Sharing IPv6 subnet
-
Our ISP provides a /56 network via DHCP6. If we have 3 pfSense boxes sitting behind the modem, is it possible to have each one serve a separate /64 network to LAN clients? Don't have anything live yet, just planning for what the best way to go about this is. Thanks.
-
Why would you have 3 pfsense boxes?? But sure if you have a /56 that is routed to you, you can break that up in to multiple /64s
-
It's a multi-tenant situation. I know I can subnet a /56, but given that I don't control the /56 I want to know if the pfSenses can somehow take care of splitting it up. I know there are some options for prefix delegation, but not sure if that can work for what I want.
-
You'll need a router of some sort to do that. You can then have 3 pfSense systems connected to the router.
-
You'll need a router of some sort to do that. You can then have 3 pfSense systems connected to the router.
The ISP modem is a router. That doesn't address how I can get 3 different IPv6 subnets behind (i.e. on the LAN side of) my pfSenses.
-
Does the ISPs router have provision for splitting up the /56 and sending the subnets to the pfSense systems?
-
So how exactly is your ISP giving you a /56?? Yes pfsense can track on its lan side interfaces and use the different /64s that make up your /56
-
What you're looking for is an option in the ISP router to do prefix delegation. Hopefully the ISP router can delegate an IPv6 prefix to each of your pfSense systems via DHCPv6-PD. You'd receive the /64 delegated from the ISP router, then apply it to one of your networks. If you want, you could probably even delegate /60's so you each get 16 /64's to use as you wish.
-
^^^^
If prefix delegation is use, then separate connections, either separate interfaces or VLANs are necessary. However, a simple static configuration could be used, assuming the /56 prefix doesn't change. With a router, it's possible to split the /56 into perhaps 4 /58s and forward to the appropriate pfSense system. However, SOHO type routers are generally not capable of this. He'd need a "real' router from Cisco etc., or to roll his own with Linux or BSD. -
@virgiliomi:
What you're looking for is an option in the ISP router to do prefix delegation. Hopefully the ISP router can delegate an IPv6 prefix to each of your pfSense systems via DHCPv6-PD. You'd receive the /64 delegated from the ISP router, then apply it to one of your networks. If you want, you could probably even delegate /60's so you each get 16 /64's to use as you wish.
Ok, that's what I was thinking. I wasn't sure if the pfSense could request a /64 and the modem would keep track of things; I guess I'll just wait until I get the modem set up and play around. Thanks for all the feedback everyone!