Discussion:
IPv6 / Cisco ASA / 2degrees UFB
(too old to reply)
Bill Walker
2018-10-05 03:50:09 UTC
Permalink
Hi All,

I’ve been quite happily running a Cisco router at home on Snap/2degrees, but with the upgrade to UFB its not coping with the throughput. I’ve managed to locate a suitably equipped ASA, however I cant get IPv6 going. The config I have on the ASA is very similar to that of the router:

nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6

However, if I remember correctly the IPv6 dhcp assignment happens inside the PPPoE connection once its established. Can anyone confirm that or provide a working config?

In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)

Thanks,

Bill


Sent from Mail for Windows 10
Liam Farr
2018-10-05 04:16:46 UTC
Permalink
Wasn’t there some sort of IPv6 bug with the Chorus ALU ONT’s?

I’m pretty sure that got fixed with this weeks mass upgrade of Chorus
OLT/ONT’s.

My understanding is that prior to the upgrade IPv6 was broken for 2d UFB
customers and now it’s fixed.

If your OLT/ONT hasn’t been upgraded yet that might be the cause.

- -

Liam Farr
+64-22-6107884

Sent from my iPhone

On 5/10/2018, at 4:50 PM, Bill Walker <***@wjw.nz> wrote:

Hi All,



I’ve been quite happily running a Cisco router at home on Snap/2degrees,
but with the upgrade to UFB its not coping with the throughput. I’ve
managed to locate a suitably equipped ASA, however I cant get IPv6 going.
The config I have on the ASA is very similar to that of the router:



nterface GigabitEthernet0/7

description 2degrees

nameif EXTERNAL

security-level 0

no ip address

ciscoasa# sh run int gi0/7.10

!

interface GigabitEthernet0/7.10

description 2degrees

vlan 10

nameif 2degrees10

security-level 0

pppoe client vpdn group 2degrees

ip address pppoe setroute

ipv6 address autoconfig

ipv6 address dhcp

ipv6 enable

ipv6 dhcp client pd 2degrees-v6



However, if I remember correctly the IPv6 dhcp assignment happens inside
the PPPoE connection once its established. Can anyone confirm that or
provide a working config?



In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)



Thanks,



Bill



Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows
10
Bill
2018-10-05 04:37:19 UTC
Permalink
Thanks Liam, This is on Enable UFB that I did have ipv6 working with a 200/100 service, moved to a 900/400 and it was working till I switched to the ASA

Sent from my iPhone
Post by Liam Farr
Wasn’t there some sort of IPv6 bug with the Chorus ALU ONT’s?
I’m pretty sure that got fixed with this weeks mass upgrade of Chorus OLT/ONT’s.
My understanding is that prior to the upgrade IPv6 was broken for 2d UFB customers and now it’s fixed.
If your OLT/ONT hasn’t been upgraded yet that might be the cause.
- -
Liam Farr
+64-22-6107884
Sent from my iPhone
Post by Bill Walker
Hi All,
nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6
However, if I remember correctly the IPv6 dhcp assignment happens inside the PPPoE connection once its established. Can anyone confirm that or provide a working config?
In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)
Thanks,
Bill
Sent from Mail for Windows 10
_______________________________________________
NZNOG mailing list
https://list.waikato.ac.nz/mailman/listinfo/nznog
Andre Sencioles
2018-10-05 19:41:14 UTC
Permalink
Took me a while to get it working on my Linux router, but if I
remember correctly, you can't request address allocation on the DHCP
request. Needs to be PD only, else the DHCP server won't reply (something
to do with the client excluding the address allocation from the PD request
and the server not supporting the option, or the other way around).

The other thing I noticed was that DHCPv6 only worked after I had received
the RA from the gateway and the default route was inserted.

So the process is:
1. PPPoE connected
2. SLAAC address assigned
3. RA received, default route added
4. DHCPv6 PD

This is the config I was using for DHCPcd:
interface pppoe
ipv6rs
ia_pd 1 wan/1 lan/2 dmz/3 lab/4 pppoe/5


Cheers,
Andre
Post by Bill Walker
Hi All,
I’ve been quite happily running a Cisco router at home on Snap/2degrees,
but with the upgrade to UFB its not coping with the throughput. I’ve
managed to locate a suitably equipped ASA, however I cant get IPv6 going.
nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6
However, if I remember correctly the IPv6 dhcp assignment happens inside
the PPPoE connection once its established. Can anyone confirm that or
provide a working config?
In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)
Thanks,
Bill
Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
Windows 10
_______________________________________________
NZNOG mailing list
https://list.waikato.ac.nz/mailman/listinfo/nznog
Bill Walker
2018-10-05 20:30:30 UTC
Permalink
On the subinterface I see an address

2degrees10 is up, line protocol is up
IPv6 is enabled, link-local address is fe80::26e9:b3ff:fe92:d96
No global unicast address is configured

Joined group address(es):
ff02::1:ff92:d96
ff02::2
ff02::1
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.

