IPv6 with PPPoE dial to ISP - No browsing

Lizzardd · July 7, 2020, 11:28am

I have looked at a number of posts on the forum on this topic, none have helped solve my issue.

My setup is a follows
PPPoE client on eth1
Eth2-5 are part of bridge-local
/interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE

0 R ether1-Fibre ether
1 RS ether2 ether
2 RS ether3 ether
3 RS ether4 ether
4 RS ether5 ether
5 X sfp1 ether
6 XS wlan2GHz wlan
7 XS wlan5GHz wlan
8 R ISP pppoe-out

IPv6 Dhclient
/ipv6> dhcp-client print
Flags: D - dynamic, X - disabled, I - invalid

INTERFACE STATUS REQUEST

0 ISP bound prefix

IPv6 Address List
/ipv6> address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local

ADDRESS FROM-POOL INTERFACE ADVERTISE

0 DL fe80::20c:42ff:fee3:c1cb/64 bridge-lan no
1 DL fe80::d6ca:6dff:fe6a:4ec6/64 ether1 no
2 G 2001:8f8:xxx:xxxx::1/64 ISP-IPv6 bridge-lan yes
3 DL fe80::5b/64 ISP no

IPv6 Pool
/ipv6> pool print
Flags: D - dynamic

NAME PREFIX PRE EXPIRES-AFTER

0 D ISP-… 2001:xxxx:xxxx:xxxx::/64 64 2d23h57m8s

IPv6 ND
/ipv6> nd print
Flags: X - disabled, I - invalid, * - default
0 * interface=all ra-interval=30s-1m20s ra-delay=3s mtu=unspecified
reachable-time=unspecified retransmit-interval=unspecified
ra-lifetime=30m hop-limit=unspecified advertise-mac-address=yes
advertise-dns=yes managed-address-configuration=no other-configuration=no

IPv6 Route
/ipv6> route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable

DST-ADDRESS GATEWAY DISTANCE

0 ADS ::/0 ISP 1
1 DS ::/0 fe80::200:5eff:fe00:1… 1
2 ADC 2001:xxxx:xxxx:xxxx::/64 bridge-lan 0
3 DSU 2001:xxxx:xxxx:xxxx::/64 1

IPv6 Firewall
/ipv6 firewall filter
add action=accept chain=input comment=“Accept: established, related” connection-state=established,related
add action=accept chain=input comment=“Accept: Link Local ICMPv6” protocol=icmpv6
add action=accept chain=input comment=“Accept: DHCPv6-Client prefix delegation” dst-port=564 protocol=udp src-address=ff80::/10
add action=accept chain=input comment=“Accept: Winbox” dst-port=8291 protocol=tcp
add action=accept chain=forward comment=“Accept: established,related, untracked” connection-state=established,related,untracked
add action=accept chain=forward comment=“Accept: established,related, untracked +NEW” connection-state=established,related,new,untracked

From my desktop I can ping the Mikrotik as well as Google DNS server
ping router6.lan -t
Pinging router6.lan [2001:xxxx:xxxx:xxxx:1::1] with 32 bytes of data:
Reply from 2001:xxxx:xxxx:xxxx:1::1: time<1ms
Reply from 2001:xxxx:xxxx:xxxx:1::1: time<1ms

ping -6 www.google.com -t
Pinging www.google.com [2a00:1450:4019:802::2004] with 32 bytes of data:
Reply from 2a00:1450:4019:802::2004: time=5ms
Reply from 2a00:1450:4019:802::2004: time=4ms

The problem seems to be only when browsing, I’m using the latest version of Chrome and Brave and neither seem to work
I have a ton of AAAA records in my DNS cache, so it seems traffic is moving, just no browsing

Lizzardd · July 7, 2020, 11:31am

Extra 2c, I’m using these site to test IPv6
https://ipv6test.google.com/
https://test-ipv6.com/
https://ipv6-test.com/

Lizzardd · July 9, 2020, 5:44am

And so after some more digging it gets even stranger
I decided to turn off my IPv4 network.

