1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPv6 - Comcast - need help

Discussion in 'Tomato Firmware' started by brueggma, Aug 12, 2012.

  1. brueggma

    brueggma Networkin' Nut Member

    Everyone,

    I've seen quite a few posts on how to get Comcast IPv6 working, and I see it working for a few people, but I'm unable to get it working. Can someone help me diagnose my issue? I can seem to ping ipv6.google.com, but can't traceroute to the host.



    Hardware: e3000
    O/S: Shibby v099 Big-VPN

    # ip -6 addr
    1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000
    inet6 fe80::6a7f:74ff:fec7:12c4/64 scope link
    valid_lft forever preferred_lft forever
    3: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qlen 1000
    inet6 fe80::6a7f:74ff:fec7:12c6/64 scope link
    valid_lft forever preferred_lft forever
    4: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qlen 1000
    inet6 fe80::6a7f:74ff:fec7:12c7/64 scope link
    valid_lft forever preferred_lft forever
    5: vlan1@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500
    inet6 fe80::6a7f:74ff:fec7:12c4/64 scope link
    valid_lft forever preferred_lft forever
    6: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 fe80::6a7f:74ff:fec7:12c5/64 scope link
    valid_lft forever preferred_lft forever
    7: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
    inet6 2601:d:5600:6b:6a7f:74ff:fec7:12c4/64 scope global
    valid_lft forever preferred_lft forever
    inet6 fe80::6a7f:74ff:fec7:12c4/64 scope link
    valid_lft forever preferred_lft forever

    $ ip -6 route
    2601:d:5600:6b::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    fe80::/64 dev vlan1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    fe80::/64 dev eth2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    default via fe80::201:5cff:fe24:6741 dev vlan2 proto kernel metric 1024 expires 1797sec mtu 1500 advmss 1440 metric 10 4294967295
    unreachable default dev lo proto kernel metric -1 error -128 metric 10 255
    ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    ff00::/8 dev vlan1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    ff00::/8 dev eth2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    ff00::/8 dev vlan2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
    unreachable default dev lo proto kernel metric -1 error -128 metric 10 255

    #$ ping6 -c1 ipv6.google.com
    PING ipv6.google.com (2607:f8b0:400f:801::1013): 56 data bytes
    64 bytes from 2607:f8b0:400f:801::1013: seq=0 ttl=55 time=36.503 ms

    --- ipv6.google.com ping statistics ---
    1 packets transmitted, 1 packets received, 0% packet loss
    round-trip min/avg/max = 36.503/36.503/36.503 ms

    $ traceroute6 ipv6.google.com
    traceroute to ipv6.google.com (2607:f8b0:400f:801::1010), 30 hops max, 16 byte packets
    1
    <nothing>


    $ ip6tables -v -L
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all any any anywhere anywhere rt type:0
    165 25979 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
    0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40
    0 0 shlimit tcp br0 any anywhere anywhere tcp dpt:ssh state NEW
    98 10048 ACCEPT all br0 any anywhere anywhere
    0 0 ACCEPT all lo any anywhere anywhere
    0 0 ACCEPT udp any any anywhere anywhere udp dpt:546
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 130
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 131
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 132
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-solicitation
    805 96600 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-advertisement
    32 2304 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-solicitation
    34 2448 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-advertisement
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 141
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 142
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 143
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 148
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 149
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 151
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 152
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp type 153

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all any any anywhere anywhere rt type:0
    0 0 ACCEPT all br0 br0 anywhere anywhere
    18 1622 DROP all any any anywhere anywhere state INVALID
    2831 232K monitor all any vlan2 anywhere anywhere
    9122 9470K ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
    0 0 DROP all vlan2 vlan2 anywhere anywhere
    0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
    0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply
    0 0 wanin all vlan2 any anywhere anywhere
    22 3218 wanout all any vlan2 anywhere anywhere
    22 3218 ACCEPT all br0 any anywhere anywhere
    0 0 ACCEPT all br0 vlan2 anywhere anywhere

    Chain OUTPUT (policy ACCEPT 416 packets, 41445 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all any any anywhere anywhere rt type:0

    Chain monitor (1 references)
    pkts bytes target prot opt in out source destination
    0 0 RETURN tcp any any anywhere anywhere WEBMON --max_domains 300 --max_searches 300

    Chain shlimit (1 references)
    pkts bytes target prot opt in out source destination
    0 0 all any any anywhere anywhere recent: SET name: shlimit side: source
    0 0 DROP all any any anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source

    Chain wanin (1 references)
    pkts bytes target prot opt in out source destination

    Chain wanout (1 references)
    pkts bytes target prot opt in out source destination

