IPv6 – Airport Extreme update 7.6.3 breaks existing IPv6 tunnels

A few days ago I had an unexpected network problem.  An IPv6 tunnel to tunnelbroker.net that had been up for months went down and wouldn’t restart. My tunnel endpoint is an Apple Airport Extreme base station (AEBS) that was originally running 7.6.1.

This all started when my ‘net connection died, IPv4 and IPv6 both just stopped working. I tracked it down to the AEBS. For some reason it just completely stopped passing any traffic at all. It’s done this twice before; it looks like the problem is uptime related. The AEBS seems to want a full power cycle about every 120-150 days of uptime.

Unfortunately, I also decided take the downtime as an opportunity to do the pending firmware update, to 7.6.3.

Which breaks existing IPv6 tunnels.

Fortunately, this was already figured out by others. Hurricane Electric support quickly referred me to this post in their support forums, which references this Ars Technica article, which leads to the root cause, as determined by users at SIXXS.

Apple changed the firmware to now require a valid IPv6 prefix in the “IPv6 Delegated Prefix” field in order to handle 6in4 tunnels. This field did not exist in earlier versions of the firmware, and was only added to the firmware around version 7.6 or so. At that time, existing configurations would still work, with no value in that field.

The 7.6.3 update requires a valid prefix, or the router will discard protocol-41 (6in4) packets from the other end of the tunnel.

If it wasn’t for the pretty good support for IPv6 in MacOS, I’d have guessed that Apple hates IPv6, as they keep breaking it on the AEBS product family.

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: