How do I know how many IPv6 addresses I'm getting from my ISP?
My ISP started to support IPv6 less than 2 days ago. I'm looking to enable IPv6 for my website and it seems like I need to delegate addresses from the block my ISP supposedly gives me.
How do I know how large of a block I'm getting within pfSense? I'm fine with either the web UI or console.
ifconfigif that's useful:
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE> ether 26:1a:a5:60:65:19 hwaddr 26:1a:a5:60:65:19 inet6 fe80::241a:a5ff:fe60:6519%vtnet0 prefixlen 64 scopeid 0x1 inet6 xxxx:xxxx:xx::xxxx prefixlen 128 inet yy.yyy.xxx.xxx netmask 0xffffe000 broadcast yy.yyy.255.255 nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> media: Ethernet 10Gbase-T <full-duplex> status: active vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=d00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,LINKSTATE> ether 76:11:a1:09:a1:5e hwaddr 76:11:a1:09:a1:5e inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::1:1%vtnet1 prefixlen 64 scopeid 0x2 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet 10Gbase-T <full-duplex> status: active enc0: flags=0<> metric 0 mtu 1536 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: enc lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: lo pflog0: flags=100<PROMISC> metric 0 mtu 33160 groups: pflog pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync syncpeer: 220.127.116.11 maxupd: 128 defer: on syncok: 1 vtnet1.1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> ether 76:11:a1:09:a1:5e inet6 fe80::7411:a1ff:fe09:a15e%vtnet1.1 prefixlen 64 scopeid 0x7 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet 10Gbase-T <full-duplex> status: active vlan: 1 vlanpcp: 0 parent interface: vtnet1 groups: vlan ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::b43c:e315:724b:794a%ovpns1 prefixlen 64 scopeid 0x8 inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: tun openvpn Opened by PID 33309
There is nothing there to show what you're getting. All I see is there's some /128 address assigned to you. What does your ISP say they provide? Mine gives me a /56, which is 256 /64s. I can configure pfSense to request anywhere from 1 to 256. Then I can delegate the individual /64s as needed. Who is your ISP? Maybe someone else here is on them.
@JKnott The ISP hasn't publicly released any info about it yet. I suddenly just noticed that IPv6 WAN was online (it was usually offline). Someone working for them confirmed that IPv6 was being rolled out. Apparently, their IPv6 rollout is still in the alpha/beta stage, but it does work.
PING6(56=40+8+8 bytes) 2001:4455:80::2c1a --> 2001:4860:4860::8888 16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=53 time=90.819 ms 16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=53 time=90.764 ms 16 bytes from 2001:4860:4860::8888, icmp_seq=2 hlim=53 time=90.764 ms --- 2001:4860:4860::8888 ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 90.764/90.782/90.819/0.026 ms
It's PLDT, a major ISP in the Philippines.
Then you'll have to wait until the ISP is ready. At least you have an address on pfSense. That's a start.
@JKnott Oh. So there's no way to tell from my end?
@JKnott Oh. So there's no way to tell from my end?
Not that I'm aware of, other than trying different prefix sizes with pfSense and seeing how far you get. However, your ISP should have that info.
The best thing to do is get information from your ISP. Perhaps they have a beta program or something that would result in more information.
You can see what PD you are getting by saving the DUID in System > Advanced, Networking
Then enable the Debug mode on WAN in the DHCP6 Client Configuration area, setting whatever secret sauce your ISP requires. This is what I use for Cox Las Vegas:
Your ISP might require something completely different.
Then look at Status > System Logs, DHCP and set the filter to process
You will see exactly what is happening.
My PD looks like this:
Sep 1 03:55:10 dhcp6c 44071 update an IA: PD-0 Sep 1 03:55:10 dhcp6c 44071 status code for PD-0: success Sep 1 03:55:10 dhcp6c 44071 update a prefix 2600:dabb:ad00:bc00::/56 pltime=34359824768, vltime=34359824768 Sep 1 03:55:10 dhcp6c 44071 executes /var/etc/dhcp6c_wan_script.sh Sep 1 03:55:10 dhcp6c dhcp6c renew, no change - bypassing update on igb0 Sep 1 03:55:10 dhcp6c 44071 script "/var/etc/dhcp6c_wan_script.sh" terminated
If you want to try new settings just increment the DUID-LLT, save, and Edit/Save WAN. That should result in a new renewal using a new DUID so it should all be fresh.
Your ISP might have settings that don't like changes like this. Only they know. Ask them. We cannot know what they require here. Again, only they know.