DHCPv6 Prefix Delegation and Track Interface



  • I've been trying to set up IPv6 with Google Wifi, with some limited luck. Google WiFi doesn't seem to be cooperating particularly well, and I think it is getting confused due to a plethora of bad DHCPv6 settings I tried...

    Here's how my network is laid out:

    Spectrum -> pfSense Community -> Switch -> Google WiFi -> Switch +-> Wired Devices
                                                         |
                                                         +-> Wireless Devices
    

    It's set up that way since I have multiple pucks and the mesh network mode is incompatible with bridge mode (ideally I'd like Google WiFi to be simply bridged, but that doesn't seem to be possible).

    I'm getting a /60 IPv6 prefix from Spectrum, and I can get to ipv6.google.com just fine from pfSense itself, and if I plug my laptop into the switch hooked up to the LAN interface of pfSense. I set up a prefix delegation using DHCPv6 to try to make a subnet available to Google WiFi. Everything seems to be in order since I can see Google WiFi request and receive the delegation in the DHCPv6 leases page. In order to get everything to work right I had to manually type in the delegation pool into the DHCPv6 page based on the prefix I got from Spectrum, but I can't verify anything since Google WiFi has a problem and isn't providing any diagnostic information.

    Is there a way to automatically combine the prefix from Spectrum with the network ID, similar to how the Track Interface settings work? I tried typing in something like ::1:0000:0000:0000:0000 to ::2:ffff:ffff:ffff:ffff but the DHCPv6 server page claims those are not valid netmasks, so I currently have the from and to blocks reading aaaa:bbbb:cccc:c01:: to aaaa:bbbb:cccc:c02::.

    Thanks in advance for any help!


  • LAYER 8 Netgate

    Doing a downstream prefix delegation when you are only getting a /60 is getting a little silly. What did you want to delegate? /61, /62, or /63?

    That's why all ISPs should be giving /56 or, better, /48.

    Is there a way to automatically combine the prefix from Spectrum with the network ID, similar to how the Track Interface settings work?

    No. You will need to make the DHCP6 PD manually. You will need to manually update it if it changes.



  • @Derelict Thanks. I was hoping to get a /56 when I tried, but I got a /64, so I don't know if it's supported or not. I'm still trying to figure out all the right settings since Spectrum doesn't publish them (or if they do I haven't found them yet).

    I'm really only doing the delegation since Google WiFi doesn't allow you to set your router pucks in bridge mode if you have more than one and are using their mesh function (I am since I don't have ethernet run everywhere). Ideally I'd like Google WiFi in bridge mode so that wired and wireless are one homogenous network instead of having both 172.16.0.0 and 192.168.86.0 addresses. That's also why I'm thinking about replacing them, but that costs a couple hundred and I'd rather not spend that money if I don't have to. To get IPv6 set up, Google WiFi requires you to delegate to it a /64 (or possibly a /63 if you want guest WiFi to have IPv6). Their documentation is fairly light as well, so there's a good amount of trial and error.


  • LAYER 8 Netgate

    Well you have to split up the last 4 bits (the last hex character) on bit boundaries with a /60. You have:

    2 /61s :0c00: and :0c08 (8 /64s each)
    4 /62s : :0c00: :0c04: :0c08: :0c0c: (4 /64s each)
    8 /63s :0c00: :0c02: :0c04: :0c06: :0c08: :0c0a: :0c0c: :0c0e: (2 /64s each)
    16 /64s :0c00: - :0c0f:

    You should be able to use, say, 0c00 - 0c07 for tracked interfaces (the DHCP "pool" addresses will be out of the appropriate one on that interface) and set the prefix delegation to /64 or /63 or /62 using aaaa:bbbb:cccc:0c08:: - aaaa:bbbb:cccc:0c0f::

    Note I have never tried to do a PD out of a PD.

    IPv6 is much easier to grok if you don't have to split individual hex address digits on their inside bit-boundaries. No choice in the matter with such an unreasonably-stingy, clueless ISP.

    Personally, I would use an HE.NET tunnel and their /48 routed prefix.


Log in to reply