Cable Modem IPV6

"Tommynet(config)#do ping ipv6 2001:470:20::2"

Can you tracert? Other then issue getting to PowerDNS does IPv6 test ok? Last, what state are you in? This is from RI, DPQ3212 and RT-N66U.

Tracing route to ordns.he.net [2001:470:20::2]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 2600:8805:XXXXXX
2 7 ms 8 ms 8 ms 2600:8805:fe08:1::1
3 8 ms 8 ms 6 ms 2001:578:2200:6::12e
4 10 ms 8 ms 16 ms 2001:578:2200:5:4000::31
5 20 ms 14 ms 18 ms 2001:578:1:0:172:17:248:224
6 22 ms 24 ms 24 ms 2001:578:20::e
7 13 ms 13 ms 19 ms ordns.he.net [2001:470:20::2]

Trace complete.

IPv6 Connection Type: Native with DHCP-PD
WAN IPv6 Address: 2600:8805:fe08:1:XXXXXXX
WAN IPv6 Gateway: fe80::26e9:b3ff:fe1b:8da
LAN IPv6 Address: 2600:8805:bc00:a7::1/64
LAN IPv6 Link-Local Address: fe80::ca60:ff:fed2:ad68/64
DHCP-PD: Enabled
LAN IPv6 Prefix: 2600:8805:bc00:a7::/64
DNS Address: 2001:4860:4860::8888 2001:4860:4860::8844

Basic Config
Connection type	Disable Native Tunnel 6to4 Tunnel 6in4 Tunnel 6rd Static IPv6
DHCP-PD	Enable Disable

IPv6 LAN Setting
LAN IPv6 Address	2600:8805:bc00:a7::1
LAN Prefix Length	64
LAN IPv6 Prefix	2600:8805:bc00:a7::
Auto Configuration Setting	Stateless Stateful

IPv6 DNS Setting
Connect to DNS Server automatically	Enable Disable
IPv6 DNS Server 1	2001:4860:4860::8888
IPv6 DNS Server 2	2001:4860:4860::8844
IPv6 DNS Server 3

cox is assigning a global /128 address to the router interface. There is no default gateway associated with that address. It is a single address. When the router is configured for IPV6 address autoconfig and IPV6 address dhcp, the provider is suppose to provide the gateway. The router is not picking it up because it is a local link gateway. If you connect a laptop to the modem directly. The laptop gets a similar address but a default local link gateway is assigned. That local link assigned is from the cable modem. I connected the router back up and rebooted everything. I can ping the cable modem local link and to make it work I had to assign the iproute to the outgoing interface with a next hop local link captured on the laptop. This is goofy but it worked. As long as the local link on the cable modem remains the same everything will work. Normally you should get assigned a ipv6 network but I am assuming a residential customer will not get the /64 assigned. They will give you one address for IPV6. Tommynet#traceroute ipv6 2001:470:20::2 Type escape sequence to abort. Tracing the route to ordns.he.net (2001:470:20::2) 1 2600:8805:7F30::1 8 msec 8 msec 8 msec 2 2001:578:2401:0:7:8000:0:58 8 msec 12 msec 12 msec 3 2001:578:2401:0:2::10A 12 msec 12 msec 16 msec 4 2001:578:1:0:172:17:249:48 24 msec 20 msec 16 msec 5 2001:578:20:2000::1:2 20 msec 24 msec 24 msec 6 100ge5-1.core1.nyc4.he.net (2001:470:0:299::2) 24 msec 28 msec 36 msec 7 ordns.he.net (2001:470:20::2) 28 msec 24 msec 28 msec Tommynet# Traceroute is only 7 hops I also added a secondary route via 2600:8805:7F30::1. I am assuming this is a cox address default route because it also works.

@Cox ipv6

My suggestion would be to start with the simplest possible setup and work your way back up to where you want to be until you determine the problem.  Does it work with a PC directly connected to the modem?  If so, do you have a consumer grade router you can try connecting and see if that works?  I do see a v6 IP being assigned to your router so that part is working.  You should be able to receive a /64 or /56 if your device is capable of hinting it.

