Ipv6 lan hostnames and matching ipv6/ipv4 hosts to QOS rules
-
Hi all,
I'm new to pfsense (installed it over the weekend) and ipv6. As part of that, I got my ipv6 working with the track interface setup and my client machines are getting (giving themselves?) two v6 addresses, one temporary and one permanent, but both dynamic.I read up on this and I get that the permanent one is based on the machine's MAC and the temporary one rotates. All good.
However, I have some QOS floating rules for a few lan devices that is tied to an alias which is based on the ipv4 address. I would obviously like to expand my rules to account for ipv6 traffic as well.
This is easy in the ipv4 dhcp world where I can just give these machines static IPs and where my DHCP leases update the router's DNS server. However, I'm stumped about how to accomplish in this bold new ipv6 world.
- Is there a way to keep DNS updates on ipv6 allocations in my LAN from my router with 'track interface'?
- Am I going to need to somehow break out dhcpv6 instead of using the track to accomplish this?
- Are there a better ways to build QOS FW rules per device than associating it to an IP? What about by MAC?Thanks much, really enjoying pfsense so far – big step up from a hand-configured ubuntu box for a router.
-
…
This is easy in the ipv4 dhcp world where I can just give these machines static IPs and where my DHCP leases update the router's DNS server. However, I'm stumped about how to accomplish in this bold new ipv6 world.
...If you want to use DHCPv6-Server + RA{managed} or Static Host + RA{Router Only}, you have to issue static LAN(s)/64.
Track Interface + RA{unmanaged}/SLAAC is ill. -
@hda:
If you want to use DHCPv6-Server + RA{managed} or Static Host + RA{Router Only}, you have to issue static LAN(s)/64.
Track Interface + RA{unmanaged}/SLAAC is ill.As I understand the Track + SLAAC (which is what I believe I have), my ISP is giving me a subnet.
You're saying the alternative is issuing a static LAN/64 – is that just using the same subnet the ISP delegates? Or am I misunderstanding?
-
You're saying the alternative is issuing a static LAN/64 – is that just using the same subnet the ISP delegates?
Yes that is a possiblity. If you receive a prefix of say /56, then you have the subnetvalues from /57 to /64 for your LAN's
Pick a unique value in that range as a static with mask /64. So you & ISP decide the composition of the first 64-bits. Assume that your prefix is quasi-static from ISP. -
Thanks, but that seems unsatisfying. I suppose there are a LOT of ipv6 addresses out there (I REALLY get 64 or even 72 bits of address space to play with?!), but I can't help but feeling I should assume my ISP will take mine away or change the prefix whenever they feel like it.
It feels like the ISP subnet delegation should feed into my DHCPv6 server so the /64 delegation can change, but the DHCP config remains fundamentally the same – this includes the LAN IP assignment on the router -- definitely shouldn't be static. Maybe I'm way off base on this, but my sense is we're all still figuring out ipv6 as we go and it's kind of half-baked.
DHCP itself is not my goal -- it's simply some kind of LAN local DNS so I can ssh around to my boxes easily. However, in a non-ipv4 world without DHCP, I wonder how I manage things like what DNS servers my local boxes use, etc. I'm open to whatever the "ipv6 way" should be, but I'm sensing there isn't one yet.
-
Thanks, but that seems unsatisfying…
But that's how it works… Feel free to experiment with DHCPv6-Server to learn about address routing mask /64. One should reserve the last 64 bits for addressing LAN hosts. SLAAC fits right in, but you can make what you want with static or dhcpv6.