Dual Stack IPv6 - How To?

Are you assigning IPv6 addresses to your clients? If the client doesn't have an IPv6 address, it cannot resolve to IPv6 resources, and won't use the IPv6 Internet. If you don't receive a subnet from Comcast, you'll have to do IPv6 NAT too.

I'm going to assume a windows client, but this applies generally.

Try these commands and post the output (you may wish to obfuscate any public IPs):

• ping -6 {XG-Internal-IPv6}
• nslookup -type=AAAA ipv6.google.com
• tracert -6 -d ipv6.google.com

Can you browse to ipv6.google.com? Examples:

C:\>ping -6 2001:XXXX:YYYY:ae60::a0e:601

Pinging 2001:XXXX:YYYY:ae60::a0e:601 with 32 bytes of data:
Reply from 2001:XXXX:YYYY:ae60::a0e:601: time=2ms
Reply from 2001:XXXX:YYYY:ae60::a0e:601: time=1ms
Reply from 2001:XXXX:YYYY:ae60::a0e:601: time=1ms
Reply from 2001:XXXX:YYYY:ae60::a0e:601: time=2ms

Ping statistics for 2001:XXXX:YYYY:ae60::a0e:601:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

C:\>nslookup -type=AAAA ipv6.google.com
Server: internal.dns.server
Address: 2001:XXXX:YYYY:ae60::12

Non-authoritative answer:
Name: ipv6.l.google.com
Address: 2404:6800:4003:c02::8a
Aliases: ipv6.google.com

C:\>tracert -6 -d ipv6.google.com

Tracing route to ipv6.l.google.com [2404:6800:4003:805::1004]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 2001:XXXX:YYYY:ae60::a0e:601
2 2 ms 12 ms 14 ms 2001:XXXX:YYYY:1::1
3 173 ms 173 ms 184 ms 2001:470:c:1381::1
4 206 ms 174 ms 275 ms 2001:470:0:9d::1
5 183 ms 195 ms 199 ms 2001:470:0:72::2
6 172 ms 170 ms 171 ms 2001:4860:1:1:0:1b1b:0:19
7 171 ms 168 ms 169 ms 2001:4860::1:0:6b02
8 169 ms 195 ms 173 ms 2001:4860::8:0:7a1a
9 346 ms 351 ms 342 ms 2001:4860::8:0:8c6f
10 344 ms 340 ms 340 ms 2001:4860::8:0:96e9
11 342 ms 341 ms 346 ms 2001:4860::1:0:518d
12 342 ms 343 ms 343 ms 2001:4860:0:1::271
13 339 ms 340 ms 347 ms 2404:6800:4003:805::1004

(The long latencies are because my IPv6 is a tunnel from AU to the US).

I received a delegated prefix from Comcast. It appears in the UTM that I configured that delegated prefix to the internal interface of the UTM and appended a ::1 to it (since it's my gateway IP). It also appears that I have configured prefix advertisement on the internal segment as well as stateless integrated DHCPv6. I didn't do that on the XGFW. Looks like it may be an incomplete config on my part.

After a little more noodling, I still can't get it to work. DHCPv6 is enabled on the internal interface. Just doesn't seem to want to play.

DHCP-PD (client) is not supported in XG. So, no way for you to get an IPv6 prefix for your LAN, from Comcast.

This was discussed on the astaro.org forum. It was acknowledged that the feature is missing, with no estimate as to when it would be integrated. Show stopper for me.

While they are at it, they need to add the ability to send a DHCPv6 "hint", so you can request a /60.  In UTM, best you can get is a single /64.

DHCP-PD (client) is not supported in XG. So, no way for you to get an IPv6 prefix for your LAN, from Comcast.

This was discussed on the astaro.org forum. It was acknowledged that the feature is missing, with no estimate as to when it would be integrated. Show stopper for me.

While they are at it, they need to add the ability to send a DHCPv6 "hint", so you can request a /60.  In UTM, best you can get is a single /64.

Thanks DavidWilliams1