4. Learning IPv6

Learning IPv6

  • V

    Hello,

    I have been learning about IPv6 as I implement it on my home network.  I have one issue that I can't seem to solve.

    I have setup my LAN with an IPv6 Configuration Type of Track Interface.  The DHCPv6 server is set and provides IPv6 IPs for everyone on the network.  Everything seems to work great, except I have one wrinkle.

    I have a Domain Controller that needs a static IP so that I can specify that IP in the DHCP server for clients to use for DNS.  How do I do this if everything is dynamic now?  I imagine I could pick static IPs inside the dynamic subnet that my ISP provided, but what happens if this changes?  Is there any way to specify something truly static like one could do with IPv4?

    Thanks for any ideas,
    Ryan

    0

  • There are a couple of ways.  First off, with SLAAC, instead of DHCPv6, the computers would normally have one consistent address and also privacy addresses, which change periodically.  With Linux, the consistent address is normally MAC based, but a random number is used with Windows.  However, you can also configure Windows to use the MAC address.  Of course, you can always manually configure an address within your prefix range, but outside of the DHCP range.  You can even map an address to the MAC address, at the bottom of the DHCPv6 server page.  The only difference between IPv4 adn IPv6, in this regard, is that IPv6 can use SLAAC addresses and IPv4 can't.

    https://en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_.28SLAAC.29

    0
  • B

    You're stumbling over a common problem with "track interface". Unfortunately, pfsense doesn't provide any help with this issue.

    Windows will auto-create a pair of addresses (link local and global) using either a random value or a value derived from the MAC. Which one depends on the privacy setting. It doesn't really matter which you use, because in either case, the global address will be allocated using the prefix from your isp, which is subject to change. If your prefix is relatively "static", you could just configure a static address and fix it if/when it breaks.

    I'm wondering if you really need a static ipv6 address. I have two windows servers (neither is operating as a domain controller). Both have static ipv4 addresses, but I just let dhcp do its thing for ipv6, because of this tracking issue. Not having static ipv6 addresses has never caused a problem, but it may be different for domain controllers. ipv6 uses reserved link local and multicast addresses, which may eliminate the requirement to have a static ipv6 address.

    I googled the topic of static ipv6 address for domain controller and saw a suggestion to use site-local addresses (which have been deprecated), but you could do the same thing with a the ULA prefix (fd00::/8). Again, is it really necessary?

    0

  • I was also going to suggest ULA.  I have that set up here, just to play with.  One nice thing is the prefix never changes.  You start with "fd" and then add a 40 bit random number to create a /48 prefix.  You could rely on pfSense to advertise the prefix, as I have done, or just create whatever address you want.  For example, fd::n, where n is any hex number between 1 and ffff.

    BTW, I now have "static" IPv6 addresses since pfSense was updated to keep the same prefix.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy