Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I know how many IPv6 addresses I'm getting from my ISP?

    Scheduled Pinned Locked Moved IPv6
    7 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pandalion98
      last edited by

      My ISP started to support IPv6 less than 2 days ago. I'm looking to enable IPv6 for my website and it seems like I need to delegate addresses from the block my ISP supposedly gives me.

      How do I know how large of a block I'm getting within pfSense? I'm fine with either the web UI or console.

      Here's my ifconfig if that's useful:

      vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      	options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
      	ether 26:1a:a5:60:65:19
      	hwaddr 26:1a:a5:60:65:19
      	inet6 fe80::241a:a5ff:fe60:6519%vtnet0 prefixlen 64 scopeid 0x1
      	inet6 xxxx:xxxx:xx::xxxx prefixlen 128
      	inet yy.yyy.xxx.xxx netmask 0xffffe000 broadcast yy.yyy.255.255
      	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
      	media: Ethernet 10Gbase-T <full-duplex>
      	status: active
      vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      	options=d00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,LINKSTATE>
      	ether 76:11:a1:09:a1:5e
      	hwaddr 76:11:a1:09:a1:5e
      	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
      	inet6 fe80::1:1%vtnet1 prefixlen 64 scopeid 0x2
      	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      	media: Ethernet 10Gbase-T <full-duplex>
      	status: active
      enc0: flags=0<> metric 0 mtu 1536
      	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      	groups: enc
      lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
      	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
      	inet6 ::1 prefixlen 128
      	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
      	inet 127.0.0.1 netmask 0xff000000
      	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      	groups: lo
      pflog0: flags=100<PROMISC> metric 0 mtu 33160
      	groups: pflog
      pfsync0: flags=0<> metric 0 mtu 1500
      	groups: pfsync
      	syncpeer: 224.0.0.240 maxupd: 128 defer: on
      	syncok: 1
      vtnet1.1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
      	options=80000<LINKSTATE>
      	ether 76:11:a1:09:a1:5e
      	inet6 fe80::7411:a1ff:fe09:a15e%vtnet1.1 prefixlen 64 scopeid 0x7
      	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      	media: Ethernet 10Gbase-T <full-duplex>
      	status: active
      	vlan: 1 vlanpcp: 0 parent interface: vtnet1
      	groups: vlan
      ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
      	options=80000<LINKSTATE>
      	inet6 fe80::b43c:e315:724b:794a%ovpns1 prefixlen 64 scopeid 0x8
      	inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00
      	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      	groups: tun openvpn
      	Opened by PID 33309
      
      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @pandalion98
        last edited by

        @pandalion98

        There is nothing there to show what you're getting. All I see is there's some /128 address assigned to you. What does your ISP say they provide? Mine gives me a /56, which is 256 /64s. I can configure pfSense to request anywhere from 1 to 256. Then I can delegate the individual /64s as needed. Who is your ISP? Maybe someone else here is on them.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        P 1 Reply Last reply Reply Quote 0
        • P
          pandalion98 @JKnott
          last edited by

          @JKnott The ISP hasn't publicly released any info about it yet. I suddenly just noticed that IPv6 WAN was online (it was usually offline). Someone working for them confirmed that IPv6 was being rolled out. Apparently, their IPv6 rollout is still in the alpha/beta stage, but it does work.

          PING6(56=40+8+8 bytes) 2001:4455:80::2c1a --> 2001:4860:4860::8888
          16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=53 time=90.819 ms
          16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=53 time=90.764 ms
          16 bytes from 2001:4860:4860::8888, icmp_seq=2 hlim=53 time=90.764 ms
          
          --- 2001:4860:4860::8888 ping6 statistics ---
          3 packets transmitted, 3 packets received, 0.0% packet loss
          round-trip min/avg/max/std-dev = 90.764/90.782/90.819/0.026 ms
          

          It's PLDT, a major ISP in the Philippines.

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @pandalion98
            last edited by

            @pandalion98
            Then you'll have to wait until the ISP is ready. At least you have an address on pfSense. That's a start.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            P 1 Reply Last reply Reply Quote 1
            • P
              pandalion98 @JKnott
              last edited by

              @JKnott Oh. So there's no way to tell from my end?

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @pandalion98
                last edited by

                @pandalion98 said in How do I know how many IPv6 addresses I'm getting from my ISP?:

                @JKnott Oh. So there's no way to tell from my end?

                Not that I'm aware of, other than trying different prefix sizes with pfSense and seeing how far you get. However, your ISP should have that info.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 1
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by Derelict

                  The best thing to do is get information from your ISP. Perhaps they have a beta program or something that would result in more information.

                  You can see what PD you are getting by saving the DUID in System > Advanced, Networking

                  Screen Shot 2019-08-18 at 11.56.41 AM.png

                  Then enable the Debug mode on WAN in the DHCP6 Client Configuration area, setting whatever secret sauce your ISP requires. This is what I use for Cox Las Vegas:

                  Screen Shot 2019-08-18 at 11.59.41 AM.png

                  Your ISP might require something completely different.

                  Then look at Status > System Logs, DHCP and set the filter to process dhcp6c

                  You will see exactly what is happening.

                  My PD looks like this:

                  Sep 1 03:55:10 	dhcp6c 	44071 	update an IA: PD-0
                  Sep 1 03:55:10 	dhcp6c 	44071 	status code for PD-0: success
                  Sep 1 03:55:10 	dhcp6c 	44071 	update a prefix 2600:dabb:ad00:bc00::/56 pltime=34359824768, vltime=34359824768
                  Sep 1 03:55:10 	dhcp6c 	44071 	executes /var/etc/dhcp6c_wan_script.sh
                  Sep 1 03:55:10 	dhcp6c 		dhcp6c renew, no change - bypassing update on igb0
                  Sep 1 03:55:10 	dhcp6c 	44071 	script "/var/etc/dhcp6c_wan_script.sh" terminated
                  

                  If you want to try new settings just increment the DUID-LLT, save, and Edit/Save WAN. That should result in a new renewal using a new DUID so it should all be fresh.

                  Your ISP might have settings that don't like changes like this. Only they know. Ask them. We cannot know what they require here. Again, only they know.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.