Skip to content
Skip to main content
flyingrobots's profile
flyingrobots
1st Reply
Expressive Exchange
1st Topic

New problem solver

 • 

37 Messages

Wednesday, October 15th, 2025

Routing IPv6 packets to statically defined IPv6 network

Routing IPv6 packets to statically defined IPv6 network

The only way to get Comcast equipment to route IPv6 packets to your network is to either use

  1. DHCPv-PD
  2. or use a NDP Proxy to answer Comcast's  Neighbor Solicitation requests 

Using DHCPv6-PD is a problem if you have servers with a static IPv6 address as Comcast rotates prefix delegations over time. 

Using a NDP Proxy is a straight forward way to get around this limitation.

FreeBSD has a kernel module called ndproxy.  You can either use pfSense (which is FreeBSD based) and manually install ndproxy (see the discussion at https://redmine.pfsense.org/issues/14032

or

Put a FreeBSD device (or virtual machine) with ndproxy included on the same network segment as your Comcast Modem and router, and configure FreeBSD's ndproxy to answer Neighbor Solicitations with your router's interface details.

Information on ndproxy can be found here: https://man.freebsd.org/cgi/man.cgi?query=ndproxy

The interface that is feeding ndproxy must be put in promiscuous mode because it can't know all of the IPv6 addresses behind your router and icmp6 messages won't make it to ndproxy if promiscuous mode isn't turned on.

This is working for us.  It isn't an optimal solution, but for now it suffices.

Question

 • 

Updated 

6 days ago

 • Edited

45

1

Oldest First
Selected Oldest First
rob__jr

New problem solver

 • 

48 Messages

1 month ago

Hey @flyingrobots , have you had any luck asking for a specific /59 out of the /56 static block?  That works for me....sometimes.  If you run linux, you can install the program sipcalc (a package in Ubuntu) or use an online calculator to calculate the exact /59 blocks that reside within the static /56.

I've used this one online:
https://subnettingpractice.com/ipv6-subnet-calculator.html

If you put in your starting /56 block and go down and pick /59 and click "calculate" , you will get the /59 boundaries. 

For example: 

If you input: 2001:100:100::/56, and calculate the /59's you'll get:

2001:100:100::/59 (First /59 resolved for devices directly connected to the cable modem)
2001:100:100:20::/59
2001:100:100:40::/59
2001:100:100:60::/59
2001:100:100:80::/59
2001:100:100:a0::/59
2001:100:100:c0::/59
2001:100:100:e0::/59


Then you can send a prefix hint of 2001:100:100:c0::/59 and you may(be) will get that exact block.

I've had some luck requesting a specific /59 right after the cable modem boots and getting/keeping that block.... It's worth a shot.

(edited)

5

0

flyingrobots

New problem solver

 • 

37 Messages

That's cool.  I haven't tried.  I'm just defining a bunch of /64 subnets....

Like

Reply

1 month ago

0

heimdal

New problem solver

 • 

16 Messages

Up until the latest firmware, which broke PD, I have had success requesting specific /59's.  I have gotten the exact same block for years using that method. 

I did find if you request anything larger than a /59, you get nothing.  I don't need anything bigger, so I never investigated what was going on.

Like

Reply

7 days ago

0

allan

New Contributor

 • 

24 Messages

Like @heimdal​, my PD is currently broken. When it was working, I tried different combinations to get a /58 with no luck so I think /59 is hardcoded into its DHCP service. One tip, the modem uses the ia-pd index in your request. If you received a prefix on index 0, it will not hand out a different prefix under index 0. The same goes for the prefix it handed out. You can’t request it on another index.

Until its lease expires, that prefix is tied to that index. Your options are to request a different prefix+index or reboot the modem to clear its lease table. I have mine set to request from the middle of that /56 so I use 2603:3018:xxxx:xx80::/59 in my dhcp client configuration.

Like

Reply

7 days ago

heimdal

New problem solver

 • 

16 Messages

Thanks for that.  Once PD is fixed I do plan to do some playing around.  I'm grabbing the xx60::/59 currently for similar reasons.  I'm using opnsense.  I'm thinking about playing with a custom dhcp6c.conf because I'd really like my IOT vlan very separated from everything else--not that it really matters.

But, alas, right now none of the PD is working.

Like

Reply

7 days ago

0

rob__jr

New problem solver

 • 

48 Messages

@allan​ I saw the same behavior.  Do NOT request index 0.

Like

Reply

6 days ago

0