0 Kudos

Lack of IPv6 GUI Support - Using Google Fiber KCMO - IPTV - USG3P - S16POE150W - AP-AC-Pro

Submitted by - 2 weeks ago
Status: New Idea

Hello folks!

Long time lurker and first time poster.

This is also a long thread to give some context and background.

 

TLDNR: I want to fully get USG directly plugged to fiber jack with home network on LAN1 and GFNB on LAN2. Almost there! (the last 1% is hard). Big issue is "ISSUE 3 and ISSUE 4" below and the reason for this post "Lack of IPv6 GUI Support". Will also crosspost in general switch/routing discussion: https://community.ubnt.com/t5/UniFi-Routing-Switching/Lack-of-IPv6-GUI-Support-Using-Google-Fiber-KCMO-IPTV-USG3P/m-p/2624856#M126475

 

The super long story:

 

I have had Google Fiber in KCMO for about 3.5 years and enjoyed playing with the network after discovering the extreme lack of configuration with the Network storage box. I bought a ASUS RT-AC88U for... $300 at the time, just to find out that I could not use it due to VLAN/QOS tagging in software. I digress. I then just used it as a switch/AP behind the storage box until I could "split" it off.

 

For about the last 1.5 years, I used a EdgerouterX SFP to tag VLAN 2 and QOS 3 while using a dumb switch to split the fiber in/out to the WAN of ERX and to the GNSB. The several guides well documented here and on the "large" GF official thread helped with this a ton and I thank you!

 

This worked fine, however, I also use Rasberry PI with PiHole on it to dump lots of nastyness on the internet and with the split like this, IPv6 rarely worked correctly, if at all due to many reasons and many a head banging on desk adventures. Lets skip that part. Man Happy

 

ISSUE 1: A fun adventure is hardcoded DNS information on phones and such (android household here) and YouTube APPS on consoles. I DNS/NAT mascaraded IPv4 back to the PiHole but the consoles would just use IPv6 and bypass it all. NAT does not exist for IPv6 for obvious reasons. In order for all of this to work, I would have to disable IPv6 all together. That is not an option as I like GF for its' native DHCP IPv6 network and sort of the point having it to begin with. USG and the IPv6 firewall could fix this.

 

ISSUE 2: It seemed as though all the gurus no longer have GF TV so no guides really exist to get this working properly without using a dumb switch to split the network off. The reasoning is "changing" IP information and I understand that with a guide and many people reading it, supporting something that was not used is a hard thing to do. I don't care if they change it. If a program does not record, then so be it. It will come on again (or on demand) and I can reconfigure the USG to fix it and post my results for others to not have to deal with it. I have been doing this for decades on my website, so this is nothing new to me.

 

SOLUTION (or so I thought): Based upon this article, I jumped to the USG as I thought IPv6 was supported in GUI (it sort of is... WAN config is super simple to get working with GF and split network, IPv6 firewall is awesome!) and way cheaper then getting the entire Edge line for home use:

https://help.ubnt.com/hc/en-us/articles/115005868927-UniFi-USG-Addressing-How-to-Implement-IPv6-with-DHCPv6-and-Prefix-Delegation

 

Over the last few weeks, I have purchased a USG3P, S16POE150W and AP-AC-Pro and got it all up and running over the weekend (still split off with a dumb switch). All of it works with IPv6 (ask for a /56, Google gives out a /64 see bottom of the post), but the controller software does not show any IPv6 information anywhere. I contacted support today to see where I could get this info and I was told "it is in the works" with no timeline, so... ok... whatever. I was also told (or it looks as though) all of this is implemented in the UNMS software, but it does not work with UniFi... uh, what? OK, fine again... that software is intended for the "enterprise" market of the Edge line. 

 

ISSUE 3: With the USG as a DHCP server providing information for the LAN, IPv6 hostname configuration, IPv6 client display are not implemented. As such, the PiHole displays IPv6 in blocking and guess what? It is really difficult to map that information to each device and figure out where it is all coming from. The USG was (I thought) going to fix that. In order for me to fix that, I have to reconfigure the PIHole to be the DHCP server (again) and that takes me away from unsplitting the network to not have a dumb switch inline. Ranting... I digress again. Plus, I am going to headbang just as I have before with hardcoded DNS servers, but since the USG has a IPv6 firewall (thank you!) I can just block (I think) the google IPv6 DNS servers requests going outbound and the applications should go back to IPv4, of which I have zero problem with as I can NAT it back to the PiHole. The big thing is that I want IPv6 on computers, not nessessarily with android/console APPS, but IPv6 is either "on" or "off" as I cannot block IPv6 DHCP requests on particular ports (right?)

 

ISSUE 4: Anyway, the BIG ISSUE and why I am here posting is a simple request and timeline for implementation: When will the GUI be done for IPv6 on the USG/Controller? Currently using 5.29 (latest as of this writing). Since this is a "home" network and I can take it down and reconfigure at will, can someone tell me if the alpha/beta branch have some of what I am looking for without breaking any NDA's? Should I just sign up for the unstable branch and help out with development as I have a lot riding on this (I wish to make a guide so others can implement this without spending a year and a half getting to this point).

