IPv6 prefix delegation workaround and lingering reliability issues
I just upgraded my ancient SMC modem to a DPC3941B specifically for running IPv6 servers. After days of frustration my setup is finally working but only intermittently. The modem's built-in firewall starts dropping traffic after a day or so and then needs to be rebooted to fix it.
Here are some observations.
1. As noted in other forum threads, prefix delegation is broken. The modem will hand out prefixes to a downstream router but it won't blindly route packets with that prefix to the router like it should. Instead, the router sends a ICMPv6 neighbor-solicitation to the router first and awaits a response before routing traffic downstream.
If you're using OpenWRT as a router, you can work this problem by enabling an NDP proxy on the WAN and LAN interfaces in the router's DHCP settings. The NDP proxy lets the router broker the neighbor-solicitations and neighbor-advertisements that the modem so desperately desires.
With this setup, the modem will begin routing traffic downstream but there's a noticeable disruption on the first few packets as the modem awaits responses to its neighbor discovery request for each device that begins communicating.
2. The modem's IPv6 firewall is never truly turned off even when supposedly disabled by the user in the modem's settings.
At some point the modem will just decide to stop routing traffic downstream. The router can access IPv6 but anything behind router can't, even with the NDP proxy. In the modem's Firewall Logs, you'll see something like "FW.IPv6 FORWARD drop , 6769 Attempts".
Rebooting or reconfiguring the router or any other device downstream has no effect. The only solution seems to be to reboot the modem and wait for the problem to recur.
3. The modem is clearly at fault for failing to route the delegated prefixes correctly and for failing to disable its IPv6 firewall as requested.
Bonus: I don't know why but my static IPv6 /56 prefix changed when I swapped out a modem as part of trying to fix these issues. Maybe it wasn't provisioned correctly. I had to change all of my DNS AAAA records as a result.
Comcast's service technicians have been kind but their equipment is pretty broken. Has anyone found a reliable workaround or solution for IPv6 prefix delegation?