IPv6 not working (Vancouver, Business PureFibre) - debugging with tcpdump etc

Reply
robbat2
Connector

Are there other Business PureFibre customers in Vancouver with working IPv6 as of October? It's not working here.


The Actiontek T3200M shows the same as this other user


My own router (EdgeRouter Pro) also doesn't get anything either. There are no responses to Router Solicitiations (as sent by the T3200M) or DHCPv6-PD/DHCPv6 solicit requests. I'll post comparative packet captures further in the thread.


Telus employees do claim IPv6 is being deployed:


There are some useful prior technical posts as well:

robbat2
Connector

I have censored my own MAC/IP details

 

Actiontek T3200M, sending IPv6 Router Solicitation:

IP6 (hlim 255, next-header ICMPv6 (58) payload length: 8) fe80::XXXX:XXf:feXX:XXXX > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 8
(it never sends the DHCP6 solicit)

 

EdgeRouter sending RS & dhcp6 solicit:

IP6 (hlim 255, next-header ICMPv6 (58) payload length: 8) fe80::XXXX:XXf:feXX:XXXX > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 8
... (time elapses)
IP6 (hlim 1, next-header UDP (17) payload length: 89) fe80::XXXX:XXf:feXX:XXXX.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=4915bf (client-ID hwaddr/time type 1 time 560552284 f09fc210a95c) (elapsed-time 0) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))

 

No responses to any of them, nor manually sending RS followed by DHCP6 solicit, or any other ordering. Haven't seen any unsolicited RAs in more than 8 hours of logging. There's also no difference if I enable rapid-commit, or muck with other parts of DHCP6.

 

At the very least, as seen in the other threads, I expect to get at least some rejection messages to the DHCP6 requests.

 

For further context, I'm one of the upstream IPv6 radvd maintainers, and helped improve it for better client battery life

JTL
Advocate

If it doesn't work with the Actiontec plugged directly into the ONT, something is very wrong and it probably has little to do with your setup.

 

Try 30/30/30 reset of the Actiontec, try unplugging the ONT for 30 seconds. 

 

Not sure if EdgeOS suffered from this same issue that pfSense did, it would wait for an RA before before sending solicit packets, and Telus doesn't send unsolicited RA's.

 

https://redmine.pfsense.org/issues/5993

robbat2
Connector

I'll run a reset cycle on the ONT later tonight, but the Actiontec certainly isn't getting ANY v6 responses either.

I do find it interesting is comparing the behavior:
Actiontec Sending ICMP6-RS, and not any DHCP6-solicit.
EdgeOS: Sending both ICMP6-RS & DHCP6-solicit.

 

One thought I had is that Telus doesn't have IPv6 enabled for Business customers, at least in my area. This would suck, because I asked sales about it explicitly (but one should never trust sales without verifying).

Moderator
Moderator

Hi @robbat2, has the issue with your IP address been resolved? In the event that it's ongoing, can you please send me a PM with your account details? I'll be happy to get the info to our technical team to have the issue investigated. Thanks!

robbat2
Connector

The problem still persists, despite ONT reset, and reset of Actiontek.

I can see from packet sniffing what comes out of the ONT, that there's nothing IPv6 at all.

I will PM with account number

TELUS Employee
TELUS Employee

Hi Rob

I will be working with DanR on the technical portion of this. Out of curiosity, as part of your business plan, do you have a static IPv4 / server plan? Some people order this to ensure none of the service ports are blocked but as a result of that, it excludes IPv6 connectivity options.

robbat2
Connector

Yes, I do have a static IP; there is no reason that a static IP should exclude IPv6, the two protocols are entirely independent. The only case I can think of would be artificial limitations in your deployment environment.

If I have to choose, I'd sooner drop the static IP than forgo IPv6.

You're also the first person to mention that they were mutually exclusive at the moment.

TELUS Employee
TELUS Employee

The devil is always in the implementation details. IPv6 is a very low volume ask for use and does indeed require some dev work to implement for the static IP plans. The few people who do need it are quite vocal, I will use this particular discussion thread as a talking point for the future. 

