I can't get ipv6 on my LAN only my WAN

I am having problems getting IPv6 working on my network. It started when trying to get IPv6 to my Xbox One. I am getting IPv6 from my isp, who is Comcast. I have prefix on WAN6 but not on LAN.
This is my network config:

root@xxxxxxxxxxxxxx:~# cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdbf:b03b:0dab::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option ifname 'eth1'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'dhcp'

config interface 'wan6'
	option proto 'dhcpv6'
	option ifname 'eth1'
	option reqaddress 'try'
	option reqprefix 'auto'

Can you post the output of

ip address show

Or if you don't have it installed do ifconfig -a

Reading comcast forums a bit about getting more than a /64 it appears that comcast can do this, but that you tend to get bound in with whatever your router originally requested, so you might need to get a comcast tech support person to "release" your subnet so you can request a /56 or a /60.

On your router in LuCI go to the interfaces tab, select the WAN6 interface, and make sure it is requesting a prefix of length 56. Then save and graceful reboot your router. If you still don't get a prefix, try dropping it to a length 60. If you still don't get a prefix, try putting it back to 56, save, and then call comcast and tell them you have multiple networks in your house and you need your ipv6 prefix to be larger than a /64, ask them to release your prefix so you can request a larger one. Ask them what size prefixes they hand out. Then once they've done that, try a reboot to get the /56 prefix. If that doesn't work, drop it to a /60. Any ISP that insists on giving out less than a /60 is broken. And comcast is not broken with respect to ipv6 they actually spearheaded the rollout.

Here's a thread on comcast with a comcast engineer in 2012 saying they'd already enabled /60 back then, and were debugging it in 2013, so here in 2018 you should be able to get at least a /60 from Comcast https://forums.xfinity.com/t5/Your-Home-Network/IPv6-prefix-size-and-home-routing/td-p/1495933

1 Like
goblin@goblinking ~ $ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 10:bf:48:89:ba:fa brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.232/24 brd 192.168.1.255 scope global dynamic eno1
       valid_lft 42533sec preferred_lft 42533sec
    inet6 fd35:bad9:9ce5::5f1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fdbf:b03b:dab:0:81fc:f6ab:16f:f9e6/64 scope global temporary dynamic 
       valid_lft 604136sec preferred_lft 85210sec
    inet6 fdbf:b03b:dab:0:bdbb:ec26:5820:2055/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fd35:bad9:9ce5:0:81fc:f6ab:16f:f9e6/64 scope global temporary dynamic 
       valid_lft 604136sec preferred_lft 85210sec
    inet6 fd35:bad9:9ce5:0:b095:e7b3:b8d4:20d/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::95c:bb32:3790:a784/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether dc:85:de:3d:33:4d brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.192/24 brd 192.168.1.255 scope global dynamic wlp12s0
       valid_lft 42538sec preferred_lft 42538sec
    inet6 fd35:bad9:9ce5::5f1/128 scope global tentative dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fdbf:b03b:dab:0:533:c4ef:faf2:e4fc/64 scope global temporary dynamic 
       valid_lft 604140sec preferred_lft 85157sec
    inet6 fdbf:b03b:dab:0:332f:49bd:dcab:21e7/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fd35:bad9:9ce5:0:533:c4ef:faf2:e4fc/64 scope global temporary dynamic 
       valid_lft 604140sec preferred_lft 85157sec
    inet6 fd35:bad9:9ce5:0:34dc:e9d4:3bfb:cdaf/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::c569:519a:424:a7de/64 scope link 
       valid_lft forever preferred_lft forever

this is on your router? (I'm guessing not, probably a desktop or laptop running linux on your lan?) I only see one ethernet eno1 and no VLAN devices. Are you routing from ethernet to wireless with zero wired LAN network?

Also I see no public prefixes at all, but I do see two different ULAs:
fd35:bad9:9ce5:0:: and fdbf:b03b:dab:0::

maybe one of your APs is also advertising a ULA? You should probably advertise just ONE ULA on your LAN.

1 Like

I used putty to connect to the router with a mint linux computer that is hard wired to the switch. Do I need to be connected directly to router without switch?

eno1 has only a 192.168.1.232/24 ipv4 and a bunch of ULAs, this device has zero public IPs, how can it be your router? Perhaps you accidentally ran the "ip addr show" on the linux mint machine? ssh into the router again and run it on the router.

