How to setup IPv6 without Comcast DHCPv6 prefix delegation
With the troubles I've had with IPv6 with this week's modem firmware update, I've determined how to utilize IPv6 without the modem's DHCPv6 PD. I've already commented on this in another thread, but I've decided to start another thread here as I've learned a bit more and so far things seem stable. I've also never seen this explained on these forums (though the last time I checked was definitely a while ago).
I've set this up with PfSense, but I'm going to keep this relatively general as I'm sure it will work on most other competent routers.
Set your WAN and LAN interfaces to static. Assign an IPv6 address to your WAN interface that's in the same /64 that it was in previously when using DHCPv6 or SLAAC/autoconf before.
For your LAN interface, assign it a /64 that falls under your allocated /56. If you have more than one LAN interface, repeat using distinct prefixes that fall under your /56.
At least for PfSense, you'll need to add a default gateway for IPv6. PfSense won't let you pick up your IPv6 gateway automatically. It must be static. Use the modem's global address .Do NOT use the link-local address of your Comcast modem. While the link-local address will also work, I've found it can change on its own where as the global address seems to be stable (or at least less unreliable).
Under PfSense, you don't need to set an explicit default IPv6 gateway for your WAN interface. Even with the "None" setting, it will work as long as you have a default IPv6 gateway defined under the routing settings. If you have no default IPv6 gateway defined in the routing settings, you'll obviously have no default gateway at all. :)
Enable router advertising on your WAN interface. Under the subnets setting, you need to add your /56 network in order for external traffic to be routed to your LANs. You probably want to leave DHCPv6 off for your WAN interface to avoid conflicts with the modem (though if you want control over your IPv6 WAN, you could probably enable the DHCPv6 server on your WAN interface after disabling DHCPv6 on your modem).
Enable router advertising on your LAN interfaces as before. You can also enable DHCPv6 on your LAN interfaces too if you like and it will work fine.
IMPORTANT NOTE about DHCPv6 static mappings on your LAN interfaces... When previously using DHCPv6 prefix delegation from the Comcast modem, I could define static mappings with the addresses formatted as ::xxxx:4, etc. And DHCPv6 was smart enough to fill in the prefix that had been delegated to the given LAN interface... When not using DHCPv6 prefix delegation from the modem, this no longer works. You'll need to have the full IP's in your static mappings. Ie, the previous example would have to be like: 1111:2222:3333::xxxx:4. This seems to a general thing, and not limited to PfSense from what both research and IRC have told me (at the absolute least, it's an ISC DHCPD thing).
That's it. Pretty straight forward. My IPv6 has been stable for over 24 hours now (and the most stable it's been since the firmware update) with the above setup.
Even before this recent firmware update, IPv6 under Comcast was never great for me. Occasionally, something would break with the IPv6 PD on the Comcast modem, and I could fix things by essentially refreshing my interfaces on the router (even this didn't work with this week's firmware update, I had to power cycle the modem to get IPv6 backup). Sometimes this would happen several times in a week, other times I'd have no problems for a good 3-4 months. Most of the time it would happen, no changes had been made to the router. I worked with a friend who has a ton of IPv4/IPv6 experience who's also on Comcast Business to no avail. Their IPv6 is reliable, but they've also refused to upgrade to faster service in order to stay with an older and more reliable modem.
- The prefixes I'm using for my LANs are the same ones that had been allocated previously to me by DHCPv6 in order to avoid re-IP'ing again. I suspect it would still work reliably had I chosen entirely different prefixes (that still fall under my /56).
- With DHCPv6 PD, asking for /56 never worked. The best I could get working was a /59, which is still a fair amount more than I could ever need. While I think /56 will work following the above instructions, I could be wrong. If having problems, it may make sense for you to limit it to /59 (both in terms of the range you allocate your LAN prefixes from as well as the router advertising) Just In Case as the limitation may not simply be with the DHCPv6 server in the modem, but could also be due to some other limitations in the modem's firmware or hardware.
- To get around having to statically add your modem's global address as a static route, you can probably set the WAN interface of your router to use DHCPv6 or SLAAC while keeping your LAN interfaces strictly static, but I haven't tried this yet. This could negate the need to have router advertising on your WAN interface as well.
- Even with your router advertising itself as the route for your /56, I've found that other devices on your WAN's network have trouble talking to devices on your LANs. I've had to add a static IPv6 route on other devices that are on the WAN. I set the router's WAN address as the default route for my LAN networks. Ie, this works for Linux:
route -A inet6 add <LAN>/64 gw <WAN-IPv6-ADDRESS>
I think what's happening is that the Comcast modem is advertising itself as the route for my /56 as I see devices on the WAN network sending neighbor solicitations for addresses on the LAN they're trying to reach in spite of being on different prefixes. Perhaps disabling DHCPv6 on the Comcast modem would resolve this? Also, with the above command, you could probably alter it to be for your entire /56, but I haven't messed with it too much.
Hope someone finds this useful!