfSense formatting and reserve function itself).

NogBadTheBad

Are you trying to allocate a fixed IP that's been handed out via DHCPv6 and is in the available range, you need to hand out an IP from outside the range.

I set my range to 2a02:xxxx:xxxx:4::64 - 2a02:xxxx:xxxx:4::fe and allocate 2a02:xxxx:xxxx:4::ABCD where ABCD = the last octet of my IPv4 address converted to hex.

andy@mac-pro ~ % host livingroom-atv
livingroom-atv has address 172.16.4.12
livingroom-atv has IPv6 address 2a02:xxxx:xxxx:4:c
andy@mac-pro ~ %

FYI the last few digits of the DUID contain the device MAC address.

BTW Those are different IPv6 addresses from your DHCPv6 scope that are being handed out to the same MAC address.

Think you need to do an extended packet capture on the router itself and try and figure out why the router is handing out multiple IPv6 addresses to the same MAC when it should reuse the same address thats being handed out.

https://docs.netgate.com/pfsense/en/latest/book/services/ipv6-dhcp-server-and-router-advertisements.html

Here is how my IOT subnet is setup for DHCPv6

JKnott

@NogBadTheBad said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

Are you trying to allocate a fixed IP that's been handed out via DHCPv6 and is in the available range

Does pfSense allow that with IPv6? It certainly doesn't with IPv4.

NogBadTheBad

@JKnott said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

@NogBadTheBad said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

Are you trying to allocate a fixed IP that's been handed out via DHCPv6 and is in the available range

Does pfSense allow that with IPv6? It certainly doesn't with IPv4.

That's why I mentioned it, I don't think it does. it doesn't.

Also the setting on his DHCPv6 server doesn't look correct.

dg6464

@NogBadTheBad Thanks for the quick response... it may be worth diving into my overall IPv6 configuration, then... as I think it might require some tweaking.

My ISP gives me a /64 to use for my LAN from what I can tell... so that means (since I believe /64 is the minimum recommended LAN segment to use) that I only get one segment to use for IPv6?

That segment is automatically used for SLAAC since I believe clients use the local address of the RA router in addition to their DUID to make their own addresses (the IPv6 address assigned to the LAN interface by default).

That segment is ALSO used as my range for my DHCPv6 server.

I assume what you have is a /60 or something and you are able to use separate non-overlapping /64's for the different spots... one /64 on you main LAN, one for your IOT (which is used for SLAAC on both)... one /64 for your DHCPv6 subnets on each LAN as well?

Screenshots of my configuration and IP's provided.

It's likely I've got something mixed up... as my ranges are much simpler (since I only have the one block to use, I omitted the beginning of the addresses since it's assumed by the LAN interfaces leased info, I thought.