Issue:
My iOS and MacOS devices “lose” their ipv6 connectivity after a period of time - generally a few hours. It’s hard to pinpoint what’s happening on the iPhone, but on MacOS the default route drops off my routing table suddenly.
I can resolve this quickly by disabling and re-enabling my wifi interface.
Any help or tips would be greatly appreciated!
Setup:
I have a pretty stock standard setup. I get a /48 prefix from my ISP, that I then assign to a few VLANs on my network. I try to keep the config pretty lean -
/ipv6 settings
set accept-router-advertisements=yes
/ipv6 dhcp-client
add interface=ether2 pool-name=isp_prefix request=address,prefix use-peer-dns=no
/ipv6 address
add eui-64=yes from-pool=isp_prefix interface=vlan5
add eui-64=yes from-pool=isp_prefix interface=vlan10
add eui-64=yes from-pool=isp_prefix interface=vlan15
/ipv6 nd
set [ find default=yes ] disabled=yes
add dns=2620:fe::11,2620:fe::fe:11 interface=vlan10
add dns=2620:fe::11,2620:fe::fe:11 interface=vlan5
add dns=2620:fe::11,2620:fe::fe:11 interface=vlan15
add advertise-dns=no interface=ether2 ra-lifetime=none
not sure about:
add advertise-dns=no interface=ether2 ra-lifetime=none
ra-lifetime (none | time; Default: 30m)
Sets the RA lifetime. A Lifetime of 0 indicates that the router is not a default router.(see Section 6.2.3 of RFC 4861)
seems incorrect to me.
my entries are all like
add interface=ether1 other-configuration=yes ra-interval=20s-1m
and they seem to work
edit: looking closer Im not sure if “none” means 0 or not. should probably check the actual value with
/ipv6/nd print
Thanks - I should clarify that ether2 is my WAN interface.
You need to advertise via ND to your host networks also, right? Or am I missing something here.
Guess Id still like to see some show commands
/ipv6/nd print
/ipv6/pool/used/ print
/ipv6/address/ print
/ipv6/dhcp-client/ print
remove anything too secret
add interface=ether1 other-configuration=yes ra-interval=20s-1m
>
Don't I only need other-configuration set if I'm running a dhcp6 server?
Is there a reason you've set your ra interval so low (ie. instead of the default 3-10 mins?)
I guess my point was you need ND on host networks. The defaults should be fine.
> /ipv6/nd/print
Flags: X - disabled, I - invalid; * - default
0 X* interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium hop-limit=unspecified
advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no other-configuration=no
1 interface=vlan10 ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium hop-limit=unspecified
advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no other-configuration=no
dns=2620:fe::11,2620:fe::fe:11
2 interface=vlan5 ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium hop-limit=unspecified
advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no other-configuration=no
dns=2620:fe::11,2620:fe::fe:11
3 interface=vlan15 ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
retransmit-interval=unspecified ra-lifetime=30m ra-preference=medium hop-limit=unspecified
advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no other-configuration=no
dns=2620:fe::11,2620:fe::fe:11
4 interface=ether2 ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified
retransmit-interval=unspecified ra-lifetime=none ra-preference=medium hop-limit=unspecified
advertise-mac-address=yes advertise-dns=no managed-address-configuration=no other-configuration=no
> /ipv6/pool/used/print
Columns: POOL, PREFIX, OWNER, INFO
POOL PREFIX OWNER INFO
isp_prefix REDACTED::/64 Address vlan5
isp_prefix REDACTED:1::/64 Address vlan10
isp_prefix REDACTED:2::/64 Address vlan15
Columns: INTERFACE, STATUS, REQUEST, PREFIX, ADDRESS
# INTERFACE STATUS REQUEST PREFIX ADDRESS
;;; ipv6 prefix only
0 ether2 bound address REDACTED::/48, 57m46s REDACTED::, 57m46s
prefix
Im not noticing anything obvious. Maybe some of the gurus here can help you out.
It might be interesting to to see why the macos clients arent seeing the RAs in time to keep their routes. Perhaps watching packet captures.
If you want to just watch the ipv6 default route on a Mac theres
route -vn monitor -inet6 default
No worries. Thanks for your help!
Do you have IGMP Snooping turned on on the router?
