GABarber
Level 1 (12 points)
Notebooks

Q: Airport Extreme and Cox Internet IPv6 Problem

This is a notification to others as well as a question:

 

I have Cox Cable High Speed Internet at several locations using an Airport Extreme 3GB connected as a router to the Cox cable modem.

 

For more than a week we would regularly find in the morning that the outside connection to the internet DNS servers were lost.  We called Cox several times, and they performed the usual reset of router and modem and things seem to work for a while.  But the next day gone again.

 

They came out and replaced the hookups, I I had to buy a new cable modem and replaced a digital switch.  Each time things seemed to work for a while.

 

I thought about replacing the Airport Extreme (as I read others had done in a similar situation to no avail).

 

After much frustration, I started to search for Airport Extreme and DNS and found similar tales.

 

After several unproductive calls with Cox Internet first tier support, I finally reached a tier who acknowledged that Cox was rolling out IPv6 and was having a problem with Airport Extreme Routers.  They said Apple was working on it and gave me a number to call at apple router support.  Unfortunalely the number they gave was no longer valid.


I persisted and eventually got to Apple support and indeed they knew of the problem and said Cox was working on it.. But there was a temporary fix - and that was to turn off iPv6 on the airport extreme (more precisely (internet > Internet Options > Configure Ipv6 : Link-Local Only).

 

For now this seemed to stop the overnight drop that seems to happen between 12:00 AM and 2:00 AM.  From experience I dont think its really an IPV6 compaibility issue, but how the router responds to some sort of reset signal/test signal that the service does in the early morning.

 

So the question is - does anybody know for sure whats going on or who is really working on this.  From my perspective both camps think its the other's problem.  BTW - Ive read about others with Non Apple routers chasing something similar.

Posted on Mar 2, 2016 9:07 PM

by babysus,Apple recommended
babysus babysus
Level 1 (12 points)
A:

GABarber,

 

I too had a similar problem.  Prior Cox Communications service in Phoenix AZ was terminated, and recently reinstated yesterday (Mar. 1st) afternoon.  After the technician left, the wi-fi failed to produce a valid connection, citing DNS error and no response from server.  We have a new CISCO modem, ethernet cable to a 2TB Air Port/Time Capsule.

 

After speaking with Tier 1 and then Tier 2 Cox support, there was adequate evidence for a valid signal through the modem, but the Air Port was not picking it up or broadcasting it (per Cox).  Checking my Air Port Utility apps on iMac and iPhone would demonstrate occasional Internet or Air Port signal, but never both together.  The modem and Air Port both would demonstrate appropriate green indicator lights, but to no avail to working wi-fi.

 

The only thing thus far that has worked is your solution listed above: Air Port Utility > Internet > Internet Options > Configure Ipv6 : Link-Local Only.

 

Thank you, GABarber.

Posted on Mar 2, 2016 10:08 PM

Close
GABarber

Q: Airport Extreme and Cox Internet IPv6 Problem

  • All replies
  • Helpful answers

first Previous Page 22 of 32 last Next

  • by starhopper,

    starhopper starhopper Jun 5, 2016 9:15 AM in response to Gino_Cerullo
    Level 1 (9 points)
    Jun 5, 2016 9:15 AM in response to Gino_Cerullo

    Also, should I enable "Block Incoming IPv6 Connections"?  I see you have it enabled on the example above.  I currently have that disabled.

  • by Gino_Cerullo,

    Gino_Cerullo Gino_Cerullo Jun 5, 2016 9:25 AM in response to starhopper
    Level 3 (567 points)
    Apple TV
    Jun 5, 2016 9:25 AM in response to starhopper

    starhopper, yes, enable "Block Incoming IPv6 Connections." That turns on the IPv6 stateful firewall.

     

    Since IPv6 no longer uses NAT, it uses a stateful firewall to block unauthorized requests from the WAN (Internet) side. It also keeps track of requests from your LAN (computers/devices) so when an answer comes back from the Internet (WAN) it knows which computer/device to direct the answer back to.

  • by starhopper,

    starhopper starhopper Jun 5, 2016 9:30 AM in response to Gino_Cerullo
    Level 1 (9 points)
    Jun 5, 2016 9:30 AM in response to Gino_Cerullo

    OK - I have no idea what that means, but I will take your advice and enable it.

  • by starhopper,

    starhopper starhopper Jun 5, 2016 9:34 AM in response to starhopper
    Level 1 (9 points)
    Jun 5, 2016 9:34 AM in response to starhopper

    When I enabled "Block Incoming IPv6 connections", I now get a "Allow incoming IPsec authentication" button that is enabled.  Should I leave it enabled?

