WIndows Updates Fail Via IPv6

Bjørn Mork bjorn at mork.no
Tue Nov 13 11:40:37 UTC 2018


John Von Essen <john at essenz.com> writes:

> I recently go a Linksys home wifi router, by default it enables ipv6
> on the LAN. If there is no native IPv6 on the WAN side (which is my
> case since FiOS doesnt do v6 yet) the Linksys defaults to a v6 tunnel.

Could this be a 6RD tunnel requested by your ISP using DHCP with
OPTION_6RD? Ref RFC5969

Setting up any tunnel to some pre-configured endpoint by default does
not sound like a good idea....  But DHCP on the WAN side is "trusted",
so configuring a DHCP requested tunnel by default is reasonable.

> For the first few weeks of using the router, I had no idea alot of my
> traffic was going out via the v6 tunnel.
>
> Then I started getting random reachability and availability
> issues. Google would not load, but Bing and Yahoo would, and so on. I
> thought it was a FiOS issue, but after digging, I discovered the v6
> tunnel, disabled it and all my issues went away.
>
> I dont know what Linksys uses for the v6 tunnel because its buried in
> the firmware, but any tunnel service is vulnerable to a variety of
> issues that could effect access. Its odd that it always effects
> Windows update all the time, but who knows.

It would be great to have more details about this default tunnel setup.
Can't you sniff the traffic?

Anyway:  Thanks for yet another argument for native dual-stack.
Avoiding such unwanted tunnels is really simple:

If you're an ISP:
  Offer native dual-stack to your Internet access customers.

If you're an Internet access customer:
  Request native dual-stack from your ISP

Problem solved.


Bjørn



More information about the NANOG mailing list