Ciao everyone,

I have recently moved to Italy and was recommended iliad as Internet provider. I got an Iliadbox which I am trying to replace with a mikrotik hAP ax2.
I have sniffed the traffic between the iliadbox and the ONT and I think I have all the required values to replace the IB but I have not been able get a working configuration with the mikrotik.
In the pcap file, the DHCPv6 request made by the IB contains this items in the Solicit:

    Option Request
        Option: Option Request (6)
        Length: 6
        Requested Option code: DNS recursive name server (23)
        Requested Option code: S46 MAP-E Container (94)
        Requested Option code: Unknown (141)

However on the Advertise there's nothing containing info for option 94 and 141. After the Request and Reply DHCPv6 there is a https communication with wdo.iliad.it.

On the DHCPv6 Advertise there is IA_NA (Identity Association for Non-temporary Address) and IA_DA (Identity Association for Prefix Delegation) with a prefix length of 60.
I am not seeing any communication using the IA_NA, is it needed? Should/Can I disable address from DHCPv6 client? The communication with wdo.iliad.it is done with ${IA_DA}::1.
I don't know much about IPv6 and any help in getting the mikrotik configuration working will be very much appreciated 🙂

Grazie

    URi I got an Iliadbox which I am trying to replace with a mikrotik hAP ax2.

    are you on a GPON (2.5 Gbps) or EPON (5 Gbps) network?

    • URi ha risposto a questo messaggio

      URi then it's not difficult, but you'd better apply for net neutrality from the customer area

      Split the post as the other topic refers to another situation (the OP has no IliadBox).

      Anyway, can you obtain a IPv6 address through DHCPv6 on VLAN 101? Before you start messing around with tunnels and MAP-E that has to work.

      • URi ha risposto a questo messaggio

        edofullo
        I have the the DHCPv6 working on VLAN 836. I am able to get the same information with the mikrotik.
        Here is part of the DHCPv6 advertise message masking net/address for privacy.

        DHCPv6
            Message type: Advertise (2)
            Transaction ID: 0xc3c1b5
            Client Identifier
            Server Identifier
            Identity Association for Non-temporary Address
                Option: Identity Association for Non-temporary Address (3)
                Length: 40
                IAID: 0000000c
                T1: 300
                T2: 900
                IA Address
                    Option: IA Address (5)
                    Length: 24
                    IPv6 address: 2a01:e11:XXXX::XXXX:XXXX
                    Preferred lifetime: 1800
                    Valid lifetime: 3600
            DNS recursive name server
                Option: DNS recursive name server (23)
                Length: 32
                 1 DNS server address: 2a01:e10:f::1
                 2 DNS server address: 2a01:e10:f::2
            Identity Association for Prefix Delegation
                Option: Identity Association for Prefix Delegation (25)
                Length: 41
                IAID: 0000000c
                T1: 300
                T2: 900
                IA Prefix
                    Option: IA Prefix (26)
                    Length: 25
                    Preferred lifetime: 1800
                    Valid lifetime: 3600
                    Prefix length: 60
                    Prefix address: 2a01:e11:XXXX:XXXX::

        I realized that IA_NA (Identity Association for Non-temporary Address) is not in the range of IA_DA (Identity Association for Prefix Delegation).
        Moreover, I had a look to the Iliadbox pcap and I am not seeing any communication using the IA_NA , is it needed? I am seeing packets with ${IA_DA}::1.
        I have very little knowledge about IPv6 and it is also interesting for me to understand what these values are used for.

          URi I realized that IA_NA (Identity Association for Non-temporary Address) is not in the range of IA_DA (Identity Association for Prefix Delegation).

          That's fine, IA_NA is only for the WAN P2P link.

          You need to sniff the parameter of the tunnel from the Iliadbox (remote IPv6 and local IPv6) and then configure the IPIP6 tunnel. Then you have to tell NAT to only use your assigned port range.

          • URi ha risposto a questo messaggio

            edofullo Ok, now I have the DHCPv6 configured. If I try to ping 2001:4860:4860::8888 from the router (mikrotik) or from my computer, it doesn't work.

            After a bit of trial an error, I have seen that if I assign ${IA_DA}::1/64 to the bridge (ether[2-5],wifi[1-2]) interface and set it to advertise, my devices get an IPv6 address and then I can ping from them to 2001:4860:4860::8888. Still not from the router.

