Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Non local gateway IPv6

    Scheduled Pinned Locked Moved IPv6
    ovhipv6vlangateway
    25 Posts 4 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz

      Not a good argument ;) Nobody has as many IPs that are in a /64 either - hehehe But hey it is what it is, that is where it makes sense to break the network at..

      You wonder why ipv6 is not as deployed as it should or could be - what OVH is doing is perfect example of the guys that should be doing it correctly still manage to F it up to where clients have to hack shit together to even use it.

      Even when they have pretty much an endless supply of IPs to work with, they still F it up!! It is just freaking SAD!!! I can see them having to take short cuts and try to save space with ipv4, handing the clients IPs in the same network vs giving them their own /30 or doing nat shit because they just don't have the IPs to work with... But with IPv6 this is just not the case at all... They can pretty much get as big a block as they need...

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      awebsterA 1 Reply Last reply Reply Quote 0
      • awebsterA
        awebster @johnpoz
        last edited by

        @johnpoz I totally agree that the subnet should be a) routed and b) the network size should be /64. I was simply pointing out something that appears unusual, namely that there appears to be more misconfigured IPv6 related questions hitting the forums from Europe than from NA.
        It is worth pointing out that OVH is a budget provider where you can get VPSes at a fraction of the cost of some of the big guns, consequently people flock there, but being a budget provider, you can expect budget service. Tech support for anything other than basic operations is pretty much non existent.
        For the record their IPv4 setup is a bit unusual in that you are allocated a /32 from within a much bigger subnet with a non-local gateway (ie: .1 of the actual subnet), only that seems to work fine with pfSense.
        Knowing that OVH's environment is based on openstack, it appears that prefix delegation is not supported on older releases. I have no way of knowing what version OVH is running, but this might be partly to blame.

        –A.

        JKnottJ O 2 Replies Last reply Reply Quote 0
        • JKnottJ
          JKnott @awebster
          last edited by

          @awebster

          I suppose the OP could get a tunnel from he.net, until OVH comes to their senses. Cheap is not a valid excuse for incompetent.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          awebsterA johnpozJ 2 Replies Last reply Reply Quote 1
          • awebsterA
            awebster @JKnott
            last edited by

            @JKnott Agreed tunnel from HE.NET would make the most sense. Wouldn't surprise me if HE.NET doesn't already have a direct attach to OVH, most big BW providers are connected there.

            –A.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @JKnott
              last edited by johnpoz

              @JKnott said in Non local gateway IPv6:

              Cheap is not a valid excuse for incompetent.

              That is GREAT line!!! I will have to remember that...

              And I concur, he.net is a great solution to work around horrible ipv6 deployments.. Grab your /48 and you can use it where you want, even if your isp has zero ipv6 support.. Which to be honest, prob better than some of the nonsense out there - atleast then vs trying to come up with work arounds and hacks to get something that works, you just directly go with simple and easy to setup he.net tunnel.

              I have had the same /48 from he for almost 10 years now.. Multiple ISPs, I have the same IPv6 block - and my current isp doesn't have any IPv6... I don't care took all of 2 minutes to be up and running... And it works!! only thing that is adds a few ms to what it would be if it was native.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • O
                Overclock @awebster
                last edited by

                @awebster said in Non local gateway IPv6:

                For the record their IPv4 setup is a bit unusual in that you are allocated a /32 from within a much bigger subnet with a non-local gateway (ie: .1 of the actual subnet), only that seems to work fine with pfSense.

                Yes, they give IPv4 public range and the non local gateway is always .254. To work, it need to allocated virtual mac address generated in OVH admin interface for each IPv4.
                It's work well on pfsense.

                @JKnott said in Non local gateway IPv6:

                @awebster

                Cheap is not a valid excuse for incompetent.

                In France, OVH is not see like cheap provider, it's the leader !
                I don't know how other dedicated server provider are playing with IPv6 block.

                @johnpoz said in Non local gateway IPv6:

                @JKnott said in Non local gateway IPv6:
                And I concur, he.net is a great solution to work around horrible ipv6 deployments..

                I just try it, it's amazing ! Work perfectly on Pfsense and i could immediately subnet the given /48 on multiple /64 for VM, and you know what... it's working !

                It's make me totally mad that i must use free US tunnel provider on my paid french dedicated server...

                I also have some doubts about using free tunnel for professional use...

                I will try again to configure NDP proxy on hypervisor, but it's very tricky by multiple veth usage.

                Thanks to all of you !

                JKnottJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  @Overclock said in Non local gateway IPv6:

                  I also have some doubts about using free tunnel for professional use...

                  Huh? But its ok to just use some random block of IPs your host gives you? Do they charge you for those IPs? That you have to hack up some ndp proxy to get to work?

                  Go get your own IPv6 block from Ripe if you want... Will OVH allow you to route that, or will they just attach your whole /32 and expect you to proxy it?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  O 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @Overclock
                    last edited by

                    @Overclock said in Non local gateway IPv6:

                    In France, OVH is not see like cheap provider, it's the leader !

                    Then they should have competent support. Ask them how they'd configure a Cisco router.

                    I can understand an ISP providing a single /64 and expecting you to use it. At least that will work properly. Anything else, such as a /56 must be routed. There is no other way for it to work properly.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • O
                      Overclock @johnpoz
                      last edited by

                      @johnpoz

                      I just want to say, that it's a little hard for me to trust a free service. I just hope than Hurricane Electric don't spy what go trough the tunnel. But it's a great service !

                      @JKnott said in Non local gateway IPv6:

                      @Overclock said in Non local gateway IPv6:

                      In France, OVH is not see like cheap provider, it's the leader !

                      Then they should have competent support. Ask them how they'd configure a Cisco router.

                      I have open ticket about this subject, wait and see :)

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        @Overclock said in Non local gateway IPv6:

                        I just hope than Hurricane Electric don't spy what go trough the tunnel.

                        You could say the same freaking thing about your ISP ;) Or any VPN service you actually pay for ;) Or any router on the internet that your traffic routes through, etc.. For that matter.

                        You understand they are like the top ipv6 backbone on the planet right?? They run a freaking HUGE network.. This is not your fly by night service providing you free vpn ;)

                        network.jpg

                        Can pretty much promise you if your running ipv6 traffic, at some point its going to cross thier routers.. Be it you tunnel to them or not ;)

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        O 1 Reply Last reply Reply Quote 0
                        • O
                          Overclock @johnpoz
                          last edited by

                          @johnpoz

                          Just some European security guy paranoia matters about US services ;)

                          I already satisfy by my fresh /48 ;)

                          I let you inform about OVH response.

                          JKnottJ 1 Reply Last reply Reply Quote 0
                          • JKnottJ
                            JKnott @Overclock
                            last edited by

                            @Overclock said in Non local gateway IPv6:

                            I let you inform about OVH response.

                            Ask them how SLAAC is supposed to work with a /56. You may be able to get a single /64 to work, but the other 255 will be unusable.

                            PfSense running on Qotom mini PC
                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                            UniFi AC-Lite access point

                            I haven't lost my mind. It's around here...somewhere...

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.