Comcast DualStack IPv6 PD changing on every reboot and pulling two PDs
I recently was able to verify that Comcast has IPv6 enabled on my CMTS so I thought I'd give it a try. I upgraded my 2.0.1 install to one of the 2.1 snaps back around the middle of December (currently sitting on Dec 26, 12:02:01 EST).
I have WAN set to DHCP6, 64 PD and get a 2001: address there. I have LAN set to track interface, WAN, 0 and get a 2601: address there.
Everything seemed fine but I would have limited or no connectivity on my LAN. For example, I could ping6 just fine 2001:4860:4860::8888 on pfsense (WAN side or LAN side), but could not from my desktop.
After many pages of work back and forth on another forum, even involving a person from Comcast, I let a friend into my system via SSH and we discovered the DHCP6 lease is pulling two prefixes. Immediately after booting pfSense, I will see the old prefix on the console (monitor for it is right behind me). Seconds later after logging in to the GUI, I will see a different prefix.
Occasionally my workstations and servers on my LAN will have BOTH prefixes but obviously only the one currently assigned to the LAN interface will actually get me anywhere. Over the course of three days now I have seen eight different prefixes on LAN side, rebooting pfSense is the easiest way to get a new prefix.
I also discovered my DUID appears to be changing. I'm not sure what DUIDs have been associated with what prefixes as I only recently discovered this but I have seen two different DUIDs coinciding with a new prefix.
Now, a slight difference from most. I also have a Bellsouth DSL PPPoE circuit on here as well. I know that it "transforms" or something the actual ethernet interface into the PPPoE interface which means it's MAC might be changing. Could this be the cause of all of this?
I just turned on my native ipv6 with comcast as well - since before it wasn't working and I noticed ipv6 traffic on my firewall finally. And yes it does seem that the PD changes on reboot. I don't want to force a reboot now because I have my boxes I want with ipv6 working the way I want and have my firewall rules inbound for my ipv6 pool ntp server, etc.
We just checked in a fix for this, get a snapshot dated january 6th or later please.
Awesome thanks! I'll upgrade asap.