IPv6 with Sonic ONT

[graeme_stewart]

it ought to work for you

I'd be a happy customer if Sonic could get their own SDX Adtran 822v reporting as something other than IPv6 "ServiceDown".

Performing a tcpdump on the edge router and see no replies from the Adtran. I'll continue troubleshooting, but this (and other customers seeing the same problem), seems to correlate to a Sonic side issue. Would love to be proven wrong.

Code: Select all

10:30:33.249682 IP6 (flowlabel 0xf11dd, hlim 1, next-header UDP (17) payload length: 206) fe80::226d:31ff:fe31:78f.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0x5893 -> 0xe6c5!] dhcp6 solicit (xid=17cadf (client-ID type 4) (elapsed-time 0) (vendor-class) (rapid-commit) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:0 vltime:0)) (IA_NA IAID:825296783 T1:0 T2:0) (Client-FQDN) (reconfigure-accept) (option-request DNS-server DNS-search-list SNTP-servers Client-FQDN opt_82 opt_83))
10:30:34.222691 IP6 (flowlabel 0xf11dd, hlim 1, next-header UDP (17) payload length: 206) fe80::226d:31ff:fe31:78f.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0x5893 -> 0xe664!] dhcp6 solicit (xid=17cadf (client-ID type 4) (elapsed-time 97) (vendor-class) (rapid-commit) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:0 vltime:0)) (IA_NA IAID:825296783 T1:0 T2:0) (Client-FQDN) (reconfigure-accept) (option-request DNS-server DNS-search-list SNTP-servers Client-FQDN opt_82 opt_83))

[graeme_stewart]

At this point I'm giving up, and will wait for this to become an issue where Sonic actually provides some effective troubleshooting support on the customer side. They should - at a minimum - be able to objectively demonstrate that the ONT is seeing IPv6 traffic, yet they seem unable or unwilling to even do that.

Code: Select all

14:26:16.854690 IP6 (class 0xc0, hlim 64, next-header UDP (17) payload length: 187) fe80::fac0:1ff:fe1f:6b58.dhcpv6-server > fe80::1c76:8729:43bc:c724.dhcpv6-client: [udp sum ok] dhcp6 advertise (xid=661ff6 (client-ID hwaddr/time type 1 time 494972833 6c40088bf1fa) (server-ID vid 0000058366383a63) (IA_NA IAID:0 T1:0 T2:0 (IA_ADDR :: pltime:0 vltime:0 (status-code NoAddrsAvail))) (DNS-server ns1.sonic.net ns2.sonic.net))

- Packet is a response from a DHCPv6 server to a client, telling the client that it currently has no IPv6 addresses to assign, but providing the DNS server details.

[tomoc]

Hi Graeme,

It looks like your 822v is running in bridge mode, so unless it's eating your packets, the ONT won't come into play. I have not personally verified IPv6 through the 822v, but we're getting into spooky territory if that's the problem.

I've verified your PON has 12 subs with active /56 PD allocations so this looks to be a problem with your setup.

In order for DHCPv6 PD to function, we'll need allow rules for ICMPv6 from fe80::/10. Per RFC 3316 Section 5.2 (https://www.ietf.org/rfc/rfc3315.txt), we'll also need a rule allowing UDP source port 547, destination port 546. In my experience, all this traffic comes from link local (fe80::/10), but feel free to leave the source address term out.

Destination port 546
Source port 547
Protocol UDP
Source address fe80::/10

Let me know how it goes and we'll take it from there.

[graeme_stewart]

The packet captures shared are from tcpdump, which puts the nic into promiscuous mode and are before any filter rules (ip6tables) would be in effect.

I've performed this directly connecting to the 822 10Gb interface using both a Linux and Mac host. Both show the same behavior - no response from the device with DHCPv6 PD (despite Sonic showing an allocation).

The screenshots from the 822 showing IPV6 "ServiceDown" and IPV4 as "Up" are indicative of the problem with the device in bridge mode.

How can we further debug the "spooky territory"? At a minimum show a packet capture with a response from the 822?

[tomoc]

I'll see about doing a full qualification of IA-PD on the 822v in my lab. If I have trouble getting resources allocated for that I'll see if I can get you a 622v which has true bridging.

[graeme_stewart]

Thank you.

If it would be helpful to remotely troubleshoot, I'm more than happy to temporarily set you up with an interactive terminal onto the 822 from the customer side (via LTE / WebEx).

[tigertech]

Can Sonic share what the current state of the IPv6 rollout is? I can't tell if I should expect it to be working in my neighborhood.

I'm in North Berkeley with my immediate upstream being "lo0.bng2.albyca11.sonic.net", but a list of "here's the neighborhoods where it already should be working" would be helpful to everyone, I'm sure.

Thanks!

[igorru]

Or if you don't want to make the list of locations public, how about a tool in the Member Tools that can tell a customer if IPv6 should be available at their location?

[finalstar]

2nd that request. From what I can tell in South San Francisco I am still not getting an IPv6 address, but I want to make sure its even enabled before I spend a bunch of time troubleshooting my router

[gwj]

I do not seem to get an answer to DHCPv6 here in the Sunset in San Francisco (pfsense, 1G Fusion). I'm looking forward to native ipv6 and glad to see progress from Sonic on it. I would love to know when to expect it to work here. Even a rough schedule of rollout plans would be useful.