Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 to internal routers and their networks - can prefix delegation and SLAAC work for them?

    IPv6
    3
    7
    961
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PhxAzCraig
      last edited by

      I'm first looking for a basic yes/no "it can or can't do that" answer to this question: Can I set up prefix delegation and RA's on pfSense to automatically distribute the prefixes to one (or more) internal routers such that they provide the delegate prefix(es) to their own subnets on their own internal interfaces?

      The key point there is "automatic". I want to use SLAAC everywhere for assigning addresses, partly due to some devices like androids, partly to see if it can be done.

      I have an internal Linux router (could be Windows, FreeBSD or even NetWare if one of those works) with two interfaces, on in the main LAN, one on a test subnet. This router gets the expected SLAAC ip address on the main LAN, but no globals show up on the other interface.

      The pfSense is working fine in requesting an IPv6 prefix from Cox (Business) Cable. Through trial and error I found I couldn't get a /48, but I've been getting a /56 no problem. And as long as I do nothing more than reboot pfSense, I have been getting the same prefix for weeks, even though a 24-hour lease. I'm using Track Interface and no DHCPv6, and the LAN-side clients are all working fine.

      To learn a bit about prefix delegation, I also set an IPv6 prefix ID, and it works fine. Example, I get a 2001:xxxx:xxxx:e00::/56, and a prefix ID of 4 makes all my LAN client addresses start with 2001:xxxx:xxxx:e04:.

      What about the other 255 subnet prefixes? Can anything be automated to use them in downstream routers? I want automation, because I can't get fix IPV6 from Cox, and doing things like adding or removing a switch (new MAC address in front of my cable modem), my prefix will change. I've gone through 6 or 7 in testing.

      I'd hate to have to manually reconfigure 255 subnets when my prefix changes.

      Cox - what on earth would you give out /56 networks on a 24-hour lease? What do you expect us to do with 256 subnets with a short lease time?

      --- Ok, if it is possible to automate this, then how?

      JKnottJ 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        No. There is currently no way to take the PD and automatically distribute it into the DHCP6 server for further prefix delegation downstream.

        If your PD doesn't change very often (and it shouldn't if your ISP does things correctly, and Cox seems to be one of the good ones - my PD even followed me when I moved) you can manually set the PD "pool" based on that and change it if it changes.

        You would not have to change 255 subnets. You would change the "pool" and tell it to delegate /64s out of that.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @PhxAzCraig
          last edited by

          @PhxAzCraig

          No, prefix delegation is normally used by ISPs to assign prefixes to a customer, but not within a network. You have to manually configure for anything beyond pfsense.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Not true. You can configure the DHCP6 server in pfSense to delegate prefixes. It just gets a little more difficult when the prefix it is delegating out of is dynamic itself.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @Derelict
              last edited by

              @Derelict

              PD usually is used to assign a block of addresses to a customer. On the local LAN, SLAAC is used to provide a single /64. Is that what you're referring to? Or can you provide perhaps a /60?

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              DerelictD 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @Derelict
                last edited by

                @Derelict said in IPv6 to internal routers and their networks - can prefix delegation and SLAAC work for them?:

                If your PD doesn't change very often (and it shouldn't if your ISP does things correctly

                Mine survived replacing the WAN NIC, but my IPv4 address and host name didn't. I haven't seen mine change when I didn't do something to cause it to change.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate @JKnott
                  last edited by

                  @JKnott You can delegate prefixes. An address is assigned and the delegated prefix is routed to it.

                  e25444ec-ae09-48a2-883d-650b75f7ff52-image.png

                  https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv6.html#dhcpv6-prefix-delegation

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.