Comcast IPv6 with Ubiquiti EdgeRouter

Wed 18 February 2015

The following was originally posted on my personal blog, mikeshoup.com. There may be some formatting issues. Please post in the comments if anything looks funky.

With the latest release of firmware (1.6) for Ubiquiti EdgeRouter devices, you can now use DHCPv6-PD with only modifying the device config.

It works with Comcast's IPv6. Here's most of my config to get you going. I snipped out quite a bit of the superfluous stuff, but the good bits are there.

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-name client6-in {
        default-action accept
        description "Clients to other nets"
    }
    ipv6-name client6-local {
        default-action accept
        description "Clients to router"
    }
    ipv6-name wan6-in {
        default-action drop
        description "WAN IPv6 to networks"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "drop invalid state"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description "Allow icmpv6"
            protocol ipv6-icmp
        }
    }
    ipv6-name wan6-local {
        default-action drop
        description "WAN inbound to router"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description "Allow IPv6 ICMP"
            protocol ipv6-icmp
        }
        rule 40 {
            action accept
            description "Allow dhcpv6"
            destination {
                port 546
            }
            protocol udp
            source {
                port 547
            }
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name client-in {
        default-action accept
        description "Clients to other net"
    }
    name client-local {
        default-action accept
        description "Clients to router"
    }
    name wan-in {
        default-action drop
        description "Internet to local net"
        rule 1 {
            action accept
            description "Allow established/related"
            log disable
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop inavlid state"
            log enable
            state {
                invalid enable
            }
        }
    }
    name wan-local {
        default-action drop
        description "Internet to Router"
        rule 1 {
            action accept
            description "Allow established/related"
            log disable
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log enable
            state {
                invalid enable
            }
        }
        rule 5 {
            action accept
            description "ICMP 50/m"
            limit {
                burst 1
                rate 50/minute
            }
            log enable
            protocol icmp
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 10.0.0.1/24
        description Clients
        duplex auto
        firewall {
            in {
                ipv6-name client6-in
                name client-in
            }
            local {
                ipv6-name client6-local
                name client-local
            }
        }
        speed auto
    }
    ethernet eth1 {
        address dhcp
        description WAN
        dhcpv6-pd {
            pd 0 {
                interface eth0 {
                    host-address ::1
                    prefix-id :1
                    service slaac
                }
                prefix-length 60
            }
            rapid-commit enable
        }
        duplex auto
        firewall {
            in {
                ipv6-name wan6-in
                name wan-in
            }
            local {
                ipv6-name wan6-local
                name wan-local
            }
        }
        speed auto
    }
    ethernet eth2 {
        disable
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
service {
    dhcp-server {
        disabled false
        shared-network-name wired-eth0 {
            authoritative disable
            description "Wired Nework eth0"
            subnet 10.0.0.1/24 {
                default-router 10.0.0.1
                dns-server 10.0.0.1
                lease 86400
                ntp-server 10.0.0.1
                start 10.0.0.150 {
                    stop 10.0.0.199
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth0
            system
        }
    }
    gui {
        https-port 443
    }
    nat {
        rule 5010 {
            log disable
            outbound-interface eth1
            protocol all
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    name-server 8.8.8.8
    name-server 8.8.4.4
    name-server 2001:4860:4860::8888
    name-server 2001:4860:4860::8844
    offload {
        ipsec enable
        ipv4 {
            forwarding enable
        }
        ipv6 {
            forwarding enable
        }
    }
}