Strange IPv6 issue - ICMPv6 stopped working.

Derelict

/80s huh.  You'll probably see lots of strange issues pop up from time to time.

sebastiannielsen

What is the problem with /80's?
The DHCP ranges are correctly configured?
Because all other traffic reach me except for ICMPv6, including externally initiated traffic into dns1.sebbe.eu and dns2.sebbe.eu

The reason I selected /80 was that /16 is one "segment" of a IPv6, and since I have:
2001:470:28:1c:XXXX:XXXX:XXXX:XXXX

then I selected the first segment of my /64 to be the network identifier:
2001:470:28:1c:0001:XXXX:XXXX:XXXX = lan
2001:470:28:1c:0002:XXXX:XXXX:XXXX = openvpn
and so on.

But what you say, is that I should reduce it right, to /67 or something? Then I can segment it up to 8 networks?

But why does it need so much adress space? Those networks have like max 10 computers each and I have already assigned 281474976710656 (2^48) adresses to each network. Im not gonna exceed 281474976710656 computers in each network anyways, my Equipment would not cope with it anyways.

Derelict

IPv6 network segments are /64.

Derelict

Go to your tunnel config on HE and tell it to assign you a /48.  Put a /64 from that /48 on each of your network segments.  You'll have 65,536 /64 networks to allocate as you see fit.

kejianshi

haha - HE…  I'm such a genius...

Still, need to get rid of those /80s and should just do everything with a /48 > a bunch of /64s

sebastiannielsen

But whats the technical reason to not being able to subnet it in smaller nets than /64? I dont use SLAAC anyways, so why do I get strange difficulties when I subnet it in smaller nets than /64?
There must be something to do about it to be able to get proper routing with /80's, because theres numerios ISPs out there that hands out smaller networks than /64 to ther customers and for them it works perfectly. I have on certain IPv6 forums Heard about ISPs that deliver an /120 to its customers.

I mean, its really a waste of v6 addresses to request a /48, its really madness because the headlines 10 years from now will be "IPv6 Address Exhaustion - are you prepared for IPv8?".

kejianshi

For me, the technical reason is "it doesn't work".

hda

Innumeracy: Mathematical Illiteracy and Its Consequences

kejianshi

Broken - What you get if you slice up IPV6 subnets in non-standard ways with pfsense.  Even when the math says it should be fine, it won't be.

Derelict

@sebastiannielsen:

I mean, its really a waste of v6 addresses to request a /48, its really madness because the headlines 10 years from now will be "IPv6 Address Exhaustion - are you prepared for IPv8?".

2^128 is a huge number.  There are enough IPv6 addresses to give every person on earth more than 32,000 /48s.  Over 10 million /56 - per person.

Don't sweat it.  Feel free to do whatever you want, but don't expect much help when you stray from how you're supposed to do things.  You did so, it broke.  Do it right, it'll  work.

kejianshi

Is 32,000 a big number? (I ran out of fingers - Let me take my shoes off)

/48 works really well - I think I have about 5 right now.  I will give them back if people start running out.

I agree with derelict.