IPv6 client problems with bonded WAN

bluebsh · September 24, 2018, 2:33pm

I have a Motorola MB8600 cable modem which has 4 ports on it that can all be bonded via link aggregation grouping…

When I connect two ports on the modem to two ports on the Microtik router, set up an interface bond with ether1 and ether2 being bonded via LACP I can no longer get an IPv6 address via the DHCPv6 client on the router.

If I go to a single WAN port and have no bonding set up I can bind to an IPv6 address just fine.

My IPv6 config is pretty simple, I have Comcast as my ISP and we just get a /64 block via a DHCPv6 client.

ether1 and ether2 are the ports I’m using for my bonded WAN
ether3 is to my LAN

below is my config that works fine when no bond is set up

# sep/24/2018 10:28:06 by RouterOS 6.43.2
# software id = JGID-4PLY
#
# model = RouterBOARD 3011UiAS
# serial number = 5D6A05225239
/ipv6 address
add address=::1 from-pool=Comcast_IPv6 interface=ether3-lan
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-wan1 pool-name=Comcast_IPv6 request=address,prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] disabled=yes
add interface=ether3-lan other-configuration=yes ra-delay=5s ra-interval=5s-30s

to create the bond, I just make a bonding interface, assign ether1 and ether2 as slaves with LACP and mii as the the link monitoring then change all my references to ether1 to the bonding interface

as soon as I do this my DHCPv6 client goes into “searching” status and never moves from that. when it’s not the wan is not bonded it goes from searching to bound status within a second

now when I mess with the DHCPv6 client some I can get it to find after a while, if I turn the prefix off and tell it to just request an address after a few minutes it will go to bound as the status, but of course I do not have my /64 prefix in my address pool now… and IPv6 doesn’t work outside my router

anything that would cause this or anything that I could look at?

xvo · September 24, 2018, 3:53pm

Have you tried 6.42.7?
It seems that something is broken in DHCPv6 in 6.43
However previous messages were about DHCPv6-server, not the client.
So it’s just a wild guess.

mducharme · September 24, 2018, 4:47pm

I think the problem might be that you didn’t have the bonding set up from the beginning and so the ISP has certain things associated with your existing ether1 MAC, link-link local, and IAID. When you go to the bonding interface, two things may happen:

Your MAC address may change that you connect to the ISP over, and then your link local address would also change, since the link local address for the bonding interface would derive from its MAC
Your DHCPv6 IAID may change since the bonding interface could have a different IAID than ether1 does

To the ISP, it may look like you have plugged in a second router at the same time. Therefore, before you go from using ether1 to the bonding interface, you should actually probably manually do a “release” on your DHCPv6 prefix lease (so that your ISP will release it on the back end) and then temporarily disable the DHCPv6 client so that it doesn’t try to get an address again until you go to bonding. You may have to reboot the cable modem to free any association that it has with a certain DUID and IAID and MAC and link-local. Then add the bonding interface, change the config to use that instead of ether1 for all of your stuff, and re-enable the DHCPv6 client. The ‘memory’ of the old configuration should now be gone from your cable modem and the back end systems of the ISP, and if that was causing the problem in the first place, it should be fixed.

bluebsh · September 25, 2018, 1:36am

to create the bond, I just make a bonding interface, assign ether1 and ether2 as slaves with LACP and mii as the the link monitoring then change all my references to ether1 to the bonding interface

as soon as I do this my DHCPv6 client goes into “searching” status and never moves from that. when it’s not the wan is not bonded it goes from searching to bound status within a second

now when I mess with the DHCPv6 client some I can get it to find after a while, if I turn the prefix off and tell it to just request an address after a few minutes it will go to bound as the status, but of course I do not have my /64 prefix in my address pool now… and IPv6 doesn’t work outside my router

anything that would cause this or anything that I could look at?

To the ISP, it may look like you have plugged in a second router at the same time. Therefore, before you go from using ether1 to the bonding interface, you should actually probably manually do a “release” on your DHCPv6 prefix lease (so that your ISP will release it on the back end) and then temporarily disable the DHCPv6 client so that it doesn’t try to get an address again until you go to bonding. You may have to reboot the cable modem to free any association that it has with a certain DUID and IAID and MAC and link-local. Then add the bonding interface, change the config to use that instead of ether1 for all of your stuff, and re-enable the DHCPv6 client. The ‘memory’ of the old configuration should now be gone from your cable modem and the back end systems of the ISP, and if that was causing the problem in the first place, it should be fixed.

I tried the release the DHCPv6 lease and disabled the client before it renewed… restarted the modem set up bonding all over again.. kind of the same result

when I request an address and prefix it just sits at searching forever… but now when I request only an address it binds instantly like it does when it’s not bonded…

so one step forward but still not getting a prefix so I can build my address pool out

I can ping an IPv6 address from the router when I bind with just an address request so it’s at least talking IPv6 at the router

my DUID appears to of changed when I did the release and rebuild of the modem and bond config

mducharme · September 25, 2018, 2:31am

It sounds like they may not actually be removing your prefix lease at the back end when you do the release. They probably limit you to one prefix at a time, and the release isn’t clearing this up for another device. This seems to me to be more likely a problem with the ISP than with your device. If you can live without IPv6 for a few days, I would check the expiry time, tell the DHCPv6 client to release, and wait until after the expiry time for the lease to reconfigure the bonding and hopefully get a working lease. Or, call their support and get them to clear your prefix lease if you can, as though you got a new router.

bluebsh · September 26, 2018, 12:43pm

possibly the cause, my prefix lease is for 2 more days when I looked this morning… I released again, disabled IPv6, and will let it set for a few days and try again to see how it responds

techobrien · October 1, 2020, 1:15am

Did you get this issue resolved? I’m experiencing the same problem right now (ironically, also with an mb8200 and comcast) and would like to know if the lease expiration ended up being the issue.