NPT6 for Multi-WAN with dynamic prefix
-
Hello.
I had read https://docs.netgate.com/pfsense/en/latest/nat/npt.html and I'm still not understanding some stuff.
On that image, we seem to have to choose 1 interface, and then set static destination prefix. How is that handled, if ISP uses dynamic global prefix? Indeed it says "This does not work for dynamic IPv6 types where the subnet is not static, such as DHCP6-PD.".
So, how to do it when we have dynamic global prefix?
But then, I have to handle 2 of those for 2 ISP WANs, together with load balancing and fail over. Is it possible at all?
What I'm thinking would be needed in my case:
- Use a pure GUA prefix, no ULA
- Setup fixed suffix for each device on LAN, and also a host name inside LAN domain, all related to their MAC
- Choose a random /60 prefix inside one of my ISPs' /32 prefixes, and set a /64 inside it for each of my VLANs
- Setup load balancing for both WAN links on 50%-50% distribution and fail over
- Setup NPT6 so that LAN GUA prefix is translated to chosen WAN's delegated prefix
Is it possible to do that on pfSense? Or is there any better way to do it?
Why I'm considering this approach: when only ULA prefix is used or when GUA prefix expires, devices fall back to IPv4. By delegating a fixed GUA for them, they will remain on IPv6 thinking that's their public prefix.
Issues:
a) Protocols that incorporate IP or that announce their IP to outer world will have packages directed to them routed elsewhere.
b) I'll be unable to reach anybody using any prefix inside the chosen /60, that may be a issue for P2P games in example.To solve (b), maybe I choose some Africa prefix, as I had never used any server or matched anybody on games.
I must be sure pfSense is able to manage this before buying an appliance, so that later it doesn't work and I waste a lot of money.
-
Feature request for this:
https://redmine.pfsense.org/issues/4881