Because what you observed is common on configurations with IGMP Snooping enabled on hardware offloaded bridge (like my RB5009) when VLANs are in used. After some time, the MDB table no longer has the entries for the multicast addresses of the devices, as a result the router advertisement packets are no longer sent to the ports the devices are connected to. But if you don’t have IGMP Snooping enabled then this is not relevant.
It would be super interesting to see if you are still receiving router advertisements on one of your Macs after youve lost the default route.
If you happen to have tcpdump installed you could
sudo tcpdump -vvvn -i en0 icmp6 and ip6[40] == 134
BTW the “other-configuration=yes” in my config wasnt affecting anything afterall
I upgraded to 7.18 and haven’t been able to replicate the issue since. I’ll report back if it re-occurs.
Appreciate your help eltikpad and CGGXANNX.
This is still happening.
I took some packet captures during the issue - it’s still receiving router advertisements as you would expect. Just no default route.
Very interesting… would you mind sharing the decode of one of your RAs? There isnt much to note in them that they are advertising a default router.
Here is an example
15:17:47.887051 IP6 (class 0xc0, flowlabel 0x16d3e, hlim 255, next-header ICMPv6 (58) payload length: 96) fe80::xxxx:xxxx:xxxx:xxxx > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 96
hop limit 0, Flags [none], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
source link-address option (1), length 8 (1): 08:xx:xx:xx:xx:xx
0x0000:
rdnss option (25), length 40 (5): lifetime 900s, addr: 2606:xxxx:xxxx::1001 addr: 2606:xxxx:xxxx::1111
0x0000:
0x0010:
0x0020:
prefix info option (3), length 32 (4): 2601:xxxx:xxxx:xxxx::/64, Flags [onlink, auto], valid time 2592000s, pref. time 604800s
0x0000:
0x0010:
.
The “pref medium, router lifetime 1800s” part is its offer to be your router
If they do not have a default route themselves, routers will advertise “route info option (24)” with the networks they know how to reach.
The " prefix info option" is how you choose an IPv6 address in SLAAC.
Frame 15: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits) on interface en0, id 0
Ethernet II, Src: Routerboardc_bc:xx:xx (xx:xx:xx:xx:xx:xx), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::xxxx:xxxx:xxxx:xxxx, Dst: ff02::1
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xcd82 [correct]
[Checksum Status: Good]
Cur hop limit: 0
Flags: 0x08, Prf (Default Router Preference): High
0... .... = Managed address configuration: Not set
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 1... = Prf (Default Router Preference): High (1)
.... .0.. = ND Proxy: Not set
.... ..00 = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : xx:xx:xx:xx:xx:xx)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: Routerboardc_bc:xx:xx (xx:xx:xx:xx:xx:xx)
ICMPv6 Option (Recursive DNS Server 2620:fe::11 2620:fe::fe:11)
Type: Recursive DNS Server (25)
Length: 5 (40 bytes)
Reserved
Lifetime: 1800 (30 minutes)
Recursive DNS Servers: 2620:fe::11
Recursive DNS Servers: 2620:fe::fe:11
ICMPv6 Option (Prefix information : xxxx:xxxx:xxxx:1::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..0. .... = Router address flag(R): Not set
...0 0000 = Reserved: 0
Valid Lifetime: 2592000 (30 days)
Preferred Lifetime: 604800 (7 days)
Reserved
Prefix: xxxx:xxxx:xxxx:1::
Assuming the advertised prefix is correct for your network I dont see anything wrong there.
The odd thing is that
Prf (Default Router Preference): High
I dont know of any way to set this preference level in RouterOS, and I dont know of a mechanism to cause this. Is there any chance there’s another router advertising into this network? Very strange.
Yes I adjusted the “RA preference” to high earlier today to see if that helped. It didn’t.
Well go figure…
Trying to get some info for more guesses:
Do all the devices lose their default route at the same time?
Do all the devices lose their default router about the same time since the interface came up?
Was the packet above captured while the device did not have a default route?
Some quick searches haven’t come up with anything like this. One thread about a guy that had a default route tied to a vpn interface that went up and down. Some folks with odd sysctl settings. Nothing solid though.
Is there anything your Mac and IOS devices have in common? Do you use some central config for them? Anything else distinct about them?
Any other routing devices on this segment that might be affecting things?
If it is your Mikrotik, its got to be something in the config because others here are running fine with same software (and i guess hardware, but I haven’t seen you describe your setup).