Need help getting IPv6 working with Comcast residential

First, a preface: My local Comcast residential provider does support IPv6 and my DOCSIS 3.0 cable modem (a Motorola Surfboard SB6120) does support IPv6 (dual stack). I proved this by plugging my MacBook Pro directly into my cable modem and restarting the modem; once it came up, my computer had IPv4 and IPv6 addresses and I could successfully ping ipv6.google.com:

$ ping6 2607:f8b0:4002:801::1008 PING6(56=40+8+8 bytes) 2001:558:6016:19:5583:8c55:a56e:9490 --> 2607:f8b0:4002:801::1008 16 bytes from 2607:f8b0:4002:801::1008, icmp_seq=0 hlim=55 time=31.983 ms

So everything I need to do to enable IPv6 on my network will be 100% in my control—I won’t need any help from Comcast.

I have an existing Vyatta (just upgraded to VyOS 1.1.3 last night) installation that I have been using with IPv4 for years. I’m now doing some work that requires me to have IPv6 (dual stack) internet access, so I need to add IPv6 support to my entire network.

My understanding of Comcast’s IPv6 deployment is that addresses are assigned using SLAAC, so AFAIK that means I need to enable DHCPv6 where only the options—and not the actual address—is obtained from the DHCPv6 server. I may be wrong about this last detail, so please correct me if I am.

I figure the first step to supporting IPv6 on my network is to configure my cable-modem-facing interface correctly so that I can “ping6 2607:f8b0:4002:801::1008” directly from VyOS. Once I’ve achieved that, I can move on to the next steps of enabling IPv6 throughout my network.

First I added the line below to my interface:

[code] ethernet eth0 {
address dhcp

  • address dhcpv6
    description “Red Interface”
    duplex auto
    hw-id 00:50:56:3f:ff:01
    smp_affinity auto
    speed auto
    }[/code]

But, after committing, I couldn’t ping6 (“connect: Network is unreachable”), so then I added DHCPv6 options to disable fetching the address and only fetch the parameters:

[code] ethernet eth0 {
address dhcp
address dhcpv6
description “Red Interface”

  • dhcpv6-options {
  •    parameters-only
    
  • }
    duplex auto
    hw-id 00:50:56:3f:ff:01
    smp_affinity auto
    speed auto
    }[/code]

After committing, I still can’t ping6 (same error). So I’m stuck on my first step. My interface already successfully gets an IPv4 address from Comcast via DHCP; I’m not sure how to configure it to also get an IPv6 address.

Help?

So I also tried this:

[code] ethernet eth0 {
address dhcp
description “Red Interface”
duplex auto
hw-id 00:50:56:3f:ff:01

  • ipv6 {
  •    address {
    
  •        autoconf
    
  •    }
    
  •    disable-forwarding
    
  • }
    smp_affinity auto
    speed auto
    }[/code]

And this:

[code] ethernet eth0 {
address dhcp

  • address dhcpv6
    description “Red Interface”
  • dhcpv6-options {
  •    parameters-only
    
  • }
    duplex auto
    hw-id 00:50:56:3f:ff:01
  • ipv6 {
  •    address {
    
  •        autoconf
    
  •    }
    
  •    disable-forwarding
    
  • }
    smp_affinity auto
    speed auto
    }[/code]

Neither worked. Still no IPv6 address assigned to the interface, still no ability to ping6. :frowning:

In fairness, bug 492 (http://bugzilla.vyos.net/show_bug.cgi?id=496) might be part of my problem here.

Nobody here knows anything about IPv6 SLAAC/DHCPv6 that could help me get IPv6 working on Comcast? :frowning:

Is VyOS’s IPv6/DHCPv6-client system even working at all? I hate to file a bug without being 100% sure I’m not doing anything wrong, but something just isn’t right and I’m not getting any traction here. I’ve been trying to get this to work for over a week, but it doesn’t appear as if my config changes are having any effect on the underlying network config.

With this config on eth0:

ethernet eth0 { address dhcp address dhcpv6 description "Red Interface" duplex auto hw-id 00:50:56:3f:ff:01 smp_affinity auto speed auto }

I get this dhclient conf file auto-generated:

[code]$ more /var/lib/dhcp3/dhclient_eth0.conf

autogenerated by vyatta-interfaces.pl on Sat Feb 21 10:04:07 CST 2015

interface “eth0” {
send host-name “fw”;
request subnet-mask, broadcast-address, routers, domain-name-servers, interface-mtu;
}[/code]

And this dhclient6 conf file auto-generated:

[code]$ more /var/lib/dhcp3/dhclient_v6_eth0.conf

This file was auto-generated by the Vyatta

configuration sub-system. Do not edit it.

