IPv6 working but I have to disable gateway monitoring
-
I'm getting an address range (ISP=Spectrum/TW) but I have to disable monitoring as it doesn't seem able to determine the upstream gateway IPv6 address to monitor.
Any suggestions?
-
i don't know about your isp but
you can use 2001:4860:4860::8888 as monitor ip for example -
@kiokoman Thanks. I was doing that manually, but I would have hoped that the DHCP6 would provide a proper upstream gateway IPv6 address for the pfsense client to then use.
-
@lohphat said in IPv6 working but I have to disable gateway monitoring:
@kiokoman Thanks. I was doing that manually, but I would have hoped that the DHCP6 would provide a proper upstream gateway IPv6 address for the pfsense client to then use.
What gateway address are you getting? It's entirely normal for link local addresses to be used for the gateway.
-
@JKnott I am getting a link local address for the IPv6 gateway. Why can't the DHCP6 client then use that for monitoring? If I manually add it, it doesn't work.
-
@lohphat said in IPv6 working but I have to disable gateway monitoring:
@JKnott I am getting a ling local address for the IPv6 gateway. Why can't the DHCP6 client then use that for monitoring? If I manually add it, it doesn't work.
One thing about link local addresses is that you often have to specify the interface used to reach that address. For example, if you were to ping that address, you'd have to specify that interface. There are 2 reasons for this. One, there is no relationship between the address and the route to get to it, as with routeable addresses. The other is having duplicate link local addresses on different links is also valid. They only have to be unique on the link.
-
@JKnott OK, I'll try that but the original question still stands: why can't the DHCP6 code figure all this out by itself as it can for the DHCP4 WAN interface?
I tried forcing the interface and it still doesn't work with the link local address.
-
@lohphat said in IPv6 working but I have to disable gateway monitoring:
@JKnott OK, I'll try that but the original question still stands: why can't the DHCP6 code figure all this out by itself as it can for the DHCP4 WAN interface?
With IPv4, the address implies the interface. So, if you have a network 192.168.0.0 /24, then there will be an interface within that range. There is no such relationship between the link local address and interface. Some things can determine the interface, in response to received packets, such as with RAs. But if you are specifying a link local address, then you must specify the interface. As I mentioned, you could have the same LL address on multiple links. How is it to determine which interface you're referring to?
Here's an example. My gateway address is the standard pfSense fe80::1:1. I'll ping with and without specifying the interface:
With:
ping fe80::1:1 -I eth0
PING fe80::1:1(fe80::1:1) from fe80::76d4:35ff:fe5b:f5fa%eth0 eth0: 56 data bytes
64 bytes from fe80::1:1%eth0: icmp_seq=1 ttl=64 time=0.250 ms
64 bytes from fe80::1:1%eth0: icmp_seq=2 ttl=64 time=0.260 ms
64 bytes from fe80::1:1%eth0: icmp_seq=3 ttl=64 time=0.252 msWithout:
ping fe80::1:1
connect: Invalid argumentThis is the same problem as you're getting when trying to use the link local address for monitoring.
-
@JKnott Hoever I've tried forcing the interface and it still doesn't work.
-
Then you'll have to use some other address.
-
@JKnott I'm wondering what the monitoring process is. It may be that the IPv6 gateway doesn't respond to ICMP pings.
So I've reverted to using the Google DNS address as the monitoring address altough I hate using someone's services as a monitoring point as it's unsolicited traffic. Using the local CPE gateway is still the obvious best solution.
sigh
-
@lohphat said in IPv6 working but I have to disable gateway monitoring:
It may be that the IPv6 gateway doesn't respond to ICMP pings.
The way to verify that is with Packet Capture. If you see them going out, but no response then that's the issue. You might also try with a known address, such as Google's DNS servers. You can use 2001:4860:4860::8888 and 2001:4860:4860::8844. You can also try pinging from the command line, remembering to specify the interface.
-
@JKnott Yeah, I tried to ping the gateway local link and 100% packet loss but pinging the Google DNS IPv6 addresses worked. Must be a Spectrum or a Motorola/Arris cabelmodem config.
-
Where did you ping from? If pinging a link local address, you have to do it from a computer on the same link. This means you have to ping from pfSense, not a computer behind it.
-
@JKnott Correct. I pinged from the diagnostic menu in the pfSense UI and specified the interface as well. No joy.
-
@lohphat
Why not do a trace route and find and use the first hop that responds as the target for the monitor? -
@Napsterbater Because in a redundant path BGP environment, there may be multiple paths from the local POP and whichever I select may be a dynamic route which may sometimes be down for maintenance. This presumes Spectrum has a brain cell, but I digress...
-
@lohphat
Though the first thing to show in a trace may just be the CMTSs GUA, thus just as good as the Link Local.Just because the LL doesn't respond doesn't mean the GUA wont. Though depends on the configuration of course
-
Correct. I pinged from the diagnostic menu in the pfSense UI and specified the interface as well. No joy.
I wonder why they would do that. Given it can't be pinged from beyond the local links, the usual security reasons for doing so don't apply.
-
@Napsterbater said in IPv6 working but I have to disable gateway monitoring:
@lohphat
Why not do a trace route and find and use the first hop that responds as the target for the monitor?If the next hop is also a link local address, he won't be able to ping it or any other LL address beyond the local link.