            Is that setup correct? I want to confirm before continuing with the ipipv6 tunnel setup.

            Thanks!

            7 giorni dopo

            I'm having a very strange behaviour. IPv6 seems to be working now I can ping 2001:4860:4860::8888 but not 2001:4860:4860::8844.

            $ ping -c 3 -6 2001:4860:4860::8888 
            PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
            64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=118 time=9.75 ms
            64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=118 time=9.14 ms
            64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=118 time=7.28 ms
            
            --- 2001:4860:4860::8888 ping statistics ---
            3 packets transmitted, 3 received, 0% packet loss, time 2003ms
            rtt min/avg/max/mdev = 7.283/8.726/9.753/1.050 ms
            
            $ ping -c 3 -6 2001:4860:4860::8844
            PING 2001:4860:4860::8844(2001:4860:4860::8844) 56 data bytes
            From <IA_PD>::1 icmp_seq=1 Destination unreachable: Address unreachable
            From <IA_PD>::1 icmp_seq=2 Destination unreachable: Address unreachable
            From <IA_PD>::1 icmp_seq=3 Destination unreachable: Address unreachable
            
            --- 2001:4860:4860::8844 ping statistics ---
            3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2017ms

            For DNS resolution I am also having a not consistent behaviour. As the ipipv6 is not yet properly configured is normal that it doesn't work on IPv4. However, for IPv6 sometimes works sometimes not.

            $ host ipv6.google.com
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 2a01:e10:f::1#53: timed out
            ;; communications error to 2a01:e10:f::2#53: timed out
            ;; no servers could be reached
            
            $ host ipv6.google.com
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 2a01:e10:f::1#53: timed out
            ipv6.google.com is an alias for ipv6.l.google.com.
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 2a01:e10:f::1#53: timed out
            ;; communications error to 2a01:e10:f::2#53: timed out
            ;; no servers could be reached
            
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 192.168.88.1#53: timed out
            ;; communications error to 2a01:e10:f::1#53: timed out
            ;; communications error to 2a01:e10:f::2#53: timed out
            ;; no servers could be reached
            
            $ host ipv6.google.com 2a01:e10:f::1
            Using domain server:
            Name: 2a01:e10:f::1
            Address: 2a01:e10:f::1#53
            Aliases: 
            
            ipv6.google.com is an alias for ipv6.l.google.com.
            ipv6.l.google.com has IPv6 address 2a00:1450:4002:411::200e
            $ host ipv6.google.com 2a01:e10:f::1
            ;; communications error to 2a01:e10:f::1#53: timed out
            ;; communications error to 2a01:e10:f::1#53: timed out
            ;; no servers could be reached

            This is the routing table of the mikrotik

            [admin@MikroTik] > /ipv6/route/print 
            Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP, g - SLAAC; + - ECMP
            Columns: DST-ADDRESS, GATEWAY, DISTANCE
            #      DST-ADDRESS                           GATEWAY                            DISTANCE
              DAd+ ::/0                                  fe80::526b:4bff:xxxx:yyyy%WAN:836         1
              DAd+ ::/0                                  fe80::526b:4bff:xxxx:yyyy%WAN:836         1
              DAg+ ::/0                                  fe80::7:cbff:zzzz:wwww%WAN:836            1
            0  As+ ::/0                                  WAN:836                                   1
              DAd  <IA_PD>::/60                                                                    1
              DAc  <IA_PD>::/64                          bridge                                    0
              DAc  <IPv6_TUNEL_LOCAL_ADDRESS>/128        WAN:836                                   0
              DAc  <IA_NA>/128                           WAN:836                                   0
              DAc  fe80::%ether1/64                      ether1                                    0
              DAc  fe80::%bridge/64                      bridge                                    0
              DAc  fe80::%WAN:836/64                     WAN:836                                   0
              DAc  fe80::%ipipv6-tunnel1/64              ipipv6-tunnel1                            0

            This is my current configuration hiding sensitive values (I hope all of them 🙂)

