Verizon Fios and IPV6, Which Settings Work?

mattlach

Hi all,

I have read that Verizon is slowly (very slowly) rolling out IPV6 on its FiOS network.

I decided to try to see if I could pull an IPV6 address via DHCP, but it turns out I ahve absolutely no idea what settings to use.

They are reportedly using DHCPv6-FD, but no such option exists in the interface page for my WAN interface.

I can set DHCP6, but everything else I am unclear about. No idea how large of an prefix delegation size to set, or if I should set the "Request a IPv6 prefix/information through the IPv4 connectivity link" option.

Right now, it is not pulling an IPV6 address, but I don't know if that is because it's not in my area yet, or if it is because I have things configured

Can anyone who has it working chime in and share what settings worked for you?

Thanks,
Matt

MikeV7896

Verizon is testing IPv6 on its FiOS network in Waltham MA, Ashburn VA, and in a couple of areas along I-95 in Virginia (confirmations have been seen in Dale City, Spotsylvania, and Richmond/Midlothian as of the time I'm posting this). The implementation is by Central Office or Wire Center, so even though I'm minutes away from Ashburn, I'm served by a different CO, so I don't have it available.

My understanding is that Verizon has identified some issues in their infrastructure that is waiting on software updates and implementation before any chance of further expansion of IPv6 testing or rollout is possible.

These are my best guess settings based on information others have provided running other routers (Verizon or otherwise). Anything not mentioned here should be left unchecked. None that I've seen post about IPv6 on FiOS are running pfSense, so no one has been able to verify whether this works or not.

1/8/2022: The settings below are what I've been using for over a year as Verizon had IPv6 testing in my area:

1. WAN (or whatever interface FiOS is on) Settings:
   a. IPv6 Config Type: DHCP6
   b. Request only an IPv6 Prefix: checked
   c. Prefix Delegation Size: 56
   d. Send IPv6 Prefix Hint: checked
   e. Do not wait for a RA: checked (no idea if this is necessary or not, but FiOS doesn't use PPPoE, so it seems like it should be checked)
   f. Do not allow PD/Address release: checked (optional; should retain the prefix across reboots and software upgrades if checked, not guaranteed that it will never change though) (this option has been moved to System > Advanced > Networking in pfSense Plus)

2. LAN (or OPTx) Settings:
   a. IPv6 Config Type: Track Interface
   b. Track Interface: WAN (or whatever interface FiOS is on)
   c. Prefix ID: Pick something not being used on another internal interface.

Edited 9/7/2020 to add the request only a prefix setting; Verizon does not provide a WAN address
Edited 1/8/2022 to add the PD/Address release setting (recommended setting, not a requirement)
Edited: 11/6/2022 after discovering the "Do not allow PD/Address Release" setting has been moved in pfSense Plus

JKnott

@mattlach said in Verizon Fios and IPV6, Which Settings Work?:

They are reportedly using DHCPv6-FD

Perhaps you meant DHCPv6-PD. Do you at least get a WAN IPv6 address? Can Verizon support provide info? As for the prefix length, you can use whatever you want, up to whatever they provide. Many ISPs provide /56, others /48 or /16.

On the WAN page, you'd select DHCP6.

On the LAN page, you want Track Interface for IPv6 configuration type, WAN for IPv6 interface and 0 for the prefix ID. You can use other IDs if you have more than 1 local network.

kohenkatz

You may be able to check if Verizon has IPv6 turned on yet in your area using the script(s) found here: https://gist.github.com/luckman212/124a81d5f295dfa5c6d1162aaef55842

I use a minor variation of the last one (the PHP version) on my pfSense box at home.

MikeV7896

Thanks for that script. It will be helpful to know that IPv6 is on in the event that the settings I have set don't actually end up working. I keep hoping that it will be soon, given my close proximity to Ashburn... but I've accepted that it will come whenever it comes. I'm set up with HE at the moment anyway, but look forward to native connectivity.

kohenkatz

@virgiliomi said in Verizon Fios and IPV6, Which Settings Work?:

I'm set up with HE at the moment anyway

Since this is the case, expect to see warnings in the output of rtsol that say something to the effect of "received an unsolicited RA on interface (<YOUR_LAN_INTERFACE>)" (I don't remember the exact text and I'm not in front of that system right now).

These shouldn't matter for the script itself, since it checks for specific text in the output, but you will see it if you run rtsol by hand on the console.

MikeV7896

Got a notification email this morning... RAs detected on ix0! But it just looks like RAs only... no DHCPv6 yet.

JKnott

@virgiliomi

I saw the same thing when my ISP was getting ready to provide IPv6.
They also initially provided a single /64, but later a /56.

MikeV7896

Given how few areas have had IPv6 on Fios so far, any expansion is a welcome sight! Hopefully coming days will bring further progress! I'm excited now, though!

MikeV7896

GOT IT!

Had to add the "Use IPv4 as parent interface" option in my WAN settings. But I now have IPv6 through Verizon. I don't have a WAN address, just link-local, but that's the minimum needed, so I'm at least operational!

JKnott

@virgiliomi said in Verizon Fios and IPV6, Which Settings Work?:

Had to add the "Use IPv4 as parent interface" option in my WAN settings.

