Verizon DCHP server acting very strange, please help
almob
Enthusiast - Level 2

Hi all,

I have tried everything to contact Verizon regarding this issue but when their only tool is a hammer, everything looks like a nail. They only check the ONT and say that they don't support 3rd party routers. But...

I am using a Firewalla Gold (layer 3 switch with firewall functions, think simpler pfSense) connected directly to the ONT.

I get disconnected every hour at the exact same minute (like 12:34, 1:34, 2:34 etc). It is due to IPv6 issues, if I disable it, everything is fine.

Firewalla support is absolutely amazing and they were able to remotely connect to my router and read the logs. They found this:

"The uplink DHCP server returns a reply with pltime (preferred lifetime) and vltime (valid lifetime) setting to 0, which makes the DHCPv6 client on Firewalla to expire the lease and restart a new DHCPv6 session. What is more strange is, the uplink DHCPv6 server then assigned a different prefix delegation to the Firewalla, which makes it required to re-apply the local network IPv6 settings to adapt to the new prefix delegation."

Why is Verizon's DCHP server setting pltime/vltime to 0 to my router to expire the IPv6 lease?

Why is Verizon's DHCPv6 server assigning different prefix delegations to my router to cause a network reset?

What can be done? I'd like to keep my IPv6 on.

Please help!

0 Likes
Re: Verizon DCHP server acting very strange, please help
gs0b
Community Leader
Community Leader

Welcome to the forums.  You're talking mostly to a group of friendly users here.

As you've seen, Verizon simply does not provide ANY support for non-Verizon routers.  Their routers appear to be working fine with their rollout of IPv6.  That's why the normal support channels won't help you.

You could try their social media support team to see if they can understand your specific observation about how their DHCP servers are behaving.  You can reach them by tweeting @verizonsupport or DM'ng their facebook account.  But you may run into the same issue of no support for non-Verizon routers.

You could also try other forums, such as ones for Firewalla.  Or the DSL Reports forum.  https://www.dslreports.com/forum/vzfiber

Re: Verizon DCHP server acting very strange, please help
Cang_Household
Community Leader
Community Leader

When I first read this thread, I thought this is a LAN DHCP question, but apparently it wasn't.

DHCP server upstream of Gateway Router does not differentiate non-VZ router from VZ router.

I am wondering something is wrong with your initial IPv6 SOLICIT and REQUEST operations. Could you screenshot your WAN DHCP configurations? Also do a packet capture of the DHCP transactions would be super helpful.

I don't have IPv6 at the moment to run a test setup for you. My CO is in the last rollout group.

Re: Verizon DCHP server acting very strange, please help
almob
Enthusiast - Level 2

yes exactly. It doesn't have to do with my router. I keep saying that but the response is always "we don't support 3rd party routers." sigh. Thank you for acknowledging this. 

results of the TCPdump:

# Gold tried to renew IPv6 address({edited for privacy})

07:44:38.869122 20:6d:31:01:54:0f > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 312: (flowlabel 0xb901d, hlim 1, next-header UDP (17) payload length: 258) fe80::226d:31ff:fe01:540f.546 > ff02::1:2.547: [bad udp cksum 0xa517 -> 0x3af2!] dhcp6 renew (xid=5e1d9d (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (server-ID vid 0000058366383a63) (elapsed-time 0) (vendor-class) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/60 pltime:0 vltime:0) (IA_PD-prefix 2600:4040:2c2b:df00::/56 pltime:7200 vltime:7200)) (IA_NA IAID:822170639 T1:0 T2:0) (Client-FQDN) (reconfigure-accept) (option-request DNS-server DNS-search-list SNTP-servers Client-FQDN opt_82 opt_83))

# uplink replied IP with 'pltime:0'&vltime:0

07:44:38.884107 fa:c0:01:73:01:0e > 20:6d:31:01:54:0f, ethertype IPv6 (0x86dd), length 258: (class 0xc0, hlim 64, next-header UDP (17) payload length: 204) fe80::fac0:1ff:fe73:10e.547 > fe80::226d:31ff:fe01:540f.546: [udp sum ok] dhcp6 reply (xid=5e1d9d (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (server-ID vid 0000058366383a63) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix 2600:4040:2c2b:df00::/56 pltime:0 vltime:0 (status-code NoPrefixAvail))) (IA_NA IAID:822170639 T1:0 T2:0 (status-code NoAddrsAvail)))

