Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Old delegated prefix not removed from LAN

    2.1 Snapshot Feedback and Problems - RETIRED
    3
    8
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bkraptor
      last edited by

      I have set the LAN interface to track the WAN interface via Prefix Delegation. I am getting a different delegated IPv6 prefix each time the WAN bounces. The problem is that I am seeing is that the old IPv6 address is not removed from the LAN interface and also clients on the LAN are receiving RAs from the old delegated prefix, which makes the clients unroutable via IPv6.

      Here's a snip of my IPv6 routing table after such a bounce:

      Destination 	Gateway 	Flags 	Refs 	Use 	Mtu 	Netif 	Expire
      default 	fe80::1%pppoe1 	UGS 	0 	20 	1492 	pppoe1 	 
      ::1 	::1 	UH 	0 	0 	16384 	lo0 	 
      x:y:1014:124::/64 	link#1 	U 	0 	0 	1500 	em0 	 
      x:y:1014:124:222:4dff:fe6b:73fc 	link#1 	UHS 	0 	0 	16384 	lo0 	 
      x:y:1014:52c7::/64 	link#1 	U 	0 	3 	1500 	em0 	 
      x:y:1014:52c7::1 	link#1 	UHS 	0 	0 	16384 	lo0 	 
      x:y:1015:f001::/64 	link#14 	U 	0 	0 	1492 	pppoe1 	 
      x:y:1015:f001::bc1a:81fa 	link#14 	UHS 	0 	0 	16384 	lo0 	 
      

      In this case, x:y:1014:52c7::/64 is the old delegated prefix.

      This is on:
      2.1-BETA0 (amd64)
      built on Sat Aug 25 13:20:22 EDT 2012
      FreeBSD 8.3-RELEASE-p4

      But it was the same a few weeks ago when I was running i386.

      I can send a packet capture from a host on the LAN that shows the firewall is sending RAs with the old delegated prefix. Just PM me for the file.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Do you have multiple instances of radvd running when it's in this state? What does /var/etc/radvd.conf look like?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          bkraptor
          last edited by

          # Automatically Generated, do not edit
          # Generated for DHCPv6 Server lan
          interface em0 {
                  AdvSendAdvert on;
                  MinRtrAdvInterval 5;
                  MaxRtrAdvInterval 20;
                  AdvLinkMTU 1280;
                  AdvDefaultPreference medium;
                  prefix x:y:1014:124:0:0:0:0/64 {
                          DeprecatePrefix on;
                          AdvOnLink on;
                          AdvAutonomous on;
                          AdvRouterAddr on;
                  };
                  route ::/0 {
                          RemoveRoute on;
                  };
                  RDNSS x:y:1014:124::1 { };
                  DNSSL localdomain { };
          };
          
          [2.1-BETA0]/root(3): ps waux | grep radvd
          root   61834  0.0  0.1  5864  1524  ??  Ss   Sun06PM   0:05.32 /usr/local/sbin/radvd -C /var/etc/radvd.conf -m syslog
          root   18434  0.0  0.1  9156  1512   1  S+    3:37PM   0:00.00 grep radvd
          

          <edit>I've just had another bounce on the WAN interface. The newly-delegated IPv6 prefix is x:y:1014:408e::/64.

          The routing table looks like this:

          Destination 	Gateway 	Flags 	Refs 	Use 	Mtu 	Netif 	Expire
          default 	fe80::1%pppoe1 	UGS 	0 	207 	1492 	pppoe1 	 
          ::1 	::1 	UH 	0 	0 	16384 	lo0 	 
          x:y:1014:124::/64 	link#1 	U 	0 	0 	1500 	em0 	 
          x:y:1014:124::1 	link#1 	UHS 	0 	0 	16384 	lo0 	 
          x:y:1014:408e::/64 	link#1 	U 	0 	0 	1500 	em0 	 
          x:y:1014:408e:222:4dff:fe6b:73fc 	link#1 	UHS 	0 	0 	16384 	lo0 	 
          x:y:1014:52c7::/64 	link#1 	U 	0 	156 	1500 	em0 	 
          x:y:1014:52c7::1 	link#1 	UHS 	0 	0 	16384 	lo0 	 
          x:y:1015:f005::/64 	link#14 	U 	0 	0 	1492 	pppoe1 	 
          x:y:1015:f005::bc1b:b403 	link#14 	UHS 	0 	0 	16384 	lo0 	 
          

          The new radvd.conf looks like:

          # Automatically Generated, do not edit
          # Generated for DHCPv6 Server lan
          interface em0 {
                  AdvSendAdvert on;
                  MinRtrAdvInterval 5;
                  MaxRtrAdvInterval 20;
                  AdvLinkMTU 1280;
                  AdvDefaultPreference medium;
                  prefix x:y:1014:124:0:0:0:0/64 {
                          DeprecatePrefix on;
                          AdvOnLink on;
                          AdvAutonomous on;
                          AdvRouterAddr on;
                  };
                  route ::/0 {
                          RemoveRoute on;
                  };
                  RDNSS x:y:1014:124::1 { };
                  DNSSL localdomain { };
          };
          
          [2.1-BETA0]/root(3): ps waux | grep radvd
          root   61834  0.0  0.1  5864  1524  ??  Ss   Sun06PM   0:05.34 /usr/local/sbin/radvd -C /var/etc/radvd.conf -m syslog
          root    9175  0.0  0.1  9156  1512   1  R+    3:54PM   0:00.00 grep radvd
          ```</edit>
          1 Reply Last reply Reply Quote 0
          • B
            bkraptor
            last edited by

            Is there a way to work-around this issue? I have frequent disconnects (1-2 a day) that mess up my IPv6 (and most pages, Google included, default to IPv6 nowadays). The only way I have found so far to work-around the incorrect RA is to re-save the WAN interface followed with re-saving the LAN interface. This is traffic-impacting and I would rather avoid doing this 1-2 times a day.

            1 Reply Last reply Reply Quote 0
            • B
              bkraptor
              last edited by

              Created bug report:
              http://redmine.pfsense.org/issues/2627

              1 Reply Last reply Reply Quote 0
              • D
                databeestje
                last edited by

                hi bkraptor,

                i'll have a look this week if time permits. I might be able to do random prefixes with the cisco 1811 I have here.

                I'm still quite amazed that ISPs think that handing out random addresses and even more so, random IPv6 prefixes is a good idea. It wrecks so much havoc because the LAn addressing changes as well.

                Would you mind contacting your ISP if they are considering handing out "static" IPv6 addresses? I know they want to keep their (old) business model they applied to IPv4 addresses going, but the impact in IPv6 is far worse then in IPv4 where just the router changes addresses.

                1 Reply Last reply Reply Quote 0
                • B
                  bkraptor
                  last edited by

                  Thank you for looking into this issue.

                  The response I received from my ISP (which is the largest in my country) is that they have no plans to implement statically assigned prefixes.

                  1 Reply Last reply Reply Quote 0
                  • D
                    databeestje
                    last edited by

                    Ok, that response is a bit silly.

                    I changed out the WIDE dhcp6 client for the ISC client, it appears to work on a VM here including prefix delegation, but it will need more testing.

                    See if this helps your situation.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.