Pre-order the New Samsung Galaxy Z Flip4 & Galaxy Z Fold4 and, for a limited time, get twice the storage and a free case!
Need help with your equipment?
B

New Member

 • 

9 Messages

Mon, May 25, 2020 8:40 PM

ATT IPv6: Please Give US at least a /56 Subnet as RFC 6177 Specifies!

ATT is providing home uses an IPv6 subnet of /64. The orginal RFC specified that all ISP's should provide all end users a /48. That was modified in RFC 6177 to suggest at least a /56 to Home users. A /64 cannot be subnetted, so you can't use a router behind ATT's modem and subnet it for your interior network. In other words, ATT is seizing customers ability to benifit from IPv6, and why? Are they waiting to charge us more to get what we are supposed to be getting? Are 18 quadrillion networks and interfaces just not enough?

The bottom line ATT, we need a /56 to implement IPv6. Why are you not giving this to us? Please let us know when you are going to supply us the service we are paying for every month. Otherwise you are not delivering proper Internet service to any user you leave with only /64 as an option for IPv6.

ATTHelp

Community Support

 • 

196K Messages

2年前

Hey, @Bruski58. We appreciate your feedback!

 

We're always looking for ways to improve our internet service, and welcome your insight. 

 

Let us know if you have any other questions or concerns.

 

Ramses, AT&T Community Specialist

New Member

 • 

9 Messages

I spent days calling ATT tech support on this issue. I had to draw my own conclusions as there was no one who could address this issue. As a Networking specialist myself it’s clear to me what’s going on. It’s amazing that something this important and this huge an inpediment to implemeting IPv6 can’t be discussed by a customer with ATT directly. That’s why I came here. So thanks for responding, but based on past experience I will simply consider it to be a standard response that will go absolutely nowhere.

m00dawg

Teacher

 • 

21 Messages

2年前

Dang I somehow though this used to work, but I'm having the same issue. I'd like to be able to subnet things on IPv6 just as I do IPv4. I'm also paying for IPv4 static IPs. It'd be nice to have at least one more IPv6 network to use.

m00dawg

Teacher

 • 

21 Messages

2年前

This is the big that confuses me. When I look at my IPv6 info on my NVG589, I see:

Global Unicast IPv6 Address  2600:1700:XXXX:XXf0::1
IPv6 Addressing Subnet (including length)  2600:1700:XXXX:XXf0::/64
IPv6 Delegated Prefix Subnet (including length)  2600:1700:XXXX:XXff::/64 

the ff is what my router (behind the NVG) gives out using an address pool delegated from the NVG. But if my unicast is f0 but my delegated is ff...where about networks f1-fe?

New Member

 • 

9 Messages

2年前

The issue is that they should be delegating a /56 or /60 at least. When they delegate and push a /64 you can't subnet it. With my router there is no way to even implement it, because you can't subnet a /64. This setup is exclusively for those who use the ATT router as the router period. I do see some with other routers claiming they can request multiple delegated subnets, but that's a trick very few can potentially use, and it still does not address the issue, which is ATT is defying the IPv6 RFC's on providing a large enough subnet that we can subnet to our own routers. It's flat incompetent or purposeful because, well they feel like it.

BTW: I posted this 6 months ago and ATT has not done one thing to even address the issue. So no IPv6 for me according to them.

tinslwc

Teacher

 • 

209 Messages

2年前

I know this is 3 weeks old, but the ATT gateway device is delegated a /60.  No, it's not a /56, but it does contain 16 networks, so at least it is something. You can request multiple /64 delegations from the ATT device (max 8), so you are getting the useful equivalent of a /61.  The ATT GW will not give you anything larger than a /64 (or smaller for that matter, but as noted, you should not subnet a /64), but will give you 8x /64 networks.  Continuing from above, you would get 2600:1702:yyyy:zzz8 through f.  2600:1702:yyyy:zzz0 will always be the LAN side of the GW. Some of the GWs start at f and work back to 8, while others start at 8 and go forward.  I have service at 2 locations and pull all 8 PDs for both and then hand them out as I see fit.  Currently I have 4x /64 subnets in service at each location.

