Comcast business - /56 fails.. /60 works but delegates /63s?



  • Been trying to figure this out for a while.. Can't make any sense of it.

    First,  if I request a /56 on my WAN interface, nothing ever delegates and logs throw:

    Jun 15 22:39:51 dhcp6c 60614 invalid prefix length 59 + 8 + 64
    Jun 15 22:39:51 dhcp6c 60614 create a prefix 2601:648:dead:beef::/59 pltime=140733193690976, vltime=140733193690976

    I'll get a /64 assigned to my WAN interface itself,  then nothing on my internal VLANs (all set to track WAN).

    If I request a /60,  that seems to work,  but then i get /63s on my LAN interfaces..  Which seems quite strange..

    Unclear why in both cases, I'm seeing /59 show up at all in logs..

    Logs here showing attempt for /60 (Though i'd like a /56 to work,    i'm getting further with /60)

    This all seemed to work fine when I had a Netgear Cable modem,    when they replaced it with a Cisco modem, it sort of went to shit.  The modem claims to be delegating me a /56 in its own UI.

    
    Jun 15 22:42:29 router dhcp6c[60614]: release an IA: NA-0
    Jun 15 22:42:29 router dhcp6c[60614]: reset a timer on igb0, state=RELEASE, timeo=0, retrans=1076
    Jun 15 22:42:29 router dhcp6c[60614]: a new XID (883da0) is generated
    Jun 15 22:42:29 router dhcp6c[60614]: set client ID (len 14)
    Jun 15 22:42:29 router dhcp6c[60614]: set server ID (len 14)
    Jun 15 22:42:29 router dhcp6c[60614]: set IA address
    Jun 15 22:42:29 router dhcp6c[60614]: set identity association
    Jun 15 22:42:29 router dhcp6c[60614]: set elapsed time (len 2)
    Jun 15 22:42:29 router dhcp6c[60614]: send release to ff02::1:2%igb0
    Jun 15 22:42:29 router dhcp6c[60614]: remove an IA: NA-0
    Jun 15 22:42:29 router dhcp6c[60614]: remove an address 2601:648:dead:beef::f3e8
    Jun 15 22:42:29 router dhcp6c[60614]: remove an address 2601:648:dead:beef::f3e8/128 on igb0
    Jun 15 22:42:29 router dhcp6c[60614]: reset a timer on igb0, state=INIT, timeo=0, retrans=926
    Jun 15 22:42:29 router dhcp6c[60614]: release an IA: PD-0
    Jun 15 22:42:29 router dhcp6c[60614]: reset a timer on igb0, state=RELEASE, timeo=0, retrans=954
    Jun 15 22:42:29 router dhcp6c[60614]: a new XID (585928) is generated
    Jun 15 22:42:29 router dhcp6c[60614]: set client ID (len 14)
    Jun 15 22:42:29 router dhcp6c[60614]: set server ID (len 14)
    Jun 15 22:42:29 router dhcp6c[60614]: set elapsed time (len 2)
    Jun 15 22:42:29 router dhcp6c[60614]: set IA_PD prefix
    Jun 15 22:42:29 router dhcp6c[60614]: set IA_PD
    Jun 15 22:42:29 router dhcp6c[60614]: send release to ff02::1:2%igb0
    Jun 15 22:42:29 router dhcp6c[60614]: remove an IA: PD-0
    Jun 15 22:42:29 router dhcp6c[60614]: remove a site prefix 2601:648:dead:feed::/59
    Jun 15 22:42:29 router dhcp6c[60614]: reset a timer on igb0, state=INIT, timeo=0, retrans=426
    Jun 15 22:42:29 router dhcp6c[60614]: removing an event on igb0, state=INIT
    Jun 15 22:42:29 router dhcp6c[60614]: removing an event on igb0, state=INIT
    Jun 15 22:42:30 router dhcp6c[60614]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:42:30 router dhcp6c[60614]: get DHCP option server ID, len 14
    Jun 15 22:42:30 router dhcp6c[60614]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:42:30 router dhcp6c[60614]: get DHCP option client ID, len 14
    Jun 15 22:42:30 router dhcp6c[60614]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:42:30 router dhcp6c[60614]: get DHCP option preference, len 1
    Jun 15 22:42:30 router dhcp6c[60614]:   preference: 255
    Jun 15 22:42:30 router dhcp6c[60614]: get DHCP option status code, len 44
    Jun 15 22:42:30 router dhcp6c[60614]:   status code: success
    Jun 15 22:42:30 router dhcp6c[60614]: status code: success
    Jun 15 22:42:30 router dhcp6c[60614]: executes /var/etc/dhcp6c_wan_script.sh
    Jun 15 22:42:35 router dhcp6c[60614]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Jun 15 22:42:35 router dhcp6c[60614]: removing an event on igb0, state=RELEASE
    Jun 15 22:42:35 router dhcp6c[60614]: got an expected reply, sleeping.
    Jun 15 22:42:35 router dhcp6c[60614]: set client ID (len 14)
    Jun 15 22:42:35 router dhcp6c[60614]: set server ID (len 14)
    Jun 15 22:42:35 router dhcp6c[60614]: set elapsed time (len 2)
    Jun 15 22:42:35 router dhcp6c[60614]: set IA_PD prefix
    Jun 15 22:42:35 router dhcp6c[60614]: set IA_PD
    Jun 15 22:42:35 router dhcp6c[60614]: send release to ff02::1:2%igb0
    Jun 15 22:42:35 router dhcp6c[60614]: reset a timer on igb0, state=RELEASE, timeo=1, retrans=1924
    Jun 15 22:42:35 router dhcp6c[60614]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:42:35 router dhcp6c[60614]: get DHCP option server ID, len 14
    Jun 15 22:42:35 router dhcp6c[60614]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:42:35 router dhcp6c[60614]: get DHCP option client ID, len 14
    Jun 15 22:42:35 router dhcp6c[60614]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:42:35 router dhcp6c[60614]: get DHCP option preference, len 1
    Jun 15 22:42:35 router dhcp6c[60614]:   preference: 255
    Jun 15 22:42:35 router dhcp6c[60614]: get DHCP option status code, len 44
    Jun 15 22:42:35 router dhcp6c[60614]:   status code: success
    Jun 15 22:42:35 router dhcp6c[60614]: status code: success
    Jun 15 22:42:35 router dhcp6c[60614]: executes /var/etc/dhcp6c_wan_script.sh
    Jun 15 22:42:36 router dhcp6c[40253]: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:42:36 router dhcp6c[40253]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 15 22:42:36 router dhcp6c[40253]: failed initialize control message authentication
    Jun 15 22:42:36 router dhcp6c[40253]: skip opening control port
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[interface] (9)
    Jun 15 22:42:36 router dhcp6c[40253]: <5>[igb0] (4)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>begin of closure [{] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[send] (4)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[ia-na] (5)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[0] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>comment [# request stateful address] (26)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[send] (4)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[ia-pd] (5)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[0] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>comment [# request prefix delegation] (27)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[request] (7)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[domain-name-servers] (19)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[request] (7)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[domain-name] (11)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[script] (6)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>comment [# we'd like some nameservers please] (35)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of closure [}] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[id-assoc] (8)
