Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packet Loss on IPV6 Gateway

    Scheduled Pinned Locked Moved IPv6
    6 Posts 3 Posters 888 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tim h
      last edited by tim h

      I've been using PFsense for about 3 years now. Recently I had to blow away my configuration and redoing it due to my own mistakes. That said my WAN_DHCP6 gateway keeps losing packets and then going down. This seems to also introduce delays in the network. I'm very new to IPV6 (studied it years ago in college and never looked at it again). I've spent some time looking for suggestions and nothing has panned out. IPV4 works just fine. My provider is Xfinity.

      WAN Configuration:
      IPv6 Configuration Type: DHCP6

      DHCP6 Client Configuration:
      Checked - Use IPv4 connectivity as parent interface
      DHCPv6 Prefix Delegation size - 60
      Checked - Send IPv6 prefix hint

      As a side note my home network is broken into 3 VLANs (Lan, IOT, and Guest)

      General Log Snippet:
      Dec 29 08:32:30 php-fpm 94842 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
      Dec 29 08:35:58 rc.gateway_alarm 82945 >>> Gateway alarm: WAN_DHCP6 (Addr:fe80::201:5cff:feae:6446%em0 Alarm:0 RTT:18.092ms RTTsd:21.786ms Loss:5%)
      Dec 29 08:35:58 check_reload_status updating dyndns WAN_DHCP6
      Dec 29 08:35:58 check_reload_status Restarting ipsec tunnels
      Dec 29 08:35:58 check_reload_status Restarting OpenVPN tunnels/interfaces
      Dec 29 08:35:58 check_reload_status Reloading filter
      Dec 29 08:36:19 rc.gateway_alarm 27956 >>> Gateway alarm: WAN_DHCP6 (Addr:fe80::201:5cff:feae:6446%em0 Alarm:1 RTT:24.101ms RTTsd:28.786ms Loss:21%)
      Dec 29 08:36:19 check_reload_status updating dyndns WAN_DHCP6
      Dec 29 08:36:19 check_reload_status Restarting ipsec tunnels
      Dec 29 08:36:19 check_reload_status Restarting OpenVPN tunnels/interfaces
      Dec 29 08:36:19 check_reload_status Reloading filter
      Dec 29 08:36:20 php-fpm 91108 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
      Dec 29 08:39:02 rc.gateway_alarm 23191 >>> Gateway alarm: WAN_DHCP6 (Addr:fe80::201:5cff:feae:6446%em0 Alarm:0 RTT:12.987ms RTTsd:4.085ms Loss:5%)
      Dec 29 08:39:02 check_reload_status updating dyndns WAN_DHCP6
      Dec 29 08:39:02 check_reload_status Restarting ipsec tunnels
      Dec 29 08:39:02 check_reload_status Restarting OpenVPN tunnels/interfaces
      Dec 29 08:39:02 check_reload_status Reloading filter

      Gateways Snippet:
      Dec 29 07:11:42 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Clear latency 8759us stddev 1955us loss 5%
      Dec 29 07:12:03 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Alarm latency 11391us stddev 24807us loss 21%
      Dec 29 07:20:51 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Clear latency 9202us stddev 3813us loss 6%
      Dec 29 07:21:16 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Alarm latency 10219us stddev 12225us loss 21%
      Dec 29 07:24:55 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Clear latency 9601us stddev 2824us loss 5%
      Dec 29 07:27:22 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Alarm latency 9192us stddev 2086us loss 22%
      Dec 29 07:28:59 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Clear latency 9212us stddev 2207us loss 5%
      Dec 29 07:29:23 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Alarm latency 12128us stddev 25134us loss 22%
      Dec 29 07:33:03 dpinger WAN_DHCP6 fe80::201:5cff:feae:6446%em0: Clear latency 8925us stddev 1731us loss 5%

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @tim h
        last edited by

        @tim-h

        Does IPv4 fail at the same time?

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        T 1 Reply Last reply Reply Quote 0
        • T
          tim h @JKnott
          last edited by

          @JKnott no, I wish though as it's be probably easier to diagnose. The IPV4 gateway has been rock solid.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            I see that you have these choices of action:

            1. Call the ISP and see why their gateway cannot reliably respond to ICMP6 echo requests
            2. Choose something different to monitor like 2001:4860:4860::8888 (IPv6 equivalent to 8.8.8.8)
            3. Disable gateway monitoring actions on that IPv6 gateway. You likely don't have Multi-WAN IPv6 because that gets pretty difficult so who cares about gateway actions

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            T 1 Reply Last reply Reply Quote 0
            • T
              tim h @Derelict
              last edited by

              @Derelict said in Packet Loss on IPV6 Gateway:

              I see that you have these choices of action:

              1. Call the ISP and see why their gateway cannot reliably respond to ICMP6 echo requests
              2. Choose something different to monitor like 2001:4860:4860::8888 (IPv6 equivalent to 8.8.8.8)
              3. Disable gateway monitoring actions on that IPv6 gateway. You likely don't have Multi-WAN IPv6 because that gets pretty difficult so who cares about gateway actions

              Haven't called Comcast yet, I do expect they will point the finger at my more advanced configuration. I did try the second suggestion with no change in behavior. Packet loss also occurs when I ping the google IPv6 DNS from my desktop. I've also gone ahead and disabled actions on that gateway as you suggested. In addition I've set "Prefer IPv4 over IPv6" until I can figure this out.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                You can packet capture the pings going out. If there is no response there's nothing you can do about it - they have to fix it.

                If absolutely necessary (as in they still blame the firewall), put a managed switch (or some kind of network tap) between the WAN and the ISP and capture on a mirror port there. Then you're definitely looking at what's out on the wire, outside of the firewall. Set the monitored port to the one connected to the modem, not pfSense. If you see the echo requests and no replies there, there is certainly nothing more you can do. Press them hard for an escalation. If you can get to the right person/group you might be able to get it fixed.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.