Static IPv6 problems
-
Note: Some ISPs will allocate you a /48 and assign the 1st 0000 subnet to the directly connected interface. They will likely also have a static route that points the /48 to the ::2 address. This is what your downstream router needs to be addressed as.
You configure the 1st /64 you got allocated on the WAN.
You configure the <prefix>:0::/2 on the WAN, /64 or /126 does not specifically matter.
You configure a network out of <prefix>other then 0 on the LAN, for example give the LAN address <prefix>:1::1/64
Go to the DHCPv6 server page, select assisted, enable DHCPv6 server too.All clients should now pick this up on the LAN in about 10 seconds.
If you have more interfaces you can configure other <prefix>:n::/64 networks locally. 2-ffff.
If you have a internal router, create a static route for <prefix>:nn00::/56 to this router so you repeat the steps above.Note 2: this has nothing to do with pfSense perse, this is basic subnetting 101. Let the NAT go folks. It isn't there.</prefix></prefix></prefix></prefix></prefix>
-
Note 2: this has nothing to do with pfSense perse, this is basic subnetting 101. Let the NAT go folks. It isn't there.
Preach it!!! NAT should go the way of the Dodo. There is more than enough addresses in IPv6.
-
Note: Some ISPs will allocate you a /48 and assign the 1st 0000 subnet to the directly connected interface. They will likely also have a static route that points the /48 to the ::2 address. This is what your downstream router needs to be addressed as.
This is how it should be if you have a single /48. I suspect (and hope!) the OP is misunderstanding what his provider is giving him.
If not, and it truly is a /48 assigned to the ISP's router and you're supposed to somehow use that in a practical fashion, your ISP has completely failed at the most basic of IPv6 service provider concepts, and needs to give you a proper routed setup.
-
Lol … my ISP gave me a /48 with a gateway and that was it. I had to have them setup the /64 for me to be into and then route all the /48 to that new /64 address. They failed at subnetting 101 (at least at first).
-
So, I've been trying to fit the WAN on a /64 and the LAN on another /64 within our /48, without involving our ISP. Current test setup:
WAN gateway 1111:2222:3333::1/48
WAN interface (em3) 1111:2222:3333::2/64
LAN interface (em1) 1111:2222:3333:1::1/64
Test client on LAN 1111:2222:3333:1::abcd/64netstat -r shows:
Destination Gateway Flags Netif Expire default 1111:2222:3333::1 UGS em3 localhost localhost UH lo0 1111:2222:3333:: link#4 U em3 1111:2222:3333::2 link#4 UHS lo0 1111:2222:3333:1:: link#2 U em1 1111:2222:3333:1::1 link#2 UHS lo0
I can ping the WAN gateway from the router. From the test client I can ping the LAN & WAN interfaces, but not the WAN gateway.
If I try to add an explicit route, I get an error:
$ route add -inet6 -net 1111:2222:3333:1::/64 1111:2222:3333::2 route: writing to routing socket: File exists add net 1111:2222:3333:1::/64: gateway 1111:2222:3333::2: route already in table
-
You still have the same problem. The ISP is not routing anything to 1111:2222:3333::2/64. To the ISP, that address should be on the same interface as WAN hence no routing.
I think you are going to have to involve your ISP.
I have not tried working with NPt, but you might be able to use that to translate 1111:2222:3333:1::2/64 to 1111:2222:3333:2::2/64 (LAN). This is of course not ideal. -
So, I've been trying to fit the WAN on a /64 and the LAN on another /64 within our /48, without involving our ISP.
Which is impossible. There isn't a way around this without getting the ISP to give you a proper v6 setup, which you don't currently have.
-
@cmb:
So, I've been trying to fit the WAN on a /64 and the LAN on another /64 within our /48, without involving our ISP.
Which is impossible. There isn't a way around this without getting the ISP to give you a proper v6 setup, which you don't currently have.
