BTnet IPv6 Configuration
-
Hi NogBadTheBad,
So I believe I did this on the WAN as per the above post, I suppose I didnt explain it very well.
However I will reread and try again this evening/tomorrow.
Thanks for your feedback
-
Hi NogBadTheBad,
So I believe I did this on the WAN as per the above post, I suppose I didnt explain it very well.
However I will reread and try again this evening/tomorrow.
Thanks for your feedback
WAN gateway/BT equipment: 2A00
B0::1 (I would assume /64)
pfSense WAN address: 2A00B0::FFFF/64
pfSense WAN upstream gateway address: 2A00B0::1
pfSense LAN address: 2A00B0:1::FFFF/64All those addresses are in the 2a00
b0::/56 block, thats why I mentioned it, did they give you 2 blocks of addresses ? -
Also if your using the very last IP as the gateway it should be 2a00
b0:0:ffff:ffff:ffff:ffff & 2a00b0:1:ffff:ffff:ffff:ffff with a /64 rather than 2a00b0:0:0:0:0:ffff & 2a00b0:1:0:0:0:ffffhttp://subnettingpractice.com/ipv6_subnetting.html
Or you could be lazy like me use :1, so used to IPv4 and .0 being the network address with a /24 :)
-
@kpa:
Could you point out the part of the IPv6 spec
I just tested gateway addresses on already working systems. In Linux behind a pfSense I deleted the default route to FE80::1:1 and added the LAN public IP and it does work as a default route. At another location in Linux behind a Fortigate I deleted the default route to FE80::MAC and added FD00::1 and that worked too. I also changed the default route on the Fortigate to the public IP of the cable modem and rebooted to ensure that the kernel route would clear. That worked too. The pfSense is all automatic so I left that alone.
I scratched out the bad text. The problem was that I first set up my Fortigate with FC00::1/64. Packets routed to FC00::1 were rejected. Later I discover that FC00 is not yet defined. Fortigate knows this and does not allow that address to function. I changed the address to FD00::1/64 and everything worked. The first configuration I got fully working had FE80 addresses for all default routes. In the Fortigate routes for addresses other than FE80 wouldn't route or show in the Routing Monitor. They work and display now so it must have been a bug.
Now I must think about what is more desirable for the default route: FE80::MAC or FD00::1.
-
WAN gateway/BT equipment: 2A00
B0::1 (I would assume /64)
pfSense WAN address: 2A00B0::FFFF/64
pfSense WAN upstream gateway address: 2A00B0::1
pfSense LAN address: 2A00B0:1::FFFF/64All those addresses are in the 2a00
b0::/56 block, thats why I mentioned it, did they give you 2 blocks of addresses ?Nope just given a /56
Relevant part of the email
โ----
IPV6 Section:Directly Connected Network Attributes
IPV6 Network Address : 2A00
B0::
IPV6 Network Mask : /56
IPV6 BTnet NTE Router LAN Address : 2A00B0::1Non-Directly Connected Network Attributes
IPV6 Network Address :
IPV6 Network Mask :
IPV6 Next Hop Address :It was my understanding that I could just split the /56 down into separate /64 networks? However on re-reading it appears that they've configured their own equipment on this prefix and need to provide another allocation that is routed to this.
Essentially I have the ND but not the PD
Would this be correct?
-
Might be best if you query this on the BT forums.
Have you tried track interface for your LAN ?
-
Mystery solvedโฆ
So BTnet made an assumption that our device would be 2A00
B0::5 and statically routed everything there.As soon as I went along with their assumption everything fell into place as expected.
Hopefully this will assist anyone else on BTnet.
Thanks to everyone who sanity checked my config
-
@qisback said in BTnet IPv6 Configuration:
So BTnet made an assumption that our device would be 2A00B0::5 and statically routed everything there.
So this is a genius answer. Thanks @qisback Accept the router announcement to get the prefix. And then take the lowest subnet and ::5 and that's a static route for all the other prefixes in your /56
Tim
-
How does your ISP provide IPv6? Most use DHCPv6-PD, which provides your LAN prefix.
-
@kpa said in BTnet IPv6 Configuration:
Could you point out the part of the IPv6 spec where this requirement to use link local gateway addresses is stated?
It's common practice, not a rule. However, you have to use whatever your ISP expects. If your ISP used DHCPv6, then this is all configured automagically.
-
@JKnott said in BTnet IPv6 Configuration:
How does your ISP provide IPv6? Most use DHCPv6-PD, which provides your LAN prefix.
The provide a /56. This gives 256 /64 subnets.
The first /64 is setup on the router with router announcements. So for a single vlan with no firewall, you can just connect to the router.
Then the whole /56 (minus the first /64) is routed to the ::5 address of the first /64. So if you need a firewall, fancier routing or have multiple vlans, then you just need to put a router on the ::5 at add other /64 to interfaces as you like.
DHCPv6 PD is the modern way to do this - you do a DHCP request for a whole /64 subnet to use. This is cool, but not supported by my ISP (a BT or BTNet leased line). The static route way is totally find for my needs.
