[Resolved] IPv6 /48 routed trough /64 interconnection
-
Hello,
I think it's a topic that comes up regularly, I read a lot of the forum and I can not find a solution.
My IPv6 WAN connection is interconnected to the ISP with a /64. My WAN interface is successfully pinging Internet IPv6 addresses.
In addition to that, my ISP route an IPv6 /48 prefix "2a0a:xxxx:50::/48". So, I split this /48 in /64 on my different LAN interfaces.
Exemple :
LAN1 : 2a0a:xxxx:50:10::/64
LAN2 : 2a0a:xxxx:50:20::/64But I can not reach the Internet through these LANs interfaces.
WAN interface:
IPv6 Static : 2a0a:xxxx:fab:50::1/64
IPv6 default gateway : 2a0a:xxxx:fab:50::/64LAN1 interface:
IPv6 Static : 2a0a:xxxx:50:10::/64Even if I try to ping the default gateway from my LAN1 interface, I have no answer.
In the firewall, IPv6 is allowed on all interfaces.
What's also weird is when I make a traceroute from LAN1 to the default gateway, I only have * * *
It seems that via my LAN1 interface, it does not know or transfer the packets. So should he follow the default gateway ?!
On the side of the ISP, the configuration in their pfSense is as follows: a "Customer" interface with static IPv6 address 2a0a:xxxx:fab:50::/64 and for routed /48 subnet : an Virtual IPs > IP Alias linked with "Customer" interface, IP Adresses : 2A0A:xxxx:50::/48.
Thanks for your help :-)
-
an Virtual IPs > IP Alias linked with "Customer" interface, IP Adresses : 2A0A:xxxx:50::/48.
No idea what they're doing there.
They should create a gateway with your IPv6 wan interface address on it then a static route for the /48 to that. Zero reason for any VIPs.
Yet Another Clueless ISP.
-
They should create a gateway with your IPv6 wan interface address on it then a static route for the /48 to that. Zero reason for any VIPs.
Thanks! It's work with this solution! :-)
-
an Virtual IPs > IP Alias linked with "Customer" interface, IP Adresses : 2A0A:xxxx:50::/48.
No idea what they're doing there.
They should create a gateway with your IPv6 wan interface address on it then a static route for the /48 to that. Zero reason for any VIPs.
Yet Another Clueless ISP.
That assigned WAN adress is likely not used for routing. On IPv6, routing is normally done via the link local address. Go to a command prompt and enter netstat -r. You'll likely see the IPv6 default route is a link local address, not the WAN ULA.
-
That assigned WAN adress is likely not used for routing. On IPv6, routing is normally done via the link local address. Go to a command prompt and enter netstat -r. You'll likely see the IPv6 default route is a link local address, not the WAN ULA.
Thanks JKnott,
Indeed, before your message, I used a global address to do routing, instead of just using the link-local adress. I reconfigured my WAN interface by putting "IPv6 Configuration Type: None" and now when I'm doing a netstat -r, I see that the default GW for IPv6 is the link-local address. it saves a prefix /64 that was not useful!no risk that my link-local IPv6 address changes?
Thanks -
no risk that my link-local IPv6 address changes?
ThanksGiven that it's normally based on the MAC address, no chance unless you change the hardware. In some instance, such as routers, the link local address can be locally assigned. For example, with pfsense, on my local LAN, the default gateway is fe80::1:1.
-
When you said
@JKnott:the link local address can be locally assigned. For example, with pfsense, on my local LAN, the default gateway is fe80::1:1.
do you mean that you have manually chosen and set this link-local address?
if yes, can it be a problem for the ISP if someone did like you and chose the same address?
-
When you said
@JKnott:the link local address can be locally assigned. For example, with pfsense, on my local LAN, the default gateway is fe80::1:1.
do you mean that you have manually chosen and set this link-local address?
if yes, can it be a problem for the ISP if someone did like you and chose the same address?
No, I didn't choose it, pfsense did. Also, that's on the LAN side, so the ISP wouldn't see it. However, even on the WAN side it might not be a problem, as the link local address needs to be unique only on a given link. There's no reason why it can't be used on another one.
-
Yes… that’s right
Thanks :-) -
One last question:
ISPs use one interface by customer then? -
A Router Advertisement will likely results in a destination route to a link-local address, but an ISP static route probably should not since the link-local address for the route destination is un-knowable.
