Comcast IPv6 issues



  • Like many people, if have Comcast Internet, and they now offer IPv6 service.

    Two methods should work: Using DHCPv6 with prefix delegation (PD), and 6to4 Tunnel Anycast, which appears to terminate somewhere within Comcast's network. I choose the former method as it relies on no IPv4 connectivity to function.

    I can confirm the DHCPv6-PD method does indeed work on my circuit because a stock DLink router pulls both a WAN IPv6 address in the 2001 range as well as a 2601 prefix for the LAN interface. I've also seen this work on 2.1 during the 2.1 Beta releases. But, as many have observed here, at works initially upon enablement but then fails to renew or something and the prefix expires and disappears.

    I was happy to see the 2.1 series go to RC figuring that many of the reported IPv6 issues would likely be resolved. But my IPv6 symptoms are no better now after upgrading to 2.1-RC0.

    Thinking that many of the IPv6 problems might be related to the Beta to RC upgrade, I have completely removed the IPv6 settings from config and plan to start fresh.

    I start by simply enabling DHCP6 on the WAN interface. I save and activate the changes.

    Once activated, I do not receive an IPv6 address on the WAN interface but it does discover the IPv6 gateway and begins to monitor it.

    WAN_DHCP6 fe80::201:5cff:fe24:cec1 fe80::201:5cff:fe24:cec1 14.9ms 0%

    Curious about what could be causing the problem I check the Logs and find only the following related to IPv6 (Note: xxxx replaces hex for security reasons):

    Jun 8 02:24:08 dhcp6c[68172]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 02:24:08 dhcp6c[68172]: client6_init: failed initialize control message authentication
    Jun 8 02:24:08 dhcp6c[68172]: client6_init: skip opening control port
    Jun 8 02:24:08 dhcp6c[68413]: check_exit: exiting
    Jun 8 02:24:08 dhcp6c[69026]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 02:24:08 dhcp6c[69026]: client6_init: failed initialize control message authentication
    Jun 8 02:24:08 dhcp6c[69026]: client6_init: skip opening control port

    Upon rebooting the system, I now receive a global IPv6 address on the WAN interface.

    Jun 8 02:46:28 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe24:cec1%dc0
    Jun 8 02:46:26 dhcp6c[20116]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 02:46:26 dhcp6c[20116]: client6_init: failed initialize control message authentication
    Jun 8 02:46:26 dhcp6c[20116]: client6_init: skip opening control port
    Jun 8 02:46:29 dhcp6c[21303]: check_exit: exiting
    Jun 8 02:46:29 dhcp6c[36297]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 02:46:29 dhcp6c[36297]: client6_init: failed initialize control message authentication
    Jun 8 02:46:29 dhcp6c[36297]: client6_init: skip opening control port
    Jun 8 02:46:29 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe24:cec1%dc0
    Jun 8 02:46:30 dhcp6c[36530]: client6_recvadvert: XID mismatch
    Jun 8 02:46:30 php: : rc.newwanipv6: Informational is starting dc0.
    Jun 8 02:46:35 php: : rc.newwanipv6: on (IP address: 2001:558:6007:4e:c65:da9d:d317:xxxx) (interface: wan) (real interface: dc0).
    Jun 8 02:46:35 php: : ROUTING: setting IPv6 default route to fe80::201:5cff:fe24:cec1%dc0
    Jun 8 02:46:36 php: : send_event: sent interface reconfigure got ERROR: incomplete command. all <string>reload <interface>reconfigure <interface>restart <interface>newip <string>linkup <string>sync <cr>Jun 8 02:46:36 php: : The command '/sbin/ifconfig dc0 inet6 2001:558:6007:4e:7475:b0fc:c774:xxxx delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
    Jun 8 02:46:43 php: : pfSense package system has detected an ip change 2001:558:6007:4e:7475:b0fc:c774:xxxx -> 2001:558:6007:4e:c65:da9d:d317:xxxx … Restarting packages.

    And now I can indeed PING:

    PING6(56=40+8+8 bytes) 2001:558:6007:4e:c65:da9d:d317:xxxx --> 2001:500:4:13::81
    16 bytes from 2001:500:4:13::81, icmp_seq=0 hlim=51 time=42.642 ms
    16 bytes from 2001:500:4:13::81, icmp_seq=1 hlim=51 time=42.852 ms
    16 bytes from 2001:500:4:13::81, icmp_seq=2 hlim=51 time=43.224 ms
    16 bytes from 2001:500:4:13::81, icmp_seq=3 hlim=51 time=51.988 ms

    --- www.arin.net ping6 statistics ---
    4 packets transmitted, 4 packets received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 42.642/45.176/51.988/3.938 ms

    Now proceeding to the PD config, I enable IPv6 on the LAN interface by selection Track Interface and confirming the default selection of WAN. I then save and activate the changes.

    System Logs show no IPv6 related changes and no error messages.

    Checking the WAN interface settings again, I see that the default Prefix Delegation size is set to None, which might be the immediate problem. So I change it to 64 and then save and activate once again.

    Once changes have settled, I check the interfaces again but find the public IPv6 address on the WAN interface is now gone. The only IPv6 related messages are:

    Jun 8 03:05:40 dhcp6c[40808]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 03:05:40 dhcp6c[40808]: client6_init: failed initialize control message authentication
    Jun 8 03:05:40 dhcp6c[40808]: client6_init: skip opening control port
    Jun 8 03:05:40 dhcp6c[40819]: check_exit: exiting
    Jun 8 03:05:40 dhcp6c[41252]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 03:05:40 dhcp6c[41252]: client6_init: failed initialize control message authentication
    Jun 8 03:05:40 dhcp6c[41252]: client6_init: skip opening control port
    Jun 8 03:06:04 dhcp6c[36530]: client6_timo: no responses were received
    Jun 8 03:06:04 dhcp6c[36530]: check_exit: exiting

    So, once again, I reboot to see if a fresh load of the config helps.

    However, upon initial login after the reboot, the IPv6 address on the WAN interface is still missing and there is no IPv6 prefix on the LAN interface.

    Checking the System Logs, I again see familiar messages:

    Jun 8 03:13:27 dhcp6c[29844]: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
    Jun 8 03:13:27 dhcp6c[29844]: client6_init: failed initialize control message authentication
    Jun 8 03:13:27 dhcp6c[29844]: client6_init: skip opening control port
    Jun 8 03:13:34 php: : send_event: sent interface reconfigure got ERROR: incomplete command. all <string>reload <interface>reconfigure <interface>restart <interface>newip <string>linkup <string>sync <cr>But nothing particular…

    In order to return to the settings where I have the most functionality, I revert the LAN PD changes disabling it and leaving only DHCPv6 on the WAN interface.

    However, there is no change. So I reboot the system.

    It now appears that rebooting does not help either. So apparently, the config is somewhat corrupted perhaps, and wiping the IPv6 config completely again should allow me to start fresh.

    Obviously, 2.1 is pre-release software, and we're sharing our observations in order to identify and hopefully help resolve issues.

    However, I do wonder if these issues are more related to "work in progress" code as would be expected of pre-release software or more due to insufficient requirements. If the latter, then has there been much discussion of potentially following RFC 6204? It was recently recommended by the head of network engineering of a large US cable internet operator. Apparently, they test and qualify IPv6 routers primarily based on the router's tested compliance with RFC 6204.

    I really do appreciate all of the work the developers put into pfSense. If there's any other info needed to debug these issues, I'd be happy to help.</cr></string></string></interface></interface></interface></string></cr></string></string></interface></interface></interface></string>