Thursday, March 15, 2012

Native IPv6 on Comcast... sort of.

Comcast (residential) recently started sending me IPv6 Router Advertisements:
root@OpenWrt:~# tcpdump -ieth1 -v ip6
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
05:16:53.142816 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 80) fe80::201:5cff:fe32:3181 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 80
        hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 30000s, retrans time 1000s
          prefix info option (3), length 32 (4): 2001:558:4000:9c::/64, Flags [none], valid time 604800s, pref. time 302400s
          prefix info option (3), length 32 (4): 2001:558:6045:9c::/64, Flags [none], valid time 604800s, pref. time 302400s

But they require DHCPv6, and the DHCPv6 server isn't active yet. However, I can manually grab an address from the first /64:
root@OpenWrt:~# ip -6 addr add 2001:558:4000:9c::f00 dev eth1

And it's actually usable:
root@OpenWrt:~# traceroute6 www.he.net
traceroute to he.net (2001:470:0:76::2) from 2001:558:4000:9c::f00, 30 hops max, 16 byte packets
 1  * * *
 2  te-2-1-ur03.santaclara.ca.sfba.comcast.net (2001:558:82:84::1)  11.985 ms  10.607 ms  10.86 ms
 3  te-0-4-0-2-ar01.sfsutro.ca.sfba.comcast.net (2001:558:80:170::1)  35.751 ms  13.676 ms  23.497 ms
 4  pos-3-3-0-0-cr01.sanjose.ca.ibone.comcast.net (2001:558:0:f6f9::1)  15.837 ms  14.509 ms  15.286 ms
 5  pos-0-3-0-0-pe01.529bryant.ca.ibone.comcast.net (2001:558:0:f5e3::2)  14.004 ms  13.14 ms  14.596 ms
 6  if-xe-2-3-0.0.tcore1.PDI-PaloAlto.ipv6.as6453.net (2001:5a0:1200:300::19)  13.985 ms  45.535 ms  12.955 ms
 7  if-ae2.2.tcore2.PDI-PaloAlto.ipv6.as6453.net (2001:5a0:1200:300::2)  13.854 ms  15.705 ms  12.756 ms
 8  if-10-0-0.3256.core3.SQN-SanJose.ipv6.as6453.net (2001:5a0:1200:400::12)  16.68 ms  19.562 ms  14.504 ms
 9  gigabitethernet5-16.core1.sjc2.he.net (2001:470:0:196::1)  14.391 ms  15.972 ms  17.979 ms
10  10gigabitethernet1-1.core1.fmt1.he.net (2001:470:0:2f::1)  15.985 ms  19.075 ms  24.804 ms
11  * * *
12  * * *

There's no obvious way to get a routed subnet yet, though I was able to patch in a client behind my router using Proxy NDP. It's quite a mess, though, so I'm switching back to my HE.net tunnel until the service is production-ready.

Update: since someone asked, here's what happens when I connect my desktop directly to the cable modem and run a DHCPv6 client.
# dhclient -6 -v eth0
Internet Systems Consortium DHCP Client 4.2.3-P1 Gentoo-r0
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Bound to *:546
Listening on Socket/eth0
Sending on   Socket/eth0
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA fc:db:2a:d6
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on eth0, interval 1060ms.
XMT: Forming Solicit, 1060 ms elapsed.
XMT:  X-- IA_NA fc:db:2a:d6
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on eth0, interval 2120ms.

So, there's no response from the DHCPv6 server, although the address is pingable:
# ping6 -Ieth0 ff02::1:2
PING ff02::1:2(ff02::1:2) from fe80::21b:fcff:fedb:2ad6 eth0: 56 data bytes
64 bytes from fe80::201:5cff:fe32:3181: icmp_seq=1 ttl=64 time=9.63 ms
64 bytes from fe80::201:5cff:fe32:3181: icmp_seq=2 ttl=64 time=9.81 ms