IPv6 to internal routers and their networks - can prefix delegation and SLAAC work for them?
-
I'm first looking for a basic yes/no "it can or can't do that" answer to this question: Can I set up prefix delegation and RA's on pfSense to automatically distribute the prefixes to one (or more) internal routers such that they provide the delegate prefix(es) to their own subnets on their own internal interfaces?
The key point there is "automatic". I want to use SLAAC everywhere for assigning addresses, partly due to some devices like androids, partly to see if it can be done.
I have an internal Linux router (could be Windows, FreeBSD or even NetWare if one of those works) with two interfaces, on in the main LAN, one on a test subnet. This router gets the expected SLAAC ip address on the main LAN, but no globals show up on the other interface.
The pfSense is working fine in requesting an IPv6 prefix from Cox (Business) Cable. Through trial and error I found I couldn't get a /48, but I've been getting a /56 no problem. And as long as I do nothing more than reboot pfSense, I have been getting the same prefix for weeks, even though a 24-hour lease. I'm using Track Interface and no DHCPv6, and the LAN-side clients are all working fine.
To learn a bit about prefix delegation, I also set an IPv6 prefix ID, and it works fine. Example, I get a 2001:xxxx:xxxx:e00::/56, and a prefix ID of 4 makes all my LAN client addresses start with 2001:xxxx:xxxx:e04:.
What about the other 255 subnet prefixes? Can anything be automated to use them in downstream routers? I want automation, because I can't get fix IPV6 from Cox, and doing things like adding or removing a switch (new MAC address in front of my cable modem), my prefix will change. I've gone through 6 or 7 in testing.
I'd hate to have to manually reconfigure 255 subnets when my prefix changes.
Cox - what on earth would you give out /56 networks on a 24-hour lease? What do you expect us to do with 256 subnets with a short lease time?
--- Ok, if it is possible to automate this, then how?
-
No. There is currently no way to take the PD and automatically distribute it into the DHCP6 server for further prefix delegation downstream.
If your PD doesn't change very often (and it shouldn't if your ISP does things correctly, and Cox seems to be one of the good ones - my PD even followed me when I moved) you can manually set the PD "pool" based on that and change it if it changes.
You would not have to change 255 subnets. You would change the "pool" and tell it to delegate /64s out of that.
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM) -
No, prefix delegation is normally used by ISPs to assign prefixes to a customer, but not within a network. You have to manually configure for anything beyond pfsense.
-
Not true. You can configure the DHCP6 server in pfSense to delegate prefixes. It just gets a little more difficult when the prefix it is delegating out of is dynamic itself.
-
PD usually is used to assign a block of addresses to a customer. On the local LAN, SLAAC is used to provide a single /64. Is that what you're referring to? Or can you provide perhaps a /60?
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@Derelict said in IPv6 to internal routers and their networks - can prefix delegation and SLAAC work for them?:
If your PD doesn't change very often (and it shouldn't if your ISP does things correctly
Mine survived replacing the WAN NIC, but my IPv4 address and host name didn't. I haven't seen mine change when I didn't do something to cause it to change.
-
@JKnott You can delegate prefixes. An address is assigned and the delegated prefix is routed to it.
https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv6.html#dhcpv6-prefix-delegation