    Jun 15 22:42:36 router dhcp6c[40253]: <13>[na] (2)
    Jun 15 22:42:36 router dhcp6c[40253]: <13>[0] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <13>begin of closure [{] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of closure [}] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[id-assoc] (8)
    Jun 15 22:42:36 router dhcp6c[40253]: <13>[pd] (2)
    Jun 15 22:42:36 router dhcp6c[40253]: <13>[0] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <13>begin of closure [{] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[prefix] (6)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[::] (2)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[/] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[52] (2)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[infinity] (8)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[prefix-interface] (16)
    Jun 15 22:42:36 router dhcp6c[40253]: <5>[igb3] (4)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>begin of closure [{] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[sla-id] (6)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[255] (3)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[sla-len] (7)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>[12] (2)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of closure [}] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of closure [}] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: <3>end of sentence [;] (1)
    Jun 15 22:42:36 router dhcp6c[40253]: called
    Jun 15 22:42:36 router dhcp6c[40253]: called
    Jun 15 22:42:36 router dhcp6c[40512]: reset a timer on igb0, state=INIT, timeo=0, retrans=383
    Jun 15 22:42:37 router dhcp6c[40512]: a new XID (2f8ad9) is generated
    Jun 15 22:42:37 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:42:37 router dhcp6c[40512]: set identity association
    Jun 15 22:42:37 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:42:37 router dhcp6c[40512]: set option request (len 4)
    Jun 15 22:42:37 router dhcp6c[40512]: set IA_PD prefix
    Jun 15 22:42:37 router dhcp6c[40512]: set IA_PD
    Jun 15 22:42:37 router dhcp6c[40512]: send solicit to ff02::1:2%igb0
    Jun 15 22:42:37 router dhcp6c[40512]: reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1088
    Jun 15 22:42:38 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:42:38 router dhcp6c[40512]: set identity association
    Jun 15 22:42:38 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:42:38 router dhcp6c[40512]: set option request (len 4)
    Jun 15 22:42:38 router dhcp6c[40512]: set IA_PD prefix
    Jun 15 22:42:38 router dhcp6c[40512]: set IA_PD
    Jun 15 22:42:38 router dhcp6c[40512]: send solicit to ff02::1:2%igb0
    Jun 15 22:42:38 router dhcp6c[40512]: reset a timer on igb0, state=SOLICIT, timeo=1, retrans=2151
    Jun 15 22:42:39 router dhcp6c[60614]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Jun 15 22:42:39 router dhcp6c[60614]: removing an event on igb0, state=RELEASE
    Jun 15 22:42:39 router dhcp6c[60614]: exiting
    Jun 15 22:42:40 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:42:40 router dhcp6c[40512]: set identity association
    Jun 15 22:42:40 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:42:40 router dhcp6c[40512]: set option request (len 4)
    Jun 15 22:42:40 router dhcp6c[40512]: set IA_PD prefix
    Jun 15 22:42:40 router dhcp6c[40512]: set IA_PD
    Jun 15 22:42:40 router dhcp6c[40512]: send solicit to ff02::1:2%igb0
    Jun 15 22:42:40 router dhcp6c[40512]: reset a timer on igb0, state=SOLICIT, timeo=2, retrans=4283
    Jun 15 22:42:40 router dhcp6c[40512]: receive advertise from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option identity association, len 132
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_NA: ID=0, T1=302400, T2=483840
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option IA address, len 24
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_NA address: 2601:648:dead:beef::f3e8 pltime=604800 vltime=604800
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option status code, len 88
    Jun 15 22:42:40 router dhcp6c[40512]:   status code: success
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option IA_PD, len 68
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_PD: ID=0, T1=151472, T2=242355
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option IA_PD prefix, len 25
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_PD prefix: 2601:648:dead:feed::/59 pltime=302944 vltime=34360041312
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option status code, len 23
    Jun 15 22:42:40 router dhcp6c[40512]:   status code: success
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option server ID, len 14
    Jun 15 22:42:40 router dhcp6c[40512]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option client ID, len 14
    Jun 15 22:42:40 router dhcp6c[40512]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option preference, len 1
    Jun 15 22:42:40 router dhcp6c[40512]:   preference: 255
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option DNS, len 32
    Jun 15 22:42:40 router dhcp6c[40512]: server ID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b, pref=255
    Jun 15 22:42:40 router dhcp6c[40512]: a new XID (7c5bf6) is generated
    Jun 15 22:42:40 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:42:40 router dhcp6c[40512]: set server ID (len 14)
    Jun 15 22:42:40 router dhcp6c[40512]: set IA address
    Jun 15 22:42:40 router dhcp6c[40512]: set status code
    Jun 15 22:42:40 router dhcp6c[40512]: set identity association
    Jun 15 22:42:40 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:42:40 router dhcp6c[40512]: set option request (len 4)
    Jun 15 22:42:40 router dhcp6c[40512]: set IA_PD prefix
    Jun 15 22:42:40 router dhcp6c[40512]: set status code
