dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4713
share rss forum feed

sushiglob

join:2014-08-02

UVERSE IPv6 Problems

I'm running into some weird issues with IPv6. I'm on the ATT UVERSE Power tier and am using the NVG589 in passthrough mode.

I am cascading my RT-N66U (with Merlin firmware) behind the NVG589.

Right now I have my RT-N66U IPv6 settings set to "Native" and I'm able to get Ipv6 working. The good news is that with "Native" I get 45+Mbps IPv6 speeds which are similar to what I can get with IPv4. The bad news is that now certain webpages will not load. Traceroute to www.facebook.com for example, completely times out.

If I turn off "Native" on my RT-N66U and switch on "Tunnel 6rd" I can connect to IPv6, but the bad news is that speed drops from 45+Mbps to 24Mbps. I have no idea why this happens. I can however, access Facebook and other sites that were not loading when my RT-N66U was set to "Native."

So, I need some help here. I am not sure what's going on. I can get IPv6 to work using both "Native" and "Tunnel 6rd" when set on my RT-N66U, but both ways are crippled due to lots of sites not load vs. a substantial drop in speed.

????????????


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Mind posting the facebook tracert?

sushiglob

join:2014-08-02

1 edit
said by ILpt4U:

Mind posting the facebook tracert?

Sure. I'll post it in a few minutes...

EDIT: Here are the screen shots. One is from a Command Prompt, the other from within my RT-N66U's firmware.

Command Prompt: »imgur.com/PkazlXf

Firmware tool: »imgur.com/bFb6apJ

The command prompt appears different than what the firmware tool shows...or am I seeing it wrong? Command prompt seem to have no problems making the path to Facebook while the firmware tool shows problems. Or maybe I'm reading it wrong?


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
I have IPv6 working fine on my N66U behind the NVG589, but I'm using IP Passthru, not Cascaded Router

sushiglob

join:2014-08-02
said by ILpt4U:

I have IPv6 working fine on my N66U behind the NVG589, but I'm using IP Passthru, not Cascaded Router

Wait....what's the difference? I have my NVG589 is passthrough as well...maybe I'm doing something wrong here.

EDIT: Whhattt...so weird. Facebook just loaded no problem. A minute a go it was timing out. What is happening here...??


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
reply to sushiglob
Command prompt is using IPv6. The firmware tool is using IPv4

sushiglob

join:2014-08-02
said by ILpt4U:

Command prompt is using IPv6. The firmware tool is using IPv4

Ah, okay. Didn't see that.

Can you explain though what the difference is between cascading and passthrough? Maybe my physical setups is incorrect or something.

I have the NVG589 in passthrough mode and a cable goes from one of the LAN ports on back to the the WAN port on the RT-N66U.

This is correct, yes?


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse
So far, yes

I have my N66U set with the WAN IPv4 info hard coded as a static IP, with the NVG589 passing the Public IPv4 IP to the N66U via the WAN MAC address of the Asus

I've heard rumors of the DHCP lease being funky with IP passthru, so thats why I set the WAN IP as a static in the Asus

sushiglob

join:2014-08-02
said by ILpt4U:

So far, yes

I have my N66U set with the WAN IPv4 info hard coded as a static IP, with the NVG589 passing the Public IPv4 IP to the N66U via the WAN MAC address of the Asus

I've heard rumors of the DHCP lease being funky with IP passthru, so thats why I set the WAN IP as a static in the Asus

hhhmm........interesting. I need to look into that.

Something weird is happening right now. So I can connect to Facebook (magically) right now with my Native IPv6 connection, but my phone which is connected wirelessly to the RT-N66U can't get Facebook to load. What gives.

EDIT: Is there a guide I can follow for setting up static within the Asus?


ortizdr

join:2014-01-15
Euless, TX
I've been having flakey Facebook access on my network and IPv6 is NOT enabled on my setup. Might be saturated peering points of Facebook is doing maintenance.

sushiglob

join:2014-08-02
The minute I kill IPv6 settings on my router, all the sites load without issue. Turn it back on, and it's all spotty.

Here's another Traceroute of my IPv6 connection. I currently cannot get to Facebook, even though I was a few minutes back.

