dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
81

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

1 edit

1 recommendation

leibold

MVM

Re: Zyxel USG 20 and Sonic.net ipv6?


USG20 Tunnel
Based on the manual that you linked to (since I don't have a USG):

Step 2.8.2 Setting Up the IPv6-in-IPv4 Tunnel
The example shows a WAN interface (wan1) that has a dynamic IPv4 address. If you have a static IPv4 address for your router you would enter it in Gateway Settings under IP Address (instead of Interface). This is especially important if you have a block of 4 or 8 static IP addresses!
If you only have a dynamic IP address follow the example and specify your address by selecting the Interface.
The USG 20 shows the tunnel IPv6 Address Assignment as optional, but since that information is provided by Sonic I would enter it.

Edit: bigboy See Profile confirms that the IPv6 Address Assignment for the tunnel is important. Enter the customer-side IPv6 address (4) in this field together with the /127 prefix length.

Ethernet and Policy setup to follow.
leibold

1 edit

1 recommendation

leibold

MVM


USG LAN Ethernet
Step 2.8.3 Setting Up the LAN IPv6 Interface
There are two parts to this. First you have to pick one of the IP addresses in your IPv6 network block and assign it to the router (IPv6 Address Assignment). This is the address that all your computers will use to sent traffic to the router. Typically that is the address XXXX:XXXX:XXXX:XXX0::1 where the Xs stand for the prefix of your assigned IPv6 address block.
The second part is configuring the IPv6 block and its prefix length (/60 for Sonic.net tunnels) in the IPv6 Router Advertisement section.

Properly configured your router will advertise its own IPv6 address (so that everybody knows how to find the router) and the IPv6 block (so that SLAAC, the stateless address auto configuration can work in the hosts).

Edit: based on the findings from bigboy See Profile:
- be sure to keep the SLAAC checkbox blank (as shown in the picture above from the USG documentation)
- instead of the /60 prefix provided by Sonic.net use the smaller /64 prefix typically used for IPv6 LANs. This is valid, it just means that you only use a portion of the assigned address block.
- stick with the default ::1 as the router address.

Still to come, policy routing.
leibold

1 recommendation

leibold

MVM

In step 2.8.2 you created the 6in4 tunnel between your router and Sonic.net.
In step 2.8.3 you gave your LAN Ethernet interface an IPv6 address and configured your router to send out Router Advertisements (a key feature of IPv6 networking).
What is still missing is the connection between the LAN Interface and the 6in4 tunnel and this is were policy based routing comes in:


USG Policy


Step 2.8.4 Setting up the Policy Route
In the first part of the instructions you create a new IPv6 Address object and enter both the IPv6 address and the /60 prefix length of your assigned IPv6 address block (5).
Once you have created that IPv6 Address object you use its name to configure the source address of the policy route (leaving 'any' as the destination address).
Finally you specify the next hop destination by selecting Interface as the type and tunnel0 (or whatever name you chose in step 2.8.2) as the name.

This means that IPv6 traffic from your LAN to the Internet will be sent via the 6in4 tunnel to the Sonic.net gateway. At least that is what the document says, keep us posted with the results.
bigboy
join:2000-12-04
Palo Alto, CA

bigboy

Member

This is very similar to what I tried last. What is puzzling is that my Mac is not picking up an IPv6 address (it's configured to Automatic in the Network settings). When I was screwing around with my AE, my Mac automatically picked up a IPv6 address - it's not doing it with the Zyxel, or is the assumption that I have a static IPv6 address for each device with this 6in4 configuration?
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

Done any changes to your net since then? Router Advertisments and Solicitations are done with multicast.

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

leibold to bigboy

MVM

to bigboy
In order for your computers on the LAN to get an automatic assignment of a IPv6 address with global scope you only need the configuration in step 2.8.3 to configure the LAN Ethernet interface (both IPv6 Address Assignment and IPv6 Router Advertisement Setting are important as well as the Enable IPv6 checkbox). Even without policy based routing and without a working 6in4 tunnel this should give your USG an IPv6 address and cause it to respond to router discovery requests.
You do not need to assign static IPv6 addresses to your computers, but you could try a static IPv6 address (out of your assigned block) to see if you can ping the router with IPv6 ping.

One thing to make sure is that you do not have another IPv6 router (such as the AE) configured at the same time on your network. If the AE is still holding the ::1 IPv6 address for your network block, the USG will probably not work because of the address conflict.

