router loses IPv6, error in routing logs



  • I have been running 2.4.4-RELEASE-p3 for about 6 months on a Supermicro X11SDV-4C-TP8F 4-core Xeon. It is behind a Netgear CM1000 cable modem on Xfinity with pfSense configured for prefix delegation /60 and DHCPv6. The 10Gb SFP+ LAN port is connected to a Ubiquiti US-16-XG switch. For the most part it has been very good.

    Unfortunately I have seen pfSense occasionally lose the IPv6 address from Comcast. This might happen after the router has been running for a week or two. I don't notice it immediately because IPv4 still works, I only see it when the server on the LAN pointed to by DNS becomes inaccessible from the WAN.

    In the routing logs, after a reboot I see:
    6c156073-d2c6-469d-9424-206ad3ca5ba3-image.png

    Even though I suspect a router problem, in order to get an IPv6 address I have to reboot both the router and the cable modem. Just rebooting the router won't work. In the past I think I have plugged a PC directly into the cable modem and received an IPv6 address (I'll double check next time this happens), so it isn't clear it is the fault of the cable modem.

    From this post I see this error may be related to IPv6, if it is any help figuring this out.

    Thanks in advance for any help. This is really hurting the reliability of my network, and I'm not quite sure how to track it down.



  • Here is an ArchLinux bug report about this issue, although I understand pfSense uses a different distribution of Linux.



  • @lifespeed

    Capture the DHCPv6-PD frames on the WAN interface and post them here.



  • @lifespeed

    PfSense runs on FreeBSD, not Linux.



  • @JKnott said in router loses IPv6, error in routing logs:

    @lifespeed

    Capture the DHCPv6-PD frames on the WAN interface and post them here.

    With the router connected, with a laptop, while the router doesn't have an IPv6? How would I mirror the port on my switch to capture when the switch isn't connected to the cable modem?

    You say this rather casually, yet even with modest networking knowledge I couldn't begin to guess how to do this.

    Here is a DHCP log entry indicating a problem:

    May 12 17:23:20 	dhcpd 		/etc/dhcpdv6.conf line 23: partial base64 value left over: 7.
    


  • @lifespeed

    Run Diagnostics > Packet Capture
    Configure for ICMP6 on WAN
    Disconnect/reconnect the WAN cable. This will trigger DHCPv6-PD.
    Then download the capture and post it here.
    You can also examine it with Wireshark.



  • @lifespeed

    BTW, a few years ago, I bought a cheap 5 port managed switch and configured it as a network tap, by using port mirroring. I can place that switch between my pfSense box and the cable modem. Works well.



  • @JKnott

    Correction, filter on dhcpv6, which is port 546 or 547.



  • @JKnott said in router loses IPv6, error in routing logs:

    @JKnott

    Correction, filter on dhcpv6, which is port 546 or 547.

    I'lI give this a try tonight after work, although I'm not sure if there will be anything learned if the router currently has an IPv6. Guess we'll see.

    I still think there is a clue in the radvd.conf error logs posted previously.



  • @lifespeed

    If nothing else it will show what normal looks like. On the other hand, it could show a problem. Last year I had a problem with IPv6 from my ISP. By using packet capture, I was able to not only show there was a problem at my ISP, but even identify the failing system by name. Packet captures are an extremely useful tool in trying to resolve network problems.

    BTW, one thing I frequently do is fire up Wireshark, just to see how things work. This makes it much easier when trying to solve a problem, as I know what normal looks like.


Log in to reply