Image: »imgur.com/mpyLiwv
said by ortizdr:

I've been having flakey Facebook access on my network and IPv6 is NOT enabled on my setup. Might be saturated peering points of Facebook is doing maintenance.



mackey
Premium
join:2007-08-20
kudos:12
reply to sushiglob
Is it just Facebook, or is it other sites as well? When you say "can't connect" where exactly does your browser hang? (connecting, waiting for, ?)

I had this same problem when I was running the 6rd tunnel from my router. You may need to get your router to advertise a 1480 MTU as some of AT&T's routers are broken and will not return the correct ICMP packet-too-big response.

/M

sushiglob

join:2014-08-02

1 edit
said by mackey:

Is it just Facebook, or is it other sites as well? When you say "can't connect" where exactly does your browser hang? (connecting, waiting for, ?)

I had this same problem when I was running the 6rd tunnel from my router. You may need to get your router to advertise a 1480 MTU as some of AT&T's routers are broken and will not return the correct ICMP packet-too-big response.

/M

If I'm using Native for IPv6, how can I change the MTU?

I can use Tunnel 6rd, but as described in my OP at the top, I get half speed! I can't go any higher than 24Mbps whereas with Native, I get the full 45+Mbps...it's just that I'm having spotty connections now.

EDIT: Also, it times out at "connecting" or "establishing a secure connection." It's never on their side per say, seems to be mine...like their servers are waiting for me.

EDIT: It gets more strange. My phone is connected wirelessly to my RT-N66U and it cannot connect to Facebook. All other computers that are hardwired to the RT-N66U can still connect to Facebook without issue. Why can't I get my phone to connect to Facebook now?


mackey
Premium
join:2007-08-20
kudos:12
What type of phone is it? Does it support IPv6?

/M

sushiglob

join:2014-08-02

1 edit
said by mackey:

What type of phone is it? Does it support IPv6?

/M

It's an LG G2, it should support IPv6.

What's weird now is that I took it off of the 2.4Ghz G connection and connected it to my 5Ghz N Connection and now....Facebook loads.

I think perhaps the firmware on my RT-N66U is mega buggy right now. Not sure why it's happening all of a sudden.

EDIT: No idea what's up. My phones cannot connect to some sites now like Facebook. My notebook uses wireless and it can connect no problem, but my phones time out. I've never seen this issue before. What could it be?


jimk
Premium
join:2006-04-15
Raleigh, NC
Reviews:
·Time Warner Cable
reply to sushiglob
I seem to be having the same issues... one day last week, I started seeing issues connecting to IPv6 sites. It looks like they might be Path MTU issues based on the erratic performance and behavior but I can't say for sure just yet.

I'm using the NVG589 RG and ASUS RT-AC66U with the latest stock firmware. I'm using IP Passthrough on the NVG589.

Right now I have been too busy to troubleshoot so I just turned IPv6 router advertisements off on my router so my devices won't see it and try to use IPv6 until this has been sorted out... haven't troubleshooted yet due to a lack of time, but I hope to be able to look at it later this week.

Can't tell for sure if this is related to the recent NVG589 firmware update or not. It did, however, work perfectly up until recently, but I'm not ready to determine who to blame just yet.

sushiglob

join:2014-08-02
reply to sushiglob
What a nightmare.

I have no idea what's up.

Once again, certain pages are not loading up. Facebook for example...some IPv6 testing sites, the xfinity IPv6 speed test site doesn't load.

I just don't understand. I dropped Merlin firmware and tried out the latest 1.28 Tomato build for my RT-N66U. Thinking it was a bug, it turns out the issues remain.

For my Tomato IPv6 configuration, I use DHCPv6 with Prefix Delegation. I can run this IPv6 test site: »test-ipv6.com/ and all is green with a 10/10.

Why is it I can't access certain sites? It's insanely frustrating because I feel like I'm going in circles.


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
reply to jimk
The first thing I would try to rule out is if it is a DNS issue. Are you using AT&T's provided nameservers or your own config? Are you making an IPv4 or IPv6 call to the nameservers to ask for AAAA DNS queries?

