Lost in translation … native ipv6, CARP and route

stanthewizard

Hello

I'm totally lost

My ISP gives me this:
2a01:cb00:4f4:xxxx::/56

I have 2 pfsense in CARP mode

On the 2 pfsense WAN is in DHCP6

Lan1 is:
fd21:da3c:747:2fb6::200

Lan2 is:
fd21:da3c:747:2fb6::201

VIP is:
fd21:da3c:747:2fb6::1000

And I'm unable to ping google DNS on ipv6, nor browsing nor pass ipv6test

Thank you for help and explanation
:D

awebster

Your config isn't going to work.

WAN interfaces must have routable ipv6 addresses, same for LAN interfaces.

fd00::/8 is private ipv6 space.  If you got that from your ISP, change ISP!

CARP isn't going to work with DHCP.

Ask your ISP for a static /64 IPv6 subnet with static /56 routed to it, for example you get 2001:0db8:dead:beef::/64 and 2001:0db8:0123:4500::/56 from your ISP, and the ISP sets up 2001:0db8:0123:4500::/56 to be routed to 2001:0db8:dead:beef::1.

On the WAN side you would have:
2001:0db8:dead:beef::1 = VIP
2001:0db8:dead:beef::2 = BOX 1
2001:0db8:dead:beef::3 = BOX 2

On the LAN side, split out a /64 from the /56 and assign it the same way. 
A /56 will give you 256 /64 subnets from
2001:0db8:0123:4500::/64
to
2001:0db8:0123:45FF::/64

So if you use the first subnet on the LAN side your LAN config looks like this:
2001:0db8:0123:4500::1/64 = VIP
2001:0db8:0123:4500::2/64 = BOX 1
2001:0db8:0123:4500::3/64 = BOX 2

stanthewizard

Thanks

The sad thing is my isp only give :
2a01:cb00:4f4:xxxx::/56

:-[

cmb

And it sounds like it's only provided via DHCP6 PD, which means you can't use it with CARP. It has to be statically routed in that case for automatic failover.

stanthewizard

Ok
Thanks

And how do you do that ?  :-\

cmb

That means your ISP has to give you a static WAN assignment, and route your LAN /56 subnet to one of those WAN IPs (which will be your WAN-side IPv6 CARP IP).

stanthewizard

They don't for the moment

the only static thing I got is that (the gateway ?)

2a01:XXXX:YYYY:2400:278:9eff:fe8d:4806

thanks again for your precious help

cmb

Do you get the same PD on both primary and secondary? Same IPv6 subnet on LAN under Status>Interfaces?

stanthewizard

I can put on the 2 wan a fixed IP ?

2a01:XXXX:YYYY:2400:278:9eff:fe8d:200

2a01:XXXX:YYYY:2400:278:9eff:fe8d:200

Carp
2a01:XXXX:YYYY:2400:278:9eff:fe8d:1

Could it help ?

PS: ton answer your question …strangelly DHCP6 gives me fe80::250:56ff:fe80:36e9 ... for the first time

stanthewizard

cmb any idea ??

Thanks again

cmb

@stanthewizard:

I can put on the 2 wan a fixed IP ?

That's a question only your ISP can answer. If your IPv6 comes via PD, then most likely the answer is no. But not necessarily, your assignment and routing could be static, in which case yes that would be possible.

stanthewizard

And I'm not going to have an answer on that

Do you thinks that what I wrote could work ?