D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-860L => Topic started by: publius21 on March 26, 2014, 07:43:48 PM
-
I'm trying to get IPv6 working and having problems. I'm using a cable modem with Charter Communications. Charter doesn't provide native ipv6, but they do offer a 6rd border relay. Well, on inputting the information, something funny goes on.
It seems to set its LAN ipv6 address fine, but it shows a blank for the WAN side ipv6 address, and the route table looks wrong. The default gateway is listed as "::68.114.165.1", which is the ip4 address of the 6rd relay, but with no prefix or anything. It can't be pinged, nor can the IPv6 DNS server addresses (supplied by Charter and entered in the 6rd setup page)
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=41537.0)
- What Hardware version is your router? Look at sticker under router.
- Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
- What region are you located?
- Are you wired or wireless connected to the router?
Internet Service Provider and Modem Configurations
- What ISP Service do you have? Cable or DSL?
- What ISP Modem Mfr. and model # do you have?
- What ISP Modem service link speeds UP and Down do you have?
-
Thanks for the reply. I'm running the latest firmware, v1.08 which I just downloaded and flashed/upgraded to see if that helped. It had 1.07 out of the box; the hardware version is listed as A1.
I'm in the Greenville, SC area, with Charter Communications using a cable modem.
I'm connecting via *wired* Ethernet, gigabit speed, and I've currently disabled wireless (I want to get everything set up properly on the wired LAN before I start fooling with wireless :) ).
The cable modem is a Motorola Surfboard v3, which lists this on its help page:
Software Version: SB5100-2.3.8.0-GA-00-NOSH
Hardware Version: 3
MIB Version: II
GUI Version: 1.0
VxWorks Version: 5.4
Downlink speed is 30Mbps, and I can peak about that, but it will average about 20Mbps for a decent server. Uplink speed is around 3Mbps
-
As near as I can tell, the thing is not correctly generating the WAN IPv6 address, when the 6rd IP4 mask length is set to zero.
I was fooling around and stumbled on this by changing the mask length to some non-zero value. When I do so, it chops off the approriate number of bits and does generate a WAN IPv6 address, but this is of course not valid and it doesn't work. I tried to manually enter the top bits (of my IP4 address) in the prefix field and change the prefix length, but that doesn't appear to work either. It just still appends the chopped off value to the 32 bit prefix.
At any rate, the problem appears to be that it fails to generate a proper WAN IP6 address when the IP4 mask length is set to zero.
-
I'm hoping that one of our resident IPv6 users can help with this...PacketTracer
Were seeing some issues with IPv6 features on D-Link routers:
http://forums.dlink.com/index.php?topic=58287.0 (http://forums.dlink.com/index.php?topic=58287.0)
-
One question, is the cable modem IPv6 supporting? ??? I'm not fully sure if the SB 5 series is or not. I know the SB 6 series modems are...
-
You know, I was thinking of that. Since a 6rd connection is supposed to be a tunnel, with the router wrapping the IPv6 packets inside IP4 packets to the border relay, I didn't think it mattered, since the cable modem should just be passing IP4 packets as normal.
However..... you never can tell. Something screwy could be going on and I will try to find out.
-
Ya, logic would stay and if everything is being wrapped up in IPv4 that the modem should be able to handle it regardless of IPv6 support or not, however anything could happen. Just trying to help narrow down the issue and any possible problems that may effect correct configuration.
I presume that any encapsulation or wrapping of IPv6 information with in IPv4 should work...I hope PacketTracer will come online and review this. He's the IPv6 guru here. ;D
-
I would love for someone who has tried a 6rd connection with this router, 860L, to chime in. If someone has, and it works, then we'd know it was something screwy here or maybe with Charter itself. I know little of the innards of 6rd, but maybe there's some sort of handshake involved, and Charter does something the 860L's firmware doesn't like.
In the meantime, I may try to set up Tunnel Broker and see if that will work. If I could get a hold of another brand router with known IPv6 6rd support (and not have to buy it! :) ) I'd try that. If it failed as well, then I'd be pretty sure it was something about the modem/Charter.
