ATT IPv6: Please Give US at least a /56 Subnet as RFC 6177 Specifies!

Hey, @Bruski58. We appreciate your feedback!

We're always looking for ways to improve our internet service, and welcome your insight. 

Let us know if you have any other questions or concerns.

Ramses, AT&T Community Specialist

Dang I somehow though this used to work, but I'm having the same issue. I'd like to be able to subnet things on IPv6 just as I do IPv4. I'm also paying for IPv4 static IPs. It'd be nice to have at least one more IPv6 network to use.

This is the big that confuses me. When I look at my IPv6 info on my NVG589, I see:

Global Unicast IPv6 Address  2600:1700:XXXX:XXf0::1
IPv6 Addressing Subnet (including length)  2600:1700:XXXX:XXf0::/64
IPv6 Delegated Prefix Subnet (including length)  2600:1700:XXXX:XXff::/64 

the ff is what my router (behind the NVG) gives out using an address pool delegated from the NVG. But if my unicast is f0 but my delegated is ff...where about networks f1-fe?

The issue is that they should be delegating a /56 or /60 at least. When they delegate and push a /64 you can't subnet it. With my router there is no way to even implement it, because you can't subnet a /64. This setup is exclusively for those who use the ATT router as the router period. I do see some with other routers claiming they can request multiple delegated subnets, but that's a trick very few can potentially use, and it still does not address the issue, which is ATT is defying the IPv6 RFC's on providing a large enough subnet that we can subnet to our own routers. It's flat incompetent or purposeful because, well they feel like it.

BTW: I posted this 6 months ago and ATT has not done one thing to even address the issue. So no IPv6 for me according to them.

I know this is 3 weeks old, but the ATT gateway device is delegated a /60.  No, it's not a /56, but it does contain 16 networks, so at least it is something. You can request multiple /64 delegations from the ATT device (max 8), so you are getting the useful equivalent of a /61.  The ATT GW will not give you anything larger than a /64 (or smaller for that matter, but as noted, you should not subnet a /64), but will give you 8x /64 networks.  Continuing from above, you would get 2600:1702:yyyy:zzz8 through f.  2600:1702:yyyy:zzz0 will always be the LAN side of the GW. Some of the GWs start at f and work back to 8, while others start at 8 and go forward.  I have service at 2 locations and pull all 8 PDs for both and then hand them out as I see fit.  Currently I have 4x /64 subnets in service at each location.

Is it ideal? no. I would prefer to terminate it myself and have the entire /60 delegation, but for those of us on Uverse DSL, that's not an option.

Does it work? absolutely. If you are using a Pace 5268ac, there are some caveats to deal with. I have no issues with a NVG-599 or BGW-210.

I haven't done it yet but my plan is to use bridge-workaround with my Mikrotik CCR. Basically setting it on the same side as the fiber ethernet and let the NVG589 handle the negotiation/auth and then let the Mikrotik handle the rest. This seems to be the only way to get more than one IPv6 network on the backside. I had planned on doing this over Thanksgiving but figured I would be breaking our Internet access for a good full day to figure it all out.

The fault seems to be partly on the NVG side and partly on the Mikrotik side. This seems to be how most folks get around the issue. It would be nice if we could get the certificates/auth info needed to just avoid needing an ATT router at all and let my Mikrotik run the show, but this seems to be the next best thing.

@m00dawg If you have fiber, what you are talking about will work.  For VDSL, we have to use their modem.  I've given consideration to using a VDSL2 media converter to Ethernet, then going to the ONT port on the NVG, but a compliant bridge modem will not pass the auth traffic.

I'm not sure you read my post.  You can request and use up to 8 /64 networks without modifying anything.  You cannot request anything other than a /64, but you can request multiple /64 in your DHCP6 client.  Then you can pass them out as you see fit.

Oops sorry I should have acknowledged that more. Yep I read it and seems to fit with what I have seen as well. In that, I can get other delegations to my Mikrotik but the problem is I cannot request multiple networks via DHCPv6 using the same WAN uplink. I've heard some folks have had success using basically multiple uplinks and configuring that as such on the ATT router. I don't have enough ports for that and that also seems messy (the NVG589 doesn't do VLANs either or that might be one way around it).

I have been able to get other /64's than the one I'm normally given from the router. This was by accident when I was messing about with some SFP connectors. Not sure how I did it. It was only one though, just a different network address than my normal one. I've never been able to get multiple IPv6's for maybe a year or year and a half. I recall it used to work, but something changed on ATT's side that seems to have broken things.

All said, that's why setting up a bridge network between the Mikrotik and the ATT router seems to be the current workaround. There's a nice how-to on how to do it, though I'm hesitant to link it here just in case what I'm trying to do isn't exactly above board. It's pretty easy to find though for folks using Mikrotrik (the same solution is possible on other hardware as well though).

I believe the Mikrotik uses DHCP6c, but I'm having trouble figuring out how to provide a custom configuration.  Maybe you know? Here is my client script:

# em0 is WAN interface, perform all client requests here.interface em0 {	# Request an address to use for our WAN address:	send ia-na 10;	# Request 8 prefix delegations:	send ia-pd 0;	send ia-pd 1;	send ia-pd 2;	send ia-pd 3;	send ia-pd 4;	send ia-pd 5;	send ia-pd 6;	send ia-pd 7;	send rapid-commit;	request domain-name-servers;	request domain-name;	script "/var/etc/dhcp6c_wan_script.sh";};id-assoc na 10 { };# Must have related is-assoc stanzas for each PD.# This is also where they could be applied dynamically to the LAN interfaces.# I statically assign mine because other management functions# work better.  One day, I might figure out how to get it right.# ATT IPv6 addresses have not changed in 2+ years.id-assoc pd 0 { };id-assoc pd 1 { };id-assoc pd 2 { };id-assoc pd 3 { };id-assoc pd 4 { };id-assoc pd 5 { };id-assoc pd 6 { };id-assoc pd 7 { };

This pulls all 8 available PDs into my router for distribution.

The main issue is that the ATT CPE is exactly that, CPE, and is terminating the provided /60.  Their configuration is only set to provide /64 networks.  Though experiment - Would you configure your router to pass out subnets larger than a /64?  Anyway, this is not a hack and so far all ATT devices I've worked with answer correctly.  DHCPv6 allows for requesting multiple addresses and PDs in a single transaction.  A proper configuration will make it work and give you 8x /64 networks to play with.

[edit]

And here is the corresponding response (renewal, trimmed out a bunch of details):

Dec 10 08:00:10 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx79::/64 pltime=3600, vltime=3600
Dec 10 08:00:10 	dhcp6c 	33626 	update an IA: PD-5
Dec 10 07:59:54 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7d::/64 pltime=3600, vltime=3600
Dec 10 07:59:54 	dhcp6c 	33626 	update an IA: PD-3
Dec 10 07:59:53 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7b::/64 pltime=3600, vltime=3600
Dec 10 07:59:53 	dhcp6c 	33626 	update an IA: PD-7
Dec 10 07:59:46 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7f::/64 pltime=3600, vltime=3600
Dec 10 07:59:46 	dhcp6c 	33626 	update an IA: PD-0
Dec 10 07:59:45 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7e::/64 pltime=3600, vltime=3600
Dec 10 07:59:45 	dhcp6c 	33626 	update an IA: PD-1
Dec 10 07:59:45 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7c::/64 pltime=3600, vltime=3600
Dec 10 07:59:45 	dhcp6c 	33626 	update an IA: PD-2
Dec 10 07:59:43 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx78::/64 pltime=3600, vltime=3600
Dec 10 07:59:43 	dhcp6c 	33626 	update an IA: PD-4
Dec 10 07:59:42 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7a::/64 pltime=3600, vltime=3600
Dec 10 07:59:42 	dhcp6c 	33626 	update an IA: PD-6

[/edit]

ref : https://forums.att.com/conversations/att-internet-features/att-ipv6-please-give-us-at-least-a-56-subnet-as-rfc-6177-specifies/5ecc2d48bd255023d68d2854?commentId=5fd1392a4d73274b86d64fca

@tinslwc

Is this 8 subnet limit a limitation when using the gateway (bgw210 or like)?

I'm fully bypassed and am offered the full /60 when doing PD request with dhclient6.

#cat eth2_na.leases6
default-duid "\000\001\000\001)\123\456\789\0ab\cde\f123\456\789";
lease6 {
  interface "eth2";
  ia-pd 11:22:33:44 {
    starts 16495xxxxx;
    renew 1800;
    rebind 2880;
    iaprefix 2600:1700:xxx:yyy::/60 {
      starts 16495xxxxx;
      preferred-life 3600;
      max-life 3600;
    }

For testing purposes I assigned 0,1,2,8, and f as the last digits of the /64 subnet. All worked fine and routed without issue.