  • by Gino_Cerullo,

    Gino_Cerullo Gino_Cerullo Jun 5, 2016 9:35 AM in response to starhopper
    Level 3 (567 points)
    Apple TV
    Jun 5, 2016 9:35 AM in response to starhopper

    Yes, "Allow incoming IPsec authentication" should also remain enabled.

  • by sunjon,

    sunjon sunjon Jun 5, 2016 9:39 AM in response to starhopper
    Level 1 (9 points)
    Notebooks
    Jun 5, 2016 9:39 AM in response to starhopper

    starhopper - are you running all 3 browsers on one machine?  one thing I've noticed is that firewall settings can affect the test results.  If you have Mac OS X firewall On, and in Stealth mode,  Stealth mode prevents one of the IPv6 messages from getting through, and will lower the score.

  • by Gino_Cerullo,

    Gino_Cerullo Gino_Cerullo Jun 5, 2016 9:57 AM in response to sunjon
    Level 3 (567 points)
    Apple TV
    Jun 5, 2016 9:57 AM in response to sunjon

    That's good information to share sunjon.

     

    Stealth mode prevented a reply from ICMP ECHO_REQUESTs. People used stealth mode to try to hide their computers/networks on the Internet. It was considered security by obscurity but in truth it wasn't very effect and caused more problems then it solved.

     

    For IPv6 to work properly it requires ICMPv6 ECHO_REQUESTs to receive a reply. So devices/computers that have a stealth mode option, it should be disable if you want IPv6 to work properly.

  • by starhopper,

    starhopper starhopper Jun 5, 2016 10:09 AM in response to sunjon
    Level 1 (9 points)
    Jun 5, 2016 10:09 AM in response to sunjon

    No, I generally only use "EDGE", but thought I'd try both "CHROME" and "FIREFOX" to see if I got different results.  I'm using a Windows 10 machine.

  • by Brad Purvis,

    Brad Purvis Brad Purvis Jun 5, 2016 10:33 AM in response to starhopper
    Level 1 (59 points)
    Jun 5, 2016 10:33 AM in response to starhopper

    After installing the firmware update last week I decided to return the Airport Extreme factory default settings with iPv6 today. Was running the Google settings listed previously. I ran the test below before and after (the screen shot is after). My initial score was 4/20. After resetting my score is what you see below; 19/20.

     

    We will see if the system stays up and running for any length of time with the firmware upgrade and factory defaults.

    Screen Shot 2016-06-05 at 12.11.24 PM.png

  • by OCRamón,

    OCRamón OCRamón Jun 5, 2016 2:06 PM in response to Gino_Cerullo
    Level 1 (4 points)
    Jun 5, 2016 2:06 PM in response to Gino_Cerullo

    Bingo!  ipv6 down again after ~13 hours.

     

    ping6 -c 10 ipv6.google.com

    PING6(56=40+8+8 bytes) 2600:8802:4100:d9:954b:1cd6:4db:9ff6 --> 2607:f8b0:4000:803::200e

     

    --- ipv6.l.google.com ping6 statistics ---

    10 packets transmitted, 0 packets received, 100.0% packet loss

     

    traceroute6 ipv6.google.com

    traceroute6 to ipv6.l.google.com (2607:f8b0:4000:803::200e) from 2600:8802:4100:d9:954b:1cd6:4db:9ff6, 64 hops max, 12 byte packets

    1  2600:8802:4100:d9:8a1f:a1ff:fe2a:5d51  0.527 ms  0.855 ms  1.364 ms

    2  * * *

    3  * * *

    4  * * *

    5  * * *

    6  * * *

    7  * * *

    8  * * *

    9  * * *

    10  * * *

    11  * * *

    12  * * *

    13  * * *

    14  * * *

    15  * * *

    16  * * *

    17  * * *

    18  * * *

    19  * * *

    20  * * *

    (still running)

     

    		Your IPv4 address on the public Internet appears to be 68.5.166.111

    		Your Internet Service Provider (ISP) appears to be ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc., US

    		No IPv6 address detected [more info]

    		Our tests show that you will have a broken or misconfigured IPv6 setup, and this will cause problems as web sites enable IPv6.

