IPv6 Dynamic Prefix Problems

Wolfgang S. Rupprecht wolfgang.rupprecht at gmail.com
Sat Dec 19 20:33:11 CET 2015 

Johannes Weber <johannes at webernetz.net> writes:
> what are your experiences with dynamic IPv6 prefixes?

I have native IPv6 via Comcast, a cable company in the US.  At first my
IPv6 address got lost every few days (4 days if I recall correctly).
After many frustrating rounds of hand edits to a dozen files in /etc and
DNS zone file directory every time the address changed, I started to
piece together what was going on.  Basically the router, a Netgear
3700v4, while claiming to implement IPv6, was really just running highly
buggy alpha quality firmware that was probably written by an outside
contractor and never updated by Netgear.

1) the dhcp ipv6 renewals never occurred because the firewall wasn't
   allowing packets to destination port 546/udp (the dhcp6 port)
   through.

Even after months of this being reported to Netgear they hadn't fixed
it.  Many other router manufacturers had the same problem.   If you are
losing ipv6 addresses and ipv6 simply stops even though the unit wasn't
rebooted this is most likely the cause.

2) whenever the unit was rebooted it would get a new ipv6 address.
Again this wasn't Comcast's fault.  The IPv6 spec for dhcp doesn't use
MAC address to identify the client.  It uses a newly created method
using what the RFC calls DUID.  This can be generated by several methods
one being a combination of the time the machine was *first* booted and
the one of the unit's MAC address.  The intention was to have only one
identifier for the client even if it had several different interfaces
(and hence multiple possible MAC addresses).  It was also intended to
prevent different units from sharing the same identifier in the case of
a network card being moved to a different machine.  The time of first
boot would change, hence the DUID would be different.  The intention was
that once generated on a machine, the DUID would be written to a file or
other store and used from then on.  Router manufacturers seemed to have
missed that fact because quite a few of them generate a brand new DUID
every time the router boots.  This is why the IPv6 address changes on
every boot when running a buggy router (which is unfortunately most of
the consumer routers running factory firmware.)

I finally solved my problem with both the buggy firewall rules and the
buggy DUID usage by installing aftermarket OpenWRT firmware on my unit.
I now have semi-static dhcp6 issued addresses that don't change for many
months at a time.

>From your description, it sounds like you might be seeing issue #2 from
above also.  You might ask your ISP if they are seeing your DUID change
or perhaps run a test where they compare the DUID before and after you
reboot your router.

As for the DNS changing perhaps once per year, I have a small shell
script that runs on the client that registers its IP address in a
dynamic DNS zone I created for this purpose.  I use nsupdate with PKI
security to secure the update.  This also covers the case of laptops
which might pop up on a different IP address several times a day.

-wolfgang

More information about the ipv6-ops mailing list