It is possible the nameservers are having intermittent issues with IPv6. I have seen this before. Try different nameservers like 8.8.8.8 and 8.8.4.4 or the IPv6 equivalent 2001:4860:4860::8888 or 2001:4860:4860::8844.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/

sushiglob

join:2014-08-02
reply to jimk
said by jimk:

I seem to be having the same issues... one day last week, I started seeing issues connecting to IPv6 sites. It looks like they might be Path MTU issues based on the erratic performance and behavior but I can't say for sure just yet.

I'm using the NVG589 RG and ASUS RT-AC66U with the latest stock firmware. I'm using IP Passthrough on the NVG589.

Right now I have been too busy to troubleshoot so I just turned IPv6 router advertisements off on my router so my devices won't see it and try to use IPv6 until this has been sorted out... haven't troubleshooted yet due to a lack of time, but I hope to be able to look at it later this week.

Can't tell for sure if this is related to the recent NVG589 firmware update or not. It did, however, work perfectly up until recently, but I'm not ready to determine who to blame just yet.

Hrmm.....maybe something is screwy on ATT's side.

I feel like I'm taking crazy pills here. I don't have an advanced setup or anything going on. Just a basic switch, the NVG589, and my RT-N66U.

NVG589 is in passthrough mode. My RT-N66U should be handling everything (now loaded with Tomato firmware). The switch is just a switch doing what it does best.

Here's what I've discovered.

- If I re-enable IPv6 on my NVG589, I can put the RT-N66U into "Native" mode or "DHCPv6 with Prefix Delegation" and IPv6 works. However, certain and many websites do not load.

- If I re-enable IPv6 on my NVG589, I can put the RT-N66U into "Tunnel 6rd" mode, but IPv6 stops working and I cannot access IPv6 websites.

- If I disable IPv6 on my NVG589, I can put the RT-N66U into "Tunnel 6rd" mode and IPv6 works. However, speed is reduced from 45+Mbps to 24Mbps or so. No clue why this is.

- If I disable IPv6 on my NVG589, I can put the RT-N66U into "Native" mode or "DHCPv6 with Prefix Delegation," but IPv6 stops working and I cannot access IPv6 websites.

- If I re-enable IPv6 on my NVG589, put it in "passthrough" or "bridge" mode, and disable IPv6 on the RT-N66U, IPv4 works...but IPv6 does not. IPv6 from the NVG589 does not "passthrough" or "bridge" to my RT-N66U. This seems to be common and by design. Nothing I can do with this from what I can tell.

So, it's either I enjoy full speed IPv6, but have lots of websites not loading/connecting or I use Tunnel 6rd and try to enjoy slower speeds.

What in the world do I do.

sushiglob

join:2014-08-02
reply to rolande
said by rolande:

The first thing I would try to rule out is if it is a DNS issue. Are you using AT&T's provided nameservers or your own config? Are you making an IPv4 or IPv6 call to the nameservers to ask for AAAA DNS queries?

It is possible the nameservers are having intermittent issues with IPv6. I have seen this before. Try different nameservers like 8.8.8.8 and 8.8.4.4 or the IPv6 equivalent 2001:4860:4860::8888 or 2001:4860:4860::8844.

Hey Rolande, glad to see you're back here in this thread. I've come across MANY posts from you regarding IPv6. Seems you are the go-to guy on this stuff.

I've actually been running the Google IPv4/6 DNS servers. I have them in right now and I still experience the issue regardless of what DNS I'm using.

It's very...headache generating.


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
For kicks and giggles, what firmware version is your NVG589 running? Mine has not yet updated to the latest, still running 9.1.0h4d38

sushiglob

join:2014-08-02

3 edits
said by ILpt4U:

For kicks and giggles, what firmware version is your NVG589 running? Mine has not yet updated to the latest, still running 9.1.0h4d38

One minute...let's see...

EDIT: Appears I'm at - 9.1.0h12d22

EDIT: Changed DNS again to the OpenDNS servers for IPv6. Facebook loads...but parts of the site begin to timeout and fail to load. I always see Chrome timeout on "establishing secure connection..."

It never gets past that and then just times out. It's as if Facebook wants to load...but something denies it.

EDIT: And as usual...Facebook becomes completely unreachable yet again. This is a reoccurring thing. The site will partially load (if I'm lucky) then timeout and fail to load completely. If I refresh the page, Facebook doesn't load at all and eventually it just times out.

