Meraki

Community

MX95 not routing IPv6 traffic

smccloud1
Getting noticed
‎Sep 20 2024 3:41 PM
‎Sep 20 2024 3:41 PM

MX95 not routing IPv6 traffic

After a helpful rollback to 18.107.10 from support, our MX95 is now properly handling IPv6 traffic on its WAN port.  The problem is, that any IPv6 traffic that is initiated on the test VLAN I have set up right now is not making it out of the WAN port.  I can ping the WAN IP from the VLAN without issue, but anything past that errors out.  Although not an ideal setup, I now have a single VM on the VLAN that is not always running.  Default outbound dual rule that should let anything out of this VLAN and its associated traffic back in.  We have a /56 from our ISP and I defined a /64 for the test VLAN.  A packet capture shows the echo requests going out, nothing coming back in.  If I filter the capture on our gateway, I can see neighbor solicitations coming in for the IPv6 address for my test VM as well, but no responses to it either.

 

I set up IPv6-PD with a /56 prefix on my pfSense box at home in under half an hour last week, so I'm not completely helpless with IPv6.  I've also completed the Hurricane Electric IPv6 tests, so I'm at a complete loss here.  Unless its an issue with me not using auto for the subnet IPv6 prefix and manually specifying it?

0 Kudos
4 Replies 4
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 21 2024 5:15 AM
‎Sep 21 2024 5:15 AM

Are you capturing both on the LAN and Internet interface of your MX?
When you say you don't see the icmp echo reply coming back in, do you mean with capturing on the host directly?

 

I'm still on an MX84 at home so I don't have access to the newer MX18.2xx firmware.

In my case the ISP router receives a /56 PD itself and them PD's /57 of that towards my MX.  There I can see my 4 VLAN's receive a /64 each + the /96 NAT66 (for the WAN failover).  In that case routing from upstream devices is done for you.

Can you clarify a little more about how your WAN is exactly setup, including the upstream router.

0 Kudos
smccloud1
Getting noticed
‎Sep 21 2024 8:17 AM
‎Sep 21 2024 8:17 AM

I'm capturing the packets on the dashboard.  I can see the ICMP6 echo request leave the MX95, then nothing coming back.

 

The MX95 gets its connection via a direct single-mode fiber from Lumen in a data center (so business use, hence the single test VLAN right now).  So while there is technically an upstream router, it is a carrier-grade device that I cannot even see from our cage.  In IPv4 we have a /27 IP block and in IPv6 we have a /56 block assigned to us for use.  Both are static assignments or PD assignments at all.

 

The following things work over IPv6.

Outside to MX95 WAN.

MX95 WAN to outside.

Test VLAN to MX95 WAN.

 

This does not work.

Test VLAN to outside.

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 21 2024 11:04 AM
‎Sep 21 2024 11:04 AM

"Both are static assignments or PD assignments at all."  Do you mean they are static assignments and NOT PD assignments at all?

In the case your WAN interface config is supposed to be static then the ISP is probably routing towards another address for your /56 block so the ISP is failing to route towards the MX for your return traffic.

In case it IS prefix delegation then you need to configure your interface as dynamic so the ISP automatically routes the /56 subnets via the IP given in the DHCP lease.

In response to GIdenJoe
smccloud1
Getting noticed
‎Sep 23 2024 5:02 AM
‎Sep 23 2024 5:02 AM

Sorry, both are static assignments.  Meant not PD assignments. I have been fighting COVID.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.