I just upgraded my ancient SMC modem to a DPC3941B specifically for running IPv6 servers. After days of frustration my setup is finally working but only intermittently. The modem's built-in firewall starts dropping traffic after a day or so and then needs to be rebooted to fix it.
Here are some observations.
1. As noted in other forum threads, prefix delegation is broken. The modem will hand out prefixes to a downstream router but it won't blindly route packets with that prefix to the router like it should. Instead, the router sends a ICMPv6 neighbor-solicitation to the router first and awaits a response before routing traffic downstream.
If you're using OpenWRT as a router, you can work this problem by enabling an NDP proxy on the WAN and LAN interfaces in the router's DHCP settings. The NDP proxy lets the router broker the neighbor-solicitations and neighbor-advertisements that the modem so desperately desires.
With this setup, the modem will begin routing traffic downstream but there's a noticeable disruption on the first few packets as the modem awaits responses to its neighbor discovery request for each device that begins communicating.
2. The modem's IPv6 firewall is never truly turned off even when supposedly disabled by the user in the modem's settings.
At some point the modem will just decide to stop routing traffic downstream. The router can access IPv6 but anything behind router can't, even with the NDP proxy. In the modem's Firewall Logs, you'll see something like "FW.IPv6 FORWARD drop , 6769 Attempts".
Rebooting or reconfiguring the router or any other device downstream has no effect. The only solution seems to be to reboot the modem and wait for the problem to recur.
3. The modem is clearly at fault for failing to route the delegated prefixes correctly and for failing to disable its IPv6 firewall as requested.
Bonus: I don't know why but my static IPv6 /56 prefix changed when I swapped out a modem as part of trying to fix these issues. Maybe it wasn't provisioned correctly. I had to change all of my DNS AAAA records as a result.
Comcast's service technicians have been kind but their equipment is pretty broken. Has anyone found a reliable workaround or solution for IPv6 prefix delegation?
I am also having this issue after years with a working setup (also a Cisco, presumably with an older firmware). I would have suffered with the random reboots of the old device if I would have known my v6 (which is the majority of my traffic) would break.
Thanks so much for taking the time to reach out to us through our business forums. I very much appreciate your patience and greatly apologize for the delay in our response. I know how important the services are to your business and we want to do all that we can to assist. I am very sorry to hear that you are having so many issues with your IPV6 IP's. I heavily rely on my internet connection for business purposes so I know how impactful any issues can be to your business. I would love to get to the bottom of the issues you are experiencing. Can you please reach out through private message with your first and last name, business service address and account number or phone number?