tl;dr If you are using a router not supplied by Telus (such as an Actiontec) AND it supports IPv6, what kind of router are you using? (By supporting IPv6, I mean if you connect a computer or phone to it and run ipv6-test.com or test-ipv6.com, it will pass the tests.) My question pertains to any router that is connected to Telus directly (i.e., Telus Fibre customers) or through a bridged port (i.e., Telus xDSL customers).
The reason for my question is because Telus has uses an non-conforming method for IPv6 prefix delegation. I'm trying to find out what routers work properly on the Telus network. If you want to know more about this, read on.
Normally, when a node (host or router) initially connects to a network, at least one message exchange must take place before it will be able to exchange network traffic. For routers, two message exchanges must take place.
Within 1 second of starting, a node MUST send an ICMPv6 Router Solicitation message to ff02::2 (All Routers) and a network gateway MUST respond with an ICMPv6 Router Advertisement within 0.5 seconds. If the network requires the second message exchange, the RA message has two flags that specify that additional information such as an address or DNS information is available using DHCPv6. The RS/RA message exchange is called Neighbor Discovery. It's a fundamental part of IPv6.
If the additional information is required, to get the additional information, the node must send a DHCPv6 Solicit message to ff02::1:2 (All DHCP Relay Agents and Servers). In general, a node only requires an address, whereas a router requires a prefix. An address is not required for a router to work properly. In the case of Telus, the request must be for a prefix only and the only reply will be a /56 prefix. (This is why if you connect a host directly to the Telus network, IPv6 will not work.) The gateway will respond with a DHCPv6 Advertise, then the node will send a DHCPv6 Request, then the gateway will send a DHCP Reply, after which the node will be able to exchange network traffic.
Telus has two non-conformities in the Neighbor Discovery process. First, their gateways will not respond to an RS message until the node has first successfully completed the DHCPv6 Solicit/Advertise Request/Reply message exchange. Second, the DHCPv6 Advertise message does not set either of the two flags that specify the node should carry out the DHCPv6 message exchange. This breaks most routers, because most routers are developed to expect a network to conform to the Neighbor Discovery RFC. Normally, a router will use the presence of the flag to trigger the process of starting the DHCPv6 message exchange.
The only router I'm aware of that works 100% properly on the Telus network is pfSense. The only reason it works is because a developer who lives in the UK wrote the code to support it. I know this because I helped him test it. The only reason he did this is because his ISP at the time was one of the very few other ISPs that do the same thing as Telus. I'm still in contact with this person and he is no longer a pfSense developer. There are very few pfSense users who have ISPs that have these particular non-conformities. If this code stops working for some reason (e.g., a regression) anyone relying on pfSense will be SOL, because supporting this rarely used feature is not a high priority for netgate, the "owner" of pfSense. I use pfSense as my main router and I maintain a development test system to be the "canary in the coal mine", in case there is a regression. Recently, there was such a regression. Fortunately I was able to convince netgate to fix it, but there is no guarantee such a regression will be fixed in the future.
The other router I'm aware of that works pretty well on the Telus network is OPNsense (which is a fork of pfSense). The developer who wrote the code to handle the Telus non-conformities is now a developer for OPNsense. He no longer has an ISP that has the same non-conformities as Telus, so I'm providing a system for him to test with. Thankfully, he's a nice guy and he likes a challenge. Hopefully OPNsense will soon work 100% properly on the Telus network. The most recent issue he's wrestling with might be a bug in HBSD, so it might take a while to get fixed.
Unless there are other routers that I'm not aware of that work properly on Telus, this doesn't leave many alternatives for Telus customers who would like to have a dual-stack network using their own router, which is why I'm asking if there are other alternatives.
I have a contact in Telus engineering and I'm planning to send him an update about this soon. It would be great to know if there are any alternatives to pfSense or OPNsense. I will appreciate any response.
↧