Is it ideal? no. I would prefer to terminate it myself and have the entire /60 delegation, but for those of us on Uverse DSL, that's not an option.

Does it work? absolutely. If you are using a Pace 5268ac, there are some caveats to deal with. I have no issues with a NVG-599 or BGW-210.

m00dawg

Teacher

 • 

21 Messages

2年前

I haven't done it yet but my plan is to use bridge-workaround with my Mikrotik CCR. Basically setting it on the same side as the fiber ethernet and let the NVG589 handle the negotiation/auth and then let the Mikrotik handle the rest. This seems to be the only way to get more than one IPv6 network on the backside. I had planned on doing this over Thanksgiving but figured I would be breaking our Internet access for a good full day to figure it all out.

The fault seems to be partly on the NVG side and partly on the Mikrotik side. This seems to be how most folks get around the issue. It would be nice if we could get the certificates/auth info needed to just avoid needing an ATT router at all and let my Mikrotik run the show, but this seems to be the next best thing.

tinslwc

Teacher

 • 

209 Messages

2年前

@m00dawg If you have fiber, what you are talking about will work.  For VDSL, we have to use their modem.  I've given consideration to using a VDSL2 media converter to Ethernet, then going to the ONT port on the NVG, but a compliant bridge modem will not pass the auth traffic.

I'm not sure you read my post.  You can request and use up to 8 /64 networks without modifying anything.  You cannot request anything other than a /64, but you can request multiple /64 in your DHCP6 client.  Then you can pass them out as you see fit.

m00dawg

Teacher

 • 

21 Messages

2年前

Oops sorry I should have acknowledged that more. Yep I read it and seems to fit with what I have seen as well. In that, I can get other delegations to my Mikrotik but the problem is I cannot request multiple networks via DHCPv6 using the same WAN uplink. I've heard some folks have had success using basically multiple uplinks and configuring that as such on the ATT router. I don't have enough ports for that and that also seems messy (the NVG589 doesn't do VLANs either or that might be one way around it).

I have been able to get other /64's than the one I'm normally given from the router. This was by accident when I was messing about with some SFP connectors. Not sure how I did it. It was only one though, just a different network address than my normal one. I've never been able to get multiple IPv6's for maybe a year or year and a half. I recall it used to work, but something changed on ATT's side that seems to have broken things.

All said, that's why setting up a bridge network between the Mikrotik and the ATT router seems to be the current workaround. There's a nice how-to on how to do it, though I'm hesitant to link it here just in case what I'm trying to do isn't exactly above board. It's pretty easy to find though for folks using Mikrotrik (the same solution is possible on other hardware as well though).

tinslwc

Teacher

 • 

209 Messages

2年前

I believe the Mikrotik uses DHCP6c, but I'm having trouble figuring out how to provide a custom configuration.  Maybe you know? Here is my client script:

# em0 is WAN interface, perform all client requests here.interface em0 {	# Request an address to use for our WAN address:	send ia-na 10;	# Request 8 prefix delegations:	send ia-pd 0;	send ia-pd 1;	send ia-pd 2;	send ia-pd 3;	send ia-pd 4;	send ia-pd 5;	send ia-pd 6;	send ia-pd 7;	send rapid-commit;	request domain-name-servers;	request domain-name;	script "/var/etc/dhcp6c_wan_script.sh";};id-assoc na 10 { };# Must have related is-assoc stanzas for each PD.# This is also where they could be applied dynamically to the LAN interfaces.# I statically assign mine because other management functions# work better.  One day, I might figure out how to get it right.# ATT IPv6 addresses have not changed in 2+ years.id-assoc pd 0 { };id-assoc pd 1 { };id-assoc pd 2 { };id-assoc pd 3 { };id-assoc pd 4 { };id-assoc pd 5 { };id-assoc pd 6 { };id-assoc pd 7 { };

This pulls all 8 available PDs into my router for distribution.

The main issue is that the ATT CPE is exactly that, CPE, and is terminating the provided /60.  Their configuration is only set to provide /64 networks.  Though experiment - Would you configure your router to pass out subnets larger than a /64?  Anyway, this is not a hack and so far all ATT devices I've worked with answer correctly.  DHCPv6 allows for requesting multiple addresses and PDs in a single transaction.  A proper configuration will make it work and give you 8x /64 networks to play with.