I am able to access some sites, but not all.
Even though I am able to resolve forum.mikrotik.com
nslookup forum.mikrotik.com
Server: UnKnown
Address: 2606:4700:4700::1002

Non-authoritative answer:
Name: forum.mikrotik.com
Addresses: 2a02:610:7501:1000::205
159.148.147.205

I am unable to browse this forum with IPv6 enabled, yet I can browser Youtube and stream just fine
I ran a IPv6 ping from https://www.ipaddressguide.com/ping6 to my PCs IP and I get a reply, so connectivity exists and is working

I just cannot explain why some sites aren’t browseable, even though I can resolve an IPv6 address for them

nithinkumar2000 · July 9, 2020, 6:36pm

Hi

IPv6 is still under implementation stage and still many popular contents are not ready with IPv6.
Also you need to setup IPv6 DNS in /ip dns.

Please ensure if you are able to resolve dns after turning off your ipv4 completely.

Lizzardd · July 10, 2020, 4:06pm

Yes as you can see as part of my posts I am able to resolve DNS for IPv6
I am also able to browse SOME ipv6 enabled sites when IPv4 is disabled

nithinkumar2000 · July 13, 2020, 4:48am

What are the sites which you are unable to access??

Lizzardd · July 13, 2020, 5:15am

This forum is one of them, even though as you can see I am able to resolve it
Also the IPV6 testing sites all state I am not using IPv6
https://ipv6test.google.com/
https://test-ipv6.com/
https://ipv6-test.com/

I can access https://ipv6.google.com/ however

mducharme · July 13, 2020, 5:17am

Probably an MTU issue. Try some pings with different packet sizes to determine what your MTU limit is. Usually the PPPoE client MTU limit is 1480 or 1492, but RFC 4368 PPPoE servers allow up to 1500 MTU, as long as your client is configured for 1500..

nithinkumar2000 · July 13, 2020, 5:43am

I accept with mducharm

Please check MTU value.

we use
MTU: 1480
MRU:1480
MRRU: 1600

Worng MTU may result in packet fragmentation causing broken webpages and browsing issues…

Lizzardd · July 13, 2020, 5:50am

Would this be on the PPPoE Interface?

/interface pppoe-client
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether1-Fibre keepalive-timeout=10 max-mru=1480 max-mtu=1480 mrru=1600 name=ISP profile=default service-name=“”
use-peer-dns=n

mducharme · July 14, 2020, 12:51am

Yes - try increasing both max-mru and max-mtu to 1500 and check the status of the PPPoE connection after it comes up, If you see the actual MTU and MRU in the status tab are 1500 then your ISP supports RFC 4638, and everything should start working. If either are below 1500, then they do not support RFC4638 and you should lower both back to 1480 and reconfigure your internal IPv6 ND (Neighbor Discovery) to advertise an MTU of 1480 instead.

Lizzardd · July 14, 2020, 4:10am

Thanks, the missing piece was configuring the ND
I did some testing as well as checked the info on the PPPoE connection and my max is 1480
Will try again with 1480 on the ND

Lizzardd · July 14, 2020, 4:40am

Thanks guys, that seems to have been the magic switch
Set the MTU on ND to match the max on the PPPoE and all is working for now

nithinkumar2000 · July 14, 2020, 5:40am

AWESOME

dmirandaa · March 7, 2022, 5:44pm

Hello, sorry to dig this old post, but I’ve been searching for the last two weeks and this is the closest I reach to my problem.

I’m using routerboard v7.1.3

/system/routerboard> print 
       routerboard: yes
             model: RB5009UG+S+
     firmware-type: 70x0
  factory-firmware: 7.0.5
  current-firmware: 7.1.3
  upgrade-firmware: 7.1.3

My ISP is delivering a /64 prefix of IPv6 throught PPPoE

ipv6/dhcp-client/print 
Columns: INTERFACE, STATUS, REQUEST, PREFIX
# INTERFACE   STATUS  REQUEST  PREFIX                           
0 pppoe-vivo  bound   prefix   2804:0x0:0000:x0x0::/64, 11h33m1s

PPPoE interface config is:

Actual MTU: 1480
Max MTU: 1480
Max MRU: 1480
Use Peer DNS: no
Add Default Route: yes
Default Route Distance: 1

