IPV6 Static IPV6 address
-
@axsense2 said in IPV6 Static IPV6 address:
Absolutely none of them has anything but a consumer xDSL router.
Well you prob be best off just doing static for them as well.. This should take out any sort of deployment issues, and allow for them to get more segments if they need them. And for others not have to deal with ipv6 if they don't want to, etc.
This way your sure differences in their routers will not be a problem - only issue is that static will be a bit more leg work, and could be problem if you have to scale up to like 300 or 3000 at some point ;)
-
@axsense2 said in IPV6 Static IPV6 address:
There are only up to 30 so basically any size will do.
If you want the users to be able to use DHCPv6-PD, then you'll need a router that can provide it. That's an extra cost option, with Cisco gear, IIRC.
-
@JKnott said in IPV6 Static IPV6 address:
If you want the users to be able to use DHCPv6-PD, then you'll need a router that can provide it. That's an extra cost option, with Cisco gear, IIRC.
I was testing this setup using consumer xDSL modem. Delegation worked just fine. (The SubRouter in the test above was Zyxel low end modem.)
And for others not have to deal with ipv6 if they don't want to, etc.
This is true. I was thinking the same thing. Maybe I just give instructions only to them whom actually likes to use IPV6 and not to compromise rest of the users. On the other hand: if it's automatic it would mean less work for me.Well anyway... thanks for the help. If my reference setup above is just fine I will probably do a pilot with something like that - depending on what kind of IPV6 connection (from ISP) I am actually getting next week.
-
This document contains pretty much all the information I was looking for earlier. I can see that I ended up to the same setup after all.
https://www.slideshare.net/NetgateUSA/ipv6-basics-pfsense-hangout-july-2015Remark about DHCP6 with Android pays my attention. Should I advertise subnets using RA instead of DHCP6? And disable DHCP6 completely...(?)
But how to do this
with RA:
-
@axsense2 said in IPV6 Static IPV6 address:
Should I advertise subnets using RA instead of DHCP6? And disable DHCP6 completely...(?)
That's what I do. With SLAAC, you don't need DHCPv6 to assign addresses.
-
@JKnott said in IPV6 Static IPV6 address:
That's what I do. With SLAAC, you don't need DHCPv6 to assign addresses.
Yep. Got it. Need to study how to properly define this DHCP6 setup without DHCP6.
Since there is only this on RA form:
I think my 3333 network gets IPV6 addresses using SLAAC without any additional configuration. I hope I don't need to create RA Subnet of every single /64 I need to assign...
-
@axsense2 said in IPV6 Static IPV6 address:
Yep. Got it. Need to study how to properly define this DHCP6 setup without DHCP6.
Assuming you're handing out /64s, then you rely on router advertisements to provide the prefix and SLAAC automagically adds the rest. Nothing to do at all.
-
Right... but how do any of the routers be are aware of 3334-> subnets since I haven't defined those to anywhere?
Changing Router mode to Unmanaged and thats it? Sounds like too easy to be true... -
@axsense2 said in IPV6 Static IPV6 address:
Right... but how do any of the routers be are aware of 3334-> subnets since I haven't defined those to anywhere?
You're confusing assigning addresses to users with configuring your network. Some how, you have to create individual networks for each user, unless you want them all to share a single /64. You start with your /56 and divide it into individual networks. As mentioned, this can be done with VLANs. With each network (VLAN) you select the prefix ID, to choose which of the 256 /64s to use. Then on each individual network, there should be router advertisements with the prefix for that network. The users devices then add their own portion of the address through SLAAC and DHCPv6 is not needed. With SLAAC, the address suffix is generated from either the MAC address or a random number. It just works, without any configuration.
You'd also need a managed switch to separate the VLANs into individual access ports, one for each user.
-
@JKnott said in IPV6 Static IPV6 address:
You're confusing assigning addresses to users with configuring your network.
I think I am not. Those 3334-> /64 subnets were for SubRouters. Those are the ones I need to delegate SubRouters.
But anyway, the answer is clear and obvious. Based on your description I will stick in DHCP. It suits better for my need and I have better control over the delegation.Ax.
-
@axsense2 said in IPV6 Static IPV6 address:
But anyway, the answer is clear and obvious. Based on your description I will stick in DHCP. It suits better for my need and I have better control over the delegation.
It also won't work. You can have only /64 prefixes on a LAN. You cannot put a /56 or /48 on a LAN and use DHCP to sort things out. Somewhere, you have to create an interface for each /64, assuming you're giving each user one. Then when you have a /64 configured and running it will provide the prefix via router advertisements. If you provide more than a /64 to each user, then you will have to also provide DHCPv6-PD to each user, so that you don't have to manually configure each user. Regardless, you will still need to route the networks to each user and then split off the /64s. You cannot do that with DHCPv6.
Given that you seem to have difficulty understanding the basics, are you sure you're up to such an advance project?
