IPv6 - Comcast - need help

brueggma · Aug 12, 2012

Everyone,

I've seen quite a few posts on how to get Comcast IPv6 working, and I see it working for a few people, but I'm unable to get it working. Can someone help me diagnose my issue? I can seem to ping ipv6.google.com, but can't traceroute to the host.

Hardware: e3000
O/S: Shibby v099 Big-VPN

# ip -6 addr
1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000
inet6 fe80::6a7f:74ff:fec7:12c4/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qlen 1000
inet6 fe80::6a7f:74ff:fec7:12c6/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qlen 1000
inet6 fe80::6a7f:74ff:fec7:12c7/64 scope link
valid_lft forever preferred_lft forever
5: vlan1@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500
inet6 fe80::6a7f:74ff:fec7:12c4/64 scope link
valid_lft forever preferred_lft forever
6: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::6a7f:74ff:fec7:12c5/64 scope link
valid_lft forever preferred_lft forever
7: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2601:d:5600:6b:6a7f:74ff:fec7:12c4/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::6a7f:74ff:fec7:12c4/64 scope link
valid_lft forever preferred_lft forever

$ ip -6 route
2601:d:5600:6b::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev vlan1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev eth2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
default via fe80::201:5cff:fe24:6741 dev vlan2 proto kernel metric 1024 expires 1797sec mtu 1500 advmss 1440 metric 10 4294967295
unreachable default dev lo proto kernel metric -1 error -128 metric 10 255
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev vlan1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev eth2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev vlan2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
unreachable default dev lo proto kernel metric -1 error -128 metric 10 255

#$ ping6 -c1 ipv6.google.com
PING ipv6.google.com (2607:f8b0:400f:801::1013): 56 data bytes
64 bytes from 2607:f8b0:400f:801::1013: seq=0 ttl=55 time=36.503 ms

--- ipv6.google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 36.503/36.503/36.503 ms

$ traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2607:f8b0:400f:801::1010), 30 hops max, 16 byte packets
1
<nothing>

$ ip6tables -v -L
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all any any anywhere anywhere rt type:0
165 25979 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40
0 0 shlimit tcp br0 any anywhere anywhere tcp dpt:ssh state NEW
98 10048 ACCEPT all br0 any anywhere anywhere
0 0 ACCEPT all lo any anywhere anywhere
0 0 ACCEPT udp any any anywhere anywhere udp dpt:546
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 130
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 131
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 132
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-solicitation
805 96600 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-advertisement
32 2304 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-solicitation
34 2448 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-advertisement
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 141
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 142
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 143
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 148
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 149
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 151
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 152
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 153

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all any any anywhere anywhere rt type:0
0 0 ACCEPT all br0 br0 anywhere anywhere
18 1622 DROP all any any anywhere anywhere state INVALID
2831 232K monitor all any vlan2 anywhere anywhere
9122 9470K ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP all vlan2 vlan2 anywhere anywhere
0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply
0 0 wanin all vlan2 any anywhere anywhere
22 3218 wanout all any vlan2 anywhere anywhere
22 3218 ACCEPT all br0 any anywhere anywhere
0 0 ACCEPT all br0 vlan2 anywhere anywhere

Chain OUTPUT (policy ACCEPT 416 packets, 41445 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all any any anywhere anywhere rt type:0

Chain monitor (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp any any anywhere anywhere WEBMON --max_domains 300 --max_searches 300

Chain shlimit (1 references)
pkts bytes target prot opt in out source destination
0 0 all any any anywhere anywhere recent: SET name: shlimit side: source
0 0 DROP all any any anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source

Chain wanin (1 references)
pkts bytes target prot opt in out source destination

Chain wanout (1 references)
pkts bytes target prot opt in out source destination

# Custom WAN up Script
$ cat /opt/ipv6.sh
#!/bin/sh

/usr/bin/logger "Running: ${0}"
# sed -i -e's/ send ia-pd 0;/send ia-pd 0;\n send ia-na 0;/' /etc/dhcp6c.conf
# kill `cat /var/run/dhcp6c.pid` && dhcp6c -T LL `/bin/nvram get wan_iface`

echo 0 > /proc/sys/net/ipv6/conf/`/bin/nvram get wan_iface`/accept_ra
/usr/sbin/ip -6 route flush default dev `/bin/nvram get wan_iface`
echo 2 > /proc/sys/net/ipv6/conf/`/bin/nvram get wan_iface`/accept_ra

/usr/sbin/ip6tables -t mangle -I OUTPUT 1 -o `/bin/nvram get wan_iface` -p icmpv6 \! --icmpv6-type echo-request -j RETURN

koitsu · Aug 12, 2012

http://www.dslreports.com/forum/r27234575-IPv6-TomatoUSB-and-Comcast-IPv6-bugs-found

Please read the entire thread, slowly and carefully; every post, do not skim. There are multiple bugs involved.

