Re: Residential IPv6 Comcast Connectivity

tianyi4488 · ‎11-26-2012

Hi all,

Comcast has deployed IPv6 at the residential level in the city where I currently reside, and I'm trying to get it to work with my home network running Cisco equipment.

The following is a quick diagram from a Comcast employee of how IPv6 is currently deployed:

So, here's the issue that I'm running into. For some reason, only one LAN layer 3 interface can be assigned a global IPv6 address at a time. Here are some configs:

interface GigabitEthernet0/0

description TO SWITCH - DEV

ip address 10.0.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex full

speed 1000

ipv6 address prefix_from_Comcast ::/64 eui-64

ipv6 enable

ipv6 nd other-config-flag

ipv6 dhcp server DNS

!

interface GigabitEthernet0/1

description TO SWITCH

no ip address

duplex full

speed 1000

!

interface GigabitEthernet0/1.1

description MY VLAN

encapsulation dot1Q 1 native

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ipv6 address prefix_from_Comcast ::/64 eui-64

ipv6 enable

ipv6 nd other-config-flag

ipv6 dhcp server DNS

!

interface GigabitEthernet0/1.3

description GUEST VLAN

encapsulation dot1Q 3

ip address 10.0.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ipv6 address prefix_from_Comcast ::/64 eui-64

ipv6 enable

ipv6 nd other-config-flag

ipv6 dhcp server DNS

!

interface FastEthernet0/0/0

description TO MODEM

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex full

speed 100

ipv6 address dhcp

ipv6 enable

ipv6 dhcp client pd prefix_from_Comcast

#sh ipv int

GigabitEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::A693:4CFF:FE40:FE00

No Virtual link-local address(es):

Description: TO SWITCH - DEV

General-prefix in use for addressing

No global unicast address is configured

Joined group address(es):

FF02::1

FF02::2

FF02::1:2

FF02::1:FF40:FE00

FF05::1:3

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND advertised reachable time is 0 (unspecified)

ND advertised retransmit interval is 0 (unspecified)

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

Hosts use DHCP to obtain other configuration.

GigabitEthernet0/1.1 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::A693:4CFF:FE40:FE01

No Virtual link-local address(es):

Description: MY VLAN

General-prefix in use for addressing

Global unicast address(es):

2601:1:9D40:2B:A693:4CFF:FE40:FE01, subnet is 2601:1:9D40:2B::/64 [EUI/CAL/PRE]

valid lifetime 221564 preferred lifetime 221564

Joined group address(es):

FF02::1

FF02::2

FF02::1:2

FF02::1:FF40:FE01

FF05::1:3

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND advertised reachable time is 0 (unspecified)

ND advertised retransmit interval is 0 (unspecified)

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

Hosts use DHCP to obtain other configuration.

GigabitEthernet0/1.3 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::A693:4CFF:FE40:FE01

No Virtual link-local address(es):

Description: GUEST VLAN

General-prefix in use for addressing

No global unicast address is configured

Joined group address(es):

FF02::1

FF02::2

FF02::1:2

FF02::1:FF40:FE01

FF05::1:3

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND advertised reachable time is 0 (unspecified)

ND advertised retransmit interval is 0 (unspecified)

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

Hosts use DHCP to obtain other configuration.

FastEthernet0/0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::CEEF:48FF:FE0A:AED

No Virtual link-local address(es):

Description: TO MODEM

Global unicast address(es):

2001:558:6040:47:4D78:CB57:ED68:8AEE, subnet is 2001:558:6040:47:4D78:CB57:ED68:8AEE/128

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF0A:AED

FF02::1:FF68:8AEE

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND advertised reachable time is 0 (unspecified)

ND advertised retransmit interval is 0 (unspecified)

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

According to this documentation, I have configured the DHCP-PD client (my router) very similarly and I should be getting multiple global addresses:

http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b8a116.shtml

Thanks for the help.

Marcin Latosiewicz · ‎11-27-2012

Checking the config I'm wondering if this is not the problem.

With two interface configured for delegation I get:

Internet(config-if)#ipv6 address MYTEST ::2/64

Internet(config-if)#

*Nov 27 15:49:21.766: %IPV6_ADDRESS-3-ADDRESS_CFG: 2001:DB8:1200::2/64 can not be configured on Ethernet1/0, 2001:DB8:1200::/64 is overlapping with 2001:DB8:1200::/64 on Ethernet0/0

I.e. same prefix is being assigned to both interface causing an overlap.

Marcin Latosiewicz · ‎11-27-2012

OK looks indeed like you're tryin to assign same subnet to all different interfaces.

Here's an example of PD in my lab with different prefixes. (used also for other tests)

Internet#sh run int e0/0

Building configuration...

Current configuration : 115 bytes

!

interface Ethernet0/0

ip address 172.16.1.1 255.255.255.0

ipv6 address MYTEST ::1/64

ipv6 nd ra suppress

end

Internet#sh run int e1/0

Building configuration...

Current configuration : 173 bytes

!

interface Ethernet1/0

ip address 172.16.2.1 255.255.255.0

ipv6 address autoconfig

ipv6 nd ra suppress

ipv6 dhcp client pd MYTEST

ipv6 dhcp client request vendor

end

Internet#sh run int e2/0

Building configuration...

Current configuration : 142 bytes

!

interface Ethernet2/0

ip address 172.16.3.1 255.255.255.0

ipv6 address MYTEST ::FFFF:0:0:0:FFFE/64

ipv6 enable

ipv6 nd ra suppress

end

Internet#show ipv6 int e0/0

Ethernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:C800

No Virtual link-local address(es):

General-prefix in use for addressing

Global unicast address(es):

2001:DB8:1200::1, subnet is 2001:DB8:1200::/64 [CAL/PRE]

valid lifetime 1577 preferred lifetime 377

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF00:C800

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND RAs are suppressed (periodic)

Hosts use stateless autoconfig for addresses.

Internet#show ipv6 int e2/0

Ethernet2/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:C802

No Virtual link-local address(es):

General-prefix in use for addressing

Global unicast address(es):

2001:DB8:1200:FFFF::FFFE, subnet is 2001:DB8:1200:FFFF::/64 [CAL/PRE]

valid lifetime 1574 preferred lifetime 374

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:C802

FF02::1:FF00:FFFE

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND RAs are suppressed (periodic)

Hosts use stateless autoconfig for addresses.

Enter configuration commands, one per line. End with CNTL/Z.

Internet(config)#int e2/0

Internet(config-if)# ipv6 address MYTEST ::ffff:0:0:0:FFFE/64

Internet(config-if)#

*Nov 27 16:11:00.593: IPv6-Addrmgr-ND: Received prefix PI-flag change notification: prefix 2001:DB8:1200:FFFF::/64 onlink (was not-onlink)

*Nov 27 16:11:00.593: IPv6-Addrmgr-ND: DAD request for 2001:DB8:1200:FFFF::FFFE on Ethernet2/0

*Nov 27 16:11:00.593: ICMPv6-ND: Sending NS for 2001:DB8:1200:FFFF::FFFE on Ethernet2/0

*Nov 27 16:11:00.598: ICMPv6-ND: ND output feature SEND executed on 11 - rc=0

*Nov 27 16:11:00.598: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FF00:FFFE

*Nov 27 16:11:01.596: IPv6-Addrmgr-ND: DAD: 2001:DB8:1200:FFFF::FFFE is unique.

*Nov 27 16:11:01.596: ICMPv6-ND: Sending NA for 2001:DB8:1200:FFFF::FFFE on Ethernet2/0

*Nov 27 16:11:01.597: ICMPv6-ND: ND output feature SEND executed on 11 - rc=0

*Nov 27 16:11:01.597: ICMPv6: Sent N-Advert, Src=2001:DB8:1200:FFFF::FFFE, Dst=FF02::1

Internet(config-if)#^Z

Internet#show ipv

Internet#show ipv6

*Nov 27 16:11:08.036: %SYS-5-CONFIG_I: Configured from console by console

Internet#show ipv6 int e2/0

Ethernet2/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:C802

No Virtual link-local address(es):

General-prefix in use for addressing

Global unicast address(es):

2001:DB8:1200:FFFF::FFFE, subnet is 2001:DB8:1200:FFFF::/64 [CAL/PRE]

valid lifetime 1676 preferred lifetime 476

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:C802

FF02::1:FF00:FFFE

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND RAs are suppressed (periodic)

Hosts use stateless autoconfig for addresses.

tianyi4488 · ‎11-27-2012

I'm a bit confused, what do you mean that the same prefix is assigned to both interfaces causing an overlap? Isn't that the point? All of the LAN interfaces have the same prefix, and hence, they are all on the same subnet. The host bits will be different (configured via EUI-64), but the network bits (the first 64 bits) should be identical since I'm given a /64 subnet.

