Understanding pushing IPv6 to LAN

OpenWRT version: 18.06.1 r7258-5eb055306f
Router: Linksys WRT1900ACS

Hello!
I'm trying to figure out why doesn't my router doesn't assign ipv6 addresses to my LAN.
My guess is that it doesn't support DHCPv6-Prefix Delegation. The hint is that despite the WAN6 configuration looks like the follwing:

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix '56'

The resulting ipv6 on WAN6 interface is /64. If reqaddress is set to 'force' for any reqprefix it fails to get an IPv6 address.

No problem here. Just nuances of my ISP. To fix this, I go to LUCI->Lan->IPV6 Settings and then set everything to relay in order to everything start working. However, it didn't.

This configuration reflects in /etc/config/dhcp as such:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
NEW:    option dhcpv6 'relay'
NEW:    option ra 'relay'

However this didn't work.

OpenWRT has a few documentation on this I had also to set the following.

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
NEW:    option ra 'relay'
NEW:    option dhcpv6 'relay'
NEW:    option ndp 'relay'
NEW:    option master '1'

And after a reboot LAN clients have IPv6 connectivity.

A few questions raise from this:

1. where are 'ra', 'dhcpv6 dhcp wan settings settings in LUCI?

2. Is it a bug that "wan" section needs configuration (post #5) instead of "wan6" as documentation suggests?

3. What does "master" option does?

I also noticed that Luci -> Network -> DHCP and DNS aren't aware of LAN IPv6 clients.

4. Am I firewalled or are my IPv6 LAN clients exposed in the internet?

5. How do I open a port for a LAN client? (e.g. ssh)

6. According to the same thread (post #6 of the same thread):

For prefix delegation to work downstream, there should be several /64 prefixes available (at least two, so that the Openwrt router would keep one for itself and its WAN side (=modem side) and assign the other for its LAN). When the Openwrt router gets assigned a only single /64, there is nothing to delegate further for its own LAN side.
Actually, your case might be for interest for the odhcpd developer (sbyx / CyrusFF), as the automatic switch from PD mode to relaying did not work. (Wiki gives you the impression that it should work.)

7. How do I check how many /64 did my ISP router attributed to OpenWRT router?

8. Is there any way to debug if Prefix Delegation is available?

9. This is not out of the box configuration. Should any of this be reported as a bug?

Sometimes the prefix delegation your originally requested gets bound to your account information at the ISP. They're happy to give you a 60 or 56 but once you've requested a 64 they just pin you to that 64. This can be alleviated by calling the ISP and requesting to reset your ipv6 prefix settings. I know this is true for Comcast at least because in a separate thread I helped someone and they did in fact get Comcast to give them a 56 this way.

Interesting. However I managed a way to setup this. Unsure if I am making a big mistake or not.
My ISP provides the following:

image731×369 7.45 KB

And if I setup ip6prefix - (Custom delegated IPv6-prefix) /etc/config/network like this:

config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option ip6prefix '2001:818:deef:XXXXX::/56'

(xxxx is an alias for privacy)

And /etc/config/dhcp ndp (NDP-Proxy) to hybrid (keeping everything else on LAN as server) like so:

config dhcp 'lan'
        option interface 'lan'
        (...)
        option dhcpv6 'server'
        option ra_management '1'
        option ra 'server'
        option ndp 'hybrid'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option dhcpv6 'relay'
        option ra 'relay'
        option ndp 'relay'
        option master '1'

it works! Don't know why?

Even DHCP status is now aware of ipv6 devices on the network,

How it looks in luci:

And what a client reports:

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2001:818:deef:xxxx:xxxx:91ff:fe10:d6bd  prefixlen 64  scopeid 0x0<global>
        inet6 2001:818:deef:xxxx::6d1  prefixlen 128  scopeid 0x0<global>
        inet6 fe80::96c6:91ff:fe10:d6bd  prefixlen 64  scopeid 0x20<link>
        inet6 fdf3:d8dd:365b:0:96c6:91ff:fe10:d6bd  prefixlen 64  scopeid 0x0<global>
        inet6 fdf3:d8dd:365b::6d1  prefixlen 128  scopeid 0x0<global>

Any explanation what's going on here is welcome

For working IPv6 you mainly need a delegated IPv6 prefix which is usually received using DHCPv6, and a default IPv6 route received via Router Advertisement. In your case you statically configured the IPv6 prefix. It should work as long as the ISP keeps that IPv6 prefix allocation in your account I guess.

If i do not setup /etc/config/dhcp wan RA, NDP and DHCPV6 fields as relay, it doesn't work.

And somehow is conflicting with setting same fields in 'lan' section as configured as "server".

So this not that linear. hum!

My inclination would be to reset to factory, it should work out of the box, maybe a reboot of ISP modem too.

Without *ip6prefix- ( Custom delegated IPv6-prefix ) in /etc/config/network and those /etc/config/dhcp "lan' configs it does not. even with resets and reboots.. that's why i'm trying to figure out what's happening

Have you called your ISP and told them that you can't get their hardware to delegate a /56 prefix to you?

Humm.. Going to try that!
Maybe it is delegated to my ISP's router, the one between openwrt and my ISP? going to contact them

I had this problem of ISP pushing /64 IPv6-PD.

All I did was copy the pushed IPv6-PD change the /64 to /56 and put it on the "Custom delegated IPv6-prefix" of my WAN6.

Now I have 3 vlans all working in IPv6.

Yeah, that's not going to work reliably. In order for packets to return to you the ISP must route them to you... if you start using additional addresses beyond what the ISP gave you, there is no way to know what will happen, it's entirely dependent on your ISP's situation. That this worked for you for a while is not a guarantee of anything.

I know it's not "reliable" but it's what I could come up with for the moment. (Suggestions welcome)

My ISP is NET (now Claro) in Brazil. I still have an open ticket with them to solve this. Hopes up.

One thing I forgot to mention is that all my vlan interfaces had the "Pv6 assignment length" set to 64.

If your ISP only assigns you a single /64, there's not much you can do about it and you will only be able to use a single /64 (i.e. no subnetting without breaking SLAAC, and without SLAAC Android phones will not work with IPv6).

My not "reliable" solution is not woking anymore. I suppose the ISP has done something to prevent what I did. My open ticket to solve the issue was never solved and just opened another one today, and sent it to regulatory agency (Anatel).

If any one could suggest anything would be nice. I'm starting to think of NAT6, and I really don't want to go down that path..

Just for keeping the info.

Technical support from Claro came to my place a couple of times after the ticket.
We had meetings on speakerphone together with their datacenter team and a big surprise came up.

They didn't know how I was getting IPv6, as they were not suppling it. As a different protocol the /64 I'm getting is being provided by the provider of their provider. Embratel is their provider and that's why they don't have any control on what is happening..

This is to show how things work over here, no one cares.
I will be changing my provider on the first oportunity, and they don't care also.

But for relaying you need to know all addresses that you want to relay, breaking SLAAC, no? I'd rather use bridging instead.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.