IPv6 subneting and DHCP PD how to
-
When I use the ISP router I get /64 address, but the setup said I had /56 prefix. I read that I should set the DHCP prefix delegation size to /56 on pfsense. My ISP router set to bridge, pfsense is the main router. I understand that with Tracking Interface on LAN I can set the first available /64 from the /56 to the LAN. Main question is how can I use the rest of the 255 pcs /64 subnet from the /56 prefix?
My first problem is the LAN IPv6 address. If I set the DHCP delegation size to /56 on WAN, I don't have IPv6 address on LAN. If I set /60 prefix, then I get /60 on LAN address. If I set /64 prefix I get /56 mask on LAN. Why? Something is broken.
If I'm right I should have a /64 subnet on LAN. Second, How can I delegate the unused /64 prefixes to the other internal routers? And how can I set the routing? If I set the prefix range manually in the pfsense DHCPv6 the sub routers will receive an unique IPv6 subnet from pfsense. The main issue that prefix is dynamic range.
Correct me If I'm wrong but I imagine the following. I receive 2000:xxxx:xx00:/56 prefix from my ISP. I can have 256 /64 subnets.
pfsense LAN address should be 2000:xxxx:xx01:/64.
My second router WAN side use 2000:xxxx:xx01:/64 subnet, LAN side receive a prefix from pfsense 2000:xxxx:xx02:/64. Third router LAN would be 2000:xxxx:xx03:/64.
How the hell should I achive this? -
Now pfsense have some big IPv6 limitation. If Wan has dynamic prefix you can't use private IPv6 addresses or DHCP PD. Both service require static WAN address. Until then pfsense can't handle IPv6 subnetworks.
-
????
I have set up interfaces with both GUA and ULA addresses. I use DHCPv6-PD to get my prefixes. Here is my ULA prefix, on the same interface as my GUA:
fd48:1a37:2160:0::
-
@JKnott Your GUA address is fix? My is dynamic. You can't use ULA because NPt alias NAT66 address has to be set manually.
I can receive prefix with DHCP PD but I want to send the unused prefixes in DHCP PD to an another router. -
Why are you using NAT? There's no need for it with all the addresses available with IPv6. NAT is a hack to get around the IPv4 address shortage. My GUA is obtained via DHCPv6-PD and SLAAC.
-
As I mentioned neither DHCPv6 PD nor NAT66 not working in a complex network. I'm not talking about one or two IPv6 network on pfsense's LAN port. Yes, I have IPv6 on pfsense. DHCPv6 PD client work perfectly on WAN, but I need a DHCP server on the LAN side! DHCPv6 server can't use dynamixc prefixes, only fix. I need that the pfsense send the unused prefixes to another routers. Inn my case. I receive /56 from my ISP, pfsense use 2 /64 prefixes on LAN1 and LAN2. The unused 254 pcs /64 prefix will be available in the DHCPv6 server, and other routers on LAN also can request one-one prefix from pfsense.
I tried NAT66 as a last resort, but it has the same limitation. Therefore I have to wait until pfsense can handle dynamic DHCPv6 Server prefixes, or NAT66 can use dynamic WAN address. -
How often do your prefixes change? They normally shouldn't change at all.
-
@ssjoco85 said in IPv6 subneting and DHCP PD how to:
can handle dynamic DHCPv6 Server prefixes
And exactly what box can do that now? That seems like something with no real world use case.. And who says you have to use dhcpv6 anyway for your clients?
If you have need of your prefix not changing - then go get your IPv6 block from Arin or your region of the worlds RIR and do whatever you want with your space.
Or just get a free tunnel from HE and now your /48 doesn't change and you can do whatever you want with it... Or get your ISP to actually assign you /xx that doesn't change so you don't have to go tracking shit via PD from your isp, etc.
-
Always when my WAN reconnect. I have PPPoE on WAN. Most of the ISPs use dynamic IPv6 prefixes on consumer lines.
-
@ssjoco85 said in IPv6 subneting and DHCP PD how to:
IPv6 prefixes on consumer lines.
Then don't use a consumer line - duh!!! Your trying to do business shit with user connection..
If your going to use consumer level connections, and you want to do fancy shit with IPv6 then just get your free /48 from HE and you can do whatever you want with that /48 - and it never changes... I have had my /48 since 2011..
With multiple isp over that period - just take my /48 with me no matter what ISP I use, etc. etc.
-
@ssjoco85 said in IPv6 subneting and DHCP PD how to:
Always when my WAN reconnect. I have PPPoE on WAN. Most of the ISPs use dynamic IPv6 prefixes on consumer lines.
I'm on a consumer service and my prefixes are solid, ever since the "Do not allow PD/Address release" option was added to pfSense. DHCPv6-PD uses something called "Device Unique IDentifier" (DUID) to lock the prefix to the customer.
