IPv6 static leases when ISP changes the prefix

DrPhil · Jan 11, 2024, 2:45 PM

Hi.

I am in the process of configuring IPv6 on my network (to be able to connect to IPv6 only servers on the cloud in the near future).

I have a DHCPv6 server on LAN, and I would like to assign static leases to a few clients (similar to my v4 setup). The problem is that my ISP changes my prefix at every router reboot. Which breaks my static assignments.

I can think of two theoretical possible options.

If I could assign static leases based on just the interface ID (excluding the prefix)
If I could request my ISP to not change my prefix each time (somehow through the settings, I am not ready to call them yet).

Maybe I am bringing too much of my (limited knowledge) IPv4 mindset to it. So, I'll take any v6 native recommendations as well.

johnpoz · Jan 11, 2024, 3:14 PM

@DrPhil said in IPv6 static leases when ISP changes the prefix:

o be able to connect to IPv6 only servers on the cloud in the near future

Curious what "near" means to you.. Do you have some example of some service that is IPv6 only? That isn't some dark web or p0rn fetish sort of site? ;)

If I could request my ISP to not change my prefix each time

you could try setting.

Under advanced?

PlyrStar93 · Jan 11, 2024, 3:12 PM

Who is your ISP and do they provide static IPv6 ranges? If you are on Comcast Business they can provide a static /56, which can be divided into /59s for downstream routers.
For Comcast residential, my experience is that I keep the same /64 prefix at each reboot; occasionally I would get new /64 prefix but it should normally remain the same for an extended period of time.

If your ISP cannot provide a static prefix to you and it changes after every reboot, I'm not sure if there is something you can do with them. Of course, HE tunnel may be an option if you have a public WAN IPv4 (not CGNAT) that can be pinged from the Internet, and the IPv4 address should ideally remain the same too.

EDIT: Should have seen your other thread. Seems you are with Verizon FiOS.

DrPhil · Jan 11, 2024, 3:08 PM

That isn't some dark web or p0rn fetish sort of site? ;)

I am sure there's plenty of that too.

Curious what "near" means to you.. Do you have some example of some service that is IPv6 only?

The goal posts might change, but my "near" term expectation is sometime this year.

The cloud servers I am referring to are servers for inhouse use (primarily development and staging servers only). We're a bit stingy about cloud expenses. Since AWS will be charging for any IPv4 addresses going forward we want to have the option to switch to IPv6 only for non end client facing stuff.

DrPhil · Jan 11, 2024, 3:13 PM

Who is your ISP and do they provide static IPv6 ranges?

Verizon FIOS. I am sure they can provide static IPv6. I was hoping to not have to call them, but I will.

JKnott · Jan 11, 2024, 3:13 PM

@DrPhil

Under System > Advanced > Networking, there's a setting Do not allow PD/Address release. Is that selected? If not, your prefix will change for something as simple as disconnecting & reconnecting the WAN cable.

When I first started using pfSense that option was not available. However, my prefix has now been stable for almost 5 years.

If that doesn't work, you might consider using Unique Local Addresses. With ULA, the addresses will be permanent and can be used in the DNS.

DrPhil · Jan 11, 2024, 3:16 PM

Under System > Advanced > Networking, there's a setting Do not allow PD/Address release. Is that selected? If not, your prefix will change for something as simple as disconnecting & reconnecting the WAN cable.

Thank you!
That's exactly what I was hoping to hear. I've now checked that box, and will monitor. If the ISP still changes the prefix on me, I'll just call them.

ler762 · Jan 24, 2024, 6:53 PM

@DrPhil said in IPv6 static leases when ISP changes the prefix:

Under System > Advanced > Networking, there's a setting Do not allow PD/Address release. Is that selected? If not, your prefix will change for something as simple as disconnecting & reconnecting the WAN cable.

Thank you!
That's exactly what I was hoping to hear. I've now checked that box, and will monitor. If the ISP still changes the prefix on me, I'll just call them.

I'm on Verizon FIOS and they do change the prefix all too often. Even without a reboot or anything that would cause the interface to bounce the delegated prefix can change :(
The good news is that if you leave the prefix off of the IPv6 address in the DHCPv6 config the server will supply the prefix for you.

I haven't figured out how to predict the DUID so I just let the system assign an ipv6 address from the free pool & then go to the ' Status / DHCPv6 Leases' page, find the entry that I want to convert to a static address, and under Actions click the 'Add static mapping' button. That brings up the ' Services / DHCPv6 Server & RA / LAN / DHCPv6 Server / Edit Static Mapping' page and then I put just the "::host addr" in the IPv6 address field. The system will fill in the delegated prefix part of the address when it gives out the DHCPv6 address later on.
.