Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does “Static IPv6” LAN interface break the ISP GUA prefix delegation router advertisements?

    Scheduled Pinned Locked Moved IPv6
    23 Posts 2 Posters 2.5k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnottJ Offline
      JKnott @Evolve 0
      last edited by

      @evolve-0

      Yes, the random number used for the consistent address is generated when the interface is configured.

      There's one other point against DHCPv6. It's not supported by Android devices. You can thank some genius at Google for that one.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      E 1 Reply Last reply Reply Quote 0
      • E Offline
        Evolve 0 @JKnott
        last edited by Evolve 0

        @jknott
        I know his name, Lorenzo 😁

        Anyway.. Thanks a lot for clearing my thoughts about the IPv6 slaac private stable address.

        This is definitely the way to go, that is using only slaac (unmanaged) with different Ra subnets, one from the ISP PD and the other with a random chosen ULA prefix.

        Get all the stable slaac IPv6 addresses and save them in the Pfsense host override associating them unique and intuitive names.

        Thanks a lot for all your help, I really appreciate it.

        P.s.: I read carefully the RFC 7217 and there are rare cases in which the generated slaac privacy stable address would be different:
        "Finally, we note that since different implementations are likely to use different values for the secret_key parameter, and may also employ different PRFs for F() and different sources for the Net_Iface parameter, the addresses generated by this scheme should not expected to be stable across different operating-system installations. For example, a host that is dual-boot or that is reinstalled may result in different IPv6 addresses for each operating system and/or installation."

        But I think that that depends on the type of the OS, I think that in most cases the stable privacy address is the same even between the same os reinstall, maybe different between different versions of the same OS and most certainly different between different ones but I think we can live with that 😀

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ Offline
          JKnott @Evolve 0
          last edited by

          @evolve-0

          I don't see that being a problem. No matter how the random number is generated, duplicate address detection is used to avoid collisions. As long as there is a 64 bit random number, it's actual value is irrelevant. If it matches with an address on a different subnet, so what? The prefix will be different, so the address will still be unique.

          I think some people worry too much about "privacy". While there may be some concern about tracking people where they go through their MAC address, there's no reason to worry about it for the stable address. It would only be used for reaching a computer, so the address must be known. If it's always in one location, then there's nothing to track. Further, once you're off the local network, there's no way to tell if it's a MAC or random number based address.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.