In the meantime, I will wait for Dan to pass me some details. What we can do is temporarily flip the account to a dynamic type and see if the connectivity options meets your needs. If everything checks out, we can pass off an order to the billing teams to have the plan officially changed out as necessary. 

 

As an official capacity, I do work for TELUS and just made this account to respond to you. Please do not DM me any account details until I have this account formally employee verified and badged accordingly.

robbat2
Connector

There's an easy way to hype IPv6: In many cases, IPv6 latency is better than IPv4. This should be attracting a lot more serious gamers than it does now (not the reason I'm after it, but a good selling point for consumers).

On my present Hurricane Electric tunnel (which comes with other problems that can't be easily avoided [0-2]), my latency to Europe and US-East is generally 5-10% better on IPv6. US-West depends on exactly where, due to the tunnel overhead (~5ms).

This is mostly down to better routing from what I've seen, but YMMV, and IPv6 routing does still suffer hiccups (Like last year when DTAG had a mis-configuration and rejecting lots of Hurricane Electric networks)

[0] If you happen to be going somewhere that's local, the tunnel overhead is the problem: servers locally in Vancouver are ~2ms via IPv4, and 10-30ms via IPv6 due to a Seattle round-trip.
[1] GeoIP data can be very wrong
[2] The tunnel IP ranges are classed as a VPN by some services, Netflix is a common consumer example and just blocks you using it over Hurricane Electric IPv6

TELUS Employee
TELUS Employee

Hey Rob, preaching to the choir on that one Smiley Happy

I have the account details necessary to flip this. The question is when you want it to happen. As soon as it's flipped, it will kill the existing IP session. You will need to reboot the T3200 or wait 2-4 hrs for it to come back on its own. The static IP associated to this account will also be released allowing another customer to grab it at some point. 

Please let me know when you wish to proceed.

Highlighted
robbat2
Connector

Let's go for it, now (before Noon pacific) is better than later.

If you want to confirm live, you can call me right [you have the account info!] before you're going to do it, and I can confirm IPv6 works after the flip.

robbat2
Connector

I see you just did it, and confirmed working IPv4 & IPv6 addresses now.

TELUS Employee
TELUS Employee

Awesome, I see it as well.

Let me know if this suits your needs. If it checks out, will send a note to the billing team to remove the static IP component. 

robbat2
Connector

Ok, so how to get no port blocking / static and still have IPv6 connectivity?

Splitting up the functionality:

  • IPv6 connectivity, via DHCPv6-PD
  • No port blocking (actually does still block Mirai botnet ports that target DSL modems, which is good)
  • Static IPv4 (via persistent leases from DHCP server with registered MAC, same 4 hour lease time as dynamic IPv4)
  • Static IPv6 (?? also persistent leases?)

Right now it's just a choice between:

Dynamic-Plan: IPv6 connectivity

Static-Plan: Static IPv4, No port blocking

Not available at all yet: Static IPv6

 

As a reasonable first step, offering base IPv6 connectivity to the static plan should happen. The static numbering for IPv6 can come later on.

Most Helpful
TELUS Employee
TELUS Employee

For now, it is one or the other. I know IPv6 / Server plans is on the roadmap in the future but there is no way I can provide specifics.

How do you wish to proceed? IPv6 connectivity with port blocking, or IPv4 only connectivity (with static IP) with no port blocking. 

robbat2
Connector

For now, IPv6 connectivity please. And put me down on a high priority list for IPv6-Server (or tell me who on the business side to phone up and bug!).

Reason for now: I'm doing a lot more IPv6 work these days than the need for no port blocking, and that takes business precedence (not sure about Telus's network, but at least other stuff I oversee, IPv6 is has recently exceeded 50% of all network bytes, heavily thanks to mobile users where IPv6 is much more common than home connections).

TELUS Employee
TELUS Employee

I have forwarded this thread to the powers that be.

In the meantime, are you good with this current setup? 

Do you want me to send a note to the billing team to remove billing for static IP? 

robbat2
Connector

Yes, please get billing to drop the static IP service for now.

TELUS Employee
TELUS Employee

I have sent a note off to our billing team, you will no longer be charged for static IP service.

Enjoy!