Which is the same interface the ipv4 address comes up on:

Interface GigabitEthernet0/7.10 "2degrees10", is up, line protocol is up
Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
VLAN identifier 10
Description: 2degrees
MAC address 24e9.b392.0d96, MTU 1492
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.255
Traffic Statistics for "2degrees10":
258001448 packets input, 203508132527 bytes
152127591 packets output, 123285082718 bytes
971621 packets dropped

With an ipv6 route set:

L fe80::/10 [0/0]
via ::, 2degrees10
L ff00::/8 [0/0]
via ::, 2degrees10

but I don’t get anything else, I’ll try doing some debug over the weekend.

Thanks,

Bill

Sent from Mail for Windows 10

From: Andre Sencioles
Sent: Saturday, 6 October 2018 8:41 AM
To: ***@wjw.nz
Cc: ***@list.waikato.ac.nz
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB

Took me a while to get it working on my Linux router, but if I remember correctly, you can't request address allocation on the DHCP request. Needs to be PD only, else the DHCP server won't reply (something to do with the client excluding the address allocation from the PD request and the server not supporting the option, or the other way around).

The other thing I noticed was that DHCPv6 only worked after I had received the RA from the gateway and the default route was inserted.

So the process is:
1. PPPoE connected
2. SLAAC address assigned
3. RA received, default route added
4. DHCPv6 PD

This is the config I was using for DHCPcd:
interface pppoe
    ipv6rs
    ia_pd 1 wan/1 lan/2 dmz/3 lab/4 pppoe/5


Cheers,
Andre


On Fri, 5 Oct 2018 at 16:50, Bill Walker <***@wjw.nz> wrote:
Hi All,
 
I’ve been quite happily running a Cisco router at home on Snap/2degrees, but with the upgrade to UFB its not coping with the throughput.  I’ve managed to locate a suitably equipped ASA, however I cant get IPv6 going.  The config I have on the ASA is very similar to that of the router:
 
nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
 ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6
 
However, if I remember correctly the IPv6 dhcp assignment happens inside the PPPoE connection once its established. Can anyone confirm that or provide a working config?
 
In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)
 
Thanks,
 
Bill
 
Sent from Mail for Windows 10
 
Bill Walker
2018-10-06 03:44:06 UTC
Permalink
It’s trying, but not getting anything back


IPv6: Sending on 2degrees10
DHCPv6: DHCPv6 client process: going into wait for events...
ICMPv6-ND: Sending RA to ff02::1 on 2degrees10
ICMPv6-ND: MTU = 1492
IPv6: Packet src fe80::26e9:b3ff:fe92:d96 dest ff02::1 is pre-routed
IPV6: source fe80::26e9:b3ff:fe92:d96 (local)
dest ff02::1 (2degrees10)
traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating
IPv6: Sending on 2degrees10
DHCPv6: Event received major: 1, minor: 0
DHCPv6: Sending SOLICIT to ff02::1:2 on 2degrees10
IPv6 DHCP: detailed packet contents
src fe80::26e9:b3ff:fe92:d96
dst ff02::1:2 (2degrees10)
type SOLICIT(1), xid 7139920
option ELAPSED-TIME(8), len 2
option CLIENTID(1), len 10
0003000196D2533B450A
option ORO(6), len 4
DNS-SERVERS,DOMAIN-LIST
option IA-NA(3), len 12
IAID 0x00130001, T1 0, T2 0



Sent from Mail for Windows 10

From: Bill Walker
Sent: Saturday, 6 October 2018 9:31 AM
To: Andre Sencioles
Cc: ***@list.waikato.ac.nz
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB

On the subinterface I see an address

2degrees10 is up, line protocol is up
  IPv6 is enabled, link-local address is fe80::26e9:b3ff:fe92:d96 
  No global unicast address is configured

  Joined group address(es):
    ff02::1:ff92:d96
    ff02::2
    ff02::1
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 1000 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses.

Which is the same interface the ipv4 address comes up on:

Interface GigabitEthernet0/7.10 "2degrees10", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
        VLAN identifier 10
        Description: 2degrees
        MAC address 24e9.b392.0d96, MTU 1492
        IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.255
  Traffic Statistics for "2degrees10":
        258001448 packets input, 203508132527 bytes
        152127591 packets output, 123285082718 bytes
        971621 packets dropped

With an ipv6  route set:

L   fe80::/10 [0/0]
     via ::, 2degrees10
L   ff00::/8 [0/0]
     via ::, 2degrees10

but I don’t get anything else, I’ll try doing some debug over the weekend.

