Explore & discover

Helpful Links

nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

Contributor

nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

I just got my update to 9.2.2h0d88 on 10/17/17. I initially had the corrupt database issue upon inspection, so I though this was the issue with slow connectivity. After wiping the 589 with a full reset, and re-configuring the issue still existed. This issue was around 3-10 seconds of normal throughput followed by a 1-3 second "hang" (numerous pings returned over 1000ms). This was evidenced by running ping through to a known good destination "8.8.8.8" and to the device address itself "192.168.1.254" with these consistent results. Additionally the interface on the 589 also would hang between clicks at the same time the ping times would fluctuate. For some reason I decided to shutdown the 6in4 tunnel I had going to HE, and like magic pings were back to normal. So extensive testing revealed that this is the issue. This was working prior to the upgrade, and I have had to move the tunnel off to another connection. ESP header forwarding and ESP ALG have both been enabled as usual. What has changed, and will there be a workaround? 

610 Views
Message 1 of 9
Administrator

Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

Hello jasonbegley.


We are sorry about the issues you are having with your services. We will be glad to help. To assist further, we need to gather more information. If you could please send us a private message by clicking here.


-Thor, AT&T Community Specialist


Need help?
Ask a question to get help from the AT&T Community or support from AT&T specialists. If this reply helped you please use Accept solution to mark it as an Accepted Solution.
Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 2 of 9
Contributor

Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

I am having the same issue. Is there an update that we can do to correct this issue?

Message 3 of 9
Contributor

Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

No update... I send a PM to the staff. I moved my tunnel to a different ISP connection.. I know that is not an option for most. Are you using a 589 also? I am curious if this problem exists across other CPE's.

 

Message 4 of 9
Contributor

Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

I’m using a 599. This issue started happening roughly about three weeks ago and when I called them they just rebooted it and said that should fix it. I’m not heavily network inclined as I would like to be but know enough that a reboot isn’t the fix.
Message 5 of 9
Contributor

Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

I'm having the same issue as described by jasonbegley.  My connectivity is completely broken when 6rd is enabled and restored immediately when it's disabled.  It fails with AT&T 6rd and HE.net Tunnelbroker GIF.  Help? 

Message 6 of 9
Administrator

Re: Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

Hello @jasonbegley,


Thank you for reaching out to us!  We will love to research your case for you and discover a resolution.


I did notice you have sent us a private message.  We appreciate this and I will respond within the private message.


Please look forward to my response.  Thanks!


Adam, AT&T Community Specialist


Need help?
Ask a question to get help from the AT&T Community or support from AT&T specialists. If this reply helped you please use Accept solution to mark it as an Accepted Solution.
Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 7 of 9
Contributor

Re: Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

I dug into this and I've been able to verify the new firmware is explicitly blocking 6rd connections.  I enabled syslog in the gateway and was able to get the iptables log directly from it.  This is the syslog when pfSense tries to bring up the 6rd:

Nov  1 00:13:00 192.168.1.1 1 2017-10-31T20:13:00-04:00 dsldevice/<modemSn> - - - L4: action=DROP reason=POLICY-UNKNOWN-6IN4 hook=PREROUTING mark=134217728 IN=br2 OUT= MAC=00:00:00:00:00:00:00:1a:f0:2b:fb:da:08:00 src=12.83.49.81 DST=99.10.x.x LEN=68 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF

This is also logged in the GUI logs in the gateway itself:

No.    Date/Time            SourceIP    DestinationIP    Proto    Reason
156    2017-10-31T20:14:00-04:00    12.83.49.81    99.10.x.x    n/a    Unknown 6in4 packet

I was able to mitigate the ping delays however (as previous reported and experienced) by setting my pfSense router to a static WAN IPv4 address and changing the gateway to Manual Passthrough Mode.
Modem GUI >Firewall >IP Passthrough >Passthrough Mode >Manual

I'll be honest, this stinks.  Over 20% of the Internet is IPv6 (see https://www.google.com/intl/en/ipv6/statistics.html) so I'm expecting a pretty quick fix to a simple iptables error (I assume) or a 20% decrease in my monthly rate as I can no longer access 20% of the servers I'm paying AT&T to route to.

Message 8 of 9
Contributor

Re: Re: nvg589 6in4 tunnels broken again on firmware 9.2.2h0d88

Still at "tier 1" so I don't see this getting fixed anytime soon.They have been provided a RCA and steps to reproduce.

Message 9 of 9
Share this topic
Share this topic
Additional Support