But, since they are routing the whole /48 to our network interface, shouldn't I be able to handle the subnetting on our side?
Anyway, sorry for being dim, but what exactly do I ask the ISP to do? Have them drop the /48 routing and instead route 1111:2222:3333:0::/64 and 1111:2222:3333:1::/64 to our interface?
-
I would not look at this as routing to an interface. Instead, they are routing to their gateway. And since it expects your entire /48 on that same gateway it does not forward the traffic to anything. This is why a bridge would work. If you don't wanto involve the ISP, that is going to be the only way. That would be a problem if your are dual stacking. It won't be feasible in that situation.
You are going to ask them to help build a routed solution. Not sure but one of my ISPs gave me a /56 but they reserved the xxxx::0::1-3 addresses and setup a route for each /64 that makes up the /56 to ::4( my wan address on pfsense ). My other ISP like I said earlier gave us /48 and they had to create a /64 for my wan so they cod route the entire /48 to it. So basically you need to ask them to setup you up with 2 subnets so that you can route one to the other.
-
My other ISP like I said earlier gave us /48 and they had to create a /64 for my wan so they cod route the entire /48 to it. So basically you need to ask them to setup you up with 2 subnets so that you can route one to the other.
Hi forum, first time user here. I have been trying to help OP over at serverfault.com with this issue. I am a junior network engineer and i enjoy a good puzzle. Am i mistaken in believing OP's setup is VERY VERY unusual? I set up several (20+) customers with allocated subnets (both ipv4 and ipv6) and they were always point-to-point connection for wan + routed subnet. I apologize if i created confusion into OP's mind but i always assumed ISP gave him a routed solution (which is standard around here, Italy). Not being familiar with pfSense's lingo (Cisco guy here) didn't help either.
I now agree that the quickest fix to this is to just ask a subnet for its point-to-point link (wan) and to route the whole /48 directly to him so that he can do with it as he pleases.
How common is OP's current setup? i'd hate to find myself in the same situation.
-
I think that kind of setup is going to be the norm in IPv6. There are more than enough addresses to do that. Personally, I would like ISPs handing out either /124 or /112 to be used for WAN and setting the gateway to xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx1 and routing the customer's subnet to xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx2 or routing multiple subnets to different WAN IPs within the range. I just don't think you need to waste an entire /64 just for a routing subnet. At least for those that are not running BGP or similar.
-
Good writeup on the subject:
http://etherealmind.com/allocating-64-wasteful-ipv6-not/Subnetting deeper than /64 breaks a number of automatic mechanisms in IPv6 and it's not really needed :p
-
I agree that we will probably regret handing out all the /64 bit subnets at some point.
However, some network administrators have used prefixes longer than /64 for links connecting routers, usually just two routers on a point-to-point link. On links where all the addresses are assigned by manual configuration, and all nodes on the link are routers (not end hosts) that are known by the network administrators do not need
I agree with this also, that we should probably be using longer prefixes for inter-router communication as in between an ISP and customer router (pfsense in my case) :). There is no need for automatic configuration or alot of the other feature as this is manually setup. But for home use, /64 does make sense as that will be mostly autoconfigs. Then, how do you setup FW services, as a bridge because a routed solution doesn't make much sense (where you are wasting 2 /64 to get access to at most 100 devices (and I am being generous for home users), neither does a NATed solution. You could even use 2 /112 in a routed solution (if it didn't break anything). That would be more than enough for any home user. IPv6 has been around long enough to have already fixed autoconfig without the /64. Hopefully that will be fixed soon enough. Enough of the soap box.
What are ISPs like comcast doing for IPv6 customers in the residential market?
-
What are ISPs like comcast doing for IPv6 customers in the residential market?
They use DHCPv6 with a /128 on the WAN side and a /64 for the LAN.
[1] http://forum.pfsense.org/index.php?topic=49575.0
[2] http://ipvsix.me/?p=220