IPv6 with Ziggo (DS-Lite) and a Ubiquiti Edgerouter

At home I have Ziggo as my internet provider witch I do not have any problems with. Only their support on IPv6 is somewhat limited. So I decided to do this writeup. I wanted IPv6 enabled….well…because of…reasons. So I decided to give Ziggo a call to enable it. Weird thing was…they started to talk me out of it. Stating it has no benefits over IPv4. I beg to differ.

When it was enabled (after them sending me a new modem) I noticed that the implementation was a DS-lite one. Witch is sorta dual-stack. Only, your IPv4 traffic is tunneled over IPv6 and then CG NAT-ed at the providers router. Great downside of this is you no longer are able to do port forwarding for IPv4. But for that I have some tricks up my sleeve so not a problem.

Overview of DS-lite

But as a networking guy I wanted to have my own router witch is completely under my control. And I wanted to have multiple subnets (ie a server and clients vlan). For that I had my Ubiquiti EdgeRouter lite. No comes the fun part.

Normally when you connect multiple routers you have to tell each router where each subnet can be reached. For that you have something called a routing protocol or static routes. With a Ziggo modem you have none of that. So even if you know what IPv6 pre-fixes you can use. You have no way of telling your ziggo modem that they are behind your own router. But there is this nifty little protocol just for this occasion. Enter DHCPv6-PD. Or Also know as Prefix-delegation. In easy to understand terms it is basically your router asking for an entire subnet (or pre-fix) instead of just a single IP address. nifty ay. Al that a side here is how you configure on your Ubiquiti router.

interfaces {
ethernet eth0 {
address dhcp
description "Ziggo"
dhcpv6-pd {
pd 0 {
interface eth1 {
host-address ::1
no-dns
prefix-id :1
service slaac
}
interface eth2 {
host-address ::1
no-dns
prefix-id :2
service slaac
}
prefix-length /60
}
rapid-commit disable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
mtu 9000
speed auto
}

And, that’s it. Nothing to it. In my case eth0 is my internet connection. Connected to the modem. On that interface you tell the upstream modem to grab two prefixes ont for eth1 and one for eth2. Als you tell to use slaac (stateless IPv6 address asignment) for assigning IPv6 addresses to your clients. it is as simple as that.

Verifing if it works

To verify if everything is working you can do the folowing on you router:

@router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.178.254/24 u/u Peering: Ziggo [400Mbit]
2001:1c02:2f01:xxx:2bf6/128
eth1 192.168.1.1/24 u/u Cust: LAN1 [1Gbit]
2001:1c02:2f01:xxxx::1/64
eth2 192.168.2.1/24 u/u Cust: Servers1 [1Gbit]
2001:1c02:2f01:xxxy::1/64
lo 127.0.0.1/8 u/u
::1/128

The show interfaces shows that all interfaces have an IPv6 address.

router:~$ show ipv6 route
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, B - BGP
Timers: Uptime
IP Route Table for VRF "default"
K ::/0 [0/1024] via fe80::4ad3:43ff:fecf:a910, eth0, 3d09h02m
C ::1/128 via ::, lo, 3d08h04m
C 2001:1c02:2f01:f100:xxxx:2bf6/128 via ::, eth0, 3d09h02m
C 2001:1c02:2f01:xxxx::/64 via ::, eth1, 3d09h02m
C 2001:1c02:2f01:xxxy::/64 via ::, eth2, 3d09h02m
C fe80::/64 via ::, eth2, 3d08h04m

The above command shows that the necessary routes are in place. Most importantly the default gateway ::/0. And if all is well in the world you should be able to do this:

router:~$ ping6 ipv6.google.com
PING ipv6.google.com(ams16s29-in-x0e.1e100.net) 56 data bytes
64 bytes from ams16s29-in-x0e.1e100.net: icmp_seq=1 ttl=54 time=15.4 ms
64 bytes from ams16s29-in-x0e.1e100.net: icmp_seq=2 ttl=54 time=13.0 ms
^C
--- ipv6.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.006/14.238/15.471/1.238 ms