    		We have suggestions to help you fix your system. [more info]

     

    Your readiness score
    0/10for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

     

    Test with IPv4 DNS record

    ok (0.068s) using ipv4

    Test with IPv6 DNS record

    timeout (15.008s)

    Test with Dual Stack DNS record

    timeout (15.008s)

    Test for Dual Stack DNS and large packet

    timeout (15.008s)

    Test IPv4 without DNS

    ok (0.063s) using ipv4

    Test IPv6 without DNS

    timeout (15.010s)

    Test IPv6 large packet

    timeout (15.006s)

    Test if your ISP's DNS server uses IPv6

    timeout (15.012s)

    Find IPv4 Service Provider

    ok (0.247s) using ipv4 ASN 22773

    Find IPv6 Service Provider

    timeout (15.021s)

    Test for buggy DNS

    undefined (5.005s)

     

    If this posts, ipv4 is working as a fallback...

  • by askin6305B,

    askin6305B askin6305B Jun 5, 2016 2:42 PM in response to OCRamón
    Level 1 (4 points)
    Jun 5, 2016 2:42 PM in response to OCRamón

    OCRamon - Thanks for posting w/time window, and the more accurate the time window of failure, the better.  ~13 hours is awfully close to 12 hours, which is when your IPv6 lease will renew (we have 24-hr leases and DHCPv6 clients renew every 1/2 lease lifetime).  Incidentally, lease renewal was the primary failure condition we found and worked with Apple to fix.  So I don't THINK that is the problem but who knows.

     

    Couple things if you don't mind:

    1. Post your cable modem MAC address, don't worry it's not a private piece of info, in fact its a L2 address so it's only reachable by you and our next-hop network equipment (CMTS in this case).

    2. Post the IPv6 address of your Airport from when its working and then once it fails.  As Gino stated, assuming you have "Block incoming IPv6 connections" enabled, this is also not exposing you to anything malicious.

  • by Gino_Cerullo,

    Gino_Cerullo Gino_Cerullo Jun 5, 2016 3:14 PM in response to askin6305B
    Level 3 (567 points)
    Apple TV
    Jun 5, 2016 3:14 PM in response to askin6305B

    askin6305B wrote:

     

    OCRamon - Thanks for posting w/time window, and the more accurate the time window of failure, the better.  ~13 hours is awfully close to 12 hours, which is when your IPv6 lease will renew (we have 24-hr leases and DHCPv6 clients renew every 1/2 lease lifetime).  Incidentally, lease renewal was the primary failure condition we found and worked with Apple to fix.  So I don't THINK that is the problem but who knows.

     

    Couple things if you don't mind:

    1. Post your cable modem MAC address, don't worry it's not a private piece of info, in fact its a L2 address so it's only reachable by you and our next-hop network equipment (CMTS in this case).

    2. Post the IPv6 address of your Airport from when its working and then once it fails.  As Gino stated, assuming you have "Block incoming IPv6 connections" enabled, this is also not exposing you to anything malicious.


    askin6305B, you'll want the IPv6 WAN address from his AirPort router is that correct?


    NOTE: the image below does not show OCRamón's IPv6 address so don't use that one.


    screenshot.png

  • by Gino_Cerullo,

    Gino_Cerullo Gino_Cerullo Jun 5, 2016 3:05 PM in response to OCRamón
    Level 3 (567 points)
    Apple TV
    Jun 5, 2016 3:05 PM in response to OCRamón

    So that is a complete failure. traceroute6 doesn't even get past the first hop.

     

    Hopefully this is a little more info that Cox engineering can use to help figure out what is going on.

  • by OCRamón,

    OCRamón OCRamón Jun 5, 2016 4:00 PM in response to askin6305B
    Level 1 (4 points)
    Jun 5, 2016 4:00 PM in response to askin6305B

    SB6182 has MAC address 84 61 A0 7D 3C AF.  I assume that's the one you want.  It also reports a "learned" MAC address.

     

    #Known CPE MAC AddressStatus
    184:61:a0:7d:3c:afSelf
    288:1f:a1:2a:XXXXLearned

    Let me know if this is safe to transmit.

     

    ipv6 WAN address (when it's working) is 2600:8802:7f80:100:a497:6f81:2e6f:3631.  No idea why Apple goes with lower case hex digits!  I do have incoming connections blocked.

     

    I'll have to wait for another failure to check the WAN address when the AEBS has failed.

  • by askin6305B,

    askin6305B askin6305B Jun 5, 2016 6:14 PM in response to Tom380
    Level 1 (4 points)
    Jun 5, 2016 6:14 PM in response to Tom380

    Tom380 wrote:

     

    Since 8 pm PDT last night have intermittently lost the IPv6 connection. Location is Orange County CA.  IPv4 connection continues to work with normal internet speeds.  Re-setting the cable modem temporarily restores the IPv6 connection, however, it is lost within minutes.  Problem continues this morning.

     

    Tom what's your cable modem MAC address?

first Previous Page 22 of 32 last Next