-
Well, that was fast. I registered and set up up Tunnel Broker account, and it works. At least on the 860L itself. I can ping ip6 addresses just fine from the router. So that apparently tells us the SB5100 is passing these wrapped packets, and Charter is letting them through its network, at least in that tunnel format. And it tells us this 860L here can do IPv6 when it gets a proper connection.
Now that I've got a working IPv6 connection, I'll play around with getting it through on the LAN side.
-
Hi publius21,
6rd protocol is specified in RFC5969 (http://tools.ietf.org/html/rfc5969). I'd recommend you take the time (about half an hour) to read and understand it.
... but it shows a blank for the WAN side ipv6 address.
The definition of "CE WAN side (http://tools.ietf.org/html/rfc5969#page-5)" in RFC5969 (http://tools.ietf.org/html/rfc5969) says:
CE WAN side:
"The functionality of a 6rd CE that serves the "Wide Area Network (WAN)" or "Service Provider-facing" side of the CE. The CE WAN side is IPv4-only."
Hence, if D-Link's implementation of 6rd strictly conforms to RFC5969 (http://tools.ietf.org/html/rfc5969), the WAN side shouldn't have an IPv6 address - and this corresponds to what you see (a WAN IPv6 address isn't needed, because the router can use its LAN side IPv6 address if it wants to talk to the IPv6-Internet - this is a general observation true for IPv6 and not specific for 6rd)
However, many router manufacturers try to derive a /64 prefix for use on the WAN uplink from the IPv6 prefix delegated to the router for use inside the LAN if the router wasn't assigned a global /64 WAN prefix by the ISP. This is especially the case for 6rd and hence D-Link's IPv6 implementation might try to derive a /64 WAN prefix from the "Assigned IPv6 Prefix" (called "6rd delegated prefix" in RFC5969 (http://tools.ietf.org/html/rfc5969#page-4))". And this only works if the prefix length of the "6rd delegated prefix" is shorter than 64, because otherwise the 6rd delegated prefix would be completely consumed for LAN addressing with no second /64 prefix left for use on the WAN uplink.
Hence, if Charter's 6rd configuration uses a "6rd IPv6 Prefix" length of 32 and an "IPv4 Address Mask Length" of 0 (meaning all 32 bits of the IPv4 WAN address are appended to the 6rd IPv6 Prefix to form the "Assigned IPv6 Prefix"/"6rd delegated prefix") this would result in an "Assigned IPv6 Prefix"/"6rd delegated prefix" that is completely consumed for LAN addressing. If D-Link's 6rd implementation tries to derive a WAN prefix in this situation (clearly being an implementation error) it might fail and maybe this is what you observe.
But be careful:
- Does charter support "6rd DHCPv4 Option"? If so, try it and see if it works
- If Charter demands a manual configuration: Are you sure you got the right configuration values for "6rd IPv6 Prefix" and "IPv4 Address Mask Length"?
Could you post a screenshot of your 6rd SETTINGS?
PT
-
Thanks for jumping in, PacketTracer. We've got someone who knows this stuff now.
So, the 6rd doesn't even use a separate WAN IP address. Gotcha. Makes sense now. I was thinking it would need one, and the ISP would route all LAN side packets to that, letting the router forward it to the LAN side. But I can see how you could set it up not to need one really, since it's a tunnel and the IP4 network gets it to the router's WAN IP4 address.
I'll read over the rest of your reply and try. If you didn't catch the last message, I did get a working IPv6 setup via a TunnelBroker tunnel, which worked like a charm.
Charter's 6rd Border Relay info is here on this page:
http://www.myaccount.charter.com/customers/Support.aspx?SupportArticleID=2665
Scroll down to the "Preparing for IPv6" section. That's the information I entered in, and checked it. When I enable it, I can't ping anything, including the default gateway, which is listed as ::IP4Border, where IP4Border is the IP4 address of the border relay. Since I got the Tunnel Broker tunnel working, I'll be playing with that for a bit, and I'll get some screeen shots of the 6rd status later tonight.
