How do I know how many IPv6 addresses I'm getting from my ISP?

pandalion98

My ISP started to support IPv6 less than 2 days ago. I'm looking to enable IPv6 for my website and it seems like I need to delegate addresses from the block my ISP supposedly gives me.

How do I know how large of a block I'm getting within pfSense? I'm fine with either the web UI or console.

Here's my ifconfig if that's useful:

vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
	ether 26:1a:a5:60:65:19
	hwaddr 26:1a:a5:60:65:19
	inet6 fe80::241a:a5ff:fe60:6519%vtnet0 prefixlen 64 scopeid 0x1
	inet6 xxxx:xxxx:xx::xxxx prefixlen 128
	inet yy.yyy.xxx.xxx netmask 0xffffe000 broadcast yy.yyy.255.255
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=d00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,LINKSTATE>
	ether 76:11:a1:09:a1:5e
	hwaddr 76:11:a1:09:a1:5e
	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
	inet6 fe80::1:1%vtnet1 prefixlen 64 scopeid 0x2
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
enc0: flags=0<> metric 0 mtu 1536
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: enc
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
	inet 127.0.0.1 netmask 0xff000000
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo
pflog0: flags=100<PROMISC> metric 0 mtu 33160
	groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
	groups: pfsync
	syncpeer: 224.0.0.240 maxupd: 128 defer: on
	syncok: 1
vtnet1.1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	ether 76:11:a1:09:a1:5e
	inet6 fe80::7411:a1ff:fe09:a15e%vtnet1.1 prefixlen 64 scopeid 0x7
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
	vlan: 1 vlanpcp: 0 parent interface: vtnet1
	groups: vlan
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	inet6 fe80::b43c:e315:724b:794a%ovpns1 prefixlen 64 scopeid 0x8
	inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: tun openvpn
	Opened by PID 33309

JKnott

@pandalion98

There is nothing there to show what you're getting. All I see is there's some /128 address assigned to you. What does your ISP say they provide? Mine gives me a /56, which is 256 /64s. I can configure pfSense to request anywhere from 1 to 256. Then I can delegate the individual /64s as needed. Who is your ISP? Maybe someone else here is on them.

pandalion98

@JKnott The ISP hasn't publicly released any info about it yet. I suddenly just noticed that IPv6 WAN was online (it was usually offline). Someone working for them confirmed that IPv6 was being rolled out. Apparently, their IPv6 rollout is still in the alpha/beta stage, but it does work.

PING6(56=40+8+8 bytes) 2001:4455:80::2c1a --> 2001:4860:4860::8888
16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=53 time=90.819 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=53 time=90.764 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=2 hlim=53 time=90.764 ms

--- 2001:4860:4860::8888 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 90.764/90.782/90.819/0.026 ms

It's PLDT, a major ISP in the Philippines.

JKnott

@pandalion98
Then you'll have to wait until the ISP is ready. At least you have an address on pfSense. That's a start.

pandalion98

@JKnott Oh. So there's no way to tell from my end?

JKnott

@pandalion98 said in How do I know how many IPv6 addresses I'm getting from my ISP?:

@JKnott Oh. So there's no way to tell from my end?

Not that I'm aware of, other than trying different prefix sizes with pfSense and seeing how far you get. However, your ISP should have that info.

Derelict

The best thing to do is get information from your ISP. Perhaps they have a beta program or something that would result in more information.

You can see what PD you are getting by saving the DUID in System > Advanced, Networking

Screen Shot 2019-08-18 at 11.56.41 AM.png

Then enable the Debug mode on WAN in the DHCP6 Client Configuration area, setting whatever secret sauce your ISP requires. This is what I use for Cox Las Vegas:

Screen Shot 2019-08-18 at 11.59.41 AM.png

Your ISP might require something completely different.

Then look at Status > System Logs, DHCP and set the filter to process dhcp6c

You will see exactly what is happening.

My PD looks like this:

Sep 1 03:55:10 	dhcp6c 	44071 	update an IA: PD-0
Sep 1 03:55:10 	dhcp6c 	44071 	status code for PD-0: success
Sep 1 03:55:10 	dhcp6c 	44071 	update a prefix 2600:dabb:ad00:bc00::/56 pltime=34359824768, vltime=34359824768
Sep 1 03:55:10 	dhcp6c 	44071 	executes /var/etc/dhcp6c_wan_script.sh
Sep 1 03:55:10 	dhcp6c 		dhcp6c renew, no change - bypassing update on igb0
Sep 1 03:55:10 	dhcp6c 	44071 	script "/var/etc/dhcp6c_wan_script.sh" terminated

If you want to try new settings just increment the DUID-LLT, save, and Edit/Save WAN. That should result in a new renewal using a new DUID so it should all be fresh.

Your ISP might have settings that don't like changes like this. Only they know. Ask them. We cannot know what they require here. Again, only they know.