    Jun 15 22:42:40 router dhcp6c[40512]: set IA_PD
    Jun 15 22:42:40 router dhcp6c[40512]: send request to ff02::1:2%igb0
    Jun 15 22:42:40 router dhcp6c[40512]: reset a timer on igb0, state=REQUEST, timeo=0, retrans=1079
    Jun 15 22:42:40 router dhcp6c[40512]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option identity association, len 74
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_NA: ID=0, T1=302400, T2=483840
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option IA address, len 24
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_NA address: 2601:648:dead:beef::f3e8 pltime=604800 vltime=604800
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option status code, len 30
    Jun 15 22:42:40 router dhcp6c[40512]:   status code: success
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option IA_PD, len 68
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_PD: ID=0, T1=151472, T2=242355
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option IA_PD prefix, len 25
    Jun 15 22:42:40 router dhcp6c[40512]:   IA_PD prefix: 2601:648:dead:feed::/59 pltime=302944 vltime=302944
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option status code, len 23
    Jun 15 22:42:40 router dhcp6c[40512]:   status code: success
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option server ID, len 14
    Jun 15 22:42:40 router dhcp6c[40512]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option client ID, len 14
    Jun 15 22:42:40 router dhcp6c[40512]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option preference, len 1
    Jun 15 22:42:40 router dhcp6c[40512]:   preference: 255
    Jun 15 22:42:40 router dhcp6c[40512]: get DHCP option DNS, len 32
    Jun 15 22:42:40 router dhcp6c[40512]: nameserver[0] 2001:558:feed::1
    Jun 15 22:42:40 router dhcp6c[40512]: nameserver[1] 2001:558:feed::2
    Jun 15 22:42:40 router dhcp6c[40512]: make an IA: PD-0
    Jun 15 22:42:40 router dhcp6c[40512]: create a prefix 2601:648:dead:feed::/59 pltime=140733193690976, vltime=140733193690976
    Jun 15 22:42:40 router dhcp6c[40512]: invalid prefix length 59 + 12 + 64
    Jun 15 22:42:40 router dhcp6c[40512]: status code for PD-0: success
    Jun 15 22:42:40 router dhcp6c[40512]: make an IA: NA-0
    Jun 15 22:42:40 router dhcp6c[40512]: create an address 2601:648:dead:beef::f3e8 pltime=604800, vltime=604800
    Jun 15 22:42:40 router dhcp6c[40512]: add an address 2601:648:dead:beef::f3e8/128 on igb0
    Jun 15 22:42:40 router dhcp6c[40512]: status code for NA-0: success
    Jun 15 22:42:40 router dhcp6c[40512]: executes /var/etc/dhcp6c_wan_script.sh
    Jun 15 22:42:45 router dhcp6c[40512]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Jun 15 22:42:45 router dhcp6c[40512]: removing an event on igb0, state=REQUEST
    Jun 15 22:42:45 router dhcp6c[40512]: removing server (ID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b)
    Jun 15 22:42:45 router dhcp6c[40512]: got an expected reply, sleeping.
    Jun 15 22:44:23 router dhcp6c[40512]: release an IA: NA-0
    Jun 15 22:44:23 router dhcp6c[40512]: reset a timer on igb0, state=RELEASE, timeo=0, retrans=933
    Jun 15 22:44:23 router dhcp6c[40512]: a new XID (11cc9b) is generated
    Jun 15 22:44:23 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:44:23 router dhcp6c[40512]: set server ID (len 14)
    Jun 15 22:44:23 router dhcp6c[40512]: set IA address
    Jun 15 22:44:23 router dhcp6c[40512]: set identity association
    Jun 15 22:44:23 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:44:23 router dhcp6c[40512]: send release to ff02::1:2%igb0
    Jun 15 22:44:23 router dhcp6c[40512]: remove an IA: NA-0
    Jun 15 22:44:23 router dhcp6c[40512]: remove an address 2601:648:dead:beef::f3e8
    Jun 15 22:44:23 router dhcp6c[40512]: remove an address 2601:648:dead:beef::f3e8/128 on igb0
    Jun 15 22:44:23 router dhcp6c[40512]: reset a timer on igb0, state=INIT, timeo=0, retrans=386
    Jun 15 22:44:23 router dhcp6c[40512]: release an IA: PD-0
    Jun 15 22:44:23 router dhcp6c[40512]: reset a timer on igb0, state=RELEASE, timeo=0, retrans=949
    Jun 15 22:44:23 router dhcp6c[40512]: a new XID (af108a) is generated
    Jun 15 22:44:23 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:44:23 router dhcp6c[40512]: set server ID (len 14)
    Jun 15 22:44:23 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:44:23 router dhcp6c[40512]: set IA_PD prefix
    Jun 15 22:44:23 router dhcp6c[40512]: set IA_PD
    Jun 15 22:44:23 router dhcp6c[40512]: send release to ff02::1:2%igb0
    Jun 15 22:44:23 router dhcp6c[40512]: remove an IA: PD-0
    Jun 15 22:44:23 router dhcp6c[40512]: remove a site prefix 2601:648:dead:feed::/59
    Jun 15 22:44:23 router dhcp6c[40512]: reset a timer on igb0, state=INIT, timeo=0, retrans=649
    Jun 15 22:44:23 router dhcp6c[40512]: removing an event on igb0, state=INIT
    Jun 15 22:44:23 router dhcp6c[40512]: removing an event on igb0, state=INIT
    Jun 15 22:44:23 router dhcp6c[40512]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:44:23 router dhcp6c[40512]: get DHCP option server ID, len 14
    Jun 15 22:44:23 router dhcp6c[40512]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:44:23 router dhcp6c[40512]: get DHCP option client ID, len 14
    Jun 15 22:44:23 router dhcp6c[40512]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:44:23 router dhcp6c[40512]: get DHCP option preference, len 1
    Jun 15 22:44:23 router dhcp6c[40512]:   preference: 255
    Jun 15 22:44:23 router dhcp6c[40512]: get DHCP option status code, len 44
    Jun 15 22:44:23 router dhcp6c[40512]:   status code: success
    Jun 15 22:44:23 router dhcp6c[40512]: status code: success
    Jun 15 22:44:23 router dhcp6c[40512]: executes /var/etc/dhcp6c_wan_script.sh
    Jun 15 22:44:28 router dhcp6c[40512]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Jun 15 22:44:28 router dhcp6c[40512]: removing an event on igb0, state=RELEASE
    Jun 15 22:44:28 router dhcp6c[40512]: got an expected reply, sleeping.
    Jun 15 22:44:28 router dhcp6c[40512]: set client ID (len 14)
    Jun 15 22:44:28 router dhcp6c[40512]: set server ID (len 14)
    Jun 15 22:44:28 router dhcp6c[40512]: set elapsed time (len 2)
    Jun 15 22:44:28 router dhcp6c[40512]: set IA_PD prefix
    Jun 15 22:44:28 router dhcp6c[40512]: set IA_PD
    Jun 15 22:44:28 router dhcp6c[40512]: send release to ff02::1:2%igb0
    Jun 15 22:44:28 router dhcp6c[40512]: reset a timer on igb0, state=RELEASE, timeo=1, retrans=1937
