Dual ISP IPv6 apps not working correctly
Just installed Firewalla Gold a week ago and first I have to say this thing is brilliant! Easy to setup, simple interface with the app, and performs well! I picked this up so I could add a backup ISP for when my primary Cox fiber goes down - its been very unreliable lately. Set it up with Cox as my primary ISP, Tmobile home internet as my secondary. Everything works well, failover has been 'tested' twice now and works really well. I did notice that I was having specific issues on my phone - Galaxy s20 Ultra - specifically though. Certain apps seemed to not load for what seemed like forever but was probably a minute or more. Coinbase was a problem, credit union app, doordash, and a few others. The phone received its software update last week also, so I thought they just broke something with the update. No issues with any other devices, WiFi has even been faster with the Orbi Pro in AP mode. Seems to have more time to do just WiFi instead of blocking all the stuff from the ISPs. After looking at the phone more closely, the phone had 4 IP addresses. One IP v4, and 3 IP v6. One of the IP v6 was private, but it had 2 public and I'm guessing it was receiving one from each of the ISPs. I had both Cox and Tmobile setup with IPv6 enabled, DHCP, default settings and LAN was the same. I have Firewalla configured in Failover mode for the ISPs with Cox as primary. I couldn't find anything in the flows that was v6 specific. It looks like all the flows are v4. So, I figured I'd try to disable v6 and see what happens. Viola! That made the phone happy again and all the apps load instantly like they should. I don't really need IPv6 and was only running it because the Xbox seemed happier with it on. Problem solved, but am curious if anyone else has seen this behavior in ISP failover mode. I may try load balancing the ISPs and re-enable IPv6 to see if it has the same problem. My theory is that the phone for whatever reason was using the Tmobile assigned IPv6 address first and it went nowhere because the Tmobile connection is the backup. It would eventually timeout and then try the other and work.
-
Thanks for reporting the issue, it's a code bug:
1. If there are multiple WANs having IPv6s, and when turning on IPv6 on LAN, the app may randomly select one WAN as ipv6 prefix for the LAN network. If the app selects IPv6 from secondary network, it may cause network issues. Will fix this.
2. For the current implementation, the LAN can only configure one ipv6 prefix, so likely your phone got two IP addresses from the backup WAN, not one from each WAN.
3. This bug should cause issue for all devices in the LAN network, as long as they use IPv6. Some devices do have the ability to auto fallback to IPv4 when IPv6 is not usable.
-
@Firewalla,
Will NPT work with SLAAC?
Wouldn't it be easier to provide each endpoint with a SLAAC address from each provider and simply do Router Advertisements (RA) for both prefixes? I believe you would just need to set the RA priority on the preferred path out. (For a setup where both ISPs are using SLAAC)
Please sign in to leave a comment.
Comments
5 comments