Hi again,
No, 2602:100:4472:a501:: doesn't work. The only thing that will ping is it's own LAN IPv6 address.
Here's the route table it generates:
Destination IP Gateway Metric Interface
::/96 :: 256 INTERNET
2602:100:xxxx:xxxx::/64 :: 256 LAN
::/0 ::68.114.165.1 1 INTERNET
So according to that anything which is all zeroes except for the last 32 bits is supposed to go "over the wire" directly, and anything else not on the LAN goes to the gateway, which it seems is supposed to be all zeroes prepended to the border relay's IP4 address.
Well, the routing table entry for ::/96 looks like the transformation of the corresponding IPv4 default route into its so called "IPv4-Compatible" counterpart, see
RFC4291, hence the retransformed IPv4 default route would look like this:
Destination IP Gateway Metric Interface
0.0.0.0/0 0.0.0.0 256 INTERNET
That's strange as I would expect to see 68.114.165.1 as Gateway value here. Hence the "IPv4-Compatible" transformation should look like this:
Destination IP Gateway Metric Interface
::/96 ::68.114.165.1 256 INTERNET
Note, that for your normal IPv4 traffic you have another "real" IPv4 default route with another Gateway value (look at your IPv4 routing table), the above "IPv4-Compatible" form is obviously meant for IPv4 packets that contain tunneled IPv6 packets for 6rd.
In addition the IPv6 default route ::/0 looks wrong to me. According to the example at the end of chapter 7.1.1 in
RFC5969 I would expect to see the following instead:
Destination IP Gateway Metric Interface
::/0 2602:100:4472:a501:: 1 INTERNET
(Here 4472:a501 results from a hex transformation of the BR IPv4 address 68.114.165.1)
But okay, of course I don't know D-Link engineers' ideas behind their implementation, hence I might completely misinterpret these routing table entries.
Incidently, now that I've got the Tunnel Broker tunnel running, I've been playing with getting IPv6 internet working on the LAN side and I've run into the broken firewall problems I saw reference to. I've got to disable "IPv6 Simple Security" in order to ping any remote IPv6 address, including the default gateway on the tunnel. This worries me that I'll be wide open on the IPv6 space.
The need to disable "IPv6 Simple Security" contradicts the results in
[4] where in contrast to your result the enabling of "IPv6 Simple Security" failed to protect the LAN from unsolicited IPv6 traffic WAN-->LAN while a disabled "IPv6 Simple Security" did not block outgoing IPv6 packets and their responses as is the case with your box. But maybe in your case you also had enabled the IPv6 firewall and that (or your newer fw version) might explain the different results.
Maybe your negative results with 6rd might also be due to an IPv6 firewall issue. Did you test 6rd with disabled "IPv6 Simple Security" and disabled IPv6 firewall?
But anyway: The results in
[4] show that you shouldn't use a DIR-860L for IPv6 access as long as there is no firmware version available that fixes its IPv6 firewall issues.
I booted Win 8.1 to configure it. It did better, having full ipv6 internet access right on boot-up. Unlike Win 7, it had a default gateway. It was set to the link-local address of the router, but it worked
The mechanism your Windows 8 uses to learn its IPv6 default gateway is SLAAC (Stateless Address Autoconfiguration). With SLAAC automatically learned default gateways are always the link-local addresses of the routers, hence nothing's wrong with this.
PT
Author
Topic: 6rd Not Working with Charter (Read 24009 times)