    Jun 15 22:44:28 router dhcp6c[40512]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:44:28 router dhcp6c[40512]: get DHCP option server ID, len 14
    Jun 15 22:44:28 router dhcp6c[40512]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:44:28 router dhcp6c[40512]: get DHCP option client ID, len 14
    Jun 15 22:44:28 router dhcp6c[40512]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:44:28 router dhcp6c[40512]: get DHCP option preference, len 1
    Jun 15 22:44:28 router dhcp6c[40512]:   preference: 255
    Jun 15 22:44:28 router dhcp6c[40512]: get DHCP option status code, len 44
    Jun 15 22:44:28 router dhcp6c[40512]:   status code: success
    Jun 15 22:44:28 router dhcp6c[40512]: status code: success
    Jun 15 22:44:28 router dhcp6c[40512]: executes /var/etc/dhcp6c_wan_script.sh
    Jun 15 22:44:28 router dhcp6c[40512]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Jun 15 22:44:28 router dhcp6c[40512]: removing an event on igb0, state=RELEASE
    Jun 15 22:44:28 router dhcp6c[40512]: exiting
    Jun 15 22:44:33 router dhcp6c[99438]: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:44:33 router dhcp6c[99438]: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 15 22:44:33 router dhcp6c[99438]: failed initialize control message authentication
    Jun 15 22:44:33 router dhcp6c[99438]: skip opening control port
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[interface] (9)
    Jun 15 22:44:33 router dhcp6c[99438]: <5>[igb0] (4)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>begin of closure [{] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[send] (4)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[ia-na] (5)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[0] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>comment [# request stateful address] (26)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[send] (4)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[ia-pd] (5)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[0] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>comment [# request prefix delegation] (27)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[request] (7)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[domain-name-servers] (19)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[request] (7)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[domain-name] (11)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[script] (6)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>comment [# we'd like some nameservers please] (35)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of closure [}] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[id-assoc] (8)
    Jun 15 22:44:33 router dhcp6c[99438]: <13>[na] (2)
    Jun 15 22:44:33 router dhcp6c[99438]: <13>[0] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <13>begin of closure [{] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of closure [}] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[id-assoc] (8)
    Jun 15 22:44:33 router dhcp6c[99438]: <13>[pd] (2)
    Jun 15 22:44:33 router dhcp6c[99438]: <13>[0] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <13>begin of closure [{] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[prefix] (6)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[::] (2)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[/] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[52] (2)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[infinity] (8)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[prefix-interface] (16)
    Jun 15 22:44:33 router dhcp6c[99438]: <5>[igb3] (4)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>begin of closure [{] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[sla-id] (6)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[255] (3)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[sla-len] (7)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>[12] (2)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of closure [}] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of closure [}] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: <3>end of sentence [;] (1)
    Jun 15 22:44:33 router dhcp6c[99438]: called
    Jun 15 22:44:33 router dhcp6c[99438]: called
    Jun 15 22:44:33 router dhcp6c[99477]: reset a timer on igb0, state=INIT, timeo=0, retrans=383
    Jun 15 22:44:33 router dhcp6c[99477]: a new XID (a4e020) is generated
    Jun 15 22:44:33 router dhcp6c[99477]: set client ID (len 14)
    Jun 15 22:44:33 router dhcp6c[99477]: set identity association
    Jun 15 22:44:33 router dhcp6c[99477]: set elapsed time (len 2)
    Jun 15 22:44:33 router dhcp6c[99477]: set option request (len 4)
    Jun 15 22:44:33 router dhcp6c[99477]: set IA_PD prefix
    Jun 15 22:44:33 router dhcp6c[99477]: set IA_PD
    Jun 15 22:44:33 router dhcp6c[99477]: send solicit to ff02::1:2%igb0
    Jun 15 22:44:33 router dhcp6c[99477]: reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1088
    Jun 15 22:44:33 router dhcp6c[99477]: receive advertise from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option identity association, len 132
    Jun 15 22:44:33 router dhcp6c[99477]:   IA_NA: ID=0, T1=302400, T2=483840
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option IA address, len 24
    Jun 15 22:44:33 router dhcp6c[99477]:   IA_NA address: 2601:648:dead:beef::f3e8 pltime=604800 vltime=604800
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option status code, len 88
    Jun 15 22:44:33 router dhcp6c[99477]:   status code: success
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option IA_PD, len 68
    Jun 15 22:44:33 router dhcp6c[99477]:   IA_PD: ID=0, T1=151472, T2=242355
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option IA_PD prefix, len 25
    Jun 15 22:44:33 router dhcp6c[99477]:   IA_PD prefix: 2601:648:dead:feed::/59 pltime=302944 vltime=34360041312
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option status code, len 23
    Jun 15 22:44:33 router dhcp6c[99477]:   status code: success
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option server ID, len 14
    Jun 15 22:44:33 router dhcp6c[99477]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option client ID, len 14
    Jun 15 22:44:33 router dhcp6c[99477]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option preference, len 1
    Jun 15 22:44:33 router dhcp6c[99477]:   preference: 255
