IPv6 Help / tutorial / something please!

maverickws

Well I'd like to thank all for this very interesting discussion.

I'd like to say regarding the comment about not accounting for the number of possible hosts in any given subnet, well ok I get that, its just that each of these networks is so huge I feel other subnetting options made standard could be effective and I felt like commenting that. But ok, lets disregard that and it is how it is so moving on! :)

I have HE at home, its nice to have IPv6 connectivity where your ISP doesn't provide it, but its still v6 over v4 and I was looking for a leaner solution for service machines hosted on a datacenter.

I'm touching base with them and looking forward to see their reply.

I still have kind of a question tho, about @JKnott remark "pfsense requires bridge mode to work properly" does this mean if I get a /56 or /48 I'd still have to add a bridge for IPv6 to work?

JKnott

@maverickws said in IPv6 Help / tutorial / something please!:

does this mean if I get a /56 or /48 I'd still have to add a bridge for IPv6 to work?

The bridge vs gateway mode refers to the device your ISP uses to provide your connection. I have a cable modem. Others have ADSL or even fibre. You're thinking of LAN bridges, which are essentially a 2 port switch and has nothing to do with this discussion. What piece of hardware do you connect to for your Internet access? That's where you would have the bridge/gateway choice. This has nothing to do specifically with pfsense. You'd do the same thing for any firewall/router.

maverickws

@jknott so basically I have a virtual switch to which my servers are connected to, and the both the IPv4 and IPv6 subnets are delivered via VLAN, and they give me an upstream gateway for the /64 network which belongs to said subnet.

I don't think they'll be assigning anything else other than a /64. They say they can provide /56 networks but that would be routed through an host (server) which is the contrary of what we have being it delivered through a switch.

Derelict

@maverickws A router is a router. A switch is a switch. A /64 is insufficient for anything other than the most basic, single-segment home network behind the ISP device. Make them provide a /56.

You should also probably paste EXACTLY what they are telling you instead of your interpretation of the same.

maverickws

@derelict lol man I read your reply 5 times and all them 5 it felt like you're calling me stupid. Do you think or have you felt in the previous interactions that I have some interpretation problem or something?

Here's the "paste EXACTLY" instead of "interpretation"

Dear Client,

for your server you can have an additional /56 if you want but this is not possible on vswitch feature due of technical reasons.

Unfortunately on the vswitch it is only possible to have /64 prefix.

Kind regards

Please let me know if you feel my interpretation is correct or should I take some classes.

Derelict

@maverickws Get them to route the /56 to you.

As soon as they are doing that you can worry about how it's routed internally.

An ISP giving advice on configuring a vswitch? I wouldn't even try to explain to them what you are trying to do on the inside. Just get the /56 routed to you.

maverickws

@derelict I must say I don't see any way of "forcing" them to give me a /56. They can simply refuse and rely on bureaucracy to never do it.

They're not very good with vSwitches actually. I've had a problem with CARP they sent me a link to Junipers documentation lol, when the switches are on their side and I have nothing to do with their config. I documented a problem with their switches ignoring Gratuitous ARP requests, the only solution to have the service working was to configure the CARP on the pfSenses, then migrating the existing VLAN to a new vSwtich, so the VRRP mac's would stick.

I think some perks of the service are beyond ridiculous, but truth be told I have to juggle with price/performance and service offering, and so far this has been the ... least bad.

Some are worse on the hardware, other on hardware specs, these guys are bad at networking ... or parts of it.

Derelict

@maverickws Then get another ISP I guess.

JKnott

@maverickws said in IPv6 Help / tutorial / something please!:

so basically I have a virtual switch to which my servers are connected to, and the both the IPv4 and IPv6 subnets are delivered via VLAN, and they give me an upstream gateway for the /64 network which belongs to said subnet.

This is the first time you've mentioned HOW you're getting your connection and it appears they are providing you with only a single /64. As for @Derelict, I can feel his frustration, which may cause your thinking he's calling you stupid, as we've been trying to find out how you're connected and you haven't been very forthcoming. You say you're a "noob", well if you want help, you have to help us help you.

Based on what you've now told us, you have a single /64, which cannot be split without breaking things. You'll have to arrange with whoever to provide what you need to meet your requirements. It also appears you're in a data centre, which I don't believe was mentioned before, where a /64 may be suitable, if all you're doing is providing some servers. Much of what I said above was based on the assumption you were a stand alone customer, getting your own connection from some ISP. If you need more /64s you have to arrange for them, not try to squeeze them out of a /64 by breaking how it's designed.

Derelict

@maverickws I did not call you stupid. In about 8 years of experience helping people on this forum I have found it is just best to get the words from the ISP's mouth. As @JKnott observed, you insisted that you were a "noob" in your OP. If nothing else it establishes that we are actually working from guidance from the ISP and not just trying random things (which happens - a lot).

maverickws

@JKnott ok sorry.
Noob more in regard of IPv6 itself. I'm not a networking guy, I got a fair understanding of IPv4, but not so much about IPv6. And to that I must say: still a noob, and looking to learn.

About the HOW, I'm sorry if that wasn't clear and I didn't get the hints to explain that part better, but its out in the clear now I guess. I may have missed mentioning it was a Datacenter I just said "provider" my bad and I'm sorry for the confusion.

I have 4 dedis with 2 pfSense routers. WAN is only connected to the pfSenses via vSwitch. All vm's get their connectivity through pfSense and are not host-bound.

@Derelict I didn't mean to offend probably as much as you meant me. I already explained the "noob" part, but consider saying to someone:

You should also probably paste EXACTLY what they are telling you instead of your interpretation of the same.

Its like people (or me in this case) are stupid and can't interpret what were told. Your comment was specifically about one's ability to understand a message and pass it on. People who can't understand a simple message and repeat it fall in such categories. Maybe you could have phrased better. Anyway, please note I said it seemed, I am sure that's not what you meant, yet I felt the remark was due. I have been working with IT and customers for 14 years and I never made such a remark to any, despite how dumb I may think they are sometimes.

Anyway I don't want to derail the topic to this, was just a comment.

I'm still insisting with the DC so they give me a bigger prefix.