EDIT: Before I go further, should I have IPv6 ON or OFF within the NVG589?


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
So you have the latest firmware and you aren't locked into AT&T's DNS. So something else is broken.

I am sitting on my Mac right now running IPv6 behind my Cisco 3825 doing DHCP-PD as well as running IP Pass-through for IPv4 behind my NVG589 which has a 6rd tunnel to AT&T and I can Dig AAAA records all over the place and I can access Facebook and Google without any issues via HTTP or HTTPS.

There are 2 ways to configure IPv6. You can enable IPv6 on your NVG589 and it will terminate a 6rd tunnel to AT&T for you or you can establish your own IPv6 tunnel from your own router.

If you choose to run IPv6 on the NVG589, then you can not run your own router in tunnel mode. You have to let your router run IPv6 natively and use DHCP-PD to delegate a prefix from the 589 to it.

If you want your router to establish and manage the IPv6 tunnel, then you have to disable IPv6 on the 589. I believe you have to disable some other security features as well so it will pass through the 589. I can't recall off hand the specific details but someone posted about it previously that they got it working.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/

sushiglob

join:2014-08-02

1 edit
said by rolande:

So you have the latest firmware and you aren't locked into AT&T's DNS. So something else is broken.

I am sitting on my Mac right now running IPv6 behind my Cisco 3825 doing DHCP-PD as well as running IP Pass-through for IPv4 behind my NVG589 which has a 6rd tunnel to AT&T and I can Dig AAAA records all over the place and I can access Facebook and Google without any issues via HTTP or HTTPS.

There are 2 ways to configure IPv6. You can enable IPv6 on your NVG589 and it will terminate a 6rd tunnel to AT&T for you or you can establish your own IPv6 tunnel from your own router.

If you choose to run IPv6 on the NVG589, then you can not run your own router in tunnel mode. You have to let your router run IPv6 natively and use DHCP-PD to delegate a prefix from the 589 to it.

If you want your router to establish and manage the IPv6 tunnel, then you have to disable IPv6 on the 589. I believe you have to disable some other security features as well so it will pass through the 589. I can't recall off hand the specific details but someone posted about it previously that they got it working.

Regarding the two methods of running IPv6 from behind the NVG589, I discovered them as well.

I found that if IPv6 was on for the NVG589, then Native worked.
If it were off, then I'd have to use 6rd to get it working again.

Why is it that using Native gives me full speed (45+Mbps) and using 6rd limits my speed to 24Mbps?

That's what started my dive into IPv6...trying to figure out why my speed was so bad.

EDIT: Something is for sure broken. I have IPv6 OFF now on the NVG589. I've set 6rd within Tomato. I have an IPv6 connection, but now just like with Native...Facebook isn't loading and with the Xfinity IPV6 speedtest page, I can run a test, but it times out when it gets to IPv6. I do believe a full reset is in order.


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
said by sushiglob:

I have IPv6 OFF now on the NVG589. I've set 6rd within Tomato. I have an IPv6 connection, but now just like with Native...Facebook isn't loading and with the Xfinity IPV6 speedtest page, I can run a test, but it times out when it gets to IPv6. I do believe a full reset is in order.

No. It is likely it is one of the security settings on the 589 that is not allowing the tunnel to work. If I recall there are at least 1 or 2 settings on the 589 that have to be disabled in order for a 6rd tunnel behind the RG to work.

Personally, I'd recommend you just run the 6rd tunnel off of your 589 like I am doing and let your router just delegate a prefix using DHCP-PD from the 589.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/

sushiglob

join:2014-08-02

2 edits
said by rolande:

said by sushiglob:

I have IPv6 OFF now on the NVG589. I've set 6rd within Tomato. I have an IPv6 connection, but now just like with Native...Facebook isn't loading and with the Xfinity IPV6 speedtest page, I can run a test, but it times out when it gets to IPv6. I do believe a full reset is in order.

No. It is likely it is one of the security settings on the 589 that is not allowing the tunnel to work. If I recall there are at least 1 or 2 settings on the 589 that have to be disabled in order for a 6rd tunnel behind the RG to work.

