IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV)

dg6464

@JKnott Unfortunately there is no way to specifically turn off IPv6 on an Apple TV... same with an iPhone, they just natively support it as part of their stack.

Which, as much as people don't like Apple... I completely agree that the transition to IPv6 should be seamless and the approach should be exactly that, just hide and obfuscate any complexities and it should "just work". Leave complexities to us geeks in the background to work out.

For the purposes of the thread here, I don't necessarily want to get into the IPv6 debate - I agree a full migration is definitely a long way out... but also agree that we should definitely be part of the driving force to move as many folks as possible towards it (at least that are capable to move there), as NAT and such is really just a workaround for improper connectivity and lack of addresses to give out.

But at the same time, we need to let client OS developers (iOS, Android, Windows, Linux, etc) know when they do something that might not necessarily be wrong according to standards... but could and will be a complete PITA to manage and administer from an IT standpoint in the long-term.

Thanks for the banter folks - I'll see what the process is to open up a bug/ticket with Apple. As I don't think their intention for an Apple TV is for a single one to show up as a hot mess of hundreds of IPv6 addresses utilized for no real purpose.

Best Regards,

dg6464

NogBadTheBad

Odd I have 2 Apple TVs and don't have hundreds of entries for a single MAC address.

I have DHCPv6 static mapings for the devices.

NogBadTheBad

@JKnott

Take the complaint to Apple and let them fix it. They're the ones who caused the problem.

I'd suggest the issue lies elsewhere see my previous post.

JKnott

@NogBadTheBad

Perhaps @dg6464's TV is defective. I have never heard of any device doing that on IPv4 or IPv6. According to his description, each of the NDP entries is for a different IP address, but same MAC. There should only be a few but certainly not hundreds.

Perhaps he could run Packet Capture, foltering on the TV's MAC address and ICMP6, to see what's happening.

NogBadTheBad

@dg6464

Apple TV's are a known pain in the butt when they go to sleep... they wreak havoc on my Meraki switches by transitioning to 100Mbps from 1Gbps and show CRC errors like there is a bad cable (this is a known issue and will likely never be fixed by Apple).

No CRC errors on the LAN port it's connected to here either, sure you don't have a cable issue ?

JKnott

@NogBadTheBad

What speed does yours come up at? Autonegotiation should cause it do come up at the best possible.

Certainly a different cable should be tried. A flaky (pardon the tech jargon ) cable can cause the devices to think they can run at Gb, but the cable only permits 100 Mb.

NogBadTheBad

1 Gig, I think the previous versions ran 10/100 ports.

dg6464

@NogBadTheBad this is an Apple TV issue only when it goes to sleep... this is an Apple TV 4K, but I believe it's the same for all Apple TV's.

On my Meraki switch, it re-negotiates to 10/100 down from it'a usual 1Gbps... then shows CRC errors for the time it's asleep.

Otherwise - I do a speedtest and get 1Gbps down.. have tested cables and such. I've got 3 Cat6 drops in that room to my basement switch... definitely not a cable.

I'll try and find the article where someone else stated this is a common Apple TV "sleep" problem and is the same with multiple vendors switches.

Best Regards,

dg6464

dg6464

@JKnott so I just did a packet capture (albeit too big, it's like 107MB for just 30 seconds or so as I turned it on, booted up Netflix and Plex).

However... before doing so I cleared the NDP entires for the Apple TV.

They haven't come back.

So maybe while I was doing some IPv6 Testing or implementing IPv6 DNS on my pihole, it somehow generated a ton of these entries and they just stayed?

Not sure - but I will monitor moving forward.

dg6464

@NogBadTheBad this might be a way of getting around it... if I just assign a static DHCPv6 for the MAC address. I'll give it a try if the NDP table issue keeps happening.

This will also be a simple way for me to keep the hostnames in check and make it easier to know what is what.

Did you find that the Apple TV's actually received a DHCPv6 address when you configured it?

Where did you configure those static DHCPv6 addresses? When I go to configure one it asks for a DUID and has no specific spot for the MAC Address?

Thanks!

Best Regards,

dg6464

NogBadTheBad

@dg6464

What makes you think my ATV doesn’t go to sleep?

Have you got a spare lan port on your router to try and connect it to directly dos a test.

I originally let my ATV get a random IPv6 address then fixed it using the DUID address in the status - dhcpv6 leases page.

dg6464

@NogBadTheBad I'm not saying it doesn't go to sleep... I'm saying your switch modem may not detect CRC align errors for some reason. It was more commercial gear that seemed to detect the issue.

I've tried multiple switching ports, multiple cables... and everything works perfectly when it's awake. Only when it goes to sleep does it have the issue.

As for the DHCPv6 lease... for some reason the DUID that it assigns won't allow me to assign a reservation:

Either way... the NDP Table only has 1 entry now... the most I have seen yet is 4 entries for it now. Only time will tell.

