Pre-order the New Samsung Galaxy Z Flip4 & Galaxy Z Fold4 and, for a limited time, get twice the storage and a free case!
Get superfast AT&T Fiber internet
showergel's profile
showergel
#1 Star!
The 5th element!
10th stratosphere!

Teacher

 • 

15 Messages

Thu, Apr 16, 2020 10:20 PM

IPv6 Prefix Delegation to 3rd Party Router, Not Working (2020 Edition)

Hello!

I've posted about this before; ultimately there was no solution in 2019, so trying again in 2020. The goal is to use a 3rd party router behind the ATT modem in DMZPlus mode, exactly as prescribed by ATT. This means no switch swapping, no certificate hacking, no eapol fowarding.

What currently happens on a Pace 5268AC, firmware 11.5.1.532678-att, with a cradlepoint 4g router (I used to use pfsense) set as follows:

Firewall: Disabled

Address assignment: Public

WAN IP Mapping: Router WAN IP Address

Cascaded Router: No

SLAAC IPv6 Address: (whatever it is currently assigned)

Address from IPv6 Pool: something:fd10::something

Assign Fixed IPv6 Address: None

Prefix from DHCP6 Pool: something:fd18::/64

IPv6 delegation something::fd10::/60

When I observe the WAN interface on the Cradlepoint I see what I expect from IPv4. IPv6 is set on the WAN interface, but did not send a prefix delegation for the CradlePoint's DHCP6 server:

IPv6 Address something:fd10::763 /128

IPv6 DNS something:fd10::1

State : connected

Manufacturer : Cradlepoint

IP Address : att public ipv4 address

Netmask : 255.255.252.0

Gateway : att public ipv4 address

DNS Servers : att modem private ipv4 address

The Cradlepoint log is pretty clear with what the ATT Modem offered:

Thu Apr 16th 15:26:11 2020 WAN:IPPT.Auto6 INFO ip6info={

'ip_addresses': [('something:fd10:something', 64)],

'routes': [('something:fd10::', 60, 'fe80::something', '512'), ('::', 0, 'fe80::something', '1024'), ('something:fd10::', 64, '', '256')],

'dns': ['something:fd10::1'],

'pd_prefixes': [],

'pd_excluded': [],

'ip_address': 'something:fd10:something',

'prefixlen': 64,

'gateway': 'fe80::something',

'delegated_prefixes': [],

'reserved_addresses': ['something:fd10:something'],

'dnslist': ['something:fd10::1']}

Noting that the Cradlepoint is not being delegated a /64 prefix, which is what the cradlepoint is requesting in its DHCPv6. It should be getting the ::fd18::/64 prefix from the Pace router, but it is not providing the PD.

ATTHelp

Community Support

 • 

195.4K Messages

2年前

We are here to help, @showergel.

 

We recommend that you use DMZ plus to bridge your third party gateway to your AT&T gateway.

 

If you have any other questions about this, you can contact our paid service Connectech.

 

Let us know if this helps.

 

Marc, AT&T Community Specialist

showergel

Teacher

 • 

15 Messages

@ATTHelp Unfortunately no, that isn't helpful. The first paragraph mentioned the goal is setting this solution up in a supported DMZPlus mode configuration and the second paragraph is the DMZPlus configuration. I have my router configured exactly as requested.

The problem is the ATT modem is not handing out the IPv6 Prefix delegation to the 3rd party router. All the data is above. This problem has persisted across multiple vendor routers over the last year, the only consistent factor is the ATT modem itself.

The modem should be handing out either multiple /64s or a larger /62. I understand the modem itself requests a /60 and it reserves half (8) of the (16) networks and should be able to delegate the other half to any device that requests it. However I cannot pull a /64, /63, or /62 from the ATT modem. It simply does not grant the delegation request; seemingly ignoring the request altogether.

tinslwc

Teacher

 • 

209 Messages

It will pass out multiple /64s, but nothing larger than a /64. I think you can only get 8, but I haven't tried anything more than 8. Once problem I had with the 5268 (on FW 11.3.x) was that it would issue the PD lease for 1 week, but would 'forget' it after about a day (which removes the PD from the routing table and then it will not work anymore until renewed). I could force a renew and get it back, but never could figure out how to script it with pfSense. The timing of when it would quit could be anywhere from a couple hours to a couple days. It was very bizarre. See this post.

The NVG599 issues leases for 4 hours I think, so it renews in 2 hours. I haven't had any problems with the 599 and it has been in service for 153 days as of right now.

showergel

Teacher

 • 

15 Messages

@tinslwc - thanks for the info! When I had pfSense, I saw similar behavior to what you described in your post. I found it odd that only one PD /64 could be requested and never thought to try pulling the PD via manual IA configuration .. and the apparent pain that causes in the GUI.

What's interesting in my scenario is I don't get a PD offer at all. Rebooting the 5268 doesn't help matters. I also seem to get snagged by the 'bug' that limits 3rd party router performance to about 250mbit instead of the 1000mbit (920ish, realistically) I pay for.

I'm thinking it may be time to switch out for the BGW210 unless there's a newer model out there.

tinslwc

Teacher

 • 

209 Messages

It has been 6 months since I powered up my 5268, but I think there was a setting to enable prefix delegation in it. You may want to check for that. I'll pull mine out tomorrow and peruse the menus and see what I can find. I also wouldn't be surprised if you run into the VL issues I had with the Pace.

Even without DMZ+, you should still be able to do IPv6 PD. Following the workaround (basically forwarding all packets to your router, but keeping its WAN address in the private space), you should be able to get max speeds. I'm on 18/2 DSL so I never hit the speed issue on DMZ+. Only down side is your router doesn't know its public IP4 address, but there are workarounds for this.
tinslwc

Teacher

 • 

209 Messages

I haven't plugged in my 5268, but I did find this page on my (in service) 599. So this may be what I was remembering.

Contributor

 • 

3 Messages

1年前

Found this thread searching to do the same on my pfsense box.  Eventually found this link, and just like you said, it has to be configured manually in config files for each LAN-side interface to ask for a /64.  Not sure if the same can be done on your cradlepoint.

https://github.com/lilchancep/att-pfsense-ipv6

I also have the latest RG, which is a Nokia BGW320-505.  I'm hitting full speed (500 symmetric, 600+ on speed tests and steam dl et al) with the BGW only plugged into my pfsense box (3 interfaces) via IP-passthrough.

tinslwc

Teacher

 • 

209 Messages

1年前

That GitHub page was the evolution of the work that I helped him with on this forum.  Not really sure what happened, but I cannot find the original post with all the good details.

(edited)

tonydi

ACE - Guru

 • 

6.1K Messages

1年前

@tinslwc   It may be in there, look at the bottom of the post just before herozero's post and click the View other replies link.  You'll see that same link repeated over and over as you expand and hopefully your post is in there someplace.

tinslwc

Teacher

 • 

209 Messages

1年前

@tonydi Apparently I'm a DA. This is the thread we worked it out on. Just didn't see that it had been collapsed.

tonydi

ACE - Guru

 • 

6.1K Messages

1年前

I don't know what a "DA" is in this context.  The collapsed thread seems to be an anomaly and I'm trying to make sure it doesn't rear its ugly head again. ;-)

tinslwc

Teacher

 • 

209 Messages

1年前

@tonydi DA = donkey with a lack of intelligence.

tonydi

ACE - Guru

 • 

6.1K Messages

1年前

LOL.....I've seen your posts and I'm pretty sure you need to drop that description.

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.