How to send ipv6 preferred lifetime=0 to devices, after getting a new ipv6 prefix
Hi,
I am now facing an issue. My internet connection is using pppoe with dynamic ipv6 prefix.
Device: fortigate 60e
Firmware: 7.4.7
When my pppoe connection is disconnected, reconnected or other reasons causing this interface down. After a few seconds, pppoe connection is up again, fortigate gets a new PD /60 range from ISP and delegates new IPs to internal devices.
PCs are assgined a new ip separately, but the old one is still existed, and contiune to use the old one to initiate new connections.
I find some information using below command, these are two Windows devices:
Actually the first(already deprecated, waited for 48 hours ), second, and third addresses are invalid, but the second, third ones are still in 首选寿命(preferred state), Windows still uses it to initiate new connections.
netsh interface ipv6 show addresses 接口 3: vEthernet (VLAN101) 地址类型 DAD 状态 有效寿命 首选寿命 地址 --------- ----------- ---------- ---------- ------------------------ 公用 反对 23h59m45s 0s 2001:ba1:290:1990:a:b:c:d 公用 首选项 1d1h30m33s 1h30m33s 2001:ba1:292:5a60:a:b:c:d 公用 首选项 1d1h39m27s 1h39m27s 2001:ba1:292:b340:a:b:c:d 公用 首选项 2d23h59m15s 1d23h59m15s 2001:ba1:292:bee0:a:b:c:d current valid address 其他 首选项 infinite infinite fe80::a:b:c:d%28Interface 3: 以太网 3 Addr Type DAD State Valid Life Pref. Life Address --------- ----------- ---------- ---------- ------------------------ Public Preferred 1d56m30s 56m30s 2001:ba1:292:5a60:1:2:3:4 Public Preferred 1d1h5m24s 1h5m24s 2001:ba1:292:b340:1:2:3:4 Public Preferred 2d23h57m47s 1d23h57m47s 2001:ba1:292:bee0:1:2:3:4 current valid address Other Preferred infinite infinite fe80::1:2:3:4%8
It seems Fortigate contiunes to update current valid address perferred lifetime by sending ra messages to end devices every 10 minutes, but the old ones, they need to wait 48 hours to countdown, then change to deprecated. The result of now is no ipv6 internet connection.
tracert -d 2400:3200::1 通过最多 30 个跃点跟踪到 2400:3200::1 的路由 1 <1 毫秒 <1 毫秒 <1 毫秒 2001:ba1:292:bee0:: 2 * * * 请求超时。 3 * * * 请求超时。 4 * * * 请求超时。 5 * * * 请求超时。
From Fortigate's logs, Windows is using an outdated adrress to initiate new connections.
I try to cut down the preferred lifetime by setting prefix-hint-plt=1810, but it does not take any changes.
Here is my configuration, are there any incorrect settings?
config system interface edit "pppoe" set vdom "MGMT" set mode pppoe set type emac-vlan set estimated-upstream-bandwidth 0 set estimated-downstream-bandwidth 0 set monitor-bandwidth enable set role wan set snmp-index 39 config ipv6 set ip6-mode pppoe set ip6-allowaccess ping ssh set dhcp6-prefix-delegation enable set autoconf enable config dhcp6-iapd-list edit 1 set prefix-hint ::/60 set prefix-hint-plt 1810 set prefix-hint-vlt 0 next end end set username "abcde" set password password set dns-server-override disable set macaddr 00:00:00:00:00:00 set interface "wan2" set vlanid 51 next end config system interface edit "lan6" set vdom "MGMT" set device-identification enable set role lan set snmp-index 18 set ip-managed-by-fortiipam disable config ipv6 set ip6-mode delegated set ip6-allowaccess ping ssh set ip6-send-adv enable set ip6-manage-flag enable set ip6-other-flag enable set ip6-delegated-prefix-iaid 1 set ip6-upstream-interface "pppoe" set ip6-subnet ::/62 config ip6-delegated-prefix-list edit 1 set upstream-interface "pppoe" set delegated-prefix-iaid 1 set subnet ::/64 next end end set interface "lag3" set vlanid 101 next end