Confirmation what has been discovered/documented works fine, at least with Toastman builds (I don't see why the same wouldn't apply to Shibby, but can't confirm/deny):

Code:

root@gw:/tmp/home/root# traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2001:4860:4001:802::1010), 30 hops max, 16 byte packets
1  2001:558:6045:9b::1 (2001:558:6045:9b::1)  23.639 ms  27.124 ms  29.572 ms
2  te-0-0-0-12-ur06.santaclara.ca.sfba.comcast.net (2001:558:82:a4::1)  9.750 ms  8.982 ms  9.114 ms
3  te-1-1-0-3-ar01.oakland.ca.sfba.comcast.net (2001:558:80:17c::1)  15.167 ms  17.761 ms  11.931 ms
4  he-2-13-0-0-cr01.sacramento.ca.ibone.comcast.net (2001:558:0:f6a3::1)  20.128 ms  14.173 ms  24.309 ms
5  pos-0-9-0-0-cr01.sanjose.ca.ibone.comcast.net (2001:558:0:f56d::2)  16.099 ms  21.750 ms  15.089 ms
6  pos-0-7-0-0-pe01.529bryant.ca.ibone.comcast.net (2001:558:0:f632::2)  14.709 ms  16.016 ms  19.615 ms
7  2001:559::386 (2001:559::386)  13.349 ms  13.969 ms  14.590 ms
8  2001:4860::1:0:21 (2001:4860::1:0:21)  17.006 ms  16.738 ms  16.390 ms
9  2001:4860:0:1::1b3 (2001:4860:0:1::1b3)  15.162 ms  16.922 ms  15.361 ms
10  2001:4860:8000:f::b (2001:4860:8000:f::b)  16.527 ms  17.397 ms  17.139 ms

brueggma · Aug 15, 2012

Koiitsu,

Thank you for the help. I'm following Shibby's thread and looks like there may actually be a ipv6 bug in his latest releases. I'll wait for his next release before I start playing around with it again.

koitsu · Aug 15, 2012

ping != traceroute.

ping works by the client sending an ICMP ECHO request to a destination, and the destination replying with ICMP ECHO_REPLY.

traceroute is significantly more complex. These days, on *IX systems (Linux, BSDs, etc.), traceroute no longer use ICMP ECHO. Instead, it works by sending UDP packets to a destination with an incrementing port number and an incrementing TTL field. It does this in attempt to solicit (meaning receive back) an ICMP time-exceeded response from each hop (hence why the TTL is incremented). Full details of how it works are here (be sure to read the entire section, do not skim):

http://en.wikipedia.org/wiki/Traceroute#Implementation
http://www.inetdaemon.com/tutorials/troubleshooting/tools/traceroute/definition.shtml

Also, please do not get in the habit of using -c1 to ping. Packet loss does happen on occasion, so a single ICMP packet demanding a response is a bit too aggressive; ICMP is one of the least-respected protocols these days (and sadly so). Be a little more reasonable, say -c5 or just run ping and ^C it whenever you want. But 1 packet is really not enough. The same goes for you not even waiting for the first timeout interval on your traceroute. Please be patient. That doesn't mean there's not a bug/issue with the firmware; this is just general advice as someone who has done networking analysis for too many years.

brueggma · Aug 18, 2012

Koitsu,

Looks like it was working the whole time, I just didn't have IPv6 setup on my browser. Thanks for you help.

koitsu · Aug 19, 2012

Awesome! Enjoy IPv6.

Log in or Sign up

IPv6 - Comcast - need help

brueggma Reformed Router

koitsu Network Guru

brueggma Reformed Router

koitsu Network Guru

brueggma Reformed Router

koitsu Network Guru

Share This Page