IPv6 Static WAN without DHCPv6PD

  • Hi, my ISP give me static /62 subnet to WAN interface. Their GW IPv6 is link-local.
    I can assign 2a03:xxxx:x:xx0::1/64 on WAN and 2a03:xxxx:x:xx1::1/64 on LAN.
    I can ping world from WAN and can ping WAN from LAN. But can't ping world from LAN. This is logical - because there is no routes.
    How I can route traffice from LAN to WAN without PD? Or there is no way to work without PD? And /62 is OK to at least route this (1 /64 WAN and /64 LAN, and 2 /64 reserverd)?

  • LAYER 8 Global Moderator

    They actually routed the /62 to you? Or they statically assigned the /62 you - there is a big difference..

    While it is possible to use the first prefix as the transit, its not really a normal config.. Why would they not just route the /62 to you via a different transit?

    I would get with them for verification on how your suppose to set that up.. Did they explicitly state to you that you should use the first prefix as your transit?

  • @johnpoz how i can check that they routed it or statically asigned it?

  • LAYER 8 Global Moderator

    How did they give you the info? If they would of routed to you, they would of specifically told you given you a what the transit was, or how to set it up..

    Since its not working points they statically assigned it you... See it all the time, someone asks for /48 and so they change the mask on their directly attached to /48... They don't seem to understand how this works ;)

  • @johnpoz they static assign /62 on wan, and that I can configure wan for /64 and lan /64. I afraid that i end up with he.net again :(

  • LAYER 8 Global Moderator

    Yeah the lack of understanding of ipv6 and how to properly assign it and use it seems to be a big issue with many isp ;) I don't think HE will be out of the tunnel business any time soon to be honest because of this utter lack of understanding in how to work with ipv6 at the isp level ;)

    That they gave you a /62 in the first place.. Should of been a /56 at min to be honest. And really /48

    If they directly attach you at /62 means they assigned a /62 to their interface.. Which is wrong, and no you can not just do what sounds like they are doing without ipv6 proxy-nd (ND-Proxy)... I do not believe pfsense supports doing that.. Here thread from 2015 user asking for it

    Its a borked sort of setup, and at best a work around.. Does not scale, etc..

    My suggestion would be to get the isp to do it correctly
    Change ISP if its that important too you
    Use HE..
    Just forget ipv6 for now - what service are you attempting to use that actually requires IPv6.. At this point in time there is nothing that requires you to have ipv6.. Unless your wanting to serve up services on it for your own wants/needs.

    The good thing with HE is you get that /48 and you can take it with you to any isp ;) I have had mine since 2011...

    The ipv6 deployment numbers to be honest are misleading because of this sort of nonsense.. Sure they say X percent of deployment in country ABC, but how many of those are actually viable... Stuff like what this isp seems to be doing is just holding back the migration to be honest.

  • @johnpoz Im using he about 2 years with multi wan in office. Im ok with it, but native is little quicker. This case is data center. I want provide my services over ipv6 too. And i don't need many /64 due there is will be not much networks (lan and vpn thats all). I read about npd proxy before when have "luck" to configure ovh servers and end up too use he.net. this another dc and hope I can explain that their ipv6 networking work only for one dedicated server and not for dedicated l2 segment with routed gateway... Thanks

Log in to reply