            Premi per mostrare Premi per nascondere
            /interface bridge
            add admin-mac=<MAC_ADDRESS> auto-mac=no comment=defconf mtu=9000 name=bridge
            /interface ethernet
            set [ find default-name=ether1 ] l2mtu=9014 mac-address=<ILIADBOX_MAC> mtu=9000
            set [ find default-name=ether2 ] l2mtu=9014 mtu=9000
            set [ find default-name=ether3 ] l2mtu=9014 mtu=9000
            set [ find default-name=ether4 ] l2mtu=9014 mtu=9000
            set [ find default-name=ether5 ] l2mtu=9014 mtu=9000
            /interface wifiwave2
            set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac configuration.country=Italy .mode=ap .ssid="SSID_NAME" \
                disabled=no mtu=9000
            set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac configuration.country=Italy .mode=ap .ssid="SSID_NAME" \
                disabled=no mtu=9000
            /interface ipipv6
            add !keepalive local-address=<IPv6_TUNNEL_LOCAL_ADDRESS> name=ipipv6-tunnel1 remote-address=\
                <IPv6_TUNNEL_REMOTE_ADDRESS>
            /interface vlan
            add interface=ether1 mtu=9000 name=WAN:836 vlan-id=836
            /interface list
            add comment=defconf name=WAN
            add comment=defconf name=LAN
            /ip pool
            add name=dhcp ranges=192.168.88.17-192.168.88.254
            /ip dhcp-server
            add address-pool=dhcp interface=bridge lease-time=10m name=defconf
            /ipv6 dhcp-client option
            add code=94 name=OPTION_S46_CONT_MAPE
            add code=96 name=OPTION_S46_CONT_LW
            add code=95 name=OPTION_S46_CONT_MAPT
            add code=21 name=OPTION_SIP_SERVER_D
            add code=22 name=OPTION_SIP_SERVER_A
            add code=23 name=OPTION_DNS_SERVERS
            add code=24 name=OPTION_DOMAIN_LIST
            add code=31 name=OPTION_SNTP_SERVERS
            add code=56 name=OPTION_NTP_SERVER
            add code=64 name=OPTION_AFTR_NAME
            add code=67 name=OPTION_PD_EXCLUDE
            add code=82 name=OPTION_SOL_MAX_RT
            add code=83 name=OPTION_INF_MAX_RT
            /interface bridge port
            add bridge=bridge comment=defconf interface=ether2
            add bridge=bridge comment=defconf interface=ether3
            add bridge=bridge comment=defconf interface=ether4
            add bridge=bridge comment=defconf interface=ether5
            add bridge=bridge comment=defconf interface=wifi1
            add bridge=bridge comment=defconf interface=wifi2
            /ip neighbor discovery-settings
            set discover-interface-list=LAN
            /ipv6 settings
            set accept-router-advertisements=yes max-neighbor-entries=15360
            /interface list member
            add comment=defconf interface=bridge list=LAN
            add comment=defconf interface=ether1 list=WAN
            add interface=WAN:836 list=WAN
            /ip address
            add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
            add address=<IPv4_ILIAD>/24 interface=ipipv6-tunnel1 network=<IPv4_ILIAD_NETWORK>
            /ip dhcp-client
            add comment=defconf disabled=yes interface=ether1
            /ip dhcp-server network
            add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
            /ip firewall filter
            add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
                established,related,untracked
            add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
            add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
            add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
            add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
            add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
            add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
            add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
            add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
                established,related,untracked
            add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
            add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
                in-interface-list=WAN
            add action=fasttrack-connection chain=forward comment="fast-track for established,related" connection-state=established,related \
                hw-offload=yes
            add action=accept chain=forward comment="accept established,related" connection-state=established,related
            add action=drop chain=forward connection-state=invalid
            add action=drop chain=forward comment="drop access to clients behind NAT from WAN" connection-nat-state=!dstnat connection-state=\
                new in-interface=ether1
            /ip firewall mangle
            add action=change-mss chain=forward comment="for ipipv6-tunnel1" new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
            /ip firewall nat
            add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ipipv6-tunnel1 src-address=\
                192.168.88.0/24
            add action=masquerade chain=srcnat log-prefix=TCP out-interface=ipipv6-tunnel1 protocol=tcp src-address=192.168.88.0/24 \
                to-addresses=<IPv4_ILIAD> to-ports=49152-65535
            add action=masquerade chain=srcnat log-prefix=UDP out-interface=ipipv6-tunnel1 protocol=udp src-address=192.168.88.0/24 \
                to-addresses=<IPv4_ILIAD> to-ports=49152-65535
            /ip route
            add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ipipv6-tunnel1 pref-src="" routing-table=main scope=30 \
                suppress-hw-offload=no target-scope=10
            /ipv6 route
            add disabled=no distance=1 dst-address=::/0 gateway=WAN:836 routing-table=main scope=30 target-scope=10
            /ip ssh
            set strong-crypto=yes
            /ipv6 address
            add address=::1 from-pool=ipv6-pool interface=bridge
            add address=<IPv6_TUNNEL_LOCAL_ADDRESS>/128 advertise=no interface=WAN:836
            /ipv6 dhcp-client
            add add-default-route=yes dhcp-options=OPTION_S46_CONT_MAPE dhcp-options=OPTION_S46_CONT_MAPE interface=WAN:836 pool-name=\
                ipv6-pool request=address,prefix use-interface-duid=yes
            /ipv6 firewall address-list
            add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
            add address=::1/128 comment="defconf: lo" list=bad_ipv6
            add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
            add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
            add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
            add address=100::/64 comment="defconf: discard only " list=bad_ipv6
            add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
            add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
            add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
            /ipv6 firewall filter
            add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
                established,related,untracked
            add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
            add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
            add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
            add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=\
                fe80::/10
            add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
            add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
            add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
            add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
            add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
            add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
                established,related,untracked
            add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
            add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
            add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
            add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
            add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
            add action=accept chain=forward comment="defconf: accept HIP" protocol=139
            add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
            add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
            add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
            add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
            add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
            /ipv6 firewall mangle
            add action=change-mss chain=forward comment="for ipipv6-tunnel1" new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
            /system note
            set show-at-login=no
            /tool mac-server
            set allowed-interface-list=LAN
            /tool mac-server mac-winbox
            set allowed-interface-list=LAN

