Tag Archives: ipv6

Monitoring IPv6 vs IPv4 traffic on Ubiquiti USG with SNMP

So. This has been painful. I decided I wanted to view how much traffic is flowing in and out of my USG now that I have IPv6!!!! It must be crazy, so let me go look. And then the painful truth, the USG controller has no visuals or commands to find the information. Bummer.

After a lot of web browsing, researching, additional hair loss, crying, and help, I have found the solution. I am going to turn on SNMP on the Ubiquiti USG, install telegraf, influxdb, and grafana on my Ubuntu 18.04 server.

This should be easy, right? No.
What could go wrong? A whole whole lot.

Setting up SNMP

I’m going to skip most the heartburn I had of trying to find the correct OIDs, getting the names correct, and ultimately realizing that Ubuntu does not load the MIBs in by default, so you have to do it by hand. Here’s what I did though:

# apt-get install snmp-mibs-downloader libsnmp-base libsnmp-dev snmp
# cd /usr/share/snmp/mibs
# wget http://dl.ubnt-ut.com/snmp/UBNT-MIB
# wget http://dl.ubnt-ut.com/snmp/UBNT-UniFi-MIB

Now, I did something bad, but since this is pretty limited, I loaded all of the MIBs in by default. My /etc/snmp/snmp.conf file looks like this:

# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
# mibs :
mibs +ALL

Setting up InfluxDB

Read more »

Static IPv6 Hostnames on Ubiquiti USG

Yet another update for how I keep updating Ubiquiti to work with IPv6. In this case, I want to update my hosts so that they will use IPv6 locally when using their domain names. Even though my authoritative DNS server has the AAAA records setup correctly, because I had updated Ubiquiti to use the local IP on the USG, it would not return values for my servers. Here’s how I fixed that issue, in a not great way. I’m currently on controller version 5.10.19.

Let’s assume the following:

  • Domain: somelab.us
  • Host: someserver
  • IPv4: 192.168.1.15
  • IPv6 (Fake): 2606:1101:6412:fd00:223b:4911:2314:7843

The first thing to do is make sure that dnsmasq is turned on as the DHCP server. This can be found in “Settings” -> “Services” -> DHCP. Just make sure “Use dnsmasq as DHCP server” is turned on.

Read more »

IPv6 on Cincinnati Bell Fioptics with VLANs using Ubiquiti USG

Cincinnati Bell Fioptics has recently started the deployment of IPv6 through the network. Luckily, we will be allowed to pull a /56 prefix.

A bit of a warning, but the /56 prefix is not sticky to you. If your network connection becomes disconnected for long enough (as of this writing it is 7 days), you could be assigned a new /56. Also, if you put a new device on with a different MAC, you will get a different /56 prefix.

Another note is DNS. You will not be getting AAAA records for the DNS servers. DNS queries will continue to go to their DNS servers using IPv4 addresses. This is fine. You will still get AAAA IPv6 addresses when available for domain names when available, just the communication to get that AAAA is over IPv4. Since you will be dual stack, having both IPv4 and IPv6, there will be no issues.

My network setup currently is as follows:

  • Connections
    • ONT is connected to the USG eth0 ethernet port (WAN)
  • Interfaces
    • WAN1
    • VLAN 1: Management
    • VLAN 2: Home Network
    • VLAN 3: DMZ Network
    • VLAN 4: Guest Network
  • Hardware / Software
    • Model: UniFi Security Gateway 3P
    • Version: 4.4.36.5146617
    • Controller Version: 5.10.20
Read more »

IPv6 on Time Warner with VLANs using OpenWrt

I’ve retired the old Linksys e3000 running TomatoUSB and have replaced it with a ZyXEL NBG6716 802.11AC router that is running OpenWrt Chaos Calmer.  One of the things I was never able to get to work on the e3000 with Tomato-USB was getting each of the four VLANs an IPv6 subnet.  I could only seem to pull down a /64 from Time Warner, which would then get assigned automatically to my first VLAN.  The good news is, I am now running with a /56 assignment from Time Warner with each VLAN assigned a /64.

My current setup looks like:

  • ZyXEL NBG6716 AC router
  • OpenWrt Chaos Calmer r43762 (snapshot of trunk at the time)

So, to start out, make sure you have the following software packages installed:

  • ip6tables
  • ip6tables-extra
  • kmod-8021q
  • kmod-ip6tables
  • kmod-ipv6
  • odhcp6c
  • (optional) luci-proto-ipv6

Setup WAN

At this point, I configured the WAN interfaces to pull an IPv6 address (Network -> Interfaces).  Edit the WAN6 interface to update the following settings:

  • General Setup Tab
    • Protocol: DHCPv6 client
    • Request IPv6-address: try
    • Request IPv6-prefix of length: 56
  • Advanced Settings Tab
    • Bring up on boot: checked
    • Use builtin IPv6-management: checked
    • Use default gateway: checked
    • Use DNS servers advertised by peer: check (even though TW hasn’t passed IPv6 DNS servers to me yet)
  • Physical Settings Tab
    • Bridge interfaces: unchecked
      • Interface: “Ethernet Adapter: “eth1”
  • Firewall Settings
    • Create / Assign firewall-zone: wan

Create VLANs

Now create the VLANs that you want to use (Network -> Switch).  Make sure that each of the VLANs you create are tagged for the CPU.  In my setup, I have the VLANS: Management, Home, Guest, DMZ.

Create Interfaces for the VLANs

Read more »