[edit]

And here is the corresponding response (renewal, trimmed out a bunch of details):

Dec 10 08:00:10 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx79::/64 pltime=3600, vltime=3600
Dec 10 08:00:10 	dhcp6c 	33626 	update an IA: PD-5
Dec 10 07:59:54 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7d::/64 pltime=3600, vltime=3600
Dec 10 07:59:54 	dhcp6c 	33626 	update an IA: PD-3
Dec 10 07:59:53 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7b::/64 pltime=3600, vltime=3600
Dec 10 07:59:53 	dhcp6c 	33626 	update an IA: PD-7
Dec 10 07:59:46 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7f::/64 pltime=3600, vltime=3600
Dec 10 07:59:46 	dhcp6c 	33626 	update an IA: PD-0
Dec 10 07:59:45 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7e::/64 pltime=3600, vltime=3600
Dec 10 07:59:45 	dhcp6c 	33626 	update an IA: PD-1
Dec 10 07:59:45 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7c::/64 pltime=3600, vltime=3600
Dec 10 07:59:45 	dhcp6c 	33626 	update an IA: PD-2
Dec 10 07:59:43 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx78::/64 pltime=3600, vltime=3600
Dec 10 07:59:43 	dhcp6c 	33626 	update an IA: PD-4
Dec 10 07:59:42 	dhcp6c 	33626 	update a prefix 2600:1702:xxxx:xx7a::/64 pltime=3600, vltime=3600
Dec 10 07:59:42 	dhcp6c 	33626 	update an IA: PD-6

[/edit]

(edited)

Gpz1100

Scholar

 • 

91 Messages

4分前

ref : https://forums.att.com/conversations/att-internet-features/att-ipv6-please-give-us-at-least-a-56-subnet-as-rfc-6177-specifies/5ecc2d48bd255023d68d2854?commentId=5fd1392a4d73274b86d64fca

@tinslwc

Is this 8 subnet limit a limitation when using the gateway (bgw210 or like)?

I'm fully bypassed and am offered the full /60 when doing PD request with dhclient6.

#cat eth2_na.leases6
default-duid "\000\001\000\001)\123\456\789\0ab\cde\f123\456\789";
lease6 {
  interface "eth2";
  ia-pd 11:22:33:44 {
    starts 16495xxxxx;
    renew 1800;
    rebind 2880;
    iaprefix 2600:1700:xxx:yyy::/60 {
      starts 16495xxxxx;
      preferred-life 3600;
      max-life 3600;
    }

For testing purposes I assigned 0,1,2,8, and f as the last digits of the /64 subnet. All worked fine and routed without issue.

Constructive

Employee

 • 

28.7K Messages

4分前

Year old post 

Gpz1100

Scholar

 • 

91 Messages

4分前

^^And?  Your post doesn't further this topic....

tinslwc

Teacher

 • 

209 Messages

4分前

@Gpz1100 Yes. It is a limitation of the ATT equipment. Since you have bypassed their RG, your equipment receives the full /60 to do what you like with.

I gained admin access to my NVG599 and can modify the dhcp6 service config to allow use of all 15 (remember, 0 is applied to the RG LAN segment). I am toying with modifying the bridging table in the NVG to bridge the VDSL to one of the Ethernet ports and then auth on my equipment, but haven't had time to tinker with it in a while. It's also been pretty stable, so not sure I want to mess with it. We don't have fiber available.

Constructive

Employee

 • 

28.7K Messages

4分前

No but start your own topic rather than resurrect a year old dead thread 

Gpz1100

Scholar

 • 

91 Messages

4分前

@tinslwc Thanks for clarifying.  I have not heard of this limitation before and was not aware it existed (or still exists) on the RG's.  If you're able to get a true bridge mode out of it, that would be ideal.  The bgw210 which is what I was provided with has a pseudo bridge mode called passthrough - more like fake bridge mode. You're probably aware, the RG is still handling NAT, traffic control, and likely phoning back to the mothership. It's been a good 3 years since I did the bypass.  The RG sits on a shelf collecting dust.

@Constructive I'm sorry you weren't loved as a child. Perhaps you should seek therapy.

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.