            I would really appreciate any hints in spotting my mistake(s).

              URi Have you tried to disable keepalive in ipipv6-tunnel?
              I had same issue and solved disabling it.

              Obviously this trick isn't explained in the Net-Neutrality guide on the Iliad main website.

              • URi ha risposto a questo messaggio

                Daniel_e88 Grazie, I checked and the keepalive is already disabled.

                /interface ipipv6
                add !keepalive local-address=<IPv6_TUNNEL_LOCAL_ADDRESS> name=ipipv6-tunnel1 remote-address=\
                    <IPv6_TUNNEL_REMOTE_ADDRESS>

                Finally I have it working. My mistake was to assume that the data to configure the router would be the same for net-neutrality and not net-neutrality and I was using the sniffed data for the standard option (not net-neutrality).

                After activating the net-neutrality option it started to work more smoothly. However, sometimes, after the DHCPv6 refresh I loose IPv4 connectivity. After rebooting the switch a couple of times it works again. Any idea?
                P.S.: I have just updated to RouterOS v7.12.1 let's see if by any chance the issue is fixed.

                Now that it is working and more or less stable I have done some speedtests and the maximum I achieved connected to the router via cable is around 500Mbps both up and down.

                $ speedtest++ 
                SpeedTest++ version 1.14
                Speedtest.net command line interface
                Info: https://github.com/taganaka/SpeedTest
                Author: Francesco Laurita <francesco.laurita@gmail.com>
                
                IP: 81.56.XXX.YYY ( Iliad Italia ) Location: [48.8582, 2.3387]
                Finding fastest server... 10 Servers online
                ..........
                Server: Florence srv-st03.arcolink.it:8080 by Arcolink TLC (887.342 km from you): 5 ms
                Ping: 5 ms.
                Jitter: 0 ms.
                Determine line type (2) ........................
                Fiber / Lan line type detected: profile selected fiber
                
                Testing download speed (32) ..........................................................................................................................................................
                Download: 532.36 Mbit/s
                Testing upload speed (12) ..................................................................................................................................................................................................................................................................................................
                Upload: 512.12 Mbit/s

                Do you think this could be due to the limited cpu power to do the tunneling of the device? I have a mikrotik hAP ax2

                  URi After activating the net-neutrality option it started to work more smoothly. However, sometimes, after the DHCPv6 refresh I loose IPv4 connectivity. After rebooting the switch a couple of times it works again. Any idea?
                  P.S.: I have just updated to RouterOS v7.12.1 let's see if by any chance the issue is fixed.

