Strange IPV6 behavior with dual LAN interfaces
I've had pfSense 2.1 running IPV6 without a glitch for over two weeks with a Comcast WAN and the LAN configured as 'track wan'.
I few days ago I added a second LAN side interface (OPT1) configured exactly like the existing LAN interface (both tracking the WAN). That didn't work so well.
- After a pfSense reboot both LAN side interfaces get a unique IPV6 address, and clients connected to both interfaces also get unique V6 addresses.
- More often than not the second LAN side interface (OPT1) loses its V6 address within 5 minutes.
- In a few cases both LAN side address lost there V6 addresses.
- And in 1 case even the WAN side interface lost its V6 address!!!
- In all cases, I was never able to get V6 connectivity on the clients connected to the second LAN interface, even though ifconfig on the client showed it properly configured for IPV6.
- In most cases, but not always, clients connected to the first LAN port had V6 connectivity.
I've since reverted to a single LAN interface and all is stable again, but I really need to get this dual interface configuration working. I am waiting on a managed switch so I can have dual VLANs on a single LAN side interface but I suspect the same issues will apply.
Any ideas what I might be doing wrong?
You will need a delegated prefix of length /63 or less. Comcast will only delegate a /64 to you unless your router explicitly requests a shorter prefix, so you'll have to set the "DHCPv6 prefix delegation size" appropriately and check the "send IPv6 prefix hint" option (both on the WAN interface page). Then, you have to assign a different "IPv6 prefix ID" to each tracking interface (on the LAN/OPT1 interface page). Whether you have to physical interfaces or two VLANs doesn't matter.
That seems to have done the trick.
Delegated prefix of length of 63 doesn't seem to work for Comcast, but 60 does.
Spoke too soon. 12 hours later, the second LAN interface has once again lost its IPV6 address!!! :-(
Why is one LAN interface working correctly and the second not working reliably when the only difference between the two is the IPV6 prefix id?
Did the link on that second LAN go down at some point by any chance? My internal interfaces lose their IPv6 address whenever that happens, and don't recover it when the link goes back up.
It may have… not sure since it happened overnight. Can't see any logs that would indicate link failure and the link is point to point Ethernet.