Personally, I'd recommend you just run the 6rd tunnel off of your 589 like I am doing and let your router just delegate a prefix using DHCP-PD from the 589.

Okay, well I'm off to the gym, but when I get back....I'm doing a full reset on everything and starting again from scratch.

I will go ahead and leave IPv6 ON for the NVG589 and run a DHCPv6 with Prefix Delegation from the RT-N66U Tomato router.

I will then go back to the NVG589 and figure out what settings are causing these issues.

Where abouts do you think these two mystery settings may be? I'm thinking Firewall -- Advanced section.

Thoughts?

Edit: found this thread: »forums.att.com/t5/Equipmt/Google···/3860323

Sounds similar to me.


Mr Fel
Premium
join:2008-03-17
Louisville, KY
Reviews:
·AT&T U-Verse
reply to rolande
said by rolande:

It is likely it is one of the security settings on the 589 that is not allowing the tunnel to work. If I recall there are at least 1 or 2 settings on the 589 that have to be disabled in order for a 6rd tunnel behind the RG to work.

I have dug through multiple threads and haven't found any mention of what 589 settings were turned off, all listed chronologically. Included the Pace threads since there was a lot of cross posting about the 589. Hell, included just about every AT&T UVerse IPv6 thread since the 6rd tunnel breaking and fixing since then.

»new firmware 6.9.1.42-enh.tm he.net tunnel no longer works. Self Explanatory
»AT&T now blocking IPv6 tunnels Self Explanatory
»Att U-verse IPv6 More tunnel blocking bashing
»NVG589 & IPV6 Self Explanatory
»IPv6 tunnel still broken on ATT Uverse Self Explanatory
»AT&T blocking IPv6 tunnels -- update Self Explanatory
»Help with IPv6 setup Trying to setup the RT-N66U, same router as this thread, on Pace CPE before newer firmware re-enabled IPv6
»IPv6 and my current configuration discussion.... IPv6 via DHCP-PD via Arris 589 CPE
»3600HGV + Cisco-Linksys E4200 IPv6 assignment address problem IPv6 Tunneling still broke
»New Firmware:6.11.1.29-enh.tm Where IPv6 was brought back to Pace 3800/1 CPE.
»UVerse IPv6 On a Zywall Zywall behind a 589 via DHCP-PD
»Interesting note on IPv6 performance Closer look at varying results in speed with IPv6.
»Anybody get IPv6 with router cascaded under DMZPlus working? Thread covering the fact IPv6 does work through DMZ+ with Pace CPE
»UVERSE and IPv6 with a cascaded router OP's previous thread.
Then finally this thread.

For a breakdown of what happened it looks like AT&T disabled Protocol 41 and other parts of IPv6 due to security flaws. This completely disabled it on the Pace gear and left IPv6 on the 589 gimped for a while. Eventually DHCP-PD was, somewhat, enabled with IPv6 allowing the use of it on 3rd party routers again on the 589's. Problems with throughput had been noticed this far back (well before IPv6 was back on the Pace gear). Finally newer firmware brought back IPv6 to the Pace gear, took a while before everything was sorted out between using DMZ+ for IPv4 and DHCP-PD for v6 with a 3rd party router. I haven't noticed any complaints about speed variations coming from anyone using the Pace gear however, just the 589 from the looks of it. Even then it has varied greatly even there by just which OS was used in the testing, with newer versions of Linux running just fine on the 589 as far as speed goes while Mac's and PC's have struggled with this issue to date. Which brings us to now, still dealing with the same unresolved issue as far as speed goes. I'm not digging through all the regular threads to find where it was suggested to just turn off IPv6 since it was causing higher hang times for people trying to normally browse on IPv4.

Anyway, you all have finally piqued my interest enough that I'll pick up a 589 from the shop this morning (off today) and start working on redoing my setup later this morning. I have the same router as OP, different firmware though, V117 of Shibby's Tomato Build. I should probably update to V121 now that I'm thinking about it, only dealt with V117 since it fixed my vulnerability to heartbleed.