Edit: putty is a windows program, you probably want "ssh"

root@tubescreamer:~# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether aa:c0:b7:ff:7a:78 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 0e:f9:db:4e:81:4d brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
    link/ether fc:aa:14:61:2f:41 brd ff:ff:ff:ff:ff:ff
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP qlen 1000
    link/ether 00:50:b6:24:04:50 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.44/24 brd 10.0.0.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 2601:154:c201:88f0:250:b6ff:fe24:450/64 scope global dynamic 
       valid_lft 592sec preferred_lft 292sec
    inet6 2601:154:c201:88f0::ba58/128 scope global dynamic 
       valid_lft 603500sec preferred_lft 603500sec
    inet6 fe80::250:b6ff:fe24:450/64 scope link 
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether fc:aa:14:61:2f:41 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fdbf:b03b:dab::1/60 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::feaa:14ff:fe61:2f41/64 scope link 
       valid_lft forever preferred_lft forever
18: ifb4eth1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN qlen 32
    link/ether 3a:b0:cd:a5:0e:85 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::38b0:cdff:fea5:e85/64 scope link 
       valid_lft forever preferred_lft forever

Sorry about that chief

On phone with comcast now

So I just got off the phone with Comcast tech in the Phillipines. Looks like i have /60 on the LAN now.

root@tubescreamer:~# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether aa:c0:b7:ff:7a:78 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 0e:f9:db:4e:81:4d brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
    link/ether fc:aa:14:61:2f:41 brd ff:ff:ff:ff:ff:ff
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP qlen 1000
    link/ether 00:50:b6:24:04:50 brd ff:ff:ff:ff:ff:ff
    inet 73.129.37.1/22 brd 73.129.39.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 2001:558:6003:32:4d40:cad6:bdbb:43a/128 scope global dynamic 
       valid_lft 3458sec preferred_lft 3458sec
    inet6 fe80::250:b6ff:fe24:450/64 scope link 
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether fc:aa:14:61:2f:41 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2601:154:c201:c620::1/60 scope global dynamic 
       valid_lft 3458sec preferred_lft 3458sec
    inet6 fdbf:b03b:dab::1/60 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::feaa:14ff:fe61:2f41/64 scope link 
       valid_lft forever preferred_lft forever
36: ifb4eth1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN qlen 32
    link/ether 1e:cd:27:66:61:e7 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::1ccd:27ff:fe66:61e7/64 scope link 
       valid_lft forever preferred_lft forever
root@tubescreamer:~# ip adress show
BusyBox v1.25.1 () multi-call binary.

Usage: ip [OPTIONS] {address | route | link | rule} {COMMAND}

ip [OPTIONS] OBJECT {COMMAND}
where OBJECT := {address | route | link | rule}
OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }
1 Like
root@tubescreamer:~# ping6 -c 10 google.com
PING google.com (2607:f8b0:4004:801::200e): 56 data bytes
64 bytes from 2607:f8b0:4004:801::200e: seq=0 ttl=55 time=15.855 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=1 ttl=55 time=11.894 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=2 ttl=55 time=10.926 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=3 ttl=55 time=11.330 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=4 ttl=55 time=11.795 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=5 ttl=55 time=11.157 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=6 ttl=55 time=11.538 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=7 ttl=55 time=11.039 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=8 ttl=55 time=11.982 ms
64 bytes from 2607:f8b0:4004:801::200e: seq=9 ttl=55 time=12.086 ms

--- google.com ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 10.926/11.960/15.855 ms

So IPv6 seems to be working and it is working to Xbox Live. Thanks so much.

1 Like

You're welcome. Glad that was easy enough. Let me know how the xbox works now :wink:

1 Like

Trying it out now.

I've been reading about IPv6 and moved my router to OpenWRT so I can properly use IPv6, but I haven't yet found explanation on why we need a prefix bigger than /64.

Could somebody explain it or point to an article that do so? Why can't we create multiple networks with subnets shorter than /64, say it /70?

A /64 is the smallest possible subnet allowing SLAAC to work. While smaller subnets would be possible with DHCPv6 or manual assignment, they are not really viable and you'd be in a world of pain trying to use them.

2 Likes

Interesting... I still need to read and learn a lot about IPv6, I don't understand why there is this limitation.

Is this in case we need to segregate subnets inside the global prefix, like create multiple VLANs?

SLAAC requires /64 since the host generates its own 64 bit interface identifiers. This identifier used to be an EUI-64 containing a MAC-48. But this is not recommended nowadays. Instead you use an temporary or permanent opaque bit string.

With dhcpv6 you can use other prefixes. But some devices such as android don't support dhcpv6 which means SLAAC is recommended for LANs.

2 Likes