Multiple /64 ULA subnets sharing same WAN /64 prefix via NPTv6?
-
My ISP only route single /64 subnet to resident connection. I'm planning to deploy ULA for each of my VLANs and then NPT to that public /64 prefix assigned by ISP. Do I need to worry about suffix conflict?
Is there any drawbacks (e.g. latency...) in deploying ULA + NPt compared to just GUA via Track interface? The only problem i can think of is that I would need to manually adjust NPt entries every time my ISP routed prefix change.
-
Do they really provide only a single /64? Or is your modem in gateway mode and not bridge mode? If I have my modem configured as a gateway, I get a single /64. If it's in bridge mode, I get a /56 which pfSense can split into up to 256 /64s.
-
@JKnott It's definitely dynamic /64, ISP tech confirmed that to me. ISP modem is in bridge mode. They have plans with /56 static prefixes but I'd have to pay twice the price for same bandwidth.
-
@nva said in Multiple /64 ULA subnets sharing same WAN /64 prefix via NPTv6?:
They have plans with /56 static prefixes but I'd have to pay twice the price for same bandwidth.
It's amazing how CHEAP some ISPs are, considering the IPv6 address space is so vast. While my ISP initially provided a single /64, that was only temporary and they soon moved to /56. Then there's he.net, which will provide a /48 for free! Before my ISP offered IPv6, I used a tunnel and got a /56 again for free.
BTW, the address space is so vast that every single person on earth could have over 4000 /48s and that's with only 1/8th of the entire address space assigned to anything.
-
@nva said in Multiple /64 ULA subnets sharing same WAN /64 prefix via NPTv6?:
It's definitely dynamic /64
ISPs, including mine, commonly use DHCPv6-PD to provide the prefix. While not officially static, it essentially is, as my prefix is tied to my DUID.
-
@JKnott said in Multiple /64 ULA subnets sharing same WAN /64 prefix via NPTv6?:
It's amazing how CHEAP some ISPs are, considering the IPv6 address space is so vast. While my ISP initially provided a single /64, that was only temporary and they soon moved to /56. Then there's he.net, which will provide a /48 for free! Before my ISP offered IPv6, I used a tunnel and got a /56 again for free.
BTW, the address space is so vast that every single person on earth could have over 4000 /48s and that's with only 1/8th of the entire address space assigned to anything.
My ISPs don't even offer more expensive plans, not that I'd accept paying. A tech even told me that only government companies are forced to follow IPv6 standards. As it's a private ISP company, they can use proprietary protocols, and it's my problem if Internet doesn't work fully. Another one told me that I'm "welcome" to cancel the contract if I want to.
Indeed, according to IPv6 standard, every ISP receives at least a /32 prefix. With it, these 2 ISPs have more /56 prefixes than IPv4 addresses.
@nva said in Multiple /64 ULA subnets sharing same WAN /64 prefix via NPTv6?:
My ISP only route single /64 subnet to resident connection. I'm planning to deploy ULA for each of my VLANs and then NPT to that public /64 prefix assigned by ISP. Do I need to worry about suffix conflict?
Is there any drawbacks (e.g. latency...) in deploying ULA + NPt compared to just GUA via Track interface? The only problem i can think of is that I would need to manually adjust NPt entries every time my ISP routed prefix change and will try to get it working.
Were you able to get it to work? That's what I was considering doing on my OpenWRT a couple years ago but got tired after 2 long fights with both ISPs. Now I'm considering moving to pfSense because of some BusyBox limitations.
Are you able to update your VLANs prefixes when your ISP changes it?
One ugly thing I consider doing is choosing a random /60 prefix from one of my ISPs /32 and setting it as base for my VLANs. ALAIK, some OSs will use IPv4 if only ULA is provided for them, because it implies that no Internet is available on IPv6, even if router manages ULA to GUA correctly.
Using a global prefix that's not delegated to me breaks me from reaching out any device that's on that prefix, but I don't access any residential IP other than mine anyway.