Anyway time for a quick nap, didn't realize it was this late in the morning already.
--
Any sufficiently advanced technology is indistinguishable from magic. - Arthur Clarke

sushiglob

join:2014-08-02

4 edits

1 recommendation

said by Mr Fel:

said by rolande:

It is likely it is one of the security settings on the 589 that is not allowing the tunnel to work. If I recall there are at least 1 or 2 settings on the 589 that have to be disabled in order for a 6rd tunnel behind the RG to work.

I have dug through multiple threads and haven't found any mention of what 589 settings were turned off, all listed chronologically. Included the Pace threads since there was a lot of cross posting about the 589. Hell, included just about every AT&T UVerse IPv6 thread since the 6rd tunnel breaking and fixing since then.

»new firmware 6.9.1.42-enh.tm he.net tunnel no longer works. Self Explanatory
»AT&T now blocking IPv6 tunnels Self Explanatory
»Att U-verse IPv6 More tunnel blocking bashing
»NVG589 & IPV6 Self Explanatory
»IPv6 tunnel still broken on ATT Uverse Self Explanatory
»AT&T blocking IPv6 tunnels -- update Self Explanatory
»Help with IPv6 setup Trying to setup the RT-N66U, same router as this thread, on Pace CPE before newer firmware re-enabled IPv6
»IPv6 and my current configuration discussion.... IPv6 via DHCP-PD via Arris 589 CPE
»3600HGV + Cisco-Linksys E4200 IPv6 assignment address problem IPv6 Tunneling still broke
»New Firmware:6.11.1.29-enh.tm Where IPv6 was brought back to Pace 3800/1 CPE.
»UVerse IPv6 On a Zywall Zywall behind a 589 via DHCP-PD
»Interesting note on IPv6 performance Closer look at varying results in speed with IPv6.
»Anybody get IPv6 with router cascaded under DMZPlus working? Thread covering the fact IPv6 does work through DMZ+ with Pace CPE
»UVERSE and IPv6 with a cascaded router OP's previous thread.
Then finally this thread.

For a breakdown of what happened it looks like AT&T disabled Protocol 41 and other parts of IPv6 due to security flaws. This completely disabled it on the Pace gear and left IPv6 on the 589 gimped for a while. Eventually DHCP-PD was, somewhat, enabled with IPv6 allowing the use of it on 3rd party routers again on the 589's. Problems with throughput had been noticed this far back (well before IPv6 was back on the Pace gear). Finally newer firmware brought back IPv6 to the Pace gear, took a while before everything was sorted out between using DMZ+ for IPv4 and DHCP-PD for v6 with a 3rd party router. I haven't noticed any complaints about speed variations coming from anyone using the Pace gear however, just the 589 from the looks of it. Even then it has varied greatly even there by just which OS was used in the testing, with newer versions of Linux running just fine on the 589 as far as speed goes while Mac's and PC's have struggled with this issue to date. Which brings us to now, still dealing with the same unresolved issue as far as speed goes. I'm not digging through all the regular threads to find where it was suggested to just turn off IPv6 since it was causing higher hang times for people trying to normally browse on IPv4.

Anyway, you all have finally piqued my interest enough that I'll pick up a 589 from the shop this morning (off today) and start working on redoing my setup later this morning. I have the same router as OP, different firmware though, V117 of Shibby's Tomato Build. I should probably update to V121 now that I'm thinking about it, only dealt with V117 since it fixed my vulnerability to heartbleed.

Anyway time for a quick nap, didn't realize it was this late in the morning already.

Cheers! Let's get into this.

Just a quick update. I've started from scratch and performed a full reset. Now, what is a bit odd is that IPv6 was turned off after the full default reset. I thought that was strange because a few days ago I did a full default reset and IPv6 was enabled...by default. Why that didn't happen this time is interesting.

I'm directly connected with Cat6 to the NVG859 with IPv6 enabled and I'm getting hangups still! Google Music for example timesout and pauses when playing. I hate to say it, but I'm thinking something is just not right on ATT's side of the IPv6 stuff. Google Music has been smooth for the last 4 songs though. So...maybe IPv6 slowly works itself out in some sense once a IPv6 connection is established. I might account for the inconsistency with pages loading. Then again, I'm just some average user with beginner's network experience...so I really don't know how any of this stuff really works.

So far, I have yet to put the NVG589 in passthrough mode.

For now though, I have enabled IPv6 and also disabled HPNA since I don't use any coax. Wireless is also disabled.