-
Hi again,
according to "Preparing for IPv6 (http://www.myaccount.charter.com/customers/Support.aspx?SupportArticleID=2665#ipv6prep)" we have:
6rd Prefix = 2602:100::/32
IPv4 mask length = 0
Hence with a IPv4 WAN address W.X.Y.Z you'll get an "Assigned IPv6 Prefix"/"6rd delegated prefix" of the form 2602:100:h(W)h(X):h(Y)h(Z)::/64 (h(D) meaning the hexadecimal value corresponding to a decimal value D). This is just enough address space for use inside your LAN with no space left to derive a second /64 for use on the WAN link - a situation your D-Link model might not handle, if it wants to derive a /64 WAN prefix out of "6rd delegated prefix" space (although not needed according to 6rd standard). Maybe your router model only works with 6rd delegated prefix length shorter than 64 (meaning 6rd Prefix length < 32 and/or IPv4 mask length > 0).
PT
-
OK, here the (text) of the IP6 Status page after turning 6rd back on with Charter's border info (with my own IP address info "xxxx"d out:
IPv6 Connection Type : 6RD
Network Status : Connected
Connection Up Time : 0 Day 0 Hour 36 Min 11 Sec
WAN IPv6 Address : None
IPv6 Default Gateway : ::68.114.165.1
Primary IPv6 DNS Server : 2607:f428:1::5353:1
Secondary IPv6 DNS Server : 2607:f428:2::5353:1
LAN IPv6 Link-Local Address : fe80::xxxx:xxxx:xxxx:xxxx/64
DHCP-PD : Enabled
IPv6 Network assigned by DHCP-PD : None
LAN IPv6 Address : 2602:100:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/64
The LAN IPv6 Address is correct. The two blocks after the prefix are my public IP4 address, followed by the standard MAC-derived 64 bit lower half.
Oh, and you asked about the 6rd DHCP option. Charter doesn't offer that and it doesn't work. I've also tried the "enable hub and spoke" mode on and off with no effect.
-
From within the router: Can you ping the address 2602:100:4472:a501:: ?
-
No, 2602:100:4472:a501:: doesn't work. The only thing that will ping is it's own LAN IPv6 address.
Here's the route table it generates:
Destination IP Gateway Metric Interface
::/96 :: 256 INTERNET
2602:100:xxxx:xxxx::/64 :: 256 LAN
::/0 ::68.114.165.1 1 INTERNET
So according to that anything which is all zeroes except for the last 32 bits is supposed to go "over the wire" directly, and anything else not on the LAN goes to the gateway, which it seems is supposed to be all zeroes prepended to the border relay's IP4 address.
:: works as well as ::1, and lo and behold, I pinged my own WAN IP4 address in the form ::IP4 and that worked. But that's the only thing that works and I wonder if the router just knows that itself.
[Note: Edited after posting to "xxxx" my own IP4 info, which I forgot to do on initial posting...]
-
Incidently, now that I've got the Tunnel Broker tunnel running, I've been playing with getting IPv6 internet working on the LAN side and I've run into the broken firewall problems I saw reference to. I've got to disable "IPv6 Simple Security" in order to ping any remote IPv6 address, including the default gateway on the tunnel. This worries me that I'll be wide open on the IPv6 space.
And second, and I don't know if this in Windows 7 (which I switched to first because it's supposed to more IPv6 enabled by default) or the 860L, I discovered it couldn't get a default gateway. I tried several things and finally had to add the default route manually. Now, I need to get the DNS servers added manually.
-
Well, after I got Win7's IPv6 running (10/10 on that ipv6 test page), I booted Win 8.1 to configure it. It did better, having full ipv6 internet access right on boot-up. Unlike Win 7, it had a default gateway. It was set to the link-local address of the router, but it worked, and it had all the other correct subnet routes set.
It still didn't pick up the IPv6 DNS server, but Charter's IP4 DNS returns IPv6 records anyway, I see, so everything worked.
-
Hi again,
No, 2602:100:4472:a501:: doesn't work. The only thing that will ping is it's own LAN IPv6 address.
Here's the route table it generates:
Destination IP Gateway Metric Interface
::/96 :: 256 INTERNET
2602:100:xxxx:xxxx::/64 :: 256 LAN
::/0 ::68.114.165.1 1 INTERNET
So according to that anything which is all zeroes except for the last 32 bits is supposed to go "over the wire" directly, and anything else not on the LAN goes to the gateway, which it seems is supposed to be all zeroes prepended to the border relay's IP4 address.