Thanks,

Bill

Sent from Mail for Windows 10

From: Andre Sencioles
Sent: Saturday, 6 October 2018 8:41 AM
To: ***@wjw.nz
Cc: ***@list.waikato.ac.nz
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB

Took me a while to get it working on my Linux router, but if I remember correctly, you can't request address allocation on the DHCP request. Needs to be PD only, else the DHCP server won't reply (something to do with the client excluding the address allocation from the PD request and the server not supporting the option, or the other way around).

The other thing I noticed was that DHCPv6 only worked after I had received the RA from the gateway and the default route was inserted.

So the process is:
1. PPPoE connected
2. SLAAC address assigned
3. RA received, default route added
4. DHCPv6 PD

This is the config I was using for DHCPcd:
interface pppoe
    ipv6rs
    ia_pd 1 wan/1 lan/2 dmz/3 lab/4 pppoe/5


Cheers,
Andre


On Fri, 5 Oct 2018 at 16:50, Bill Walker <***@wjw.nz> wrote:
Hi All,
 
I’ve been quite happily running a Cisco router at home on Snap/2degrees, but with the upgrade to UFB its not coping with the throughput.  I’ve managed to locate a suitably equipped ASA, however I cant get IPv6 going.  The config I have on the ASA is very similar to that of the router:
 
nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
 ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6
 
However, if I remember correctly the IPv6 dhcp assignment happens inside the PPPoE connection once its established. Can anyone confirm that or provide a working config?
 
In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)
 
Thanks,
 
Bill
 
Sent from Mail for Windows 10
 
Pieter De Wit
2018-10-06 05:52:43 UTC
Permalink
Firewall not dropping it ?

Sent from my iPhone
Post by Bill Walker
It’s trying, but not getting anything back
IPv6: Sending on 2degrees10
DHCPv6: DHCPv6 client process: going into wait for events...
ICMPv6-ND: Sending RA to ff02::1 on 2degrees10
ICMPv6-ND: MTU = 1492
IPv6: Packet src fe80::26e9:b3ff:fe92:d96 dest ff02::1 is pre-routed
IPV6: source fe80::26e9:b3ff:fe92:d96 (local)
dest ff02::1 (2degrees10)
traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating
IPv6: Sending on 2degrees10
DHCPv6: Event received major: 1, minor: 0
DHCPv6: Sending SOLICIT to ff02::1:2 on 2degrees10
IPv6 DHCP: detailed packet contents
src fe80::26e9:b3ff:fe92:d96
dst ff02::1:2 (2degrees10)
type SOLICIT(1), xid 7139920
option ELAPSED-TIME(8), len 2
option CLIENTID(1), len 10
0003000196D2533B450A
option ORO(6), len 4
DNS-SERVERS,DOMAIN-LIST
option IA-NA(3), len 12
IAID 0x00130001, T1 0, T2 0
Sent from Mail for Windows 10
From: Bill Walker
Sent: Saturday, 6 October 2018 9:31 AM
To: Andre Sencioles
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB
On the subinterface I see an address
2degrees10 is up, line protocol is up
IPv6 is enabled, link-local address is fe80::26e9:b3ff:fe92:d96
No global unicast address is configured
ff02::1:ff92:d96
ff02::2
ff02::1
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
Interface GigabitEthernet0/7.10 "2degrees10", is up, line protocol is up
Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
VLAN identifier 10
Description: 2degrees
MAC address 24e9.b392.0d96, MTU 1492
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.255
258001448 packets input, 203508132527 bytes
152127591 packets output, 123285082718 bytes
971621 packets dropped
L fe80::/10 [0/0]
via ::, 2degrees10
L ff00::/8 [0/0]
via ::, 2degrees10
but I don’t get anything else, I’ll try doing some debug over the weekend.
Thanks,
Bill
Sent from Mail for Windows 10
From: Andre Sencioles
Sent: Saturday, 6 October 2018 8:41 AM
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB
Took me a while to get it working on my Linux router, but if I remember correctly, you can't request address allocation on the DHCP request. Needs to be PD only, else the DHCP server won't reply (something to do with the client excluding the address allocation from the PD request and the server not supporting the option, or the other way around).
The other thing I noticed was that DHCPv6 only worked after I had received the RA from the gateway and the default route was inserted.
1. PPPoE connected
2. SLAAC address assigned
3. RA received, default route added
4. DHCPv6 PD
interface pppoe
ipv6rs
ia_pd 1 wan/1 lan/2 dmz/3 lab/4 pppoe/5
Cheers,
Andre
Hi All,
nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6
However, if I remember correctly the IPv6 dhcp assignment happens inside the PPPoE connection once its established. Can anyone confirm that or provide a working config?
In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)
Thanks,
Bill
Sent from Mail for Windows 10
_______________________________________________
NZNOG mailing list
https://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________
NZNOG mailing list
https://list.waikato.ac.nz/mailman/listinfo/nznog
Bill
2018-10-06 06:36:40 UTC
Permalink
I have packet level logging turned on, can’t see any drops. Also have logging on the default deny rule.



