IPv6 with Hurricane Electric Tunnel Broker - Documentation out of date
-
That ISPs would give out only 1 /64 is asinine… They should at min give out a /60, but you know you could make an argument that any site should get a /48. According to Arin policy a site is a building - so your home should get a /48..
https://www.arin.net/policy/nrpm.html
ARIN Number Resource Policy Manual6.5.8.2.1. Standard sites
A site is a discrete location that is part of an organization’s network.An organization may request up to a /48 for each site in its network
Its not like there is an issue with available space...
To be honest I would forget your ISP even supports ipv6 if they are not going to do it correctly. Can you not request a different prefix size? /56 or /60? If not then forget them and just use HE.. Little reason to use /64 and /48 from Arin unless you wanted to use the HE /64 for your guest segment and all your others out of your /48...
So a /24 prefix is the min isp allocation.. Your talking 16,777,216 /48's why are thy giving you 1 /64?? Not like they can not get bigger than /24 If they gave you /56 that is more than 4G sites... Come on - why are they making it difficult by giving you 1 /64.. Just plain moronic!!!
-
That ISPs would give out only 1 /64 is asinine… ...
.... Come on - why are they making it difficult by giving you 1 /64.. Just plain moronic!!!Oh, man, I understand that so well.
I just forwarded your message to the main support forum of Orange, the biggest ISP in France and Europe (120 million ++ clients).
They just started to implement IPv6 a couple of month ago …
At least 30 million boxes have hardware that can't operate with IPv6 (chips are IP4v hard wired).
10 $ for each new box - 20 $ for shipping and handling (can't outsource that one to a low salary country ^^).I guess I will be using he.net for a long time :)
-
I know how it is…
I have a /64 for about 3 years now, since Digi (the main ISP in Romania) provides it.
Sadly, the move to /56 will come sometimes this year (no timeline defined).Now back to our sheep (revenons a nos moutons :) )...
I can't seem to find a way to assign the /64 from Hurricane Electric to the second VLAN I have.
I only have a LAN tab, that points to VLAN1 and I need to et HE's V6 to VLAN2 (that is on a different NIC Card).If I can't figure it out, I'll probably send them an e-mail.
@Community: any ideas on how to assign a specific NIC to HE V6 ?
Thanks,
Andy -
@Community: any ideas on how to assign a specific NIC to HE V6 ?
Assign interfaces to your liking from the console menu (option 1) or do it from the webgui (Interfaces->Assignments). Then make sure the interface where you want to use the /64 prefix is enabled (Interfaces-><name>->"Enable". Then set the IPv6 configuration type for the interface to "Static IPv6" and assing an address from the /64 prefix to it, any address is fine but people usually use the ::1 address from the prefix for the interface on the router.</name>
-
Here comes the issue… I cannot have 2 default gateways.
If I follow the article https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker and put interface OPT as default gateway, the clients from VLAN1 won't be able to use my ISP's IPv6. OPT2_TUNNELV6 OPT2 2001:470:1f1a:699::1 2001:470:1f1a:699::1 Interface OPT2_TUNNELV6 Gateway
WAN_DHCP6 (default) WAN fe80::1 fe80::1 Interface WAN_DHCP6 Gateway
WAN_PPPOE (default) WAN 10.0.0.1 10.0.0.1 Interface WAN_PPPOE GatewayThanks,
Andy -
Here comes the issue… I cannot have 2 default gateways.
That's not an issue, that is normal. If you have more than one gateway for an address family you need to do policy based routing.
https://doc.pfsense.org/index.php/What_is_policy_routing
-
-
Here comes the issue… I cannot have 2 default gateways.
That's not an issue, that is normal. If you have more than one gateway for an address family you need to do policy based routing.
Would static routing work ?
Thanks,
AndyIt would but it's very difficult to configure properly because the only way to differentiate the routes is the destination address. Policy routing is much more flexible.
On top of that if you have only your normal IPv4 WAN connection and an IPv6 tunnel from HE (why would you even consider using another IPv6 connection in addition to your HE tunnel?) there is no overlap between the connections and there is no need to do neither static routing nor policy routing.
-
I know who Orange is ;) I have done quite bit of networking back in the day in France.. Oh those were fun projects!!! Had one in Monaco during Grand Prix - I could hear the cars going by. But was on such a short schedule didn't even get to see them.. Arrggh ;)
Anyhoo.. So simple AAAA query to www.orange.fr to find a small chunk of their ipv6 space… I am sure they have multiple prefixes, prob even larger ones..
They own a /19 for sure... They prob have multiple other blocks..
net6num: 2a01:c000::/19
netname: FR-TELECOM-20051230
country: FR
org: ORG-FT2-RIPESo a /19 equates to 536,870,912 /48's.... WTF why would they only give out /64 to their users even if they 500 Million of them..
If they wanted to be stingy ok.. That 1 /19 they own has 137,438,953,472 /56's in it.. Yes that is 137 Billion!!! So more than number of 17x people on the planet... That an ISP would not allow a customer to request a prefix of the atleast /56 is just plain stupid.. And whoever is designing their ipv6 space doesn't have a freaking clue!!
They clearly do not understand the size of ipv6.. With the current very very small portion of the total IPv6 that has been allocated for use.. You could give out 4000 some /48's to every person on the planet... An ISP should give you a /48 and let you slice that up how you want.. There is zero reason to limit a customer to 1 /64.. Which makes it impossible for the customer to segment their network..
-
@kpa:
On top of that if you have only your normal IPv4 WAN connection and an IPv6 tunnel from HE (why would you even consider using another IPv6 connection in addition to your HE tunnel?)
I'm not the person you were replying to, but speaking for myself, I see things like this on my HE tunnel all the time:
Feb 12 14:00:45 dpinger OPT3V6_TUNNELV6 2001:470:7:117e::1: Alarm latency 33734us stddev 19534us loss 21% Feb 12 14:00:58 dpinger OPT3V6_TUNNELV6 2001:470:7:117e::1: Clear latency 33166us stddev 19392us loss 20% Feb 13 10:51:11 dpinger OPT3V6_TUNNELV6 2001:470:7:117e::1: Alarm latency 28309us stddev 9549us loss 22% Feb 13 10:51:12 dpinger OPT3V6_TUNNELV6 2001:470:7:117e::1: Alarm latency 605795us stddev 2656495us loss 19% Feb 13 10:52:07 dpinger OPT3V6_TUNNELV6 2001:470:7:117e::1: Alarm latency 137034us stddev 756717us loss 12% Feb 13 10:52:11 dpinger OPT3V6_TUNNELV6 2001:470:7:117e::1: Clear latency 33363us stddev 17753us loss 7%My homelab setup is much simpler than pbnet's, in that right now it's just one IPv4 through my ISP, and one IPv6 tunnel via HE. But due to the regular latency spikes, I'm considering trying to figure out how to set up some kind of multi-WAN thing, using my ISP's own IPv6 as the other uplink. The issue is that my ISP's IPv6 is hilariously terrible, so I need to keep HE's tunnel as an option. I think multi-WAN connections like this should be able to either failover or load-balance when the latency gets high enough to set off alarms, it's just I haven't had the time and energy to make the attempt.
So anyhow, that's just one example of why somebody might need a connection in addition to the tunnel.
