How to block Apple TV from assigning IPv6 ULA?

I know I should go to Apple's forum to ask but obviously there is no suitable answer.
New Apple TV 4K acting as router and giving out IPv6 (ULA) addresses
Why is my homepod soliciting IPv6 ULA's?

It assigned IPv6 addresses to my PC and Xbox's NICs, which caused a lot of errors in Openwrt's Upnp logs.

Fri Dec  9 05:47:29 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:29 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:49317 not from a LAN, ignoring
Fri Dec  9 05:47:30 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:30 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:62376 not from a LAN, ignoring
Fri Dec  9 05:47:31 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:31 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:62376 not from a LAN, ignoring
Fri Dec  9 05:47:32 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:32 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:62376 not from a LAN, ignoring
Fri Dec  9 05:47:33 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:33 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:65133 not from a LAN, ignoring
Fri Dec  9 05:47:34 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:34 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:65133 not from a LAN, ignoring
Fri Dec  9 05:47:35 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:35 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:65133 not from a LAN, ignoring
Fri Dec  9 05:47:36 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:36 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:52755 not from a LAN, ignoring
Fri Dec  9 05:47:37 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:37 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:52755 not from a LAN, ignoring
Fri Dec  9 05:47:38 2022 daemon.err miniupnpd[5021]: NLMSG_ERROR -113 : Host is unreachable
Fri Dec  9 05:47:38 2022 daemon.warn miniupnpd[5021]: PCP packet sender [fd08:9930:f707:46c0:ae0:8751:469d:e8ea]:52755 not from a LAN, ignoring

I tried to set the IPv6 ULA for Openwrt to fd08:9930:f707::/48, but it still does not clear these warning logs.

In fact, I am not using this IoT network at all, so the following options are available:

  1. Turn it off on Apple TV, but I don't know how to do it.
  2. Divide Apple TV into a separate VLAN but AirPlay doesn't seem to work.
  3. Other methods
  4. Just Ignore it.

Is there any better practice?

Do you get ipv6 service from your isp? How do you have ipv6 service configured for the lan interface on openwrt?

Enable ULA on your real router, apple will probably stop trying to be a router then... My guess.

Apple probably relies on IPV6 features as they should be able to do in 2022. You're way behind the times disabling Ipv6. Is there anything on your Lan that actually breaks with Ipv6 turned on?

Just turn off IPV6 everywhere... interfaces, devices, IPv6 ULA-Prefix, DHCP. Simplifies your network and eliminates issues especially with DNS.

You can filter those to not get to miniupnpd using a firewall rule.
Or you can configure OpenWrt to assign an address IPv6 on the LAN interface using whatever the TV is sending out.
Or, you can set option ipv6_disable 'yes' in upnpd conf.

First, I need IPv6, so I won't disable it from Openwrt. I have IPv6 from ISP and use Openwrt's default settings. Second, as I described above, changing Openwrt's ULA prefix doesn't change anything else. Even if you completely disable IPv6 functions on your network, the Apple TV will still give your NIC an IPv6 address. It is possible to have two DHCPv6 servers in one network.

1 Like

Option 2 probably works, at least the part about contacting devices from another vlan, but you need to add a reflector. See this thread

https://forum.openwrt.org/t/airplay-screen-mirroring-on-appletv-on-vlan-segregated-network/136943/2?u=ramon

And where i show the solution

https://forum.openwrt.org/t/printing-from-ipad-over-wireguard/87508/12?u=ramon

The title of the topic and the first link you've mentioned are misleading, thought that you don't want any IPv6 in your network, sorry :slight_smile:
If you want to use that ULA on the router (and probably get rid of the warning) the easiest way is probably this:

config interface 'lan_client_6'
        option proto 'dhcpv6'
        option device '@lan'
        option reqaddress 'try'
        option delegate '0'
        option reqprefix 'no'

in /etc/config/network
Can't hurt to try.

It works. Finally, I choose option 1, since that the thread network can be turned off in apple tv settings --> AirPlay and HomeKit --> HOME HUB. I didn't notice before that there was a clickable button there.

Your guess is no good. IPv6 is designed to support multiple routers each announcing one or more prefixes on a link. It's not a bug it's a very useful feature. "Normally" you would have total controll what routers are in your network and what they are sending. In a "typical" enterprise network a switch would (configured to do so) filter these unwanted RA.

Apple really decides that it always announces itself as a router for a ULA? That seems like poor behavior.

Can't not comment on that because I have no info but if so, then yes at least it sounds pretty wired. But I'm also not sure as "what" these devices are sold :man_shrugging:

It's a fancy TV screen. Shouldn't be adverting as a router unless there is no IPv6 on the network and it needs Ipv6 for features. Which Is why I say hopefully if your router adverts a proper ULA already it should hopefully stop.

I get your thinking but do you/we know this for sure because the product manual said so or is it wishful thinking?

No definitely don't know it for sure. I'd just hope that they are better behaved than broadcasting router adverts on every network they get connected to.

But that's my point if these devices are also routers, then the need to send RA. If there is some magic happens here involved and they also listen for RA and switch they behavior then they would not stop to send but set the lifetime to 0. That's at least how I understood the RFCs which cover icmpv6 and RA. But in general, if these devices do not act as a default gateway then they should not announce it but it is totally fine that they just announce an ULA prefix and optional specific routes.

It's a TV, it's not a router. It's only connected to a single network. I'm virtually certain they announce a ULA so that they can have Ipv6 addresses so they can do things like service discovery or remote control over Ipv6 multicast. If someone else is already announcing ULA they should shut the hell up. Doesn't mean they do, but any device that automatically announces ULA and it can't be turned off is a bad actor in my book. As someone mentioned, this is what RA guard is for in your switches.

If you read carefully above where the OP replied, you'll learn something

1 Like

Even if a device is connected only on a single link it can be a router. Like, take a dice and get a new ULA and announce that ULA prefix onlink by your laptop. Because like for instance you want to use this dedicated ULA prefix for containers or VMs on your laptop. Totally valid use case. A router is a router if it forwards packets. Ok this should be enough off topic talk for now :slightly_smiling_face:

That's not what my Apple TV (earlier 4K model) does/did. It would announce its own ULA prefix until someone else started doing it...so when I turned on IPv6 on my OpenWrt router, the Apple TV stopped announcing any ULA prefixes.
But, perhaps in this case it's the newer Apple TV models that support Thread networking that need to manage that side of things?