    Jun 15 22:44:33 router dhcp6c[99477]: get DHCP option DNS, len 32
    Jun 15 22:44:33 router dhcp6c[99477]: server ID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b, pref=255
    Jun 15 22:44:33 router dhcp6c[99477]: a new XID (3c4407) is generated
    Jun 15 22:44:33 router dhcp6c[99477]: set client ID (len 14)
    Jun 15 22:44:33 router dhcp6c[99477]: set server ID (len 14)
    Jun 15 22:44:33 router dhcp6c[99477]: set IA address
    Jun 15 22:44:33 router dhcp6c[99477]: set status code
    Jun 15 22:44:33 router dhcp6c[99477]: set identity association
    Jun 15 22:44:33 router dhcp6c[99477]: set elapsed time (len 2)
    Jun 15 22:44:33 router dhcp6c[99477]: set option request (len 4)
    Jun 15 22:44:33 router dhcp6c[99477]: set IA_PD prefix
    Jun 15 22:44:33 router dhcp6c[99477]: set status code
    Jun 15 22:44:33 router dhcp6c[99477]: set IA_PD
    Jun 15 22:44:33 router dhcp6c[99477]: send request to ff02::1:2%igb0
    Jun 15 22:44:33 router dhcp6c[99477]: reset a timer on igb0, state=REQUEST, timeo=0, retrans=977
    Jun 15 22:44:34 router dhcp6c[99477]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option identity association, len 74
    Jun 15 22:44:34 router dhcp6c[99477]:   IA_NA: ID=0, T1=302400, T2=483840
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option IA address, len 24
    Jun 15 22:44:34 router dhcp6c[99477]:   IA_NA address: 2601:648:dead:beef::f3e8 pltime=604800 vltime=604800
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option status code, len 30
    Jun 15 22:44:34 router dhcp6c[99477]:   status code: success
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option IA_PD, len 68
    Jun 15 22:44:34 router dhcp6c[99477]:   IA_PD: ID=0, T1=151472, T2=242355
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option IA_PD prefix, len 25
    Jun 15 22:44:34 router dhcp6c[99477]:   IA_PD prefix: 2601:648:dead:feed::/59 pltime=302944 vltime=302944
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option status code, len 23
    Jun 15 22:44:34 router dhcp6c[99477]:   status code: success
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option server ID, len 14
    Jun 15 22:44:34 router dhcp6c[99477]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option client ID, len 14
    Jun 15 22:44:34 router dhcp6c[99477]:   DUID: 00:01:00:01:1c:d1:f4:e2:0c:c4:7a:50:2c:bc
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option preference, len 1
    Jun 15 22:44:34 router dhcp6c[99477]:   preference: 255
    Jun 15 22:44:34 router dhcp6c[99477]: get DHCP option DNS, len 32
    Jun 15 22:44:34 router dhcp6c[99477]: nameserver[0] 2001:558:feed::1
    Jun 15 22:44:34 router dhcp6c[99477]: nameserver[1] 2001:558:feed::2
    Jun 15 22:44:34 router dhcp6c[99477]: make an IA: PD-0
    Jun 15 22:44:34 router dhcp6c[99477]: create a prefix 2601:648:dead:feed::/59 pltime=140733193690976, vltime=140733193690976
    Jun 15 22:44:34 router dhcp6c[99477]: invalid prefix length 59 + 12 + 64
    Jun 15 22:44:34 router dhcp6c[99477]: status code for PD-0: success
    Jun 15 22:44:34 router dhcp6c[99477]: make an IA: NA-0
    Jun 15 22:44:34 router dhcp6c[99477]: create an address 2601:648:dead:beef::f3e8 pltime=604800, vltime=604800
    Jun 15 22:44:34 router dhcp6c[99477]: add an address 2601:648:dead:beef::f3e8/128 on igb0
    Jun 15 22:44:34 router dhcp6c[99477]: status code for NA-0: success
    Jun 15 22:44:34 router dhcp6c[99477]: executes /var/etc/dhcp6c_wan_script.sh
    Jun 15 22:44:34 router dhcp6c[5031]: lstat failed: No such file or directory
    Jun 15 22:44:34 router dhcp6c[5031]: script "/var/etc/dhcp6c_wan_script.sh" cannot be executed safely
    Jun 15 22:44:34 router dhcp6c[99477]: script "/var/etc/dhcp6c_wan_script.sh" terminated
    Jun 15 22:44:34 router dhcp6c[99477]: removing an event on igb0, state=REQUEST
    Jun 15 22:44:34 router dhcp6c[99477]: removing server (ID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b)
    Jun 15 22:44:34 router dhcp6c[99477]: got an expected reply, sleeping.
    Jun 15 22:44:35 router dhcp6c[99477]: release an IA: NA-0
    Jun 15 22:44:35 router dhcp6c[99477]: reset a timer on igb0, state=RELEASE, timeo=0, retrans=991
    Jun 15 22:44:35 router dhcp6c[99477]: a new XID (3c165e) is generated
    Jun 15 22:44:35 router dhcp6c[99477]: set client ID (len 14)
    Jun 15 22:44:35 router dhcp6c[99477]: set server ID (len 14)
    Jun 15 22:44:35 router dhcp6c[99477]: set IA address
    Jun 15 22:44:35 router dhcp6c[99477]: set identity association
    Jun 15 22:44:35 router dhcp6c[99477]: set elapsed time (len 2)
    Jun 15 22:44:35 router dhcp6c[99477]: send release to ff02::1:2%igb0
    Jun 15 22:44:35 router dhcp6c[99477]: remove an IA: NA-0
    Jun 15 22:44:35 router dhcp6c[99477]: remove an address 2601:648:dead:beef::f3e8
    Jun 15 22:44:35 router dhcp6c[99477]: failed to remove an address on igb0: Can't assign requested address
    Jun 15 22:44:35 router dhcp6c[99477]: reset a timer on igb0, state=INIT, timeo=0, retrans=793
    Jun 15 22:44:35 router dhcp6c[99477]: release an IA: PD-0
    Jun 15 22:44:35 router dhcp6c[99477]: reset a timer on igb0, state=RELEASE, timeo=0, retrans=933
    Jun 15 22:44:35 router dhcp6c[99477]: a new XID (bd8432) is generated
    Jun 15 22:44:35 router dhcp6c[99477]: set client ID (len 14)
    Jun 15 22:44:35 router dhcp6c[99477]: set server ID (len 14)
    Jun 15 22:44:35 router dhcp6c[99477]: set elapsed time (len 2)
    Jun 15 22:44:35 router dhcp6c[99477]: set IA_PD prefix
    Jun 15 22:44:35 router dhcp6c[99477]: set IA_PD
    Jun 15 22:44:35 router dhcp6c[99477]: send release to ff02::1:2%igb0
    Jun 15 22:44:35 router dhcp6c[99477]: remove an IA: PD-0
    Jun 15 22:44:35 router dhcp6c[99477]: remove a site prefix 2601:648:dead:feed::/59
    Jun 15 22:44:35 router dhcp6c[99477]: reset a timer on igb0, state=INIT, timeo=0, retrans=386
    Jun 15 22:44:35 router dhcp6c[99477]: removing an event on igb0, state=INIT
    Jun 15 22:44:35 router dhcp6c[99477]: removing an event on igb0, state=INIT
    Jun 15 22:44:35 router dhcp6c[99477]: receive reply from fe80::f44b:2aff:fe17:356b%igb0 on igb0
    Jun 15 22:44:35 router dhcp6c[99477]: get DHCP option server ID, len 14
    Jun 15 22:44:35 router dhcp6c[99477]:   DUID: 00:01:00:01:1e:f4:7a:e5:f6:4b:2a:17:35:6b
    Jun 15 22:44:35 router dhcp6c[99477]: get DHCP option client ID, len 14
    Jun 15 22:44:35 router dhcp6c[99477]:   DUID: 00:01:00:01:1c:d1:f4:CLOG!ÏÕ
    
