How to configure DHCPv6 Static Mappings?

hda

@empbilly:

…when RA is set to "managed", clients will get addresses assigned only via dhcpv6 ...

Yes and that will be quasi-static, right ? RA will advertize your pfSense & DNS. You don't need DNS input OR RA priority high explicitly set. But what is your problem again, no 2.2.5 ?

empbilly

@hda:

Yes and that will be semi-static, right ?

What do you mean with "semi-static"?

@hda:

But what is your problem again, no 2.2.5 ?

No updated to 2.2.5 and no is a big problem, but as I say, some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

My pfsense version (2.1.5) may be the problem?

hda

@empbilly:

What do you mean with "semi-static"?

Sorry, quasi-static meaning as-if static.

…some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

Hmm, and what do you think is the task of RA and the DHCPv6Server ? Are you confusing with SLAAC ?

empbilly

Hmm, and what do you think is the task of RA and the DHCPv6Server ?

I am confused by your question. You asked me "if I think the problem is with the RA or the dhcpv6"?

Are you confusing with SLAAC ?

SLAAC == dhcpv6 disable and RA with Unmanaged configuration, right?

hda

@empbilly:

…some linux pcs get ipv6 via RA (I think) and via dhcpv6 too.

What do you mean by this statement ?? Maybe some screenshots of pfSense ?

empbilly

Ok. For your understanding. :D

Interface:

Dhcpv6:

R.A:

Static mapping:

xxxx:0:xxxx:3000::/63
3000::/64 subnet for static mappings
3001::/64 subnet for dhcpv6 and R.A

In my linux pc (ubuntu) not have network-manager and I configured the /etc/network/interfaces manually.

auto vlan300
iface vlan300 inet dhcp
vlan_raw_device eth0

iface vlan300 inet6 dhcp

My ifconfig:

Why so many addresses? My linux is crazy!? Pfsense is crazy!? :o

What do you mean by this statement ??

I think the pfsense in version 2.1.5 is broken and somehow is addressing both interface vlan300 addresses configuration as of dhcpv6 + RA configuration.

hda

First, 2.2.5 is the leading firmware ;)

Use /64 masks in config of static IPv6.
If your vLAN300 static is 3000::1/64, then DHCP6server should be same, not 3001::
No need for RA LOW, just normal.
Do not specify anything for RA-subnets, (Nil input.)

You have some double and (SLAAC) addr for host. Restart host after corrections.
Hosts have /128 numbers.

empbilly

First, 2.2.5 is the leading firmware

Yea, I should be with 2.2.5, but I need another machine with 3 gb network card.

If your vLAN300 static is 3000::1/64, then DHCP6server should be same, not 3001::

Not /64, but /63.
/63 have a range of 3000:: to :3001:ffff:ffff:ffff:ffff
So, 3000:: is for static mapping and 3001:: for dhcpv6

No need for RA LOW, just normal.

Ok.

Do not specify anything for RA-subnets, (Nil input.)

But, if I not specify antything, "the Router Advertisement (RA) Daemon will advertise to the subnet to which the router's interface is assigned." In router's interface we have assigned :3000::1/63.

You have some double and (SLAAC) addr for host. Restart host after corrections.

Restart host or just restart the network (/etc/init.d/networking restart)?

hda

@empbilly:

…In router's interface we have assigned :3000::1/63.

Do not do that ! You should stick to /64 masks.

Good luck with the exotic config.

empbilly

Do not do that ! You should stick to /64 masks.

Why not?

hda

Routing issues.
The first 64 bits are for the prefix with subnet.
The vLAN should have an unique subnet. So, :3000: xor :3001:
Last 64 bits reserved for the Interface ID (i.e. host addressing, i.e. SLAAC).

If you use DHCP6Server you could define xxx:3000::101 to xxx:3000::999 if you like.
And static with config on the host like xxx:3000::12 or xxx:3000::babe (/128)  :)

awebster

@empbilly,
Forget what you've been doing with IPv4 subnets.  The general consensus in the IPv6 world is that the "subnet" is no larger and no smaller than /64.
That leaves you with 64 bits of usable host addresses in a single subnet. 
To put that into perspective 64 bits = The entire world's Internet MULTIPLIED BY The entire world's Internet, and there would still be loads of addresses left over squeezed into a single IPv6 subnet.
Technically when using only SLAAC its less, but still >40 bits.
The only place where you'd see a netmask larger than /64 would be in the case of RA prefix delegation on a router where it is expected that other routers on the same subnet would take  the prefixes, again a /64, to use on one of their other interfaces.