Hi,
I have a pretty standard IPv6 configuration, as detailed below (home, guest and v6only are vlans). Since a couple of updates for stable versions (so not really related to latest 7.14), I'm getting a weird behaviour for clients doing SLAAC address autoconfiguration: it takes a lot of time for clients to negotiate an address. I don't know it that is related to RA's announcements periodicity, but it is specially long (several minutes or even more) when the client was already connected and had an IPv6 address before (example, you turn off wifi and turn it on again). It is not really related with one kind of device, because the same behavior is happening for phones, laptops and even or work stations, and with different OS (linux & mac mainly). Do you know what can be causing this behavior? Duplicate address detection process maybe?
Thanks.
I have a pretty standard IPv6 configuration, as detailed below (home, guest and v6only are vlans). Since a couple of updates for stable versions (so not really related to latest 7.14), I'm getting a weird behaviour for clients doing SLAAC address autoconfiguration: it takes a lot of time for clients to negotiate an address. I don't know it that is related to RA's announcements periodicity, but it is specially long (several minutes or even more) when the client was already connected and had an IPv6 address before (example, you turn off wifi and turn it on again). It is not really related with one kind of device, because the same behavior is happening for phones, laptops and even or work stations, and with different OS (linux & mac mainly). Do you know what can be causing this behavior? Duplicate address detection process maybe?
Code:
/interface list memberadd interface=home list=LANadd interface=home list=VLANSadd interface=guest list=VLANSadd interface=v6only list=VLANSadd interface=internet list=WAN/ipv6 addressadd from-pool=pool6 interface=v6onlyadd from-pool=pool6 interface=homeadd from-pool=pool6 interface=guest/ipv6 dhcp-clientadd interface=internet pool-name=pool6 request=prefix/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation" dst-port=546 protocol=udp src-address=fe80::/10add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=drop chain=forward comment="guests: can only access internet" in-interface=guest out-interface-list=!WANadd action=drop chain=forward comment="defconf: drop everything else not coming from VLANs" in-interface-list=!VLANS/ipv6 ndadd dns=2a00:1098:2c::1,2a01:4f8:c2c:123f::1,2a01:4f9:c010:3f02::1 interface=v6onlyThanks.
Statistics: Posted by jhbarrantes — Mon Mar 04, 2024 1:58 pm