PfSense behind AT&T U-verse NVG589, 6RD, and MTU
-
I have an AT&T U-verse Motorola NVG589 router in a pair-bonded configuration. It performs 6RD encapsulation. In the default configuration, IPv6 works really well on the LAN of the NVG589: I get 10/10 at test-ipv6.com and ALL of the sites in the "Other IPv6" tab are reachable.
I know that pfSense does 6RD encapsulation, but I like having the NVG589 handle the 6RD encapsulation.
I also have a pfSense 2.1-RELEASE router behind the NVG589 with the following configuration:
NVG589 WAN
–----------------------------
address: 2602:30X:XXXX:XX90::/60NVG589 LAN
address: 2602:30X:XXXX:XX90::1/64
router advertisement prefix: 2602:30X:XXXX:XX90::/64pfSense WAN
IPv6 configuration type: DHCP6
request IPv6 prefix through IPv4: true
request only IPv6 prefix: false
DHCPv6 prefix delegation size: 64
send IPv6 prefix hint: true
address shown on pfSense console: 2602:30X:XXXX:XX90:...:f452/64pfSense LAN
IPv6 configuration type: track interface
IPv6 interface (to track): WAN
IPv6 prefix ID: 0 ("Enter a hexadecimal value between 0 and 0.")
address shown on pfSense console: 2602:30X:XXXX:XX9f:...:b661/64With the default MTU size on the pfSense LAN I get 10/10 at "test-ipv6.com", but MOST of the sites in the "Other IPv6" tab are NOT reachable and IPv6 connectivity is flakey. (I was mildly surprised that the interface tracking worked, since my NVG589 LAN had a 64-bit prefix and I thought that interface tracking required the prefix to grow, but I don't fully understand these things.)
I resolved this issue by lowering the MTU on the pfSense LAN to 1280 in the "Interfaces: LAN" web configurator page.
I am writing this mainly for any other NVG589 users out there, but I am also interested in knowing if there are better ways to resolve the problem I was having.
POSTSCRIPT: I am having a minor problem. In the above configuration, if I modify any aspect of the LAN interface in the web configurator, I loose all IPv6 connectivity until I reboot. I think this is because the router advertisement daemon (radvd) dies when I "apply changes". If I try to manually restart radvd without rebooting, I get this error in the routing log:
# /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
radvd[57031]: syntax error in /var/etc/radvd.conf, line 2:My radvd.conf is empty (the first line in the file is a comment). I can't access the router advertisement web configurator because I don't have any static IPv6 interfaces configured.
-
POSTSCRIPT: I am having a minor problem. In the above configuration, if I modify any aspect of the LAN interface in the web configurator, I loose all IPv6 connectivity until I reboot. I think this is because the router advertisement daemon (radvd) dies when I "apply changes".
Ya, that is a problem, without a solution that I know of. Making a change, or dropping the link on the LAN interface will do it too.
FWIW, I'm on 2.1.1-PRERELEASE (Mar 7) and the problem is there. I restarted the switch pfSense is connected to just today and the LAN lost it's IPv6 prefix. Only thing I could do to get it back was reboot pfs.
REPORTED HERE: https://forum.pfsense.org/index.php/topic,73492.0.html