Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sharing IPv6 subnet

    Scheduled Pinned Locked Moved IPv6
    10 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miken32
      last edited by

      Our ISP provides a /56 network via DHCP6. If we have 3 pfSense boxes sitting behind the modem, is it possible to have each one serve a separate /64 network to LAN clients? Don't have anything live yet, just planning for what the best way to go about this is. Thanks.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you have 3 pfsense boxes?? But sure if you have a /56 that is routed to you, you can break that up in to multiple /64s

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          miken32
          last edited by

          It's a multi-tenant situation. I know I can subnet a /56, but given that I don't control the /56 I want to know if the pfSenses can somehow take care of splitting it up. I know there are some options for prefix delegation, but not sure if that can work for what I want.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott
            last edited by

            You'll need a router of some sort to do that.  You can then have 3 pfSense systems connected to the router.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • M
              miken32
              last edited by

              @JKnott:

              You'll need a router of some sort to do that.  You can then have 3 pfSense systems connected to the router.

              The ISP modem is a router. That doesn't address how I can get 3 different IPv6 subnets behind (i.e. on the LAN side of) my pfSenses.

              1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott
                last edited by

                Does the ISPs router have provision for splitting up the /56 and sending the subnets to the pfSense systems?

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  So how exactly is your ISP giving you a /56??  Yes pfsense can track on its lan side interfaces and use the different /64s that make up your /56

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • MikeV7896M
                    MikeV7896
                    last edited by

                    What you're looking for is an option in the ISP router to do prefix delegation. Hopefully the ISP router can delegate an IPv6 prefix to each of your pfSense systems via DHCPv6-PD. You'd receive the /64 delegated from the ISP router, then apply it to one of your networks. If you want, you could probably even delegate /60's so you each get 16 /64's to use as you wish.

                    The S in IOT stands for Security

                    1 Reply Last reply Reply Quote 0
                    • JKnottJ
                      JKnott
                      last edited by

                      ^^^^
                      If prefix delegation is use, then separate connections, either separate interfaces or VLANs are necessary.  However, a simple static configuration could be used, assuming the /56 prefix doesn't change.  With a router, it's possible to split the /56 into perhaps 4 /58s and forward to the appropriate pfSense system.  However, SOHO type routers are generally not capable of this.  He'd need a "real' router from Cisco etc., or to roll his own with Linux or BSD.

                      PfSense running on Qotom mini PC
                      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                      UniFi AC-Lite access point

                      I haven't lost my mind. It's around here...somewhere...

                      1 Reply Last reply Reply Quote 0
                      • M
                        miken32
                        last edited by

                        @virgiliomi:

                        What you're looking for is an option in the ISP router to do prefix delegation. Hopefully the ISP router can delegate an IPv6 prefix to each of your pfSense systems via DHCPv6-PD. You'd receive the /64 delegated from the ISP router, then apply it to one of your networks. If you want, you could probably even delegate /60's so you each get 16 /64's to use as you wish.

                        Ok, that's what I was thinking. I wasn't sure if the pfSense could request a /64 and the modem would keep track of things; I guess I'll just wait until I get the modem set up and play around. Thanks for all the feedback everyone!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.