Prefix Delegation to a router
-
So I have a pfSense box set up in front of a Cisco router. I should be getting a /60 from Comcast (not sure if I am, see This topic).
I want to a /61 prefix delegation to the router so that I can have my couple VLANs each have their own /64.
How do I accomplish that? Based on the docs) it should be DHCPv6 Server, right? Under the prefix delegation? Though I don't see an option for /61, just /60 and /62 (among others).
Or I'm I just totally confused (as IPv6 often does to me)?
-
Yeah. /61 is kind of wonky. If you really want to lab stuff like that I'd just get a /48 from www.tunnelbroker.net.
Or use /62 if 4 subnets is enough.
They really shouldn't be issuing /60s. They should be /56 minimum. As you are finding out, what sounds like it should be plenty to people used to IPv4, it's really not in practice.
But it's Comcast so you're lucky it's working at all.
-
Yeah. /61 is kind of wonky. If you really want to lab stuff like that I'd just get a /48 from www.tunnelbroker.net.
Or use /62 if 4 subnets is enough.
Oh it is? Interesting. I think I could get away with 4 subnets, though its a little annoying.
They really shouldn't be issuing /60s. They should be /56 minimum. As you are finding out, what sounds like it should be plenty to people used to IPv4, it's really not in practice.
But it's Comcast so you're lucky it's working at all.
Comcast does seem to be pretty odd with their IPv6 support. Not sure why they are so stingy.
Maybe I'll look at an IPv6 tunnel option.
-
Yeah. /61 is kind of wonky. If you really want to lab stuff like that I'd just get a /48 from www.tunnelbroker.net.
Or use /62 if 4 subnets is enough.
Oh it is? Interesting. I think I could get away with 4 subnets, though its a little annoying.
They really shouldn't be issuing /60s. They should be /56 minimum. As you are finding out, what sounds like it should be plenty to people used to IPv4, it's really not in practice.
But it's Comcast so you're lucky it's working at all.
Comcast does seem to be pretty odd with their IPv6 support. Not sure why they are so stingy.
Maybe I'll look at an IPv6 tunnel option.
It's definitely worth looking at a tunnel. If there's a server close to your location the throughput may be quite close to the throughput of your link. However, recently, I've been unable to access mail.yahoo.com through the tunnel, although I have no way to determine whether the problem is caused by the tunnel, yahoo's network or possibly even pfsense. Aside from that issue, the tunnel has been rock solid since I started using it, which was several years ago.
-
mail.yahoo.com loads for me over native, but not over he.net.
I'd probably put money on yahoo blocking he.net as a proxy or something before blaming something legitimate.
Or maybe their secret tap to the NSA isn't compatible.
-
mail.yahoo.com loads for me over native, but not over he.net.
I'd probably put money on yahoo blocking he.net as a proxy or something before blaming something legitimate.
Or maybe their secret tap to the NSA isn't compatible.
Okay, there you go. Three people with the problem now. Good one about the NSA.
-
It's definitely worth looking at a tunnel. If there's a server close to your location the throughput may be quite close to the throughput of your link. However, recently, I've been unable to access mail.yahoo.com through the tunnel, although I have no way to determine whether the problem is caused by the tunnel, yahoo's network or possibly even pfsense. Aside from that issue, the tunnel has been rock solid since I started using it, which was several years ago.
I decided you are right, so I set one up. Love getting a /48, and having a static IP. Makes things so much easier. Hopefully I won't run into issues like you did (luckily I don't use yahoo mail).
Have you done anything with delegated prefix? I'm trying to add the range, but its giving me an error that doesn't make sense:
I'm trying to delegate a /52 using the range of 2001:470:1234:1000:: to 2001:470:1234:1fff:ffff:ffff:ffff:ffff but it give me an error:
"Prefix Delegation To address is not a valid IPv6 Netmask for 2001:470:1234:1000::/52"
Except all the subnet calculators tell me it should be valid.
Help?
-
It's definitely worth looking at a tunnel. If there's a server close to your location the throughput may be quite close to the throughput of your link. However, recently, I've been unable to access mail.yahoo.com through the tunnel, although I have no way to determine whether the problem is caused by the tunnel, yahoo's network or possibly even pfsense. Aside from that issue, the tunnel has been rock solid since I started using it, which was several years ago.
I decided you are right, so I set one up. Love getting a /48, and having a static IP. Makes things so much easier. Hopefully I won't run into issues like you did (luckily I don't use yahoo mail).
Have you done anything with delegated prefix? I'm trying to add the range, but its giving me an error that doesn't make sense:
I'm trying to delegate a /52 using the range of 2001:470:1234:1000:: to 2001:470:1234:1fff:ffff:ffff:ffff:ffff but it give me an error:
"Prefix Delegation To address is not a valid IPv6 Netmask for 2001:470:1234:1000::/52"
Except all the subnet calculators tell me it should be valid.
Help?
Don't forget to set up the dynamic dns if you don't have a static ipv4 address.
Sorry, haven't delegated a prefix. I'm only using a /64. Not sure why it's not happy with that.
