• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IPv6 working but I have to disable gateway monitoring

Scheduled Pinned Locked Moved IPv6
36 Posts 6 Posters 4.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lohphat @JKnott
    last edited by lohphat Sep 28, 2019, 2:08 AM Sep 28, 2019, 1:40 AM

    @JKnott Correct. My assigned /128 was 2604:2000:xxxx:... and the 2604:2000:xxxx::1 address was the first hop of the traceroute -- so that's what I now have as my monitoring address.

    Perhaps this can be considered a common IPv6 gateway config case and the DHCP6 code can be updated to automatically determine the upsteam gateway on its own without manual intervention for ease of configuration.

    The problem I see with the current manual intervention is that if Spectrum issues me a different /128 on the next cablemodem reboot and then the manual gateway monitor address may not be appropriate.

    1 Reply Last reply Reply Quote 0
    • J
      JKnott @lohphat
      last edited by JKnott Sep 28, 2019, 1:45 AM Sep 28, 2019, 1:41 AM

      @lohphat said in IPv6 working but I have to disable gateway monitoring:

      I tried both UDP and ICMP pings and the next local IPv6 hop seems to be a reasonable ...::1 address so I will try using that for awhile instead of the Google DNS IPv6 address for gateway monitoring. I'll keep an eye on it.

      If that address has a /128 prefix, I bet it has the same MAC address as the link local.

      IPv6 is a bit different from IPv4 in this regard. In addition to being able to use link local addresses for routing, an interface can have multiple addresses. For example, my desktop computer can have up to 17 addresses. This would be 1 link local and 8 GUA (7 privacy) and 8 ULA (7 privacy) I would have that many after my computer has been up for a week, as there's a new privacy address for each prefix per day, up to 7. Also, that /128 isn't really an interface address, as it's not in any prefix assigned to an interface. It is, however, a valid address for the device.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • N
        Napsterbater @JKnott
        last edited by Sep 28, 2019, 1:55 AM

        @JKnott said in IPv6 working but I have to disable gateway monitoring:

        If the next hop is also a link local address, he won't be able to ping it or any other LL address beyond the local link.

        If... Not all devices reply with their LL to ICMP (i.e. traceroute).. Such as pfSense itself. Hence a way to possibly sniff the GUA out.

        J 1 Reply Last reply Sep 28, 2019, 2:37 AM Reply Quote 0
        • J
          JKnott @Napsterbater
          last edited by JKnott Sep 28, 2019, 2:40 AM Sep 28, 2019, 2:37 AM

          @Napsterbater said in IPv6 working but I have to disable gateway monitoring:

          @JKnott said in IPv6 working but I have to disable gateway monitoring:

          If the next hop is also a link local address, he won't be able to ping it or any other LL address beyond the local link.

          If... Not all devices reply with their LL to ICMP (i.e. traceroute).. Such as pfSense itself. Hence a way to possibly sniff the GUA out.

          Also, further testing shows that /128 is not the next hop as I thought, at least not with my ISP. Regardless, the address can still be used for the monitor. I verified this by connecting my notebook computer directly to the modem and running the ip neigh show command, which lists all addresses on the local link. I didn't see that /128 address.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          J 1 Reply Last reply Sep 28, 2019, 3:11 AM Reply Quote 0
          • J
            JKnott @JKnott
            last edited by Sep 28, 2019, 3:11 AM

            @JKnott

            I may have to give this a bit more thought (need some more beer). The link local address may be on the next hop, but since it's not with the prefix, it will be sent to the router, using it's MAC address. When I get a chance, I'll have to fire up Wireshark, to see what's actually happening. I find the networking tools in BSD to be limiting, compared to Linux.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • C
              chpalmer
              last edited by Sep 28, 2019, 4:14 AM

              Add :1 to the back of your gateway address and monitor that.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              L 2 Replies Last reply Sep 28, 2019, 2:04 PM Reply Quote 0
              • L
                lohphat @chpalmer
                last edited by Sep 28, 2019, 2:04 PM

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • L
                  lohphat @chpalmer
                  last edited by lohphat Sep 28, 2019, 2:14 PM Sep 28, 2019, 2:13 PM

                  @chpalmer That's essentially what worked but I had to use traceroute to find the correct form of the address to monitor.