Ok I cracked the nut. I used the ipv6 dhcp clien pd prefix_1 and ipv6 add auto def on my outgoing interface of my cisco 1841 router. This assigns 1 /64 subnet to the router along with all the default routing and dns information. That subnet can only be applied to one inside interface or vlan. I applied this to vlan 2, ipv6 address PREFIX_1 ::1/64, which assigns the network to vlan 2. Any thing connected to vlan two will get a global address. Test were successful. Now I have to see if my cisco wireless will pickup an ipv6 address from the 1841 on vlan two. The wireless is very limited on how it pulls an IPV6 address so will have to see. Maybe I should get a wirless card to install in the 1841. Still have much to do for IPV6 security. Well glad to see Cox is on board the IPV6 train.

Unfortunately I cannot get the wireless to connect to the 1841. Here is the issue. According to everything I know about IPV6 the provider typically will assign a /48 to the user. I know this because of my CCNP studies and pdf I found at CISCO, isp_provider_whitpaper_c11-689821.pdf. Cisco recommends the customer use a /64. Yes this seems huge but the way IPV6 was designed the subnet of choice for most interfaces and auto configurations at the customer level is a /64 subnet. Furthermore, using the eui-64 address assignment feature based on MAC requires a /64 routable prefix. When I was using tunnel broker prior to COX going IPV6 native, they assigned me a /48 subnet. I was able to take the /48 and subnet into /64 subnets for all my 1841 vlan interfaces. The Linksys router I have is IPV6 capable using "IPV6 - Automatic" or "6rd tunnel". The wireless router outward interface was assigned a /64 from the vlan it was connected to on the 1841 and the LAN on the wireless inside was assigned /64 subnets created out of the /48 assigned from Hurricane Electric tunnel broker. The 1841 with the following dhcp configuration made it happened:

 

ipv6 dhcp pool IPV6access_vlan2

prefix-delegation 2001:470:E2C0:2::/64 00030001C8B3730402CB iaid 9A3C7A00

address prefix 2001:470:E2C0:1::/64

dns-server 2001:470:20::2

 

Any device connected to the vlan2 would pick an ipv6 address in the form of 2001:470:e2c0:1::1,2,3,4 or uid-64 etc. This included the wireless router outgoing interface.

 

The wireless router inside interface and wireless connections would assign ipv6 addresses on the address prefix-delegation 2001:470:E2C0:1::/64. The prefix-delegation is using DUID to assign this address to the wireless similar to what cox does to my 1841. With tunnel broker this all worked perfectly because all the /64 are within the /48 assigned by Hurricane Electric.

 

With cox assigning a /64 prefix I tried to subnet that prefix to my interfaces using the command similar to what is explained in the white paper.

ipv6 address PREFIX_1 :2222::1/56. Reason for this is Cox is using ipv6 dhcp-pd to assign addresses to their customers. The PREFIX_1 is the Prefix Cox assigns to me 2600:xxxx:x:xx::/64

Instead of usign a /64 I used /56 but the 1841 router does not accept the command and it does not work. It only accepts a /64 because this is the standard. If Cox assigned a prefix with a /48 I would be in luck. I can only apply the prefix Cox assigns, a /64 to one interface on the inside of the 1841. Vlan 2 is the winner and anything connecting to vlan 2 get an address on that prefix. The problem is I don't have a prefix to assign to the wireless inside LAN connected to vlan 2 on the cisco 1841. I can’t subnet the /64 because the router want accept the /56. When I go into the wireless router I can ping ipv6 websites using the admin tool but computers connected wirelessly or directly to the wireless inside interfaces will not get an address because the one /64 subnet Cox assigns can’t be subneted and is already used on the 1841 vlan 2. Rule of thumb is you can't assign the same subnet to different interfaces. It is not allowed.  With tunnel broker I could subnet the /48 to /64 and the router accepted those commands. Connecting the wireless directly to cox is not an option. I want the protection of the 1841 access-list to protect my network.