Reply
New Member
Posts: 6
Registered: ‎05-12-2017

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I have the same issue in SF, CA. Like fibroce I also have an Arris SB 6183. I wonder if the modem has a part to play here.

New Member
Posts: 11
Registered: ‎10-26-2016
Kudos: 5
Solutions: 1

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I too had no luck with hwnat enabled - Arris SB6183, Comcast Business 50/10, ER-X v1.9.1.1.

 

Disabled hwnat, rebooted, and IPv6 came up immediately.

Regular Member
Posts: 545
Registered: ‎09-23-2015
Kudos: 196
Solutions: 4

Re: Comcast IPv6 issues when hwnat enabled on ER-X

@UBNT-sandisn is this thread still being tracked at UBNT? I think we've got enough users that experience this that you could be collecting a lot of data from them to track down the cause of the issue. Thanks!

This is where I used to list my UBNT gear, but now it's mostly stuff I'm not allowed to talk about yet. Man Wink
942.22 Mbps down / 926.27 Mbps up (http://result.googlefiber.net/share/316298352.png)
My Blog: http://www.stevejenkins.com/
Ubiquiti Employee
Posts: 482
Registered: ‎01-06-2017
Kudos: 178
Solutions: 20

Re: Comcast IPv6 issues when hwnat enabled on ER-X

[ Edited ]

@flbroce ,@jassmith87, @computertechs Is it possible to change the cable modem from Arris SB 6183 to a different model?

New Member
Posts: 6
Registered: ‎05-12-2017

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Unfortunately I don't have a replacement modem to test with. Well I mean I have the ISP provided modem/router box but that would defeat the purpose.
New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I don't have a different modem either. If I aquire one I will test however, this one seems to work

fine other than that issue.

 

Fb

New Member
Posts: 11
Registered: ‎10-26-2016
Kudos: 5
Solutions: 1

Re: Comcast IPv6 issues when hwnat enabled on ER-X

No, I am at a remote office and would have to buy another one and have it shipped here to test. HWNAT provides no performance improvement for a 50/10 internet connection anyway so no real reason to do that.

New Member
Posts: 27
Registered: ‎05-28-2017
Kudos: 10

Re: Comcast IPv6 issues when hwnat enabled on ER-X

[ Edited ]

 Just a suggestion....

 

 

We've been having no problems with IPV6 and hwnat on Comcast in eastern Massachusetts with an ER-X running v1.9.1 and an Arris/Motorola SB6121 modem.

 

One thing I notice in some of the configurations being posted is that the IPV6 firewall configuration looks a little iffy. Unless I'm mistaken, you want to allow DHCPv6 and ICMPv6 inbound from WAN to LOCAL (the router), but not inbound from WAN to LAN ("in"). You need 2 different rulesets.

 

Our WAN interface definition looks like this:

 

    ethernet eth0 {
        address dhcp
        description Internet
        dhcpv6-pd {
            pd 0 {
                interface switch0 {
                    host-address ::1
                    prefix-id :1
                    service slaac
                }
                prefix-length /60
            }
            rapid-commit enable
        }
        duplex auto
        firewall {
            in {
                ipv6-name WANv6_IN
                name WAN_IN
            }
            local {
                ipv6-name WANv6_LOCAL
                name WAN_LOCAL
            }
        }
        speed auto
    }
 

 The LAN interfaces are simply:

 

     ethernet eth1 {
        description Local
        duplex auto
        speed auto
    }
 

 

and the switch interface is:

 

    switch switch0 {
        address 192.168.1.1/24
        description Local
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
 

 

 The IPV6 firewall definitions to support this are: 

     ipv6-name WANv6_IN {
        default-action drop
        description "WAN inbound traffic forwarded to LAN"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related sessions"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    ipv6-name WANv6_LOCAL {
        default-action drop
        description "WAN inbound traffic to the router"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related sessions"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description "Allow IPv6 icmp"
            protocol ipv6-icmp
        }
        rule 40 {
            action accept
            description "allow dhcpv6"
            destination {
                port 546
            }
            protocol udp
            source {
                port 547
            }
        }
    }

 

 

New Member
Posts: 11
Registered: ‎11-20-2016
Kudos: 5

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I have the same rules but mine are implemented in a zone based config and I am consistently not working with HWNAT enabled.   UBNT people monitoring this thread could that make a difference in HWNAT?

New Member
Posts: 27
Registered: ‎05-28-2017
Kudos: 10

Re: Comcast IPv6 issues when hwnat enabled on ER-X

One thing I forgot to add in my previous post is that the (working) v1.9.1 configuration was built and tested on Comcast home service with an Arris SB6183 modem. It was re-tested and put into production with no changes on a Comcast business service with the Arris/Motorola SB6121. So, the SB6183 modem would seem not to be a factor.

 

However, the speed on those services is only 25/5 and 25/10. If those having problems have a higher service tier, perhaps that makes a difference.