    


  • Do you have Comcast Business service or residential service? Only Comcast Business provides as small as /56 prefixes. Residential service only goes as low as /60.

    Is your Cisco "modem" really a gateway (modem + router)? If so, then the best way to go would be to put it in Bridge mode… otherwise you might find that the Cisco device is doing its own prefix delegation, which might be why pfSense isn't getting what you're expecting it to.

    If you can't put it in Bridge mode because you have Business service with static IPv4 address(es), then you'll need to dig into some advanced settings on that Cisco gateway and see if there's something for prefix delegation you can adjust. Just so you know, though... you won't be able to get a /56 from the Cisco gateway if that's what it is receiving from Comcast... it's going to use at least one /64 for its own LAN network (which you'd be connecting pfSense to).



  • Why I can get 5 free static  /48s from Hurricane Electric but not 1 from my ISP I pay for is beyond me….



  • @kejianshi:

    Why I can get 5 free static  /48s from Hurricane Electric but not 1 from my my ISP I pay for is beyond me….

    That's because HE and SixXS (the other common tunnel provider) are run by people who know IPv6 inside out. I have experience only with SixXS and the guy running it knows exactly what he is doing and SixXS is generally regarded a top notch service.



  • @virgiliomi:

    Do you have Comcast Business service or residential service? Only Comcast Business provides as small as /56 prefixes. Residential service only goes as low as /60.

    Is your Cisco "modem" really a gateway (modem + router)? If so, then the best way to go would be to put it in Bridge mode… otherwise you might find that the Cisco device is doing its own prefix delegation, which might be why pfSense isn't getting what you're expecting it to.

    If you can't put it in Bridge mode because you have Business service with static IPv4 address(es), then you'll need to dig into some advanced settings on that Cisco gateway and see if there's something for prefix delegation you can adjust. Just so you know, though... you won't be able to get a /56 from the Cisco gateway if that's what it is receiving from Comcast... it's going to use at least one /64 for its own LAN network (which you'd be connecting pfSense to).

    Yup, comcast business.

    Is the thought even when I'm using a /60,  that because the gateway is taking on of the /64s, that's somehow causing pfsense to delegate /63s to each sub interface instead of /64s?

    And you're right,  I've got a single v4 static assigned on it,  which has precluded me from dumping it into bridge mode.

    There are some advanced settings on there, i'll poke around.

    I was hoping Comcast was doing something else.. since the Cable modem has:

    WAN IP Address (IPv6): 2001:558:6045:xx:xxxx:xxxx:xxxx:xxxx

    and the delegated prefix is completely different:

    Delegated prefix (IPv6): 2601:648:8103:xxxx::/56

    but I guess it's the fact that it's using a /64 on its LAN side to try and offering ipv6 directly.  I don't see an advanced option to stop doing that. I can disable DHCP6 on the LAN side of it, but not SLAAC.  (plus im assuming I need dhcp6 running here to get the delegations. )

    Annoying that I can't use a static ipv4 when the gateway is in bridge mode.  ugh.