You previously mentioned using the customer side IPv6 address in the Ethernet IPv6 Address Assignment. I'm assuming you fixed that ?
bigboy
join:2000-12-04
Palo Alto, CA

bigboy

Member

That's what I thought re:Address Assignment and Router Advertisement. The USG 20 is not handing out addresses. I guess I can try the static address approach, but given it's my laptop, I don't want to be using static addresses because I use it in more than one location.

I don't think it's the rest of my network, as the Airport Extreme, when I have it doing IPv6 has no problem handing them out to devices on the network. I suppose I could just have the Airport do the tunnel, but it just seems strange that the Zyxel isn't doing its job.

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

leibold

MVM

I didn't mean static assignment as a solution, just for troubleshooting.

There could be something that we are missing since the IPv6-in-IPv4 example in the manual is showing how to use that protocol for site-to-site tunneling. Perhaps there is a small difference somewhere when using 6in4 to an ISP or Tunnelbroker for Internet access ?

You may have already done this, but just in case:
said by USG User Guide :

You have to enable IPv6 globally in the CONFIGURATION > System > IPv6 screen to make the IPv6 settings work.

That is in addition to the individual Enable IPv6 settings on the Ethernet, Policy Routing and other screens. IPv6 needs to be enabled on the LAN Ethernet interface and the Policy Routing screens but not on the WAN Ethernet interface (the traffic through the WAN interface is IPv4).

The examples I created show how to use the entire Sonic.net IPv6 block which is a /60 prefix. The typical prefix length for an IPv6 LAN is a smaller /64 which is also what the USG manual shows in the native IPv6 example. You could try changing the /60 prefix length to /64. While that leaves much of your IPv6 address block unusable, I'm pretty sure 4 billion * 4 billion IPv6 addresses for home use might just be enough It may be worth trying in case the USG wants exactly a /64 prefix.

You can also turn on the DHCPv6 server in the USG but stateless address auto configuration (SLAAC) should be working by itself.
bigboy
join:2000-12-04
Palo Alto, CA

bigboy

Member

The /60 vs. /64 was it. Once I changed it to /64, I was able to pick up an address.

Now back to fiddling with the tunnel. I'm not able to get out, but at least I can get an IPv6 address...
bigboy

1 edit

1 recommendation

bigboy to leibold

Member

to leibold
Huzzah! Success.

Ethernet configuration:
1. SLAAC needs to be turned off for 6in4
2. I was being cute with IPv6 Address/Prefix Length. Stick with :1
3. As noted earlier, this implementation doesn't support /60 - need to use /64 (this is a bug to me)

Tunnel
1. You are correct with the customer-side transport IP - needs to be in the IPv6 Address/Prefix Length, which is blank in the Zyxel example.

Policy Route example is correct. (EDIT) Make sure you use the /64 subnet for LAN1_SUBNET (/EDIT)

Thanks for all the help.

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

leibold

MVM

Congratulations on your success and thanks for following up with the details that made it work.

Hopefully this will be helpful for other USG owners that want to setup 6in4 tunnels to their ISP (like Sonic.net) or a tunnelbroker (like he.net).

Thanks!
polarisdb
join:2004-07-12
USA

1 recommendation

polarisdb

Member

Thanks leibold, this is good stuff. It would be interesting to see a similar post for a IPv6 native dual stack configuration to support something like what Comcast is rolling out.

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

1 edit

leibold

MVM

I didn't realize that Comcast was already moving ahead with large scale deployment of native IPv6 (I had heard about the various testing they did). It seems it is even available in my area.

Prerequisite seems to be that you need to have a docsis 3.0 cable modem.

The rest should be easy since Comcast doesn't do any manual address block assignments.

In the USG documentation chapter 2.6 there are are two different setups shown (in a slightly confusing way) for native IPv6. Ignore 2.6.1 to .2.6.3 which apply if you need to manually configure a routed IPv6 address block for your LAN. Instead go straight to 2.6.4 which shows how to setup the USG to auto-configure the WAN IPv6 address and to perform prefix delegation to the LAN. In theory that should be all that is needed for the USG on Comcast.

Edit: not all docsis 3.0 modems are IPv6 capable. Check the list of supported docsis devices and check for the green tick-mark in the IPv6 column. In order to support Comcast's implementation of IPv6 the cable modem (or in bridge mode, a router behind the cable modem) must support DHCPv6 client mode to obtain an IPv6 address for itself and it must also be able to perform Prefix-Delegation to assign an IPv6 block to the LAN. Based on the documentation that should be no problem for the USG.