IPv6 ND

ipv6/nd/print 
Flags: X - disabled, I - invalid; * - default 
 0  * interface=bridge ra-interval=3m20s-10m ra-delay=3s mtu=1480 
      reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m 
      hop-limit=64 advertise-mac-address=yes advertise-dns=yes 
      managed-address-configuration=yes other-configuration=yes 
      dns=2606:4700:4700::1111,2606:4700:4700::1001

I’m getting dynamic IPv6 DNS from the ISP

ip/dns/print 
                      servers: 1.1.1.1,1.0.0.1
              dynamic-servers: 2804:0x0:0000:0000::99,2804:0x0:0000:0000::98
               use-doh-server: 
              verify-doh-cert: no
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1w
                   cache-used: 69KiB

IPv6 Route

ipv6/route/print 
Flags: D - DYNAMIC; A - ACTIVE; c, d, v, y - COPY; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
     DST-ADDRESS              GATEWAY                              DISTANCE
DAd+ ::/0                     fe80::a67b:2cff:fef1:657%pppoe-vivo         1
DAv+ ::/0                     pppoe-vivo                                  1
DAc  2804:0x0:0000:x0x0::/64  bridge                                      0
D d  2804:0x0:0000:x0x0::/64                                              1
DAc  fe80::%ether1/64         ether1                                      0
DAc  fe80::%bridge/64         bridge                                      0
DAc  fe80::%zerotier/64       zerotier                                    0
DAc  fe80::%pppoe-vivo/64     pppoe-vivo                                  0

So, after this prologue, my problem is that I only get IPv6 working (Tested in ipv6-test.com) if I delete IPv6 Address List entry for ppoe-vivo interface (item 4 on below table)

IPv6 Address List

ipv6/address/print 
Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, FROM-POOL, INTERFACE, ADVERTISE
#    ADDRESS                       FROM-POOL  INTERFACE   ADVERTISE
;;; Pool Vivo
0  G 2804:0x0:0000:x0x0::/64       pool-vivo  bridge      yes      
1 DL fe80::485c:67ff:fed2:4aef/64             zerotier    no       
2 DL fe80::de2c:6eff:fe45:ddc9/64             ether1      no       
3 DL fe80::de2c:6eff:fe45:ddca/64             bridge      no       
4 DL fe80::10/64                              pppoe-vivo  no

The problem is that when the release time ends I can’t get a prefix update from ISP without restore the pppoe-vivo interface.

I did a script to figured out, but this is annoying because I need to disable and re-enable the PPPoE interface every 12 hours to update my IPv6 prefix.

interface/disable pppoe-vivo
:delay 2s
interface/enable pppoe-vivo
:delay 5s
ipv6/address/remove numbers=[find interface=pppoe-vivo]

This is my Windows 11 ethernet config. Note that my default IPv6 gateway is from bridge interface

Ethernet:

   DNS sufix . . . . . . :
   IPv6 Address . . . . . . . . . . : 2804:0x0:0000:x0x0:9918:f83f:7bed:699b
   Temporary IPv6 Address. . . . . . . . : 2804:0x0:0000:x0x0:f195:35b3:6072:c765
   local link IPv6 Address . . . . . . . . : fe80::9918:f83f:7bed:699b%20
   IPv4 Address . . . . . . . .  . . . . . . . : 192.168.88.10
   Sub-net mask . . . . . . . . . . . . : 255.255.255.0
   Default Gateway. . . . . . . . . . . . . . . : fe80::de2c:6eff:fe45:ddca%20
                                                 192.168.88.1

Is anyone through this sort of problem?

I have no clue anymore.

dmirandaa · March 10, 2022, 5:10am

Apparently I solved my problem described above.

I’ve changed my DHCPv6 Client to not use Default route from ISP and IPv6 stills working without needed to remove IPv6 interface for PPPoE.

ipv6/dhcp-client/add interface=pppoe-vivo request=prefix pool-name=pool-vivo pool-prefix-length=64 use-peer-dns=yes use-interface-duid=yes rapid-commit=yes add-default-route=no