# Gold had to start a new DHCPv6 session and got a new one ({edited for privacy})

07:44:39.387791 20:6d:31:01:54:0f > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 257: (flowlabel 0xb901d, hlim 1, next-header UDP (17) payload length: 203) fe80::226d:31ff:fe01:540f.546 > ff02::1:2.547: [bad udp cksum 0xa4e0 -> 0x462c!] dhcp6 solicit (xid=b22601 (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (elapsed-time 0) (vendor-class) (rapid-commit) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/60 pltime:0 vltime:0)) (IA_NA IAID:822170639 T1:0 T2:0) (Client-FQDN) (reconfigure-accept) (option-request DNS-server DNS-search-list SNTP-servers Client-FQDN opt_82 opt_83))
07:44:40.401165 20:6d:31:01:54:0f > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 257: (flowlabel 0xb901d, hlim 1, next-header UDP (17) payload length: 203) fe80::226d:31ff:fe01:540f.546 > ff02::1:2.547: [bad udp cksum 0xa4e0 -> 0x45c7!] dhcp6 solicit (xid=b22601 (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (elapsed-time 101) (vendor-class) (rapid-commit) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/60 pltime:0 vltime:0)) (IA_NA IAID:822170639 T1:0 T2:0) (Client-FQDN) (reconfigure-accept) (option-request DNS-server DNS-search-list SNTP-servers Client-FQDN opt_82 opt_83))
07:44:40.646243 fa:c0:01:73:01:0e > 20:6d:31:01:54:0f, ethertype IPv6 (0x86dd), length 222: (class 0xc0, hlim 64, next-header UDP (17) payload length: 168) fe80::fac0:1ff:fe73:10e.547 > fe80::226d:31ff:fe01:540f.546: [udp sum ok] dhcp6 advertise (xid=b22601 (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (server-ID vid 0000058366383a63) (IA_NA IAID:822170639 T1:0 T2:0 (status-code NoAddrsAvail)) (IA_PD IAID:1 T1:3600 T2:5760 (IA_PD-prefix 2600:4040:2c26:4d00::/56 pltime:7200 vltime:7200)))
07:44:40.665273 20:6d:31:01:54:0f > 33:33:00:01:00:02, ethertype IPv6 (0x86dd), length 312: (flowlabel 0xb901d, hlim 1, next-header UDP (17) payload length: 258) fe80::226d:31ff:fe01:540f.546 > ff02::1:2.547: [bad udp cksum 0xa517 -> 0xcede!] dhcp6 request (xid=3f9161 (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (server-ID vid 0000058366383a63) (elapsed-time 0) (vendor-class) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/60 pltime:0 vltime:0) (IA_PD-prefix 2600:4040:2c26:4d00::/56 pltime:7200 vltime:7200)) (IA_NA IAID:822170639 T1:0 T2:0) (Client-FQDN) (reconfigure-accept) (option-request DNS-server DNS-search-list SNTP-servers Client-FQDN opt_82 opt_83))
07:44:41.134467 fa:c0:01:73:01:0e > 20:6d:31:01:54:0f, ethertype IPv6 (0x86dd), length 222: (class 0xc0, hlim 64, next-header UDP (17) payload length: 168) fe80::fac0:1ff:fe73:10e.547 > fe80::226d:31ff:fe01:540f.546: [udp sum ok] dhcp6 reply (xid=3f9161 (client-ID hwaddr/time type 1 time 713474470 206d3101540f) (server-ID vid 0000058366383a63) (IA_NA IAID:822170639 T1:0 T2:0 (status-code NoAddrsAvail)) (IA_PD IAID:1 T1:3600 T2:5760 (IA_PD-prefix 2600:4040:2c26:4d00::/56 pltime:7200 vltime:7200)))

as for WAN DHCP config there isn't much in the Firewalla.

IPv6 - on

IPv6 connection type - DHCPv6

there is the IPv6 address and gateway address

Prefix Delegation size - 60

IGMP proxy - on

I have wireshark but I am not sure how to capture the DHCP transactions. Thank you again

Re: Verizon DCHP server acting very strange, please help
almob
Enthusiast - Level 2

I appreciate this response. I know that you all are very friendly and not Verizon itself that is why I am seeking your help. Just a bit frustrated that I cannot get traction on what the problem is, it has nothing to do with my router. Verizon should not be expiring my IPv6 ip the way it is.

I'll also ask dslreports forum, that is very helpful on that front. I tried FB verizon but I got the standard "we don't work with 3rd party routers." 🙂 It also seems somebody here understands the problem.

I appreciate the reply.

Re: Verizon DCHP server acting very strange, please help
Cang_Household
Community Leader
Community Leader

I am not sure tcpdump is capturing everything in a packet. You need to use Wireshark to capture on the WAN interface. I would recommend connecting a switch with port mirroring capacity between your router and the ONT and plug in a computer with the Wireshark and with DHCP client disabled to capture all the traffic. You can easily filter DHCP transactions in Wireshark.

Re: Verizon DCHP server acting very strange, please help
almob
Enthusiast - Level 2

I'll do the wireshark capture tonight or tomorrow and see what comes up. I'll post it here. 

Also somebody on dslreports suggested getting a cheap Fios router, confirming the same issue, and then Verizon will be compelled to provide support.

It is worth noting that I have had IPv6 for a few months before this issue, so something changed on their end and not mine. 

I always appreciate the responses, I'll get back to you on the capture.

Re: Verizon DCHP server acting very strange, please help
Cang_Household
Community Leader
Community Leader

I just need to see the Wireshark capture.

Getting the cheap Fios router is good for going through the normal support channels. But I guess the Forums is not a normal support channel. Other advanced users can help you regardless.