That's it so far.

My RT-n66U is set to DHCPv6 with Preflix Delegation with Accept RA from WAN checked off, but I believe that's default and you can't turn it off.

Again, I don't have the NVG589 in passthrough mode, but I don still have it hooked up to the RT-N66U's WAN port. I have Cat6 going it that me, so I'm switching between the NVG589 and RT-N66U.

When I plug the RT-N66U cable back in and run some IPv6 stuff, Facebook stalls...Google Music freezes constantly...and the Xfinity Speed Test site refuses to run the IPv6 test...it runs IPv4, but completely stops there.

So....Even without the NVG589 in passthrough mode, I'm still getting these issues.

EDIT: One last update before I sleep.

- I've put my NVG589 and followed the instructions here: »forums.att.com/t5/Features-and-H···/3552057

- The only thing I did not do from that guide was go to "Advanced Settings" for the Firewall section of the NVG589 firmware. Everything is still on default there. Part of the experiment.

- My RT-N66U is getting the proper info from the NVG589 and I'm able to get online and stuff.

- Since this is about IPv6, this is what I observed. First off, I have kept IPv6 turned ON in the NVG589. Second, I have an IPv6 address and everything looks good when I view the info within my tomato firmware. Third, I loaded up Facebook. It loads and it's quick. Interesting. Then I went to here: »test-ipv6.com/ and tested to see if IPv6 was working. It says NO, it is not. Well, I have an IPv6 address coming into my RT-N66U...soooo.....what gives?

I did a Tracert in a command prompt to www.Facebook.com, I got two hops in then the rest timed out. It got to 12 timeouts before I killed it.

So, when I initially visited Facebook.com, it must have been using IPv4 to get there because it loaded quickly. However, I have an IPv6 address and the www.Facebook.com tracerout showed I was going through the IPv6 address. If that be the case, why does »test-ipv6.com/ say that IPv6 is not working?

And with that, sleep.

EDIT: Couldn't help myself. One more test. In my Tomato firmware, the three static DNS areas were empty. I just now added Google's IPv6 DNS. Saved. Released/renewed IP. Re-ran »test-ipv6.com/ and got all green 10/10.

Traceroute to Facebook completed this time via IPv6, but there was one * at the third hop. Noticed it goes from my 2602:306: address on hops 1 and 2, but on third hop...the one with the *...has an address of 2602:300: Weird or normal? Facebook won't load in browser...probably because of that third hop...??

Google Music is also pausing a lot now.


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk

1 recommendation

A traceroute timeout is benign and doesn't really mean much. The key is you were able to resolve a AAAA name and get a response from the remote host via IPv6. So the trick with Tomato was that you need to enter DNS servers for the router and your internal clients to use.

Just because your RT-N66U has an IPv6 address assigned does not mean that it is properly delegating the /64 prefix and performing auto-addressing on the internal segment. The router is not going to do NAT66 behind that IPv6 address. So, unless the router assigns one of the /64 prefixes to the internal segment and you can see your internal client auto-addressing using that IPv6 prefix, you're out of luck.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk

1 recommendation

reply to Mr Fel
said by Mr Fel:

I have dug through multiple threads and haven't found any mention of what 589 settings were turned off, all listed chronologically.

Yeah, I went digging for it last night to and couldn't find it either. I need to remember to use the site mark feature so I don't lose this stuff in the shuffle.

From what I recall, if you want to disable IPv6 on the RG and run your own tunnel from your router, you need to disable a couple of the features in the Advanced Firewall settings section. I believe it is the last 2 settings: Reflexive ACL and ESP ALG.




The Reflexive ACL feature should only be used when IPv6 is enabled on the RG itself. Otherwise, I believe it will mangle the tunnel packets trying to pass through. The ESP ALG feature has to do with how IPv6 tunneled traffic is managed for encrypted sessions. Though it is likely no one is really doing anything actively with that implementation yet, this feature I believe also mangles tunneled IPv6 traffic like the Reflexive ACL.

The other potential issue might be with the Event Notifications feature under Diagnostics. You may want to disable both of the checkbox options on that page to prevent the RG from trying to intercept and redirect traffic accidentally.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/