    # Custom WAN up Script
    $ cat /opt/ipv6.sh
    #!/bin/sh

    /usr/bin/logger "Running: ${0}"
    # sed -i -e's/ send ia-pd 0;/send ia-pd 0;\n send ia-na 0;/' /etc/dhcp6c.conf
    # kill `cat /var/run/dhcp6c.pid` && dhcp6c -T LL `/bin/nvram get wan_iface`

    echo 0 > /proc/sys/net/ipv6/conf/`/bin/nvram get wan_iface`/accept_ra
    /usr/sbin/ip -6 route flush default dev `/bin/nvram get wan_iface`
    echo 2 > /proc/sys/net/ipv6/conf/`/bin/nvram get wan_iface`/accept_ra

    /usr/sbin/ip6tables -t mangle -I OUTPUT 1 -o `/bin/nvram get wan_iface` -p icmpv6 \! --icmpv6-type echo-request -j RETURN
     
  2. koitsu

    koitsu Network Guru Member

    http://www.dslreports.com/forum/r27234575-IPv6-TomatoUSB-and-Comcast-IPv6-bugs-found

    Please read the entire thread, slowly and carefully; every post, do not skim. There are multiple bugs involved.

    Confirmation what has been discovered/documented works fine, at least with Toastman builds (I don't see why the same wouldn't apply to Shibby, but can't confirm/deny):

    Code:
    root@gw:/tmp/home/root# traceroute6 ipv6.google.com
    traceroute to ipv6.google.com (2001:4860:4001:802::1010), 30 hops max, 16 byte packets
    1  2001:558:6045:9b::1 (2001:558:6045:9b::1)  23.639 ms  27.124 ms  29.572 ms
    2  te-0-0-0-12-ur06.santaclara.ca.sfba.comcast.net (2001:558:82:a4::1)  9.750 ms  8.982 ms  9.114 ms
    3  te-1-1-0-3-ar01.oakland.ca.sfba.comcast.net (2001:558:80:17c::1)  15.167 ms  17.761 ms  11.931 ms
    4  he-2-13-0-0-cr01.sacramento.ca.ibone.comcast.net (2001:558:0:f6a3::1)  20.128 ms  14.173 ms  24.309 ms
    5  pos-0-9-0-0-cr01.sanjose.ca.ibone.comcast.net (2001:558:0:f56d::2)  16.099 ms  21.750 ms  15.089 ms
    6  pos-0-7-0-0-pe01.529bryant.ca.ibone.comcast.net (2001:558:0:f632::2)  14.709 ms  16.016 ms  19.615 ms
    7  2001:559::386 (2001:559::386)  13.349 ms  13.969 ms  14.590 ms
    8  2001:4860::1:0:21 (2001:4860::1:0:21)  17.006 ms  16.738 ms  16.390 ms
    9  2001:4860:0:1::1b3 (2001:4860:0:1::1b3)  15.162 ms  16.922 ms  15.361 ms
    10  2001:4860:8000:f::b (2001:4860:8000:f::b)  16.527 ms  17.397 ms  17.139 ms
    
     
  3. brueggma

    brueggma Networkin' Nut Member

    Koiitsu,

    Thank you for the help. I'm following Shibby's thread and looks like there may actually be a ipv6 bug in his latest releases. I'll wait for his next release before I start playing around with it again.
     
  4. koitsu

    koitsu Network Guru Member

    ping != traceroute.

    ping works by the client sending an ICMP ECHO request to a destination, and the destination replying with ICMP ECHO_REPLY.

    traceroute is significantly more complex. These days, on *IX systems (Linux, BSDs, etc.), traceroute no longer use ICMP ECHO. Instead, it works by sending UDP packets to a destination with an incrementing port number and an incrementing TTL field. It does this in attempt to solicit (meaning receive back) an ICMP time-exceeded response from each hop (hence why the TTL is incremented). Full details of how it works are here (be sure to read the entire section, do not skim):

    http://en.wikipedia.org/wiki/Traceroute#Implementation
    http://www.inetdaemon.com/tutorials/troubleshooting/tools/traceroute/definition.shtml

    Also, please do not get in the habit of using -c1 to ping. Packet loss does happen on occasion, so a single ICMP packet demanding a response is a bit too aggressive; ICMP is one of the least-respected protocols these days (and sadly so). Be a little more reasonable, say -c5 or just run ping and ^C it whenever you want. But 1 packet is really not enough. The same goes for you not even waiting for the first timeout interval on your traceroute. Please be patient. :) That doesn't mean there's not a bug/issue with the firmware; this is just general advice as someone who has done networking analysis for too many years.
     
  5. brueggma

    brueggma Networkin' Nut Member

    Koitsu,

    Looks like it was working the whole time, I just didn't have IPv6 setup on my browser. Thanks for you help.
     
    koitsu likes this.
  6. koitsu

    koitsu Network Guru Member

    Awesome! Enjoy IPv6. :)
     

Share This Page