BTW, I'm doing here what you want, but on a smaller scale. I have a /56. I have pfSense configured to use prefix ID 0 for my main LAN and also 3 for a test LAN along with ff for my VPN. This is similar in concept to providing a /64 to each of 30 or so users and can even be extended to many more. Of course, if you have a lot of users, you're going to have to give some serious consideration to hardware issues. For example, if you enable 30 VLANs on pfSense, you'll need at least a 30 port switch to separate them. The smallest common switch size that would do that is 48 ports. You'll also have to ensure the switch can handle that many VLANs. While there are 4096 VLAN IDs, many switches can't actually handle that many. For example my Cisco SG200-8 switch can only have a maximum of 16.
-
@JKnott said in IPV6 Static IPV6 address:
Given that you seem to have difficulty understanding the basics, are you sure you're up to such an advance project?
I am pretty much disappointed on attitude I am receiving in many replies. I tried not to bother this, but...
You cannot put a /56 or /48 on a LAN and use DHCP to sort things out
That's what I asked few msgs back. There is no way routers can understand my intention for routing if I haven't defined it to anywhere.
But if this forum is just for those whom have learned this stuff elsewhere and came here to be wiseacre, then I need to sort this out myself. It is not a problem. I actually thought that building up something else than is described in many instructions might help others too.
When I wrote IPV4 stack to an non-networking operating system back in 90s I knew nothing about IPV4 either. I thought I could get easier this time...
Thanks and sorry.
-
You cannot SLAAC a routed prefix.
You either set it statically or with DHCP6.
You also seem to be confusing assigning an address to a device out of that interface prefix and the subsequent routing of a prefix to that device for use on interfaces it knows how to route to or that it can further route down the line.
As an ISP you should be giving each endpoint AT LEAST a /56.
If this is some other project and you control all of the sites and the prefixes to be used behind the downstream routers and you know that a /64 or /60 will work there then more power to you.
I wouldn't be taking that on without at least a /48 to start with. If growth was a possibility I'd bite the bullet, speak BGP, and get an allocation from your RIR for a /40. That is a "3X-Small" in ARIN.
https://www.arin.net/resources/guide/ipv6/first_request/
-
@axsense2 said in IPV6 Static IPV6 address:
@JKnott said in IPV6 Static IPV6 address:
Given that you seem to have difficulty understanding the basics, are you sure you're up to such an advance project?
I am pretty much disappointed on attitude I am receiving in many replies. I tried not to bother this, but...
You cannot put a /56 or /48 on a LAN and use DHCP to sort things out
That's what I asked few msgs back. There is no way routers can understand my intention for routing if I haven't defined it to anywhere.
But if this forum is just for those whom have learned this stuff elsewhere and came here to be wiseacre, then I need to sort this out myself. It is not a problem. I actually thought that building up something else than is described in many instructions might help others too.
When I wrote IPV4 stack to an non-networking operating system back in 90s I knew nothing about IPV4 either. I thought I could get easier this time...
I'm sorry it came across that way, but you are taking on a complex project, when your comments show you really don't understand how things work. For example, you talk about 30 users. How are you planning on connecting them? If they get a single /64, then you can set up multiple interfaces on pfSense, as I discussed, though I don't know what the maximum pfSense supports is. If you plan to give the users multiple /64s, then you're going to need a router for each user, and route their prefixes to them. These are quite different situations, and I haven't seen anything to advise us one way or the other. Also, if you route to the users, you're going to want to use prefix delegation, which is not likely to be standard on most routers. It's an extra cost option of Cisco routers, IIRC. I'm not even sure pfSense is the best way to go with this.
-
He stated that they are all just using soho routers.. " a consumer xDSL router." Which guess could be multiple different makes and models with all kinds of different feature sets and doing things slightly different, etc.
While I applaud his ambition to provide his users IPv6 - I am curious if any of them even know what it is ;) Have any of your customers actually asked for IPv6.. Did they state what prefix they would want/need - how they want it deployed to them?
If my ISP had actually asked me - I would of stated freaking static!!
-
Thank you all for the valuable comments. I received wider network today and built the setup up.
Internet <-> ISP <-> WAN PFSense LAN <-> WAN SubRouter1 LAN <-> PC1
Internet <-> ISP <-> WAN PFSense LAN <-> WAN SubRouter2 LAN <-> PC2I have fully working traffic between Internet and PC1/2 both directions.
"https://ipv6-test.com/" passes too - naturally.Ax.
-
You cannot SLAAC a routed prefix.
Ok, this is clear. There is nothing like that on the configuration page either.
You either set it statically or with DHCP6.
Yep, done that both ways. Both methods work without issues.
You also seem to be confusing assigning an address to a device out of that interface prefix
I think I understand that, but that could to be true. The configuration described earlier works and it does what I expect it to do. I don't think it differs much what johnpoz suggested.
Ax.