                  You can use a script to reset dhcpv6 request when a host stops pinging, linke 1.1.1.1

                  URi What cpu usase do you see during a speedtest?
                  Try also to speedtest just in v4 and not also in v6 (just disable v6 from the pc nic)

                  And last of all, just use the officiale OOKLA speedtest cli app
                  https://www.speedtest.net/apps/cli

                  Server you would search for,

                  speedtest -s 4302 (Vodafone Milan, ipv4 and ipv6)
                  speedtest -s 7839 (Fastweb Milan, just ipv4)
                  speedtest -s 50954 (Sky Milan, ipv4 and ipv6)

                  You should test first of all Milan Servers since Iliad collect all the traffic there and then forwards to other destinations.

                  You can post here your results in ipv4 and ipv6 please.

                  Let me add this for anyone who might have a look to the post taken from a post by radical

                  /tool netwatch
                  add disabled=no down-script="/ipv6 dhcp-client release [find interface=WAN:836]\r\
                      \n" host=1.1.1.1 http-codes="" interval=5s test-script="" type=simple up-script=""

                  Test with IPv4

                  $ speedtest -s 4302
                  
                     Speedtest by Ookla
                  
                        Server: Vodafone IT - Milan (id: 4302)
                           ISP: Iliad Italia
                  Idle Latency:    29.02 ms   (jitter: 0.30ms, low: 28.70ms, high: 29.19ms)
                      Download:   944.51 Mbps (data used: 1.7 GB)                                                   
                        Upload:   451.60 Mbps (data used: 501.3 MB)                                                   
                                   31.07 ms   (jitter: 0.98ms, low: 28.49ms, high: 39.81ms)
                   Packet Loss:     0.0%
                    Result URL: https://www.speedtest.net/result/c/4718f701-c293-4520-8d5d-8bd41ed3a3a9
                  $ speedtest -s 7839
                  
                     Speedtest by Ookla
                  
                        Server: Fastweb SpA - Milan (id: 7839)
                           ISP: Iliad Italia
                  Idle Latency:     6.05 ms   (jitter: 0.21ms, low: 5.79ms, high: 6.38ms)
                      Download:   333.33 Mbps (data used: 375.6 MB)                                                   
                                   34.10 ms   (jitter: 7.15ms, low: 6.42ms, high: 285.05ms)
                        Upload:   467.49 Mbps (data used: 228.0 MB)                                                   
                                   13.69 ms   (jitter: 1.01ms, low: 7.24ms, high: 21.73ms)
                   Packet Loss:     0.0%
                    Result URL: https://www.speedtest.net/result/c/22abc23f-73cf-4bc5-a3d4-be9649cbe8b2
                  $ speedtest -s 50954
                  
                     Speedtest by Ookla
                  
                        Server: Sky Wifi - Milano (id: 50954)
                           ISP: Iliad Italia
                  Idle Latency:    14.54 ms   (jitter: 0.17ms, low: 14.41ms, high: 14.72ms)
                      Download:   922.93 Mbps (data used: 1.2 GB)                                                   
                                   21.04 ms   (jitter: 0.78ms, low: 14.41ms, high: 26.57ms)
                        Upload:   469.68 Mbps (data used: 477.4 MB)                                                   
                   Packet Loss:     0.0%
                    Result URL: https://www.speedtest.net/result/c/11f47148-2011-4445-a052-7b380ec9196d

                  Results are not that bad now on download although upload could be better.

                  Regarding the IPv6 results, I disable IPv4 on the interface. I had not been able to get results with it as I had multiple errors.