  • @sense1138:

    …the Cable modem has:

    WAN IP Address (IPv6): 2001:558:6045:xx:xxxx:xxxx:xxxx:xxxx

    and the delegated prefix is completely different:

    Delegated prefix (IPv6): 2601:648:8103:xxxx::/56

    but I guess it's the fact that it's using a /64 on its LAN side to try and offering ipv6 directly.  I don't see an advanced option to stop doing that. I can disable DHCP6 on the LAN side of it, but not SLAAC.  (plus im assuming I need dhcp6 running here to get the delegations. )

    Ok… so... the WAN address and delegated prefix for your Cisco gateway are normal. Everything else you'll be dealing with will be out of the delegated prefix.

    As you've found, you can have pfSense request a /60 from the Cisco gateway. That's not surprising... it's likely set up to sub-delegate a handful of those. Your pfSense box should have a WAN address out of the Cisco's LAN /64, but then have a /60 that you can use for whatever you choose on however many different networks you want to set up (up to 16).

    Your pfSense WAN IPv6 settings should be set to DHCP6, and the DHCP6 client settings should look similar to those in the attached image.

    Your pfSense LAN IPv6 settings should be "Track Interface". Under the Track Interface settings, the interface chosen should be "WAN". Then you can choose a prefix ID, which will be the last character of the /64 prefix. For example, if your Cisco delegates 2601:648:8103:xx10::/60 to pfSense, and you select prefix ID 3 for your LAN, your LAN IPv6 prefix will be 2601:648:8103:xx13::/64

    Hopefully that all works for you... the only reason it wouldn't is if the Cisco gateway is wanting to sub-delegate something other than /60, which might result in pfSense not appearing to have any IPv6 connectivity, since it's not getting what it's asking for. You might need to find out from Comcast what prefix size(s) their gateway is configured to sub-delegate for other routers... because that would be what you need to set pfSense to ask for.




  • Yup, that's how its setup/working today.  It's just strange,    DHCP6 on WAN,  track interface on my LAN interfaces..

    I just can't figure out why each LAN interface is taking a /63, instead of a /64..    Seems randomly wasteful, and I can't find a single configuration option that would lead to that happening.

    In the log at the top, all I can guess is that some how the /59 being referenced is involved.. even though I'm configured to ask for  a /60.

    I noticed if I change it to a /61 that I hint for,    all of my LAN interfaces become /62s.

    When I had the netgear gateway from Comcast instead of Cisco,  it all sort of just worked,  had /64s on my LAN interfaces..    it failed, they replaced with Cisco, and its just been strange since.



  • Same situation here, comcast business on cisco nsa box with static IP4s.
    Seems it always gives out /59 except when you select /56 in which case it gives nothing

    setting in wan, IA_PD from cisco, what pfsense assigns to lan:
    56, none, none
    60, 59, 63
    61, 59, 62
    62, 59, 61
    63, 59, 60
    64, 59, 59

    not sure whats really going on here, certainly the cisco/comcast could be more well behaved but that doesnt excuse pfsense
    too bad theres no way to set it to 59 in the gui

    not sure how to make pfsense break up the /59 into /64s or if thats even possible, slaac wont work with anything but /64
    I have managed to force the lan side working with 64 setting and dhcpd6 but thats no beuno for android devices



  • Yeah, I'm seeing a similar problem with 2.3.1p5

    I also have Comcast Business but I have a plain SurfBoard modem (6141) that's L2 only. So pfsense should be talking directly to Comcast.

    My WAN has DHCP6 set enabled and "Only request an IPv6 prefix, do not request an IPv6 address" is checked On.

    My LAN is set to Track Interface referencing the WAN interface down below.

    On the WAN page, I initially selected 64 for "DHCPv6 Prefix Delegation size".

    However, no clients on the internal subnet get an address, but the LAN interface gets an address with a 56 prefix.

    Based on suggestions above, I tried 60, which is correctly reflected on the LAN interface but still no clients receive an address.

    I've now tried 63. However the LAN interface shows 57, and still no clients have received an address.

    I'm pretty sure everything else internally is working correctly as I'm hoping to use pfsense to replace a Shibby Tomato box, which was working great for IPv6.

    I've now tried these settngs:
    Select on WAN -> Assigns to LAN:
    64 -> 56
    63 -> 57
    62 -> 58
    61 -> 59
    60 -> 60
    56 -> 64, which actually assigns an IPv6/64 address to internal clients.

    So it's now working but not as I would have expected.



  • Never found a resolution myself..  Seems buggy to me,  but I'm not an ipv6 master..  but I can't see why if they give me a /59,  I can't still use /64s.. why would anyone want a /63 on an end user subnet that won't delegate any further?

    As you mentioned,  no SLAAC because of the /63.  I can't figure out why pfsense is assigning it, beyond guessing it never thought it'd be handed a /59.      Any combination of hints results in random different subnet sizes.



  • Just curious… are you deleting the DUID file and release/renew the WAN after every prefix size change you make?

    If you're not deleting the DUID, then that might account for unusual things happening. DHCPv6 is all based on the DUID, an identifier that should be unique per system/device using DHCPv6. If Comcast issues you a delegation of /64 first, then you want a /60, if your system is still sending the same DUID, Comcast's server sees that you already have a /64 delegation and won't create a new delegation of the size that you now want. Deleting the DUID file followed by a release/renew causes dhcp6c to create a new DUID file, which is then used to submit a DHCPv6 request to Comcast's server. New DUID = new delegation of the desired size.

    BTW, residential service can request down to a /60, business service can request down to a /56. Honestly, though, if you don't need more than 16 /64 prefixes for your use, stick with a /60. No need to request 256 /64's when you only need 5.



