Difficulty routing IPv6 traffic between local interfaces

Doktor Jones

My WAN has an IPv6 /56 prefix; each LAN interface (I have three) is delegated a /64 out of that, and I have DHCPv6 set up to assign out of a /112 on that (I could probably make that bigger but really I will likely have gone through several hardware upgrades before I could ever conceivably reach enough devices in my house to push that to its limits).

All my devices can get their appropriate IPv6 addresses with their appropriate prefixes. Within each interface they can talk to one another fine, and they can reach the (IPv6) internet fine; e.g. they can talk to 2001:4860:4860::8844 (Google DNS).

The problem is, I would like devices on LAN to be able to talk to OPT1 and vice versa and I'm not sure how to accomplish this. I've got all that working on IPv4, but now I'm trying to get a device on LAN to talk to a device on OPT1 via IPv6 and just get "destination unreachable". Device A (on LAN) and device B (on LAN) can happily chat via IPv6, and both can talk to stuff out on the WAN. Device C (on OPT1) can talk to stuff out on the WAN via IPv6, but A and B can't talk to C, and C can't talk to A or B.

Where do I start?

I have DHCPv6 enabled on each interface, with range set; prefix delegation is blank because there shouldn't be any downstream routers (heh), pretty much everything else is defaults. Router mode is set to Router Only, and pretty much everything else is defaults.

johnpoz

@doktor-jones said in Difficulty routing IPv6 traffic between local interfaces:

I have DHCPv6 set up to assign out of a /112

Well that is just borked right out of the gate, /64 is the what is to be used - or yeah your going to have all kinds of weirdness.. That is per the rfcs..

   The de facto length of almost all IPv6 interface identifiers is
   therefore 64 bits.  The only documented exception is in [RFC6164],
   which standardizes 127-bit prefixes for point-to-point links between
   routers, among other things, to avoid a loop condition known as the
   ping-pong problem.

   With that exception, and despite the comments above about the routing
   architecture and the design of SLAAC, using an IID shorter than 64
   bits and a subnet prefix longer than 64 bits is outside the current
   IPv6 specifications, so results may vary.

   It should be noted that the homenet architecture text [RFC7368]
   states that Customer Premises Equipment (CPE) should consider the
   lack of sufficient address space to be an error condition, rather
   than using prefixes longer than /64 internally.

You should be using only /64... Use of longer prefixes like /112 is not a supported setup per the rfcs for IPv6..

Your /56 gives you 256 /64s to work with.. Do you need more than 256 - then you need something bigger than /56.. Trying to subnet those so you can have more is going to cause you grief..

JKnott

@doktor-jones said in Difficulty routing IPv6 traffic between local interfaces:

and I have DHCPv6 set up

Also, unless you have a need for it, I'd advise against using DHCPv6, as Android devices won't work with it. SLAAC normally does all you need.

johnpoz

@jknott said in Difficulty routing IPv6 traffic between local interfaces:

SLAAC normally does all you need.

That for sure not going to work with something other than /64s either ;)

The /56 was already wasted if you think about it - when they assign you the prefix... So using /112 isn't saving anything really - now if you had 2000 some vlans you needed and all you had to work with was the /56 ok - maybe you try and do something out of the box, etc.. But how many vlans networks do you need for this location... If its not anywhere close to 256 of them your just causing yourself grief for no reason..

JKnott

@johnpoz
I'm only using 5 of my 256 /64s. However, I think people have learned a lot of bad habits, with having to conserve IPv4 address space. The only place where a smaller prefix makes sense is with a point to point link, where a /127 is all you need.