EdgeOS and IPv6 Revisited

About a week ago I noticed that my browsing was no longer using IPv6. How, you ask? I use IPvFoo, a Chrome extension that shows you in your address bar whether you are browsing a site using IPv4 or IPv6. True, only Google and Facebook are the sites that I browse regularly that use IPv6, but I still noticed that something was amiss. Not a high priority, I forgot about it for a few days until I saw a thread in the IPv6 subreddit which solved the mystery for me: Comcast had stopped giving out /60 address blocks to residential customers.

Why does this matter, just about anybody who isn’t a networking geek will ask? Well, I already have four VLAN set up in my home network, and I could foresee adding more if I get heavily into home automation. Network-connected home appliances aren’t terribly secure, so separating them into separate VLANs makes good security sense. With a /60 delegation, I have 16 subnets I can use in my home network, which is perfectly reasonable. Not to mention that the IETF (Internet Engineering Task Force, or the people that brought you the Interwebs) says that sites should be assigned a /48 or a /56. Now, home users would never need a /48, as no home user is going to manage 65,000+ subnets. a /56 gives you 256, more than enough for home use, and even small- to medium-sized businesses. A /60 is a “good enough” compromise for home users. A /64, which allows for one subnet only, is not acceptable.

According to that thread, and a very helpful Comcast user named virtuallynathan (can’t fault that name!), this was a mistake and all I needed was to clear my DUID. Small problem with that: my firmware was 1.5.0, and all of the cool IPv6 stuff was in 1.6.0. As you may recall, my initial IPv6 configuration was doable but not exactly plug-and-play. It required editing a lot of config files and scripts outside the bounds of the EdgeOS configure utility. The fine people over at Ubiquiti, though, listened to the complaints and added IPv6 functionality to the config in version 1.6.0 of the firmware, and they are up to 1.7.0.

Clearly, I was behind the times and needed to upgrade my firmware. I downloaded a backup of my current config (very important!) and did the firmware upgrade to 1.7.0. Nothing. Thinking that it’s not uncommon for firmware upgrades to require reconfiguration, I reset, got into the web GUI, and uploaded my old configuration. Nothing. Uh-oh.

The router wasn’t bricked: I could reset it to defaults and it would work. My guess is that something in my old config was not agreeing with the new firmware and it was choking and dying. Specifically, it may have been the old-style IPv6 configuration, or maybe the mDNS repeater I had to install. Whatever the case, I had to create the config from scratch. Good news: I had a backup of my config so I had something to work from. Bad news: even though it’s a text file and easy to understand, I had to type it in by hand, and my config was 2,000 lines long. Yikes.

Eventually, though, I did button everything up and get it working again. I used a neat little utility called WinMerge, which is a Windows diff tool, to compare my old and new configs to fix the inevitable typos, like when I allowed UDP over port 80 instead of TCP and wondered why web browsing was broken. And the new firmware even made IPv6 easier as promised! Here is my new IPv6 section, which is a far cry from what it took before:

[codesyntax lang=”text” lines=”no”]

ethernet eth2 { 
        address dhcp 
        description "WAN Port" 
        dhcpv6-pd { 
            pd 0 { 
                interface eth0.100 { 
                    host-address ::1 
                    prefix-id :0 
                    service slaac 
                } 
                interface eth0.4000 { 
                    host-address ::1 
                    prefix-id :F 
                    service slaac 
                } 
                interface eth1.200 { 
                    host-address ::1 
                    prefix-id :1 
                    service slaac 
                } 
                interface eth1.300 { 
                    host-address ::1 
                    prefix-id :2 
                    service slaac 
                } 
                prefix-length /60 
            } 
            rapid-commit enable 
        } 
        duplex auto 
        ipv6 { 
            dup-addr-detect-transmits 1 
        } 
        speed auto 
    }

[/codesyntax]

IPv6 is working again, I’m getting my /60, and so far nothing is broken. Let’s hope this continues.