Not that it helps at all, but the Meraki switch GUI with the CRC errors... you can see the "red" gaps.. that's where it goes to sleep:

It's asleep right now, so it negotiates at 10/100:

Meraki thread about it:

[https://community.meraki.com/t5/Switching/AppleTV-4K-Ethernet-Madness/td-p/41254](link url)

JKnott

@dg6464 said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

if I just assign a static DHCPv6 for the MAC address.

I don't know that would do it. You'd still have the neighbour announcements. With SLAAC, you will have a link local address and at least 1 global address. With DHCPv6, you will have a link local address and 1 global address. I don't see much difference in that.

As for that huge packet capture, what happens if you wait for the dust to settle, before starting it? You should still see neighbour advertisements periodically.

dg6464

@JKnott do you think it's worth running RA in "Managed" mode then, to force DHCPv6? Not sure if I am in a world of hurt for all of the IP's that have been assigned using SLAAC / RA already though (likely my pihole DNS servers IP, unRAID's IPv6 IP and such). Not sure if I turn off Assisted mode and move to Managed if the existing used IP's will show up as leases.

Honestly if most things are compatible with DHCPv6 now and don't require SLAAC / RA's and autoconfigure... i'd almost rather manage the DHCPv6 leases just like I manage the DHCP IPv4 leases today... one by one from the pool as a round-robin and configuring reservations when it makes sense.

I can try another packet capture as well if you'd like and just not boot up Netflix and such.

You think just a cycle from sleep to wake up to sleep again will do the trick?

I can tinker with the options if it makes sense... just thought I'd ask just in case I'm in for a world of hurt by changing from Assisted. Doesn't that basically disable auto-configure / SLAAC?

Existing Configuration for DHCPv6 and RA:

Thanks!

Best Regards,

dg6464

JKnott

@dg6464 said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

do you think it's worth running RA in "Managed" mode then, to force DHCPv6?

I doubt it would make any difference. RAs are required, whether SLAAC, DHCPv6 or manual config. RAs are the IPv6 equivalent of ARP and without them, it won't work.

JKnott

@johnpoz said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

Name one mainstream anything that requires I have an IPv6 address.. Just 1...

Here's one example. IIRC, the Xbox requires IPv6. It had used Teredo, but I believe that's been turned down or will be shortly.

IsaacFL

@dg6464

I have 2 older 1080p AppleTvs On a dual stack network and haven’t seen what you are seeing. I am using them currently on WiFi but I have used them wired in the past with no issue

They work fine with my ipv6 network. I use SLAAC only (unmanaged) but they also work as “assisted”.

About the only thing I have ever had to do to them is restart them if I reconfigure my network.

I have noticed that they don’t update their network configuration unless you restart them and that includes ipv4 too. Pulling the plug doesn’t work.

I have seen multiple ipv6 addresses (>600) once on a Windows machine but that was due to a router problem.

IsaacFL

@dg6464 said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

@JKnott do you think it's worth running RA in "Managed" mode then, to force DHCPv6? Not sure if I am in a world of hurt for all of the IP's that have been assigned using SLAAC / RA already though (likely my pihole DNS servers IP, unRAID's IPv6 IP and such). Not sure if I turn off Assisted mode and move to Managed if the existing used IP's will show up as leases.

Honestly if most things are compatible with DHCPv6 now and don't require SLAAC / RA's and autoconfigure... i'd almost rather manage the DHCPv6 leases just like I manage the DHCP IPv4 leases today... one by one from the pool as a round-robin and configuring reservations when it makes sense.

I find that "unmanaged" SLAAC mode works the best with most devices like these media devices and IOT type devices. DHCPv6 implementation on some of these types of devices are hit or miss, but SLAAC always seems to work.

The support for SLAAC in the RFCs are mandatory for hosts, whereas DHCPv6 host support is "optional".

IsaacFL

@JKnott said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

@johnpoz said in IPv6 NDP Table - Hundreds of Entries for Single Mac Address (Apple TV):

This is perfect example of when you just disable IPv6 for this network..

My choice would be to get rid of the Apple crap. I'm allergic to the stuff. Disabling IPv6 is short sighted, as the world has to move to IPv6, to get rid of that NAT nonsense.

Take the complaint to Apple and let them fix it. They're the ones who caused the problem.

Apple works perfectly fine with ipv6, actually, one of the best. I think the issue here is the network itself is misconfigured..

NogBadTheBad

Personally I think the issue lies with the Meraki switch, I can't understand why the speed changes to 100 Mbps when the ATV sleeps, my screenshots occured what the ATV was asleep.

I have 1 ATV connected to ethernet & 1 connected via Wi-Fi both don't have the issue you're seeing.

I'm using switches from the Linksys Business range.

Do you have a spare port on the router that you could set up as a new test lan and connect the ATV directly to it?