 

ISSUE 5: Has anyone already got IPTV with proper IP address and broadcast information implemented for GF and KCMO + GF -> USG WAN -> LAN1 (all devices) / LAN2 -> GFNB so I do not have to figure this out on my own? I have lurked in several recent threads over the last couple weeks and it seems people just simply give up and keep the dumb switch and split network. I am not that easily beat down. LOL! Man Happy

 

ISSUE 6: I dont really have a problem with GF -> USG WAN -> LAN1 -> all devices including GFNB ... however, with the GFNB as it is, it will be spewing broadcast packets everywhere/cannot disable it's DHCP and it would just be way simpler to split the network using the USG instead of a dumb switch to USG WAN and GFNB as... at some point, I feel Google is going to cut off the split network action for obvious reasons (see pihole info above). I tried both of these configurations briefly and they just simply didn't work.

 

ISSUE 7: I can reconfigure my ERX-SFP as a "dumb" switch with a mirrored port to support my desire to implement a IDS (USG3P won't make it to 1 Gbps with it on and the one that does support 1 Gbps IPS is ~$2500 and I can build my own cheaper... like free). Anyway, more to the point: I have saw another thread that has done this, but in reality, I don't want to sniff all the broadcast traffic, but still would like an unfiltered view. Having the WAN port mirrored to LAN2 with all devices (including GFNB) would be fine in this context, but again, see issue 6 why I do not want to do this. This leads me back to using the ERX-SFP as a semi-smart switch (yes, I know it is a router by design) that can take the Fiber box input, mirror it on another port and still have a switch group to split off to the USG and GFNB. This is what I am leaning toward doing right now to get the dumb switch out of the loop, but I really want the USG set up as ISSUE 5 so I can mirror a port on the S16 switch and not the USG or ERXSFP.

 

Thanks for listening!

 

"Proof" that IPv6 is working on the USG even though it is split network with a dumb switch: (xx/xxxx used to hide my real stuff)

 

 

admin@UnifiGateway:~$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3,
       I - ISIS, B - BGP, * - FIB route.

K>* ::/0 via fe80::ea4:2ff:fea4:c01, eth0.2
C>* ::1/128 is directly connected, lo
C>* 2605:a601:xxxx:xxxx::/64 is directly connected, eth1
C>* 2605:a601:xxxx:xxxx::1/128 is directly connected, eth0.2
C * fe80::/64 is directly connected, eth0.2
C * fe80::/64 is directly connected, eth1
C>* fe80::/64 is directly connected, eth0
admin@UnifiGateway:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description
---------    ----------                        ---  -----------
eth0         -                                 u/u  WAN
eth0.2       xx.xx.xx.xx/20                 u/u  WAN
             2605:a601:xxxx:xxxx::1/128
eth1         192.168.1.1/24                    u/u  LAN
             2605:a601:x:x:x:x:x/64
eth2         -                                 A/D
lo           127.0.0.1/8                       u/u
             ::1/128
admin@UnifiGateway:~$ ping6 google.com
PING google.com(dfw28s02-in-x0e.1e100.net) 56 data bytes
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=26.1 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=3 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=4 ttl=56 time=26.1 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=5 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=6 ttl=56 time=26.1 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=7 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=8 ttl=56 time=26.4 ms
^C
--- google.com ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7009ms
rtt min/avg/max/mdev = 26.155/26.301/26.452/0.108 ms

 

-Black Viper

Comments
by
2 weeks ago

For some reason, I cannot figure out how to edit the original post as my cut and paste screwed up the console output:

 

 

admin@UnifiGateway:~$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3,
       I - ISIS, B - BGP, * - FIB route.

K>* ::/0 via fe80::ea4:2ff:fea4:c01, eth0.2
C>* ::1/128 is directly connected, lo
C>* 2605:a601:xxxx:xxxx::/64 is directly connected, eth1
C>* 2605:a601:xxxx:xxxx::1/128 is directly connected, eth0.2
C * fe80::/64 is directly connected, eth0.2
C * fe80::/64 is directly connected, eth1
C>* fe80::/64 is directly connected, eth0
admin@UnifiGateway:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description
---------    ----------                        ---  -----------
eth0         -                                 u/u  WAN
eth0.2       xx.xx.xx.xx/20                 u/u  WAN
             2605:a601:xxxx:xxxx::1/128
eth1         192.168.1.1/24                    u/u  LAN
             2605:a601:x:x:x:x:x/64
eth2         -                                 A/D
lo           127.0.0.1/8                       u/u
             ::1/128
admin@UnifiGateway:~$ ping6 google.com
PING google.com(dfw28s02-in-x0e.1e100.net) 56 data bytes
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=26.1 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=3 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=4 ttl=56 time=26.1 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=5 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=6 ttl=56 time=26.1 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=7 ttl=56 time=26.3 ms
64 bytes from dfw28s02-in-x0e.1e100.net: icmp_seq=8 ttl=56 time=26.4 ms
^C
--- google.com ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7009ms
rtt min/avg/max/mdev = 26.155/26.301/26.452/0.108 ms