Generated on Mon Mar 2 13:11:04 2015 by root

interface “eth0” {
}[/code]

It’s as if my configuration changes have had zero effect on the underlying generated network configuration.

Is there some log file somewhere that may give me a hint as to what’s going on?

To get Comcast IPV6 to work, I had to download the VyOS source and add dhcp6 into the build (the VyOS dhcp3 package does not work). Unfortunately, I did this a few months ago, and I don’t recall everything I had to do to make it work. I would have to find the VM image I used to create my custom VyOS packages and ISO image.

Once you have the right packages in your image, then you need to configure it.

/etc/radvd.conf should look like this when created by the interface ipv6 router-advert section:

interface eth1 {
    IgnoreIfMissing on;
    AdvSendAdvert on;
    AdvOtherConfigFlag off;
    AdvDefaultLifetime 30;
    AdvLinkMTU 0;
    AdvCurHopLimit 64;
    AdvReachableTime 0;
    MaxRtrAdvInterval 10;
    MinRtrAdvInterval 3;
    AdvDefaultPreference medium;
    AdvRetransTimer 0;
    AdvManagedFlag off;
    prefix ::/64 {
        AdvPreferredLifetime 604800;
        AdvAutonomous on;
        AdvOnLink on;
        AdvValidLifetime 2592000;
    };
};

/var/lib/dhcp3/dhclient_v6_eth0.conf

interface "eth0" {
   send dhcp6.ia-pd 1;
   script "/etc/dhclient-exit-hooks";
}

/etc/dhclient-exit-hooks

#!/bin/bash
if [ x"$new_ip6_prefix" != x ]; then
        /bin/ip addr add $new_ip6_prefix dev eth1
fi

In my VyOS config:

interfaces {
  ethernet eth0 {
       address dhcpv6
       description OUTSIDE TO COMCAST
  }
  ethernet eth1 {
       description INSIDE WHERE IPV6 CLIENTS LIVE
        ipv6 {
            dup-addr-detect-transmits 1
            router-advert {
                cur-hop-limit 64
                link-mtu 0
                managed-flag false
                max-interval 10
                min-interval 3
                other-config-flag false
                prefix ::/64 {
                    autonomous-flag true
                    on-link-flag true
                    valid-lifetime 2592000
                }
                reachable-time 0
                retrans-timer 0
                send-advert true
            }
        }
}
}

I also had to modify the /opt/vyatta/sbin/vyatta-dhcpv6-client.pl file to create the /var/lib/dhcp3/dhclient_v6_eth0.conf file exactly as I have it above. I may have modified the script that creates the radvd.conf file as well and other scripts.

My setup assigns the IPv6 address from Comcast to your inside interface (instead of your WAN interface), and then it advertises out the IPv6 prefix to the clients on that internal network. You can look up some keywords on Google such as dhcp6 ia-pd. Most of what I did was from various sources on the Internet glued together into VyOS. I take no credit for their work.

You can create a custom image and it does work. I have Windows, Android, IOS, OSX, and unix clients, and they all get IPv6 addresses and pass 10/10 on the ipv6 test website.

Good Luck!

tiamat

P.S. If there is a particular file you want to see off my firewall, let me know and I can post it.

One thing I forgot as I haven’t rebooted in a while… Even with the config above, each time I reboot the firewall, I have to run this script:

#!/bin/bash
sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/eth0/accept_ra"
sudo /sbin/dhclient -P -6 -nw -cf /var/lib/dhcp3/dhclient_v6_eth0.conf eth0
sudo /etc/init.d/radvd restart

And here is the version information for my dhclient package:

$ /sbin/dhclient -V
Internet Systems Consortium DHCP Client 4.1-ESV-R8
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Usage: dhclient [-4|-6] [-SNTP1dvrx] [-nw] [-p <port>]
                [-s server-addr] [-cf config-file] [-lf lease-file]
                [-pf pid-file] [--no-pid] [-e VAR=val]
                [-sf script-file] [interface]

I also recall playing with the wide-dhcpv6 package instead of ISC because some feature appeared to be missing. I am looking for my debian build VM, but I may have lost in when I upgraded my system. As you did, I was trying quite a few things before I found the right combination to make it work.

Thanks for the great work. I have an identical situation and I can confirm that the nightly versions are not fixing it. Have you submitted this as a ticket so all the good work and feedback you did can be added to the next release formally?

For the moment, I’m using a tunnel with HE and that works very well.