Switch from /64 to /48

MushyMiddle

This may be more FYI than a question, but I do have a question at the end.

I'm running pfSense 2.5.0.a.20210101.0250 on an appliance device.

I'm using HE.net for IPv6, as Verizon is hopeless. I've been running for years with the default /64 they provide, but decided to enable IPv6 on my VLANs, so requested a /48. I'm using SLAAC.

I had no issue getting the VLANs up on their respective /64's, however moving the original main LAN to its new /64 proved to take a bit more work.

I watched the NDP table as it updated, and while it showed the LAN prefix with its new /64 address, none of the machines on that network got their new addresses.

I guess I expected that when I changed the LAN interface's /64, that would update radvd.conf, but when I checked radvd.conf (and via tcpdump), it was still advertising the old /64. The simple fix was to disable SLAAC on that interface (it was then removed from radvd.conf), and re-enable it - the new /64 showed up in radvd.conf, and machines immediately got their new addresses.

Now my question:

There is very little information about how to deal with /48's and handing-out /64's in general on the Internet. pfSense docs make a brief mention of using a /48, but provide no details. I'm basically just manually assigning various /64's to my VLANs, but nothing is really managing the /48 itself on my side. For each VLAN interface, I'm using the VLAN ID as the subnet ID, FWIW.

The few examples I've seen usually have at least some interface owning the /48, but also given that HE.net/GIF is involved, I can't wrap my head around which interface should own the /48, if any.

So my question is, for a routed /48, should the entire /48 be defined anywhere on my side of the connection, or is this approach of just manually assigning individual /64's reasonable? Bearing in mind that at the moment, I'm not using DHCPv6, and my networking needs are pretty simple.

I also manage a data center network where I'm going to eventually support a "real" /48 assigned by a real ISP (i.e. not Verizon), so this would be helpful to understand in general. In that case, I do have an edge router, so that would seem to be the logical place to put the /48 - just unsure about whether my HE.net setup needs anything similar.

Thanks...

johnpoz

@mushymiddle said in Switch from /64 to /48:

I can't wrap my head around which interface should own the /48, if any.

No interface should have a /48 on it.. The /48 you get from HE is routed to you via your tunnel network.. Your wan side would use its IPv6 network from the tunnel.. And all your vlans on your lan side would just a /64 out of the /48

JKnott

@mushymiddle said in Switch from /64 to /48:

There is very little information about how to deal with /48's and handing-out /64's in general on the Internet.

When you configure a LAN or VLAN interface, you have to specify a unique prefix ID. With a /48, the range is 0 - ffff.