  • i added the 59 option to /usr/local/www/interfaces.php line 2141 like so:

    array("none" => "None", 16 => "48", 12 => "52", 8 => "56", 5 => "59", 4 => "60", 3 => "61",  2 => "62", 1 => "63", 0 => "64")

    obviously change the setting on wan to the new 59 option

    still getting: "Jul 25 12:21:50 radvd 53058 no auto-selected prefix on interface hn0, disabling advertisements"
    but slaac now magically working on the lan

    must be something to do with pfsense completely ignoring the prefix id setting on the lan interface page
    whatever, slaac works now so im not gonna worry about it



  • @virgiliomi:

    Just curious… are you deleting the DUID file and release/renew the WAN after every prefix size change you make?

    If you're not deleting the DUID, then that might account for unusual things happening. DHCPv6 is all based on the DUID, an identifier that should be unique per system/device using DHCPv6. If Comcast issues you a delegation of /64 first, then you want a /60, if your system is still sending the same DUID, Comcast's server sees that you already have a /64 delegation and won't create a new delegation of the size that you now want. Deleting the DUID file followed by a release/renew causes dhcp6c to create a new DUID file, which is then used to submit a DHCPv6 request to Comcast's server. New DUID = new delegation of the desired size.

    BTW, residential service can request down to a /60, business service can request down to a /56. Honestly, though, if you don't need more than 16 /64 prefixes for your use, stick with a /60. No need to request 256 /64's when you only need 5.

    that might fix it, depending on your modem/service level.
    business service with the big cisco nsa modem in router mode is giving a 59.
    there's no way to even request 59 in interfaces.php, so refreshing the dhcp6 lease is going to do nothing in this case.
    the problem is pfsense loosing its cookies when it gets handed a prefix other than what it wants.



  • I could never fix it..  and I wasn't deleting the DUID file, but I was changing my WAN mac on every attempt.. assumed that would update the duid.

    Last night I finally just shoved the Cisco cable modem into bridge mode,  gave up my static IPv4,  and hinted for a /56,  and now i have /64s on my interfaces and SLAAC is working again.    DynDns for my future i guess! (Not a pfsense problem, that's a comcast problem).

    Would still like to know why pfsense was putting /63s on interfaces though, it sure seems like a bug.


  • LAYER 8 Netgate

    Just saw one that requested a /56 (which is supposed to be static to him, yet delegated via DHCP6) and getting a /59 - of all things - instead.

    Comcast seems sort of confused when it comes to their IPv6.



  • @sense1138:

    I could never fix it..  and I wasn't deleting the DUID file, but I was changing my WAN mac on every attempt.. assumed that would update the duid.

    Last night I finally just shoved the Cisco cable modem into bridge mode,  gave up my static IPv4,  and hinted for a /56,  and now i have /64s on my interfaces and SLAAC is working again.    DynDns for my future i guess! (Not a pfsense problem, that's a comcast problem).

    Would still like to know why pfsense was putting /63s on interfaces though, it sure seems like a bug.

    it is a pfsense problem if it breaks when it doesn't get the delegation size it wants



  • I only ever got this to work right by ditching my static IPv4 address and going into bridge mode,  where I could get my full /56.

    Needing my static v4 address again, I've gone back to requesting just a /60,  and I still end up with this issue that pfsense is assigning /63s to all sub interfaces, so SLAAC won't work.

    no idea really what to do.  No configuration seems to work,  it seriously seems like somewhere is an off by 1 error.



  • @sense1138:

    No configuration seems to work

    That's what I found. With the Cisco DPC3939B the connection is fragile and won't work for very long. By constantly rebooting the router and pfSense I could get ipv6 to stay running for days, hours, or minutes. Reboot router first, reboot pfSense second. No pattern as to when ipv6 would quit.

    I can't ditch my 5 static and I have a satellite location that has run a Netgear+pfSense for months with no ipv6 outages. I solved it by asking for a Netgear CG3000DCR. The Windows clients came up immediately and have been up for several days. The Linux clients needed a reboot to get ipv6 smart. The only lingering problem is that if the Netgear is rebooted, pfSense will not restore connectivity automatically. pfSense must be restarted. Even worse, when there is a big change, ipv6 won't work at all until I reset pfSense to defaults and start again. ipv6 is the only thing pfSense is doing and I have all the steps written down so it's done in a few minutes. Maybe I'm just deleting the DUID file in a roundabout way.

    The Netgear, like the Cisco, also gives prefixes different than those requested. The difference is that the Netgear doesn't stop routing ipv6-PD in a few minutes. For the Cisco, I tried making a table of the requests to the results but when I saw that a single requested prefix could result in at least two different received prefixes, and no pattern to which you would get, I gave up.

    Trouble is the switch chip on the Netgear runs way too hot. The new Netgear arrived with 2 ports already burned out. I'm going to rig up fans to keep the other two from burning out too fast.

    One thing that became clear after many months of testing is that pfSense ipv6 routing is not compatible with vlans using a single port. You must have multiple ports.

    I don't use SLAAC. DHCPv6 clients can be forced by the DHCP server to give up their addresses. Once you hand out a SLAAC address, it is difficult to force the clients to give them up. When I see ipv6 not working I can just shut it down until I get it working again.

    My testing and reading shows this:
    Netgear: ipv6-PD works. I have not seen reported the timeout bug so this may be solved.
    SMC: ipv6-PD does not work.
    Cisco: ipv6-PD works for a short time.

    I keep hoping that pfSense or Comcast fix the bugs wherever they may lie and it keeps not happening. I've considered giving up and just running ipv6-nat just to maintain continuous connectivity. Pinging from the pfSense interface address always works so long as you stay away from vlans. It's the PD routing that breaks down all the time. That the dashboard has no information about PD doesn't help.


Log in to reply