Marcin Latosiewicz · ‎11-27-2012

Hold on a sec. You have three separate L3 interfaces there. Like in IPv4 you need to have different addressing on all IPv6 L3 interfaces.

That's why you have different IPv4 addressing on gig0/0 gig0/1.1 and gig0/1.3.

Same applies to IPv6 if you want to address separete IPv6 interfaces you need to give them different addressing.

The document you put forward shows this - they assign a different /64 prefix to each of those interfaces.

The DHCP server gave me /48 prefix.

Spoke2#show ipv6 dhcp binding

Client: FE80::A8BB:CCFF:FE00:C801

DUID: 00030001AABBCC00C800

Username : unassigned

Interface : Ethernet0/0

IA PD: IA ID 0x00070001, T1 300, T2 480

Prefix: 2001:DB8:1200::/48

preferred lifetime 600, valid lifetime 1800

expires at Nov 27 2012 10:34 PM (1571 seconds)

From which I carved two subnets:

2001:DB8:1200:FFFF::/64 and 2001:DB8:1200::/64

Maybe in your case you get delegeted one prefix, which would need to carv at /66 pieces ... worth a try... but who knows what it will break.

tianyi4488 · ‎11-27-2012

Alright, I see what my issue was. It's the equivalent of trying to assign all of my L3 ports an IP address in the 10.0.0.0/8 subnet.

So, seeing how it's a necessity to split my /64 subnet into four /66 subnets, that would definitely break SLAAC which relies on EUI-64, correct? So I would have to convert my Cisco router to a stateful DHCPv6 server in order manually assign the full IPv6 address to hosts?

Phillip Remaker · ‎12-05-2012

Yes, this is the downside of residential providers assigning a /64 instead of a /60 or /56. A /64 cannot be subnetted without abandning SLAAC. This is a point of some contention with the IPv6 home networking community.

You can see an example of the sniping at:

http://www.internetsociety.org/deploy360/blog/2012/04/comcast-rolling-out-home-gateway-support-for-ipv6-and-nothings-controversial-about-a-64/

tianyi4488 · ‎11-27-2012

Also, on a completely different note, why can't I use the command "ipv6 address autoconfig default" on interface FastEthernet0/0/0 to get a global address?

Marcin Latosiewicz · ‎11-27-2012

All depends on settings of PE router.

Phillip Remaker · ‎12-05-2012

"ipv6 address autoconfig default" sets the address only if the provider supports automatic addressing.

See http://blogs.cisco.com/borderless/ipv6-automatic-addressing/ for a brief primer on IPv6 automatic addressing.

danmassa · ‎01-18-2016

It's 2016 and I live in Connecticut. Comcast now seems to be supporting IPv6 in the following ways:

1. Autoconfig does not work on the Internet facing port. Use DHCPv6.

2. I received a prefix delegation of /56. That gives me 256 subnets. I'm quite happy here.

3. You can get your default route dynamically with ipv6 icmp nd autoconfig default-route command (below.)

Here's what I'm using...

ipv6 unicast-routing
! 
int fa0/0
 description < Cable Modem >
 ipv6 enable
 ! Get our address from DHCPv6...
 ipv6 address dhcp
 ! Listen for Router Advertisements and set
 ! our default route accordingly...
 ipv6 nd autoconfig default-route
 ! Get a prefix delegation...
 ipv6 dhcp client pd prefix_from_comcast

int fa0/1 
 description < First Internal LAN Segment >
 ipv6 address prefix_from_comcast 0:0:0:1::/64 eui-64
int fa0/2
 description < Second Internal LAN Segment >
 ipv6 address prefix_from_comcast 0:0:0:2::/64 eui-64

I also have customers on Cablevision (Optimum). No IPv6 love there yet. Connecticut also has Cox and Charter; have not tested those yet.