 

New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I think the code I am running is almost verbatium what you are using. If you could post your config.boot I will try your code exactly. I am spoofing the mac number of my router. I don't see how that could matter. I have the 300/30 comcast package in metro Atlanta. Works perfectly with no hwnat on the er-x, and with my rb-xxx routers.

 

Thanks,

 

Fred

New Member
Posts: 27
Registered: ‎05-28-2017
Kudos: 10

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Look for *[ your ... here ]* to replace names and passwords with your own, and make sure the DHCP address range is what you need. Make sure you reboot or release and renew your clients afterward, of course.

 

This configuration is for:

 

  • One WAN (internet) port
  • 4 LAN ports, all in a single LAN
  • Non-default username and password
  • IPv4 and IPv6 support
  • Standard IPv4 and IPv6 firewall
  • Router IPv4 address of 192.168.1.1
  • DHCPv4 address range of 192.168.1.100-199
  • Use of Google public DNS servers with "set service DNS forwarding system" to eliminate Comcast DNS servers being pushed to DHCP clients
  • Hardware offload of NAT

 

 

New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Almost exactly what I am running. I will test it and let you know the results.

 

Thanks very much.

 

Fred

New Member
Posts: 16
Registered: ‎06-17-2016
Kudos: 7

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I used to have issues with offloading IPv6 long ago. 

 

Has anyone checked their Neighbor Discovery tables lately as well as the MTU sizes.

 

 

 

New Member
Posts: 27
Registered: ‎05-28-2017
Kudos: 10

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I have had some problems with IPv6 uploads from Android clients, for example at speedtest.xfinity.com, but not from Windows clients. This is true with every router/modem I've checked. I expect this is an Android problem, probably with ICMPv6 PMTU packet-too-large messages not getting back or not getting processed. The Adblock Plus proxy I use on Android may be interfering. I've seen the same MTU problems (and non-problems) confirmed by netalyzr.icsi.berkeley.edu.

 

Netalyzr, by the way, has been partially knocking out my home Comcast network and the HTTP connection between my Windows and Android clients and my modem over the last 2 days, apparently during the results upload. That's with a TP-Link router and an SB6183 modem.

 

So, bothersome as they are, nether of these problems seems to have anything to do with Ubiquiti. :-)

 

-Tom

 

New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Comcast seems steady here. The ER-X with no hw offload works great with ipv6. Enable

hw offload and no dice. I have tried most all suggestions. I am still experimenting with the last config

file posted. Ipv6 works with my RB-750GR3 with fasttrac (not the same as hwnat).

I still believe there is a config that will work.

 

Fred B.

New Member
Posts: 27
Registered: ‎05-28-2017
Kudos: 10

Re: Comcast IPv6 issues when hwnat enabled on ER-X

Comcast seems back to normal here, too, thankfully.

 

If you Google "SB6183 IPv6", you'll see a lot of complaints, especially through early 2016 and especially from Time Warner customers (but also Comcast) about IPv6 problems with the SB6183. There was a firmware update that rolled out through 2016 on Comcast and Time Warner. For those of you with an SB6183, it might be worth just verifying that you have it.

 

If you browse to the "product information" tab on your modem, the current software version should be:

"D30CM-OSPREY-1.5.2.3-GA-01-NOSH", although that's no guarantee that all the problems are gone.

 

The SB6183 uses a different chipset (Broadcom) from the SB6121 and SB6141 (TI).

 

-Tom

New Member
Posts: 30
Registered: ‎03-06-2017
Kudos: 2

Re: Comcast IPv6 issues when hwnat enabled on ER-X

I have that version: D30CM-OSPREY-1.5.2.3-GA-01-NOSH

As I said works fine except in that one mode hwnat offload.

 

Could indeed be the modem. I have an old one I could try but it's much

inferior to this one. Also getting Comcast to change modems is a B####.

 

Fred

Ubiquiti Employee
Posts: 482
Registered: ‎01-06-2017
Kudos: 178
Solutions: 20

Re: Comcast IPv6 issues when hwnat enabled on ER-X

[ Edited ]

Thanks @trs3 for sharing.

I would like to second @unknownzer's suggestion to check neighbor table when hwnat is disabled. How many entries are in there? Do they change a lot during the day?

ip -f inet6 neigh

 

New Member
Posts: 27
Registered: ‎05-28-2017
Kudos: 10

Re: Comcast IPv6 issues when hwnat enabled on ER-X

[ Edited ]

This is from the apparently working system. This is a church, so there are about a dozen regular devices, including some laptops that come and go, and then there are larger groups of one to three dozen in and out over the course of a week, each with some number of mobile devices.

 

Neighbor table snapshot and Netalyzr output attached, the latter run from a Win 10 laptop.

 

ER-X v1.9.1

Motorola SB6121 modem

Win 7 &10, iOS, Android, and miscellaneous printer and appliance clients, wired and wireless over 5 APs

 

-Tom

 

Reply