Routers / firewalls with poor IPv6 support

Well it is not, not by people that have to configure it.

I got a DrayTek 2865 modem/router now, as the Fritzbox wasn’t able to handle that much NTP-UDP traffic.

It was a major headache to get IPv6 working on the Fritzbox.

I have spend the last month to get the DrayTek working in Dual-stack. Can’t even get WAN-IPv6 to accept my IPv6-range.

Ipv4 ran in minutes.

Please tell me what I do wrong. Why is this protocol so hard? I asked around, but nobody uses IPv6 or is able to help.

It’s ridiculous how hard it is to get this working. Any DrayTek experts in here?

For the record:

Bas’s post does not make a convincing case that either the Fritz!Box or the Draytek suffers from poor IPv6 support.

Fully concur.

In general, implementation of IPv6 functionality, or its documentation, can be an issue. E.g., AVM’s implementation is good, I think. At the same time, I found that their documentation trying to be simple, and trying to avoid to get too technical, makes it slightly difficult to actually understand what is what, and what option will yield which behavior. At least when coming at it bottom-up, i.e., knowing what one wants to achieve from a technical point of view, and then trying to identify from somewhat fuzzy descriptions what option that functionality is hidden behind. But might be good for someone who doesn’t know, or doesn’t want to know too much about the technical stuff (which is AVM’s target audience in my understanding). So different mileage possible on the documentation side, but nothing insurmountable either way.

In case of the DrayTek device, at least I feel neither is the case. I.e., the documentation seems rather explicit and elaborate as to what the different options are, with an entire range of subchapters on IPv6 WAN configuration for different circumstances (e.g., with PPP, DHCPv6, statically, different transition technologies, e.g., static 6in4). Plus an Application Notes chapter again just for IPv6 WAN configuration, going through the motions to configure IPv6 step by step. And on the LAN side, one subchapter for IPv6 LAN configuration.

And based on the documentation, the IPv6 implementation itself seems solid as well.

Anyway, if one doesn’t like IPv6, or doesn’t want to bother learning about it, and how it is different from IPv4, why not save oneself the hassle, and just ignore it? The IPv6 offline setting of the DrayTek device is a viable option.

I’d be interesting, I think, if someone was interested in analyzing all the monitoring data from the last however long and see if there’s a difference in how long it takes to remediate an IPv6 network problem vs an IPv4 one. At least at one point the IPv6 problems would commonly last much longer than IPv4 trouble ever would.

I had an outage due to my ISP…
IPv4 recovered within hours to normal levels, IPv6 still has significant negative scores 9+ Hours later

image310×769 46.3 KB

There is nothing wrong with the setup or hardware, IPv4 is load balanced across all 3 IPv6 servers, but direct IPv6 is reporting negative scores and taking forever to recover.

Do you mean you want to know how fast the monitoring shows the IPv4 and IPv6 servers as healthy again after an outage?

If so, I’ve just modified the NTP simulator to enable such analysis.

I’m not 100% sure I did it right, but it should run more or less correctly for 45 hours per 48 hours and way off for the remaining 3 hours, with a sudden jump from good to bad at 13:00 UTC and back to good at 16:00 UTC, for both IPv4 and IPv6 (on Sun, Tue, Thu, Sat). Let’s see what it does.

Just for my understanding: did the IPv6 outage actually take longer to recover, or did the monitoring simply take more time to flag the service as healthy again?

(Two different things and I’m not sure what Ask meant, hence the question - I assumed the latter.)

IPv6 took much longer ( circa 8 hours) to start marking the service as healthy.
Took nearly 12 hours to return to what would be normal scores.

That was across production and the Beta - beta below
Where the purple change to blue, is where I had to restored IPv6 connectivity properly.

image665×439 72.8 KB

Interesting - a first test (so sample size 1…) with my controlled environment does not yet show these major differences.

Let’s wait for some more results, while te test continues.

