What If ISP can only provide a /64
-
@bob-dig
Why would that be the case - a /64 is a massive address space [insert random figure from Google]?There should be no issue assigning IPv6 addresses across multiple interfaces, subnets, VLANs to your heart's content.
️ -
@robbiett /64 is the smallest you could use, to the most part, so it is only good for one LAN, which could be huge but still, only one. Evey interface needs its own /64.
-
@bob-dig I'm still confused. The /64 refers to the first part of the 128-bit address (half in this example) aka 'the prefix'. The rest of it can be farmed-out as you like.
pfSense has no issue in doing this, using the first part as the prefix and then allowing you to subnet the rest, usually adding a simple addition after the prefix address to signify which address range belongs on any given interface. In my case a ':1' for management, ':2' for main LAN, ':3' for first VLAN etc.
️ -
An example from a VLAN on my home network (plus the handy hints from pfSense):
️ -
@robbiett But you got more then one /64 from your ISP, that is the point. Maybe you got a /56 or what not, which is more than only one /64.
-
@robbiett Also I don't think that you have active subrouters, do you? I think this only can be used with a fixed prefix and not a dynamic one, which would be another limitation on pfSense side regarding dynamic IPv6.
-
The point is that you can subnet a /64. It is massive (in the scheme of what we have in IPv4 land). You just subnet it into a range, effectively identify it as a given subnet by adding an identifier (a :2 in the example above) and assign that address space to an interface / LAN / VLAN etc.
️ -
@robbiett You can do that but this will not work without problems because of that:
In IPv6, the address space is deemed large enough for the foreseeable future, and a local area subnet always uses 64 bits for the host portion of the address, designated as the interface identifier, while the most-significant 64 bits are used as the routing prefix.
https://en.wikipedia.org/wiki/IPv6#Addressing
You screen does show something different anyways, because there the prefix is a /64 and not less. The field below isn't used because I bet you don't have any subrouters.
-
Thanks, helpful discussion. So far.
I was (still am) confused because after setting up one LAN interface to "Track Interface" and point to the one and only WAN interface to use for tracking I get usable IPv6 addresses on hosts on that LAN.
But when trying to configure this same thing (Track Interface) on a interface for LAN #2 a message says can't do that, WAN interface already used for tracking on WAN1. I don't have exact message in front of me, that's me going from memory form a few days ago.
-
@grumpyoldcoalminer Because one /64 is only good for one LAN. So this is expected behavior. Check with your ISP if they really only give out a /64. You have to put in the real delegation size manually on the WAN-page yourself with pfSense.
Mine is giving me a /56 which the first router (Fritzbox) will take some off so I configured pfSense to only demand a /60.
-
@bob-dig
This is my home example (it's Saturday!), so no sub-routers needed.The only thing notable about a /64 is that most (all?) auto-configurations do not subnet below a /64. You can actually subnet all the way down to tiny subnets. For example, you could subnet down to say a /124, giving you just 16 IPv6 addresses for that LAN/VLAN.
There are many subnet calculators out there that give you all the options if you want to get really wacky.
️ -
@robbiett said in What If ISP can only provide a /64:
There are many subnet calculators out there that give you all the options if you want to get really wacky.
True, but there are many devices that will not work with a subnets smaller than /64, so it is no good advise. But sure, try for yourself, if it would work for you, but you can't and shouldn't count on this at all.
-
The IETF didn't really imagine that an ISP would be as stingy as handing out a /64, expecting /56 or a /48 address space to be commonplace. Things didn't work out that way but the /64 address space is still massive and I've not run into a case where a client cared about its address space.
-
@robbiett I once had such an ISP and I tried splitting up the /64. If I remember correct, my dell printer and my android phone didn't liked it, Windows and Linux were fine though.
-
@bob-dig Yeah, some ISPs are just mean. Yours is the first example I have heard of a device rejecting its subnet. That's some really bad coding!
For the OP the Negate manual has some words on the subject and the address ranges possible:
The prefix length denotes how many bits of the address define the network in which it exists. Most commonly the prefixes used with IPv6 are multiples of four, as seen in Table IPv6 Subnet Table, but they can be any number between 0 and 128.
Netgate Docs - IPv6 Subnetting
️ -
@robbiett At this time, everything not being /64 is just wrong. And with dynamic prefixes via track interface you also can't go below /64, even in pfSense.
-
@bob-dig said in What If ISP can only provide a /64:
@robbiett ...my android phone didn't liked it, Windows and Linux were fine though.
Just thinking about the Android bit and I guess this would be due to Android pretending that DHCPv6 does not exist?
️ -
@robbiett Would make sense, but I don't think that was the case with the printer. And I am just a home user...
-
@bob-dig
Clearly I don't know about the printer specifics; but If I had to guess (and it is a guess) it could be its inbuilt NIC not handling privacy or assigned addresses and is reliant on the 48-bit MAC derived address and that the subnet defined had crossed into the MAC address space.Of course, in all things networking there is always one-more-way to screw something up.
Anyway, we should beat-up ISPs that don't give a static /48 (or /56 at least) address block to their customers. I'm in the UK and even the 'managed' monopoly of BT gives a /56 away (and they would eat your first-born if you let them).
️ -
A 64 bit host part (or "interface identifier") is baked into the v6 specs in a number of ways. Here's a good summary.
It may be possible to assign and use longer prefixes with DHCP, but SLAAC, hence Android, will definitely break.
Anyway, we should beat-up ISPs that don't give a static /48 (or /56 at least) address block to their customers. I'm in the UK and even the 'managed' monopoly of BT gives a /56 away (and they would eat your first-born if you let them).
+1 on this. Here's RIPE's view on best practices for prefix assignment. In particular,
Assigning a /64 or longer prefix does not conform to IPv6 standards and will break functionality in customer LANs
