DUID and IPv6 - static IP mapping best practice
-
IPv6 wise, SlAAC is the opposite of managed. It's what happens when a network isn't actively managed.
See Services / Router Advertisement / LAN Router Mode. Further documentation may be found here.
-
@CatSpecial202 said in DUID and IPv6 - static IP mapping best practice:
@JKnott where is the SLAAC managed from?
On the Router Advertisement page, select Unmanaged for Router Mode
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@CatSpecial202 I understand, I was just kind of venting/discussing in general.
The DUID is also supposed to be unique to the device, not to the NIC, notably when multiple NICs are in a device.
There are several ways to generate a DUID but it's basically just random and up to the device to generate its own. Using the MAC address and factoring in time helps make it unique, is all. Generally it's saved on the device but if you format/reinstall, that file/data is lost. (or if you have pfSense set to use a RAM disk its DUID file is lost on boot, unless saved as noted above). Or I suppose an admin on the device can delete/create a new file.
-
@JKnott I found this link stateless address autoconfiguration slaac that was helpful in my understanding. I keep thinking of this like a local thing and not a global thing, but i guess all IPv6 are designed to be discoverable on the global internet. SLAAC will always resolve an address that can route to the WAN port?
@SteveITS So, i guess this is a known issue with static IP mapping using DHCPv6 that if you reinstall the OS static IP mapping wont work. It's applying old methods to new ideas.
-
@CatSpecial202 said in DUID and IPv6 - static IP mapping best practice:
SLAAC will always resolve an address that can route to the WAN port?
Depending on what you configure pfSense to provide, it will get global addresses which can be routed to the Internet and also, if configured, Unique Local Addresses which, like RFC1918 addresses on IPv4, are routeable, but not to the Internet.
There is one error in that article. SLAAC can provide the DNS address, with RDNSS. You use the Enable DNS setting on the Router Advertisement page to enable it.
-
@JKnott It mentions this in the article
If the O-flag is set to 1, it indicates that DNS information is available via DHCPv6. The router is basically telling the nodes to auto-configure an address via SLAAC and ask the DHCP server for DNS information.
Isn't it the DHCPv6 that will always have to provide that? SLAAC doesn't do this it just tells the service where to look.
-
@CatSpecial202 said in DUID and IPv6 - static IP mapping best practice:
known issue with static IP mapping using DHCPv6 that if you reinstall the OS static IP mapping wont work
I suppose it's semantics whether it's a "known issue" or "by design" but it is up to the administrator/person to keep the DUID between drive wipes.
Note this can also be an issue when cloning VMs if the DUID isn't changed.
-
@CatSpecial202 said in DUID and IPv6 - static IP mapping best practice:
@JKnott
about 4 hours ago@JKnott It mentions this in the article
If the O-flag is set to 1, it indicates that DNS information is available via DHCPv6. The router is basically telling the nodes to auto-configure an address via SLAAC and ask the DHCP server for DNS information.
Isn't it the DHCPv6 that will always have to provide that? SLAAC doesn't do this it just tells the service where to look.
Here's a capture of the relevant bits:
You'll see that the O bit is not set, which means DHCPv6 is not used. SLAAC provides all you need, including the DNS address.
-
@JKnott thanks. that is cool. I'm going to keep experimenting.
-
@CatSpecial202 said in DUID and IPv6 - static IP mapping best practice:
@JKnott thanks. that is cool. I'm going to keep experimenting.
A very useful tool for that is Wireshark.
