Sharing a single /64
-
I want to share a single /64 prefix with around 12 interfaces but I keep reading I should divide a /64 prefix any further, I tried it anyway but as it turns out /64 seems to be the smallest I can go in pfSense.
Currently I use all of these interfaces because they have different policies, like traffic shaping, VPN gateways, etcetera.
How can I set DHCPv6 for a portion of a /64 for each interface? Is it possible? Would I be able to isolate select interfaces so there's no inter-VLAN routing happening? I am completely lost.
There are servers running on most interfaces so a managed network is a must.
-
Get a /56 or a /48. Use /64s on the interfaces. It is not pfSense. It is IPv6.
-
Thanks, that's what I was afraid of. It's just a /64 is already huge. These IPv6 designers went overboard.
Thanks again, I'll start deploying right away.
-
Stop sweating it. Every network segment gets a /64. You never have to worry about interface subnet size again.
-
Exactly.. Think of /64 as today you think of a /24 or smaller.. /64 is the prefix you put on an interface.. Be it your going to have 4 devices or 400 devices on this network its a /64 you would use. Shoot even if was a point to point where you would normally use a /30 in ipv4 you would use a /64 in ipv6..
Unlike say a /24 in ipv4 you would not subnet a /64 that is the smallest you go.. If you need more networks then you need a /60, /56 /48 etc..
-
I'm setting up HE.net and already got the /48 block; I have a doubt though, does the GIF interface stays the same or do I need to reconfigure it with the /48 info, or, does that go in the DHCP/RA section?
Thanks for your help, again!
-
the GIF stays the same. You assign /64s out of the /48. You have 65536 of them to play with.
-
Thanks, this is so cool.
-
Thanks, that's what I was afraid of. It's just a /64 is already huge. These IPv6 designers went overboard.
Thanks again, I'll start deploying right away.
It's not huge, compared to the IPv6 address space. ISPs hand out /56 or /48 prefixes. That's 256 or 65536 /64s. That's still puny compared to what's available. At the moment, only 1/8th of the entire IPv6 address space is assigned to global address use. Over 3/4s is not assigned for anything. Even then, there are enough /48s for every single person on earth to have over 4000 of them. So, lets have no more of this nonsense about splitting a /64.
Incidentally, a /64 contains the entire IPv4 address space squared!.
-
the GIF stays the same. You assign /64s out of the /48. You have 65536 of them to play with.
Can pfSense assign the full /48, up to FFFF? On my system, the prefix IDs only go up to FF. But I only have a /56 prefix.
-
Yeah 65K /64 pretty much enough for as many networks you would ever need to create even if you think of a /64 as overkill with the number of address that can be on it.. And if not then get a /32 ;) This can be a issue to get your head around for sure.. It takes a bit to forget your ipv4 thinking - to me /64 with how many addresses that can be on it seems so wasteful.. But in the big picture with how big ipv6 space it really is almost infinite… Which I am sure that is what they thought of the ipv4 space when they started - and look how that turned out..
But compared to how much space there is on ipv4, ipv6 is so freaking big!!! I mean big!!! that while using a /64 for a couple of devices might seem wasteful - that is how its designed, and there will never be an issue for IP addresses - not for your great grandkids for sure even ;)Â If not great great great, etc..
-
You need a /48 to delegate /56 to other sites which is as small as anyone should go. You need a /56 to delegate /60.
-
And if not then get a /32 ;) This can be a issue to get your head around for sure.
There are enough IPv6 Global Unicast Addresses to give everyone on earth a /36 and have lots left over!
But in the big picture with how big ipv6 space it really is almost infinite… Which I am sure that is what they thought of the ipv4 space when they started - and look how that turned out..
According to Vint Cerf, one of the creators of the Internet. IPv4, with 32 bit addresses, was just intended to be a proof of concept, with the real version having a much larger address space. Unfortunately, it escaped.
-
Can pfSense assign the full /48, up to FFFF? On my system, the prefix IDs only go up to FF. But I only have a /56 prefix.
If you get a /48 PD you can set the track interface prefix ID from 0 to ffff. What is displayed and accepted as input there is dynamic and is dependent on the size of the PD. (A /60 shows 0 - f)
pfSense running with thousands of defined interfaces is another matter.