Enabling IPv6 on Comcast home network

lenhuppe

@jknott said in Enabling IPv6 on Comcast home network:

@lenhuppe

On WAN
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.

Where are you seeing that?

LAN

Why are you using DHCPv6? Unless you have a specific need, you should be using SLAAC.

Router Advertisements

I have unmanaged

I was unable to select unmanaged and turn on SLAAC

With DHCP6 and RA disabled the changes you suggested did not work.

I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.

Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.

JKnott

@lenhuppe said in Enabling IPv6 on Comcast home network:

On WAN
I do not see "Switch port" on my system. That may be caused by misconfiguration on yours.

Where are you seeing that?

Right here at the bottom.

JKnott

@lenhuppe said in Enabling IPv6 on Comcast home network:

I was unable to select unmanaged and turn on SLAAC

With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.

If SLAAC won't work, you have some other issue. Also, SLAAC is on the LAN side and has nothing to do with your ISP. You normally use DHCPv6-PD on the WAN. Does Comcast do something different?

lenhuppe

@jknott said in Enabling IPv6 on Comcast home network:

@lenhuppe said in Enabling IPv6 on Comcast home network:

I was unable to select unmanaged and turn on SLAAC

With DHCP6 and RA disabled the changes you suggested did not work.
I am now left with a network that is down unless I remove the pfSense router. It may be that I need to reinstall the firmware and try again. It may also be that I need to contact my ISP and ask them how they have IPv6 implemented.
Thank you all for your persistence. I am the same way when it comes to troubleshooting configuration issues.

If SLAAC won't work, you have some other issue. Also, SLAAC is on the LAN side and has nothing to do with your ISP. You normally use DHCPv6-PD on the WAN. Does Comcast do something different?

I don't know for certain how Comcast does ip6. Their tech support is not very helpful so I may be on my own to figure it out. Also, my Netgate does not have DHCPv6-PD as an option on the WAN. When the cable modem wss in bridge mode the WAN and LAN interfaces appeared to be getting valid ip6 addresses.

With SLAAC enabled it looked like my Linux box was getting an ip6 address but mDNS was not working. When I tried to verify the ip address of my spare Linux box I was getting 169.x.x.x which does not exist on my network. I was unable to use SSH or connect to my wifi or printer to check their status. Even after disabling ip6 on the pfSense these problems persisted.

I have grad school work to get done so I had no choice but to try removing the pfSense. To the best of my knowledge I am up and running again. My spare Linux system had to be reinstalled. Thank goodness I have my own recovery system.

Prior to this my Netgate had served me well.

JKnott

@lenhuppe

Do a packet capture on the WAN side for DHCPv6 (port 546 or 547) and post the capture here. Also, sometimes the best thing to do is to start over from scratch as you might have done something and not realized it.

When you do the capture, shut down pfsense and unplug the WAN cable. Then reboot and start the packet capture. Then plug in the WAN cable.

lenhuppe

@jknott said in Enabling IPv6 on Comcast home network:

@lenhuppe

Do a packet capture on the WAN side for DHCPv6 (port 546 or 547) and post the capture here. Also, sometimes the best thing to do is to start over from scratch as you might have done something and not realized it.

When you do the capture, shut down pfsense and unplug the WAN cable. Then reboot and start the packet capture. Then plug in the WAN cable.

I have a crazy schedule but I will do that. I will look up how to do that and get it done. Maybe we can figure this out and help other Comcast customers (victims). I will isolate the Netgate and use my spare Linux box to run whatever tests you want.

Meanwhile I will also reinstall pfSense. My Netgate has been in operation for a long time and had many updates. It has not been reinstalled for at least two years.

MikeV7896

As a former customer of Comcast, they use DHCPv6-PD to delegate a prefix. When I was last a customer (almost 20 months ago now), a residential customer was able to obtain a /60 prefix, and a business customer was able to obtain a /56. Set your WAN to use DHCPv6-PD, check the box to send a prefix hint, set the prefix size accordingly, and set your LAN and other networks to track the WAN interface, giving each network a unique prefix ID.

With Comcast, your WAN will get a global address outside of the prefix that has been delegated to you.

How you set up your networks is up to you, and the ISP has no bearing on this. I successfully ran both DHCPv6 and SLAAC without issue, though most of the time I ran SLAAC only (unmanaged RA setting). When I ran both, I had the RA set to "Assisted" mode. Most devices used SLAAC, some used DHCPv6.

Hope that helps!

johnpoz

I was a comcast customer for many many years. And yeah you could get a /60, but I always had issues with it changing on me.. Not sure if because it was new at the time..

But I just setup HE tunnel - got my /48 and never looked back. It works, its simple to setup. And you get /48 with ability to set your own ptr for your addresses, etc. And it never changes..

I still have my same /48 even though been on a new isp, that doesn't even have ipv6.

At worst you add a couple of ms of latency.. In the long run its just easier to run a tunnel for IPv6 - since its static /48 you can do whatever you want on your network with it.

I have had my /48 with them "FREE" for like 11 years or something..

JKnott

@johnpoz said in Enabling IPv6 on Comcast home network:

but I always had issues with it changing on me.. Not sure if because it was new at the time.

I had the same issue with Rogers, until the Do not allow PD/Address release setting was added.

johnpoz

That might of been it.. This was quite a was back.. And my current isp doesn't even have ipv6, and shows no signs of it anywhere on their roadmap..

JKnott

@johnpoz

One work around for those with changing prefixes would be to use Unique Local Addresses, as I describe here. Then they could still use DNS to point to local addresses.