I think that's typical. I have that set to.

I don't have a WAN address, just link-local, but that's the minimum needed, so I'm at least operational!

Do you have Request only an IPv6 prefix selected?

MikeV7896

I do, but only because I didn’t want the lack of an interface address to slow everything else down. It wasn’t giving me an address on WAN with that option unchecked.

MikeV7896

I've since gone back and unchecked the "Use IPv4 as parent interface" option and things still seem to work. I slogged through the whole DSLR thread and found someone else with pfSense and IPv6 on Fios, and they also had to check the "Request only an IPv6 Prefix"... so that appears to be necessary. No big deal really... if I want to ping from the outside, I just need to allow ICMP Echo Requests to my LAN (or set up an interface with a prefix ID and just use it for that purpose).

Hopefully it won't cause issues when my ACME cert comes up for renewal... but that's set to use DNS, so it shouldn't be a problem.

Paint

It does not seem like FiOS in NYC (Manhattan) has IPV6 yet.

However, I know IPV6 is supported by FiOS in other places in the Tri-State area.

Anyone in NYC have any luck getting IPV6 working with FiOS (besides with a HE.NET tunnel)?

MikeV7896

The only places I'm aware of it being available so far are select areas in Northern and Central VA (areas served by five different Verizon central offices have been confirmed) and Waltham MA (where a Verizon Technology Development Center is - or at least was - located).

But determining what areas it might be available in is kind-of off topic for here since that's not directly pfSense-related. The settings to make it work are above, and there's also a script you can set up to detect when Verizon is sending out IPv6 router advertisements in your area.
https://forum.netgate.com/topic/137478/fios-users-waiting-for-ipv6-script-to-let-you-know-when-it-s-ready

There's a topic over in the FiOS forum on DSLReports that might be a better place for tracking availability. Don't feel the need to read all 2 years worth of posts... the most current list is within the last two pages (and was just quoted by someone on the last page).
https://www.dslreports.com/forum/r32136440-Networking-IPv6-working

MikeV7896

Just wanted to note, for any Fios customers that might be following this... over on DSLR, a user with a business account in Maryland posted that on or after January 10 2022, they would have IPv6 available. So it looks like wider availability might be coming soon. It also appears that business service will be getting a /56, just as I've been getting with my residential service.

Edit to add: Another user in another state also received the email, but with a date in February, so this may be a regional rollout over a longer period of time.

jeremy.duncan

I am also in Northern Virginia (Lorton) waiting for FiOS to upgrade their nodes for IPv6. I have heard about Ashburn/Leesburg people getting it. I got notice for Jan 2022, then Feb, then March... still nothing. I have an HE.net tunnel in the meantime - funny thing is if you use the newest FIOS Router, it block 6in4 tunnel traffic. I just removed it totally and terminated FIOS directly on my opnsense firewall. Still not seeing any RAs or DHCPv6 responses. One day maybe...

mattlach

This post is deleted!

mattlach

@jknott said in Verizon Fios and IPV6, Which Settings Work?:

@virgiliomi

I saw the same thing when my ISP was getting ready to provide IPv6.
They also initially provided a single /64, but later a /56.

Honestly, I am a little ambivalent about moving to IPV6.

I started this thread as I want to be prepared when the time comes I have to make the transition, but honestly, I think the standard is awful.

IPV4 address exhaustion is a real problem, but they solved it in the worst possible way going totally overkill on the address space (we don't need enough IP addresses for every atom on planet earth to have its own) and making it not user friendly.

The IETF literally could not have done a worse job if they had tried.

We went from an easy to understand four block format with regular numbers, to a nasty 128bit hexadecimal system with odd colon based abbreviations which is not intuitive in the slightest and makes it very difficult to memorize IP addresses.

That, and the insistence on making the internet all 1:1 is annoying. I LIKE having a segregated local network behind a single IP address that NAT provides me. I may still try to use NAT66, even though I understand it is "not recommended".

They should have just added another 8bit block to IPV4 making it 40bit, and providing over 1 trillion addresses, and just called it a day. That would still have been ~140 addresses per person on the planet. If we taper off at about 11B people on earth as most scientists predict, that would be enough for ~100 addresses per person, way more than enough.

I'm not exactly excited about IPV6. If I could I'd send it back to the drawing board. It is amazing to me this nonsense ever got approved and adopted.

I'm not looking forward to having to rewrite all of my complicated firewall rules again.

Seriously, IPV6 makes me want to stab people.

JKnott

@mattlach

All these "fixes" on IPv4 are just hacks that often cause other problems. One reason for such a large address space is to ensure we don't run out for a VERY long time. There are other changes that enhance router performance and security. Given other issues with IPv4, a clean break was needed. Incidentally, that internet all 1:1 is the way IPv4 was supposed to work originally. NAT broke that, along with a few other things. You can still have private (ULA) addresses, in addition to global ones. Also, with IPv6, you only have one size local network, that is /64. IPv4 used to be the same originally, but classes were introduced to provide more networks and then CIDR to provide even more, but there still are nowhere near enough.

With the portion of IPv6 addresses allocated to global addresses, there are only enough to give each person on earth a bit over 4000 /48s.