I haven’t yet had an Internet outage since my server joined the pool (so it will be interesting to see what happens when I do get one). However, FWIW, in more general terms my experience with my router/ISP/underlying provider is that after previous outages IPv4 connectivity recovers immediately with IPv6 just a little slower (but not significantly).

In my country, with a vast territory with new infrastructure being deployed all the way to remote areas and improving the capacity of large metropoles, IPv6 tends to have lower latency, better routes and higher bandwidth than the legacy infrastructure firstly put in place before IPv6 was a thing.

It would indeed be interesting to analyse historical data to see if there is a pattern of IPv6 performing worse (so far, I have no strong indications).

In any case, this is not a monitoring issue on the NTP pool’s side. I’ve been testing this for a couple of days now (with multiple servers) and have noticed little or no difference between IPv4 and IPv6 - they both recover at the same pace:

Scherm­afbeelding 2025-08-10 om 08.59.111312×648 85.7 KB

Scherm­afbeelding 2025-08-10 om 08.59.031310×648 87.5 KB

I also noticed that it can take up to 30 minutes before I get the alert mail from the monitoring.

I can’t draw direct comparisons between IPv4 and IPv6 in this instance, as IPv6 needed my intervention to restore due to DHCPv6 behaviour issues on my firewall.

I did complete a reboot of all my hosts over the weekend after patching and there was nothing worth reporting, monitoring 100% as expected.

I stopped using IPv6 in total. Had enough of it.

Sorry to hear it, certainly from an IPv6 adoption point of view. But the good thing is that one is given a choice to use it, or not to. And I fully respect that it’s not everyone’s thing, even when I personally don’t share various aspects of those views.

To be honest, I had been wondering a bit why you were even bothering with it at all, and your tenacity in trying to make it work, when you made your dislike abundantly clear, and from your perspective as I understood it would have had pretty much no one else to connect with anyhow.

Anyway, now you can focus the energy this decision frees towards things that hopefully bring you more pleasure and joy, and I am wishing you all the best for that.

MagicNTP, I started trying IPv6 with an open mind.

But the more I read about it, the more complex it became.

I had it running on the Fritzbox, but the Fritzbox couldn’t handle it. I did confront AVM about the problems, but they ignored it. Strangely in later firmware updates they increased UDP firewall and NAT tables in size….why? If there are no problems, they told me.

But it wasn’t only the Fritzbox, also the change in Linux from simple networking config to netplan is a bitch to configure manual.

I have read so many sites and tutorials over the time, that it makes no sense anymore how it works or should be approached.

Last try with the DrayTek…impossible. So I clicked the button that the left top and turned IPv6 off in total. I do like the thought behind it, don’t get me wrong, but the people that implemented it must have been on drugs or mushrooms.

Nobody with their right state of mind would ever invented the mess it is.

So, hopefully somebody with a brain will alter IPv6 to something normal people can understand and implement. Sure, I give it another go.

With that said; I did discover my Fritzbox load-slowdown-problems….as the problem IS the Fritzbox for these kind of serving. Nice homebox, but not suited for heavy NTP-traffic.

Maybe I do not sound happy, but in fact I am, as with NTP traffic, simplistic routers simply fail

I would never have bought a DrayTek, as these are 600 €/$/£ routers….but what a difference!

1. There’s been no such “change in Linux”. netplan is an Ubuntu-ism and it is the nature of corporations to introduce change merely to differentiate themselves. Linux options other than Ubuntu exist. There are millions upon millions of Linux systems that are not configured by netplan and probably never will be.
2. I’ve never had an issue adding IPv6 to a netplan config, though I don’t personally choose to use netplan.

I avoid it where possible, but I run some packages that are nearly impossible to use/install (for the moment) without using Ubuntu 22.04. Too much dependencies and they use npm and nodejs old versions. Some tried Debian but failed. The developer has said he will move all to newer versions or other platform in the near future.

You just identified where your issue with IPv6 lies.