                  $ speedtest -s 4302
                  [2023-11-25 17:10:37.280] [error] Configuration - Couldn't resolve host name (HostNotFoundException)
                  [2023-11-25 17:10:37.280] [error] Configuration - Cannot retrieve configuration document (0)
                  [2023-11-25 17:10:37.287] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
                  [2023-11-25 17:10:37.287] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
                  [error] Configuration - Could not retrieve or read configuration (ConfigurationError)
                  $ nslookup google.com
                  ;; communications error to 2a01:e10:f::1#53: timed out
                  ;; communications error to 2a01:e10:f::1#53: timed out
                  Server:         2a01:e10:f::1
                  Address:        2a01:e10:f::1#53
                  
                  Non-authoritative answer:
                  Name:   google.com
                  Address: 142.251.209.46
                  Name:   google.com
                  Address: 2a00:1450:4002:411::200e
                  
                  $ speedtest -s 4302
                  
                     Speedtest by Ookla
                  
                        Server: Vodafone IT - Milan (id: 4302)
                           ISP: Iliad Italia
                  Idle Latency:    28.96 ms   (jitter: 0.17ms, low: 28.80ms, high: 29.24ms)
                      Download:   931.20 Mbps (data used: 1.4 GB)                                                   
                                   43.87 ms   (jitter: 28.00ms, low: 28.56ms, high: 407.12ms)
                        Upload:   473.40 Mbps (data used: 822.4 MB)                                                   
                                   31.10 ms   (jitter: 0.91ms, low: 28.55ms, high: 39.38ms)
                  [error] Trying to get interface information on non-initialized socket.
                  [error] Trying to get interface information on non-initialized socket.
                   Packet Loss: Not available.
                  $ speedtest -s 7839
                  
                     Speedtest by Ookla
                  
                        Server: Fastweb SpA - Milan (id: 7839)
                           ISP: Iliad Italia
                  [error] Error: [101] Network unreachable
                  [error] Latency test failed
                  $ speedtest -s 7839
                  
                     Speedtest by Ookla
                  
                        Server: Fastweb SpA - Milan (id: 7839)
                           ISP: Iliad Italia
                  [error] Error: [101] Network unreachable
                  [error] Latency test failed
                  $ speedtest -s 7839
                  [2023-11-25 17:12:24.932] [error] Configuration - Couldn't connect to server (Network is unreachable)
                  [2023-11-25 17:12:24.932] [error] Configuration - Cannot retrieve configuration document (0)
                  [2023-11-25 17:12:24.939] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
                  [2023-11-25 17:12:24.939] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
                  [error] Configuration - Could not retrieve or read configuration (ConfigurationError)
                  $ speedtest -s 50954
                  
                     Speedtest by Ookla
                  
                        Server: Sky Wifi - Milano (id: 50954)
                           ISP: Iliad Italia
                  [error] Error: [-3] Try again
                  [error] Latency test failed
                  $ speedtest -s 50954
                  [2023-11-25 17:13:30.548] [error] Configuration - Couldn't resolve host name (HostNotFoundException)
                  [2023-11-25 17:13:30.548] [error] Configuration - Cannot retrieve configuration document (0)
                  [2023-11-25 17:13:30.554] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
                  [2023-11-25 17:13:30.554] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
                  [error] Configuration - Could not retrieve or read configuration (ConfigurationError)
                  $ speedtest -s 50954
                  
                     Speedtest by Ookla
                  
                        Server: Sky Wifi - Milano (id: 50954)
                           ISP: Iliad Italia
                  Idle Latency:    14.47 ms   (jitter: 0.12ms, low: 14.43ms, high: 14.75ms)
                      Download:   926.25 Mbps (data used: 1.1 GB)                                                   
                        Upload:   462.69 Mbps (data used: 496.8 MB)                                                   
                                   17.21 ms   (jitter: 0.80ms, low: 14.28ms, high: 25.89ms)
                  [error] Trying to get interface information on non-initialized socket.
                   Packet Loss: Not available.
                    Result URL: https://www.speedtest.net/result/c/fb180961-651a-44e9-81d9-d2737c0641ba

                  Do you think there's something missconfigured? Thanks for your help.

                  5 giorni dopo

                  In case anyone is interested. I have disabled the DHCPv6 and I am just using IPv4. I have made static the IA_NA IP address.

                  I have also increased the MTU on the WAN:836 interfaces from 1540 to 9000 as I have seen this message

                  invalid mtu 1700 on WAN:836

                  Informativa privacy - Informativa cookie - Termini e condizioni - Regolamento - Disclaimer - 🏳️‍🌈
                  P.I. IT16712091004 - info@fibraclick.it

                  ♻️ Il server di questo sito è alimentato al 100% con energia rinnovabile