Business Community > Wireless > IPv6 issues - broken multicast snooping on EAP653 standalone?
< Wireless

IPv6 issues - broken multicast snooping on EAP653 standalone?

IPv6 issues - broken multicast snooping on EAP653 standalone?

IPv6 issues - broken multicast snooping on EAP653 standalone?
IPv6 issues - broken multicast snooping on EAP653 standalone?
Tuesday
Tags: #IPv6
Model: EAP653  
Hardware Version: V1
Firmware Version: 1.3.5

Most of the time when my PC wakes up from sleep and rejoins my Wi-Fi network, I find I have lost all IPv6 connectivity. My router shows it is soliciting for my IPv6 address, these ND packets are received by the EAP653, but they never make it to my PC nor does the EAP653 answer on behalf of my device. You can see from the following tcpdump that my device discovered the router's MAC address and can send traffic (ping), but the router has no idea how to send replies back as the AP isn't passing the ND packets.
 

14:31:03.828960 54:60:09:1f:f5:4c > bc:24:11:43:52:b2, ethertype IPv6 (0x86dd), length 78: fe80::5660:9ff:fe1f:f54c > fe80::be24:11ff:fe43:52b2: ICMP6, neighbor advertisement, tgt is fe80::5660:9ff:fe1f:f54c, length 24
14:31:04.544561 bc:24:11:43:52:b2 > 33:33:ff:be:01:40, ethertype IPv6 (0x86dd), length 86: fe80::be24:11ff:fe43:52b2 > ff02::1:ffbe:140: ICMP6, neighbor solicitation, who has 2a02:a467:1896:0::xxxx, length 32
14:31:05.594557 bc:24:11:43:52:b2 > 33:33:ff:be:01:40, ethertype IPv6 (0x86dd), length 86: fe80::be24:11ff:fe43:52b2 > ff02::1:ffbe:140: ICMP6, neighbor solicitation, who has 2a02:a467:1896:0::xxxx, length 32
14:31:07.198205 bc:24:11:43:52:b2 > 33:33:ff:be:01:40, ethertype IPv6 (0x86dd), length 86: fe80::be24:11ff:fe43:52b2 > ff02::1:ffbe:140: ICMP6, neighbor solicitation, who has 2a02:a467:1896:0::xxxx, length 32
14:31:08.224516 bc:24:11:43:52:b2 > 33:33:ff:be:01:40, ethertype IPv6 (0x86dd), length 86: fe80::be24:11ff:fe43:52b2 > ff02::1:ffbe:140: ICMP6, neighbor solicitation, who has 2a02:a467:1896:0::xxxx, length 32
14:31:08.488860 14:f6:d8:66:e7:4d > bc:24:11:43:52:b2, ethertype IPv6 (0x86dd), length 94: 2a02:a467:1896:0::xxxx > 2001:41d0:20b:b400:ef4b:113e:1469:840: ICMP6, echo request, id 1, seq 1538, length 40
14:31:09.264455 bc:24:11:43:52:b2 > 33:33:ff:be:01:40, ethertype IPv6 (0x86dd), length 86: fe80::be24:11ff:fe43:52b2 > ff02::1:ffbe:140: ICMP6, neighbor solicitation, who has 2a02:a467:1896:0::xxxx, length 32
14:31:11.197835 bc:24:11:43:52:b2 > 33:33:ff:be:01:40, ethertype IPv6 (0x86dd), length 86: fe80::be24:11ff:fe43:52b2 > ff02::1:ffbe:140: ICMP6, neighbor solicitation, who has 2a02:a467:1896:0::xxxx, length 32

 

However if I change the source IPv6 address to my "permanent" address instead of one of the Windows-generated temporary addresses (IPv6 privacy extensions), the connectivity works fine. So it appears the AP is remembering my permanent address but losing track of the temporary IPv6 addresses that Windows generates. Unfortunately due to the firmware change to lock users out of their own devices, I cannot run any diagnostics on the AP itself any more to get any more information.

 

The EAP653 runs in standalone mode (just a home AP), so I don't know what kind of multicast-to-unicast conversion defaults are, but something seems very broken with how it's registering clients for IPv6 ND / multicast. If I manually restart my Wi-Fi connection, Windows sends a new MLD report which seems to trigger the AP to start behaving properly. Perhaps there are issues immediately updating the MLD table after the client is initially connected? Is there a way to configure MLD snooping at all on the standalone EAP or play with multicast to unicast conversion? Is anyone else seeing issues like this on a standalone setup?

  0      
 
  0      
 
#1
Options
2 Reply
Re:IPv6 issues - broken multicast snooping on EAP653 standalone?
18 hours ago

I did some more tests and I think I have the failure chain down to something like this:
 

  1. PC connects to AP, sends unsolicited MLD reports for all its groups
  2. AP ignores them for whatever reason, or registers them but with too short an expiry, or drops them because of a race condition as the client only just connected
  3. No querier exists on the network, so no periodic queries are ever sent
  4. AP's snooping table entries age out
  5. Any neighbor solicitation on the network for the PC's solicited node multicast groups gets silently dropped at the AP
  6. PC is unreachable from the router/other hosts for anything requiring NDP resolution
  7. User experiences broken IPv6, blame falls on "WiFi being flaky"

 

I turned on a multicast querier on my router and confirmed that while the query hits my PC, the MLD reports in response never make it to the router - the AP is consuming them, which seems to confirm multicast snooping is enabled by default on standalone mode and cannot be controlled, and this snooping feature likely has bugs. Hopefully the router's querier works around this for now by keeping the AP's snooping table up to date, but it would be nice if this could be properly fixed in a future firmware.

  0  
  0  
#2
Options
Re:IPv6 issues - broken multicast snooping on EAP653 standalone?
10 hours ago

  @TLnet 

 

Thank you so much for taking the time to post the issue on the TP-Link community!
To better assist you, I've created a support ticket via your registered email address and escalated it to our support engineer to look into the issue. The ticket ID is TKID260309353. Please check your inbox and confirm that the support email was received. Thanks!
Once the issue is resolved, please update this thread with your solution to help others who may encounter the same problem.
Many thanks for your excellent cooperation and patience!

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#3
Options

Information

Helpful: 0

Views: 82

Replies: 2

Tags

IPv6
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.