Well, the routing table entry for ::/96 looks like the transformation of the corresponding IPv4 default route into its so called "IPv4-Compatible" counterpart, see RFC4291 (http://tools.ietf.org/html/rfc4291#section-2.5.5), hence the retransformed IPv4 default route would look like this:
Destination IP Gateway Metric Interface
0.0.0.0/0 0.0.0.0 256 INTERNET
That's strange as I would expect to see 68.114.165.1 as Gateway value here. Hence the "IPv4-Compatible" transformation should look like this:
Destination IP Gateway Metric Interface
::/96 ::68.114.165.1 256 INTERNET
Note, that for your normal IPv4 traffic you have another "real" IPv4 default route with another Gateway value (look at your IPv4 routing table), the above "IPv4-Compatible" form is obviously meant for IPv4 packets that contain tunneled IPv6 packets for 6rd.
In addition the IPv6 default route ::/0 looks wrong to me. According to the example at the end of chapter 7.1.1 in RFC5969 (http://tools.ietf.org/html/rfc5969#page-10) I would expect to see the following instead:
Destination IP Gateway Metric Interface
::/0 2602:100:4472:a501:: 1 INTERNET
(Here 4472:a501 results from a hex transformation of the BR IPv4 address 68.114.165.1)
But okay, of course I don't know D-Link engineers' ideas behind their implementation, hence I might completely misinterpret these routing table entries.
Incidently, now that I've got the Tunnel Broker tunnel running, I've been playing with getting IPv6 internet working on the LAN side and I've run into the broken firewall problems I saw reference to. I've got to disable "IPv6 Simple Security" in order to ping any remote IPv6 address, including the default gateway on the tunnel. This worries me that I'll be wide open on the IPv6 space.
The need to disable "IPv6 Simple Security" contradicts the results in [4] (http://forums.dlink.com/index.php?topic=58287.0) where in contrast to your result the enabling of "IPv6 Simple Security" failed to protect the LAN from unsolicited IPv6 traffic WAN-->LAN while a disabled "IPv6 Simple Security" did not block outgoing IPv6 packets and their responses as is the case with your box. But maybe in your case you also had enabled the IPv6 firewall and that (or your newer fw version) might explain the different results.
Maybe your negative results with 6rd might also be due to an IPv6 firewall issue. Did you test 6rd with disabled "IPv6 Simple Security" and disabled IPv6 firewall?
But anyway: The results in [4] (http://forums.dlink.com/index.php?topic=58287.0) show that you shouldn't use a DIR-860L for IPv6 access as long as there is no firmware version available that fixes its IPv6 firewall issues.
I booted Win 8.1 to configure it. It did better, having full ipv6 internet access right on boot-up. Unlike Win 7, it had a default gateway. It was set to the link-local address of the router, but it worked
The mechanism your Windows 8 uses to learn its IPv6 default gateway is SLAAC (Stateless Address Autoconfiguration). With SLAAC automatically learned default gateways are always the link-local addresses of the routers, hence nothing's wrong with this.
PT
-
Thanks again for the explanations. I tried 6rdt both with and without "Simple Security" enabled and nothing. With the Tunnel Broker connection, the router itself can ping IPv6 addresses fine, it just seems to fail to let anything pass to the LAN side -- that is no machine on the LAN can ping anything. Turn it off and everything works. This is firmware 1.08. The thing came out of the box with v1.07, and the first thing I did when I couldn't get 6rd to work was load the new firmware to see if it fixed it.
I did run a IPv6 port scan (from Win7) and everything (at least the well-known ports) was "stealth" save for one port, TCP 135, which was open. I'm pretty sure that was the Windows firewall, and not the 860L.
-
Hi
I did run a IPv6 port scan (from Win7) and everything (at least the well-known ports) was "stealth" save for one port, TCP 135, which was open. I'm pretty sure that was the Windows firewall, and not the 860L.
Of course! Switch Windows firewall off for testing purpose and you will see how D-Link's IPv6 firewall "protects" you...
PT
-
Any status on this ? ???