Splitting a static /48 from Mediacom into subnets

johnpoz

Why would they not just tell him that then?

Or better yet link him to doc on their site on using their IPv6 deployment, etc. etc.

alankeny

@johnpoz said in Splitting a static /48 from Mediacom into subnets:

Not really no... That ISPs can be this stupid is just beyond me.

Thanks for confirming my fears. At least I won't waste any more time on this.

When Mediacom hands out dynamic IPv6 addresses, they give a /128 on my WAN and a single /64 on my LAN. I've read that neither of these should done that way either. Is that right?

Moronic shit like this is why its just easier to get a tunnel from HE.. They will give you a /48 and you can use it on any ISP..

That makes a lot of sense. I should avoid anything from Mediacom I can get from someone else.

NogBadTheBad

It's an old post but yuck:-

https://forum.netgate.com/topic/102856/fyi-mediacom-ipv6/17

johnpoz

So clearly they are just stupid ;)

alankeny

@johnpoz said in Splitting a static /48 from Mediacom into subnets:

So clearly they are just stupid ;)

And a monopoly.

JKnott

How are they delivering that /48? I get a /56 from my ISP and get a WAN address and prefix via DHCPv6-PD. pfSense then takes that /56 prefix and splits off one (usually first) /64 for the LAN. I can then assign other /64s to other interfaces as I choose. This results in a WAN address outside of my /56 prefix. Do you get anything like that? Also, on IPv6, routing is normally done via the link local addresses, so a routable address is not needed on the WAN interface, though it is useful for testing, management, etc..

JKnott

@alankeny said in Splitting a static /48 from Mediacom into subnets:

When Mediacom hands out dynamic IPv6 addresses, they give a /128 on my WAN and a single /64 on my LAN. I've read that neither of these should done that way either. Is that right?

No. It's entirely normal to get a /128 on the WAN interface. It's used only for identifying the interface and not for routing. The prefix size depends on what they offer and what you're configure for. For example, I have a /56, but could have configured pfSense to request anything from /64 to /56. If I was using my ISPs modem in gateway mode, I'd only get a single /64.

alankeny

Mediacom business support staff have not been able to answer any questions about how they are delivering the /48. Their only response has been, "You configure the gateway and it will just work." Through experimentation, and feedback from this thread, I've determined that the /48 is "directly attached" to their head-end, so there's no hope of subnetting the /48. With their static IPv6 allocation, the WAN side is basically a bridged network that can have 1,208,925,819,614,629,174,706,176 IPv6 hosts on it, and that's the only configuration option available.

DHCPv6 can only be set to request a /64 or no subnet will be assigned. Requesting a /64 returns a dynamic PD that changes regularly. I also tried setting the WAN to SLAAC and putting the /48 on my LAN. I got a link local address, but no traffic would go anywhere from either pfSense interface.

I've dropped the dynamic and static IPv6 addresses from Mediacon and configured a tunnel from HE. It took a little time to clean up the mess I made earlier while testing the static addresses, but everything is working now.

Derelict

You can tell exactly what they are doing with a packet capture.

Capture for IPv6 on the WAN interface.

Use something to ping6 an address in the /48. Any address that isn't one they gave you for the WAN. Anything in any of the /64s not in 2604:2e80:XXXX::/64

You can use this site. There are probably others but that's the first one I found and it seems to work.

https://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php

If upstream doesn't send anything to you, they haven't configured it correctly and nothing will ever work. They need to route it to you properly.

If upstream just routes the packets to you with the destination address that you are pinging, it is routed to you and should work.

If upstream sends a neighbor discovery for a different address, try using that as your WAN address on the corresponding /64.

If upstream sends a neighbor discovery for the pinged address on WAN, they have put the /48 on WAN and are card-carrying members of the Stupid ISP Club. I find it hard to believe they are that dumb. It's not like we're talking about OVH.

The fact that they gave you this Gateway 2604:2e80:XXXX::1 implies that you should use the :0000::/64 on your WAN interface as you have done and set a default IPv6 gateway to the specified ::1 address. That should leave you with 2604:2e80:XXXX:1::/64 through 2604:2e80:XXXX:ffff::/64 to use on the inside interfaces.

Have you tried setting the interface for DHCP6 and asking for a /48 PD? Perhaps they just nailed that /48 to you.

They really should be able to answer these questions for you. It's 2019.

JKnott

@alankeny said in Splitting a static /48 from Mediacom into subnets:

With their static IPv6 allocation, the WAN side is basically a bridged network that can have 1,208,925,819,614,629,174,706,176 IPv6 hosts on it, and that's the only configuration option available.

That's nonsense. A /48 is not usable in that manner. It's supposed to be split up into /64s, which are what is used on a LAN. For example, I have a /56. One /64 is used for my main LAN, a 2nd for a test interface and a 3rd for my VPN. MY ISP uses DHCPv6-PD to provide my prefix and WAN interface address. As Derelict mentions, take a look at what's on the wire. You might want to see if you can talk to 2nd level support. Maybe they might have a clue about how IPv6 works.