Sent from my iPhone
Post by Pieter De Wit
Firewall not dropping it ?
Sent from my iPhone
Post by Bill Walker
It’s trying, but not getting anything back
IPv6: Sending on 2degrees10
DHCPv6: DHCPv6 client process: going into wait for events...
ICMPv6-ND: Sending RA to ff02::1 on 2degrees10
ICMPv6-ND: MTU = 1492
IPv6: Packet src fe80::26e9:b3ff:fe92:d96 dest ff02::1 is pre-routed
IPV6: source fe80::26e9:b3ff:fe92:d96 (local)
dest ff02::1 (2degrees10)
traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating
IPv6: Sending on 2degrees10
DHCPv6: Event received major: 1, minor: 0
DHCPv6: Sending SOLICIT to ff02::1:2 on 2degrees10
IPv6 DHCP: detailed packet contents
src fe80::26e9:b3ff:fe92:d96
dst ff02::1:2 (2degrees10)
type SOLICIT(1), xid 7139920
option ELAPSED-TIME(8), len 2
option CLIENTID(1), len 10
0003000196D2533B450A
option ORO(6), len 4
DNS-SERVERS,DOMAIN-LIST
option IA-NA(3), len 12
IAID 0x00130001, T1 0, T2 0
Sent from Mail for Windows 10
From: Bill Walker
Sent: Saturday, 6 October 2018 9:31 AM
To: Andre Sencioles
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB
On the subinterface I see an address
2degrees10 is up, line protocol is up
IPv6 is enabled, link-local address is fe80::26e9:b3ff:fe92:d96
No global unicast address is configured
ff02::1:ff92:d96
ff02::2
ff02::1
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
Interface GigabitEthernet0/7.10 "2degrees10", is up, line protocol is up
Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
VLAN identifier 10
Description: 2degrees
MAC address 24e9.b392.0d96, MTU 1492
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.255
258001448 packets input, 203508132527 bytes
152127591 packets output, 123285082718 bytes
971621 packets dropped
L fe80::/10 [0/0]
via ::, 2degrees10
L ff00::/8 [0/0]
via ::, 2degrees10
but I don’t get anything else, I’ll try doing some debug over the weekend.
Thanks,
Bill
Sent from Mail for Windows 10
From: Andre Sencioles
Sent: Saturday, 6 October 2018 8:41 AM
Subject: Re: [nznog] IPv6 / Cisco ASA / 2degrees UFB
Took me a while to get it working on my Linux router, but if I remember correctly, you can't request address allocation on the DHCP request. Needs to be PD only, else the DHCP server won't reply (something to do with the client excluding the address allocation from the PD request and the server not supporting the option, or the other way around).
The other thing I noticed was that DHCPv6 only worked after I had received the RA from the gateway and the default route was inserted.
1. PPPoE connected
2. SLAAC address assigned
3. RA received, default route added
4. DHCPv6 PD
interface pppoe
ipv6rs
ia_pd 1 wan/1 lan/2 dmz/3 lab/4 pppoe/5
Cheers,
Andre
Hi All,
nterface GigabitEthernet0/7
description 2degrees
nameif EXTERNAL
security-level 0
no ip address
ciscoasa# sh run int gi0/7.10
!
interface GigabitEthernet0/7.10
description 2degrees
vlan 10
nameif 2degrees10
security-level 0
pppoe client vpdn group 2degrees
ip address pppoe setroute
ipv6 address autoconfig
ipv6 address dhcp
ipv6 enable
ipv6 dhcp client pd 2degrees-v6
However, if I remember correctly the IPv6 dhcp assignment happens inside the PPPoE connection once its established. Can anyone confirm that or provide a working config?
In case someone wants versions, the ASA is on 9.9.2 (asa992-smp-k8.bin)
Thanks,
Bill
Sent from Mail for Windows 10
_______________________________________________
NZNOG mailing list
https://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________
NZNOG mailing list
https://list.waikato.ac.nz/mailman/listinfo/nznog
Loading...