Happy to be educated to the contrary.
-
-
One last question:
ISPs use one interface by customer then?That would depend on the ISP and connection type. I have a cable modem and the segment is shared by others. So, the link local address would have to be unique on the segment, but not elsewhere.
-
Right but I'm talking static routing. Or a routing protocol. Not anything dynamic like DHCP/PDs.
-
A Router Advertisement will likely results in a destination route to a link-local address, but an ISP static route probably should not since the link-local address for the route destination is un-knowable.
Happy to be educated to the contrary.
With routing, the task is to determine what interface to use to reach a destination. This is done with routing tables that point to the appropriate interface. It makes no difference whether static or routing protocol, such as OSPF is used. A multipoint link requires the IP address of the next router and link local is fine for that. A point to point link doesn't even need that, as there is only one possible destination. When routing to a destination, only the end point IP address is relevant. Any address in between is not, so long as the router knows which interface to use.
Bottom line, routing over the entire Internet, using only link local addresses is possible. Global addresses are needed only for management and diagnostics.
Here is the default route for my pfsense firewall:
default fe80::217:10ff:fe9 UGS re0It lists the link local address for my ISP's router and the interface it's found on.
-
Right but I'm talking static routing. Or a routing protocol. Not anything dynamic like DHCP/PDs.
It looks like we crossed in our posts. However, a router only needs to know the interface to send the packets out of to reach the next hop. This can be any valid IPv6 address or, in the case of point to point links, just the interface. Every route in a routing table eventually works it way down to an exit interface. The routes in a routing table can be entered manually or via routing protocol. It makes no difference. All that matters is the exit interface to the next hop.
-
I agree, but Q: How does upstream know the downstream link-local address for a static route? A: It doesn't and can't.
Here is the default route for my pfsense firewall:
default fe80::217:10ff:fe9 UGS re0It lists the link local address for my ISP's router and the interface it's found on.
Right. But that is downstream-to-upstream which is discovered using an RA.
-
I agree, but Q: How does upstream know the downstream link-local address for a static route? A: It doesn't and can't.
It doesn't need it. All it needs to know is which direction takes a packet closer to the destination, that is the exit interface. Then, at the next router, the same thing happens again, which exit interface to get the packet closer to the destination. This can keep on happening for as many hops as necessary, until the packet reaches the destination network, where it's finally delivered. None of the routers along the path needs to know the WAN address of the destination router, only the way to get to the destination network.
Think about what happens on IPv4. Do all the routers know the WAN address of the destination network? Or do they just know the way to the next hop, according to routing tables? If you assume that the WAN IP address must be known, then the IP address of all the routers must also be known and with complex networks, that's not likely to happen.
Go to the command prompt and enter netstat -r and you'll see the routing table listing which interface is used for the known addresses and the default route for any unknown addresses.
-
It doesn't need it. All it needs to know is which direction takes a packet closer to the destination, that is the exit interface. Then, at the next router, the same thing happens again, which exit interface to get the packet closer to the destination. This can keep on happening for as many hops as necessary, until the packet reaches the destination network, where it's finally delivered. None of the routers along the path needs to know the WAN address of the destination router, only the way to get to the destination network.
Right. but that requires interface routes. You are mixing things up. There needs to be a next hop address. There is no way to know the link-local address of the next hop in this case.
-
There needs to be a next hop interface. Point to point links don't need an address at all and multipoint need the interface and next hop address. That next hop address is usually link local on IPv6. Any router address beyond the next hop is irrelevant. As for the IPv6 address at the other end of a link, why is there any difference between GUA and link local? If doing manual configuration, you'd need to know the address either way. If using a routing protocol, such as OSPF, it's all worked out automatically.
Here's something from the Cisco book IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6, 2nd ed., page 425:
ipv6-address: The IPv6 address of the next hop that can be used to reach the specified
network. The IPv6 address of the next hop need not be directly connected;
recursion is done to find the IPv6 address of the directly connected next hop. When
an interface type and interface number are specified, you can optionally specify
the IPv6 address of the next hop to which packets are output. Note that you must
specify an interface type and an interface number when using a link-local address as
the next hop. (The link-local next hop must also be an adjacent router.) This argument
must be in the form documented in RFC 4291, where the address is specified
in hexadecimal, using 16-bit values between colons.Notice they say a link local address can be used.
