Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work

urbanextant

I have Comcast's Metro-Ethernet product with two fiber lines up and running.  One is a 2gig/sec up/down and the other is a 1gig/sec up/down.  They terminate in a Juniper ACX2100, which is then connected to a Netgate XG-1541 via MMF cabling which combines them into one outgoing internal LAN that connects via MMF cabling to a D-Link dxs-1210-12tc which all of our MMF cables and CAT7a wiring runs off of throughout the house.

Comcast has provided Static IP addresses for all lines.

My issue is IPv4 was a walk in the park to set up.  I cannot, for the life of me, setup IPv6 and get it working.  In the Netgate/pfSense device it shows I've setup the two WAN IPv6 correctly, and they work, ping, etc., but nothing in the LAN side of things has any IPv6 connectivity.  Comcast provided a /48 block of IPv6 addresses for each fiber line.

I'd appreciate any help anyone is able to provide guiding me in how to get IPv6 up and running.

Thanks in advance!

urbanextant

So, I was able to figure a way to get this to work.  It's not with SLAAC the way Comcast Business wants it, but it works, nonetheless.  I took the second of the derived /64 subnets that could be worked out of our /48 block, and I used it as a static IPv6 /64 block to output on LAN1 to the D-Link.  On the D-Link I fiddled with some of the minimal IPv6 options, and under the "neighbors" tab were all the IPv6 assigned addresses for every device hooked to our network.

If I had to do this over again, I'd not purchase the D-Link device.  It's a colossal pain in the arse to deal with, and the settings you want to be able to really change and work with, just aren't there.  I'm using it, at this point, as a simple switch to connect all of our copper and multimode fiber lines to from around the house.  I think I'll be looking into replacing it later this year when the electrician wires the house with fiber optic cabling.

Derelict

You don't really have much choice on a static address. SLAAC cannot be used to put addresses on the inside interfaces. If they are routing a /48 to you you do what you did. Statically assign a /64 from it to the inside interface.

Set pfSense to Unmanaged in DHCPv6 & RA for that interface and it will hand out SLAAC to that subnet.

urbanextant

Thanks for the reply.  I realized I was having a dumb dumb moment when it dawned on me SLAAC will not work for a block as large as a /48, let alone TWO /48 blocks that are being piped into the Netgate pfSense box.  It then came to me that a /64 was the largest block that would be feasible to make that work, and with 65k+ of them in a /48 block it was easy to pick just one for the LAN that runs to our switch, the D Link Box.  I didn't know about the other pfSense settings, and I greatly appreciate your assistance with that.  I'll go in and tinker with it later today.

When we signed up for this Comcast product, they billed it as Gigabit Pro, a residential product for the home, that was fiber optic.  We were told in an email ALL equipment would be included to make it work. This is NOT a residential product, it is known internally as Comcast Business Metro Ethernet, and all support, etc. comes from that department, not residential.  After signing up for it, we dealt ONLY with Comcast Business, which by the way, is light years better than Comcast Residential. After assisting Comcast with construction costs to run the fiber line underground down our 1/4 mile long driveway, they tell us we need a firewall, layer three device, switch, etc.  I didn't go to college for computer science.  It's a miracle that I've taught myself enough networking and programming since October to get all of this optimized and up and running.

jbattermann

@urbanextant It's been quite a while since your post here, but we just got a Comcast Gigabit Pro line as well here and I am totally over my head in regards to proper ipv6 configuration for the lan side of things.

Is there any chance you could elaborate a bit more re: what you did specifically?

Thanks!
-Joerg

JKnott

@jbattermann said in Comcast Metro-Ethernet Fiber w/Static IPv6- can't get to work:

I am totally over my head in regards to proper ipv6 configuration for the lan side of things.

The normal way is to use SLAAC on the LAN side. If you're configuring more than one network on the LAN side, you have to use a unique prefix ID for each one. With a /48, your choices would be 0-ffff.

jbattermann

@jknott Thanks for the quick reply, much appreciated! How would that work in case of load balancing and both (two WANs) having different IPv6 blocks? I'll only have one lan (at the beginning), but with two separate WANs and IPv6 ranges, what would I use on the Lan side?

JKnott

@jbattermann

I haven't done load balancing, so I can't help with that. Are you saying you have 2 prefixes on the LAN side of one network? Also, load balancing on the WAN side shouldn't have any effect on the LAN.