Is there any way to hand off a prefix to another pfsense instance?
-
Hmm, this is getting stranger quickly.
My dhcpdv6.conf already has a rather interesting delegation line in it. I just upgraded to 2.2.4 to make sure everything is current, and checked the file again. It seems to be set up to hand out up to 3x /63 delegations. So I made the lab firewall ask for a /63, and sure enough, I get one. Here's my /var/dhcpd/etc/dhcpdv6.conf with addresses suitably munged:
option domain-name "internal.splhi.com";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
subnet6 2601:STUV:WXYZ:2de0::/64 {
range6 2601:STUV:WXYZ:2de0::1000 2601:STUV:WXYZ:2de0::2000;
option dhcp6.name-servers 2601:STUV:WXYZ:2de0:XXXX;XXXX:XXXX:XXXX;
prefix6 2601:STUV:WXYZ:2de8:: 2601:STUV:WXYZ:2dec:: /63;
option dhcp6.name-servers 2601:STUV:WXYZ:2de0:XXXX;XXXX:XXXX:XXXX;}
ddns-update-style none;That prefix6 line is there, but I didn't do anything to create it. My WAN setup isn't using advanced and simply requests a /60 along with the checkbox for "Send an IPv6 prefix hint …" checked. Any thoughts on how we generated this?
-
Looks like the following code starting at line 1217 in file etc/inc/services.inc in origin/master is responsible:
/* prefix length > 0? We can add dhcp6 prefix delegation server */ if ($pdlen > 2) { $pdlenmax = $pdlen; $pdlenhalf = $pdlenmax -1; $pdlenmin = (64 - ceil($pdlenhalf / 4)); $dhcpdv6cfg[$ifname]['prefixrange'] = array(); $dhcpdv6cfg[$ifname]['prefixrange']['prefixlength'] = $pdlenmin;…
This is in the "fake out" code for track6 interfaces. It ought to be relatively simple to make the values configurable.
-
…
WAN setup isn't using advanced and simply requests a /60 along with the checkbox for "Send an IPv6 prefix hint ..." checked.
...To configure all things to your liking you have to use [Interfaces: WAN DHCP6 -Client- conf. Advanced] on the 1st pfSense in order to be able to manage the DHCP6 Server on that 1st pfSense.
The method "Track Interface" is a default consumer non-professional solution. You would like to work with your quasi-Static (by dhcp6c) /60 from ISP and with your Static LAN config on 1st pfSense and 2nd pfSense.
-
Hi hda,
the problem with overriding the file by hand is that that only works for a static IPv6 allocation. That's not what Comcast hand out (though it does seem pretty stable). The code that I quoted is the beginning of code in pfSense today that sets some of the variables that cause PD to happen. If you have at least a /60, it will set up some prefixes to hand out.
After restarting everything, I got a /63 handed out to my 2nd-level gateway.The only things that concern me are:
-
this functionality doesn't seem to be documented
-
the subnet sizes are hardcoded based on the original delegation
For the most simplistic case using track interface, ISTM that we should assign one /64 to LAN, and set up delegations for /64 for the remaining address range (so in my /60 case, we'd offer up to 15x /64 prefixes) on the basis that it's unlikely that anyone will have more than two tiers (perhaps I should say "even more unlikely than somebody having more than one ;)")
Is there any interest in me working on the code to make this configurable i.e. to add a couple of nerd knobs for "Track interface" along the lines of
-
Enable Prefix Delegation
-
Prefix subnet size
?
-
-
@cmb:
Though because the DHCPv6 screen is hidden where you're using track interface (today at least), that's more convoluted.
Just thought I'd point out Feature 3029… someone has provided a pull request for it. There are lots that would love to set custom DHCPv6 and RADVD settings with a track interface LAN, if'it's something that is really feasible.
-
Yeah that's a priority to get in for 2.3.
-
Hate digging up old topics, but is this feature still on track to be included in 2.3 ? If not i've better start saving some bucks in hope that i can bribe someone working for my isp (gunning for a static /56 ).
-
It would be great if Chris would provide an update… given that 2.3 is in beta now and apparently major features aren't being added/changed, I'm getting the feeling that this won't make the 2.3 release, and the can gets kicked down the road a little more.
Unless it's something being tested outside of the beta snapshots, and will be merged all at once before RC... which I doubt...
-
Well, a glimmer of hope that this will make it to 2.3… :) The Redmine feature request has been assigned, and has a target version of 2.3.
I'll be happy to give it some testing when all is said and done!
-
YAY! merged:
https://redmine.pfsense.org/issues/3029#change-25320 -
Yep… time to give this some testing when I get home tonight!!
