Starlink and Peplink Balance

Reviving this older thread as I just received my Starlink terminal.

I am running the OOB management via a Juniper SRX connected via an Access VLAN, similar to my previous tests with the DSL modem. This works fine, and I may continue with this configuration to test and provide IPv6 via the SRX.

I also wanted to test a second WAN interface for the OOB managment, but my generic 1G switch was dead.

I wound up having to use an unmanaged switch after the dish forked onto the starlink wifi and the rest of my network. The wifi on my normal network is much faster than the starlink and I need to connect to the starlink wifi network for stats and uogrades

Slightly off topic but how are Starlink handing out IPv6 to subscribers, is it DHCPv6 with a delegated prefix? If so what size are they delegating - details seem a bit thin on the ground for this :slight_smile:

It is supposed to be a DHCPv6 with PD… but those that have seen it say that the route goes away after 20 mins… or when any type of “interruption” happens in the link…

I have yet to get a reply packet back to my SRX… so I may have to try some other technologies… pfsense seems to be on the list. Clearly not fully supported.

10:00:48.178956 Out 64:87:88:1d:42:08 > 33:33:00:01:00:02, ethertype 802.1Q (0x8100), length 122: vlan 1, p 6, ethertype IPv6, (hlim 255, next-header: UDP (17), length: 64) fe80::6687:88ff:fe1d:4208.dhcpv6-client > ff02::1:2.dhcpv6-server: [udp sum ok] dhcp6 solicit(C cliaddr=1:a:3:1:6487:881d:4d08:19 relayaddr=c::ffff:ffff:ffff:ffff:3)

1 Like

Thank you for the information everyone has shared so far. I’ve requested to be in the beta as well, but it will be later this year. I am very interested in the disaster response portion of the network and hope they will open the ability for travelling dishes soon too.

I rolled up a PFsense VM… and did some more snooping on the WAN interface segment. It seems that any IPv6 results on Startlink were from months ago, and I see no indications that Starlink is currently supporting RA’s, SLAAC or DHCPv6 requests.

IPv6 neighbors remain empty unless I open up IPv6 on the peplink and then I see all of my LAN clients.

1 Like

Well, the previous message wasn’t quite right. Others indicated that IPv6 was still working in a way. So I moved my PFsense VM directly to the Starlink WAN network and I was able to receive via SLAAC an IPv6 address… which promptly went away.

Then I reset my VM to request both IPv4 DHCP and IPv6 and received both.

and then the IPv6 goes away… so still no clear results.

When it worked there was an dhcpv6 PD of /56 (which I requested).

1 Like

Thanks for doing the testing @Paul_Mossip

Good to hear in some regards that they are at least planning some IPv6 service over their network… be nice if other ISPs (and equipment vendors) were thinking along these lines. I’ve had native IPv6 in my home network for nearly a decade now, would be nice to avoid nasty tunnels and other hacks if I get Starlink intsalled.

Hopefully they will have it all working once the service moves into a full production state, along with some (cost) option to get rid of the CGNAT layer too for those who really need a public IPv4 address.

I wasn’t sure if people wanted to keep discussing IPv6 in a peplink thread.

I’ve run IPv6 on and off for years, and since I’m behind AT&T fixed LTE I would have to use a tunnel broker as peplink doesn’t support IPv6 on wireless WAN links. I have also found that nobody wants to debug ipv6 issues… if Netflix doesn’t work, they ask, turn off ipv6… does it work now… OK, we are done.

I’ll start with using a peplink router. Forget it. (reasons will be coming down message).

The Starlink IPv6 implementation seems to be fundamentally flawed in a number of ways. This is all conjecture as Starlink says nothing about their system.

#1 The Starlink system does not send periodic RAs as required by RFC
#2 The system does not respond to RE requests unless the MAC address of the client is already in contact with the starlink core.
#3 the default router fe80::1 does not respond to NDP packets at all. So if for any reason you loose the NDP via timeout, your default route becomes useless.

The first two items combined make any generic bridged SLAAC system a non starter, and that is the default Peplink “bridged ipv6 mode”.

So, what does work?

A number of open source firewalls seem to work to start. PFsense, OPNsense.
What these do is
#1, DHCP for the IPv4 address, this primes the core to allow services to and from that MAC address. DHCP lease of 500 seconds.
#2 Send a ipv6 RE request, not waiting for the network to advertise a RA that will never come.
#3 In response to this RE the starlink network replies with a RA, (TTL 500sec) This allows the firewall to turn up a SLAAC address add the default route and NDP cache
#4 the firewall requests a DHCPv6 PD, and Starlink sends back a /56 assignment.

This is all well and good for the next 500seconds… Since the starlink network doesn’t send another RA (which should be done at least < 1/2 the RA timeout interval) the original RA will time out, the NDP will time out and the IPv6 addresses go away.

So, to keep the IPv6 network up, as soon as you boot up, you need to convert all dynamic assignments to permanent.

In a shell, find your current address (ifconfig em0) and then switch it from autoconfig to permanent.
ifconfig em0 inet6 ####:####:####:####:####:####:####:#### ( insert your negotiated SLAAC address)
Second, the NDP cache will also time out, since it was filled in via the RA. This is a fixed assignment:
ndp -s fe80::1%em0 02:02:00:00:00:02
Third, fix the default route.
route -6 add default fe80::1%em0

Finally, the firewall needs to keep sending packets into the core to keep the NDP cache primed on the starlink side… so these firewalls send pings once a second to fe80::1.
If you turn off this gateway check… you eventually loose connectivity.

I have not yet configured a LAN side of this firewall to see if it will pass networks out of the /56.

Since Starlink isn’t really supporting IPv6, I will probably stop here until they announce general support.

2 Likes