pfSense

It appears that the 2.8.0 by default has setting of the NDP on the NICS enabled with a period of 30 secs. I have observed that when the NUD solicitations are sent out, and the neighbor responds, the interface stops forwarding traffic for a period of 7-9 secs. This happens consistently and degrades the IPV6 performance significantly. To mitigate the issue, I disabled NUD on the WAN IPv6 NIC, and this restored the clean connectivity, since the update then happens every 24 hours. To reproduce the issue, I will enable the NUD on the interface, capture traffic on WAN NIC (I do not have a mirror port, as the WAN NIC interface is directly connected to my ONT via ethernet), capture traffic on a workstation with a ICMP6 ping to www.amazon.com and demonstrate that the pings fail. The Dpinger also reports such packet drops, and can be observed on the capture from pfSense. On disabling NUD, the interface returns to clean connectivity (except I suppose when it sends the neighbor solicitation every 24 hours). From the captures (capture_from_pfsense) taken on the firewall.

Replication:

1. Enable NUD on the NIC (see pic enable-nud.png) at 16:14:50
2. Disable NUD on the NIC (see pic disable-nud-png) at 16:17:14
3. Capture_from_pfsense (capture_from_pfsense.pcap) some gap in pings seen at packet 282, for 13 secs
4. Capture from workstation to www.aws.com (ping-to-aws.pcap) corresponding packet drops in packets 97-99.