                  IPv6 Link Local
                      fe80::208:a2ff:fe0d:87ab%mvneta2
                  IPv6 Address
                      2604:2000:cfc0:1b:xxxx:yyyy:zzzz:9d5b
                  Subnet mask IPv6
                      128
                  Gateway IPv6
                      fe80::217:10ff:fe88:285b
                  

                  The next upstream hop via traceroute was:

                  2604:2000:cfc0:1b::1
                  

                  However I can't be assured that I'll get the same IPv6 assignment after the cablemodem reboot; so a manual gateway monitor assignment, although working now, is not the optimal solution in case I get a different /128 after a CPE reboot or my ISP reassigning address space on their side. There needs to be a bit more intelligence in the DHCP6 code.

                  1 Reply Last reply Reply Quote 0
                  • C
                    chpalmer
                    last edited by Sep 28, 2019, 2:58 PM

                    @lohphat said in IPv6 working but I have to disable gateway monitoring:

                    However I can't be assured that I'll get the same IPv6 assignment after the cablemodem reboot;

                    That should not matter.. The address should still only be the same distance away and still monitorable.

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    L 1 Reply Last reply Sep 28, 2019, 3:05 PM Reply Quote 0
                    • L
                      lohphat @chpalmer
                      last edited by Sep 28, 2019, 3:05 PM

                      @chpalmer What if my ISP decides to change the local DHCP6 pool to 2604:2000:cfc0:17... then the hop is not longer valid

                      J 1 Reply Last reply Sep 28, 2019, 6:09 PM Reply Quote 0
                      • J
                        JKnott @lohphat
                        last edited by Sep 28, 2019, 6:09 PM

                        @lohphat said in IPv6 working but I have to disable gateway monitoring:

                        @chpalmer What if my ISP decides to change the local DHCP6 pool to 2604:2000:cfc0:17... then the hop is not longer valid

                        Why not use the Google DNS server? That's not likely to change. Also, I doubt they're likely to change the router addresses.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        L 1 Reply Last reply Sep 28, 2019, 8:00 PM Reply Quote 0
                        • L
                          lohphat @JKnott
                          last edited by Sep 28, 2019, 8:00 PM

                          @JKnott As someone who's run IT ops, it a matter of principle for me. I wouldn't want someone using my resources for unintended purposes. A kludge is a kludge -- the right solution needs priority, so I'll deal with the hand I'm dealt until the DHCP6 code gets a little smarter.

                          1 Reply Last reply Reply Quote 0
                          • D
                            Derelict LAYER 8 Netgate @lohphat
                            last edited by Sep 29, 2019, 3:02 AM

                            @lohphat said in IPv6 working but I have to disable gateway monitoring:

                            @JKnott OK, I'll try that but the original question still stands: why can't the DHCP6 code figure all this out by itself as it can for the DHCP4 WAN interface?
                            I tried forcing the interface and it still doesn't work with the link local address.

                            Is this what is not working for you?

                            Works fine for DHCP6 on Cox.

                            WAN_DHCP6 fe80::d62c:44ff:fe7d:c819 fe80::d62c:44ff:fe7d:c819%igb5 25.051ms 55.226ms 0.0% Online Interface WAN_DHCP6 Gateway

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            L 1 Reply Last reply Sep 29, 2019, 6:11 AM Reply Quote 0
                            • L
                              lohphat @Derelict
                              last edited by Sep 29, 2019, 6:11 AM

                              @Derelict I think it's a CPE issue not Spectrum, but that's just a guess.

                              1 Reply Last reply Reply Quote 0
                              32 out of 36
                              • First post
                                32/36
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                This community forum collects and processes your personal information.
                                consent.not_received