Split a /60 between interfaces on pfSense and downstream L3 switch
-
@CNLiberal I don't know how Comcast does things, but your prefix might essentially be static. I'm on Rogers and have had the same prefix for over 6 years, despite changing both my cable modem and the computer I run pfSense on. However, I am aware some ISPs don't do that.
-
@CNLiberal Last I looked at clients' Comcast (business) accounts the IPv6 was labeled as "static" but a /56. So, one gets a block but it isn't supposed to change.
That said I cannot manage to get a consistent address block in our setup. I've written elsewhere but the short version is when the Comcast router reboots it assigns a different block even with a fixed DUID set (hint: required if using a RAM disk). I suspect it might work if just using DHCP/RA but because of our unique setup we can't. So overall, YMMV. :)
Also, time to upgrade from v2.4...?
-
@SteveITS Way to call me out on not updating my sig!
I just updated.Based on the Cisco doc I linked, it looks like they use DHCPv6 only. I don't see anything about RAs. Then on the switch VLAN interfaces, I setup RAs (managed?) and DHCPv6 using the prefix-from-pfSense and a "static IP" (prefix + /64 subnet ID). But the question I have still remains. How do I hand out a /61 to the downstream Cisco CORE switch? I'm looking at the DHCPv6 Server config in pfSense 2.7.2, and I'm seeing:
If I'm understanding IPv6 "subnetting" correctly, a /61 gives me eight /64 subnets. With the screenshot above, how do I define that I want the 0-7 subnets and not 8-f? Do I also keep the "Prefix Delegation Size" at 61? The documentation around these fields is not very descriptive. Thanks!!
pfSense 2.7.2-RELEASE
Dell R210 II
Intel E3-1340 v2
8GB RAM
SSD ZFS Mirror
Intel X520-DA2, RJ45 SFP+ (WAN) and 10Gb SFP+ DAC (LAN)
1 x Cisco 3850 12XS-S (Core Switch)
2 x Cisco 3750X PoE Gig Switch (Access Stack)
3 x Cisco 2802i APs (Mobility Express) -
@CNLiberal Watching as I've not been able to make PD work on an Cisco SG-350X core switch with only a L3 transit network connecting it and pfSense. (I have been able to make RA work by manually defining /64's on switch-defined VLANs however.)
-
@CNLiberal said in Split a /60 between interfaces on pfSense and downstream L3 switch:
With the screenshot above, how do I define that I want the 0-7 subnets and not 8-f?
When you configure an interface, you can select whatever prefix ID you want. Just make sure each one is unique.
-
@JKnott I think that only applies if the interface I need to address is on pfSense. My situation is that I have a transit network between pfSense and a dowstream L3 switch. The L3 switch has all the VLAN interfaces on it and performs the routing. There's an OSPF adjacency between pfSense and that L3 switch so each subnet knows how to talk to each other and the internet (via pfSense). So as I said, on my pfSense box, I have the following interfaces and their associated IPv6 subnet (/60 gives me sixteen /64s, labeled 0-F):
Home Automation (D)
Guest (E)
OpenVPN & Wireguard (F)
Transit (0)Then on the 3850 L3 switch, I have these VLAN interfaces and what I'd like to be their IPv6 PD ranges:
Transit to pfSense (0)
MGMT to ACC switch (1)
WiredLAN (2)
VoIP (3)
WirelessLAN (4)
Media (5)
Server (6)So I need to know how to get those PD subnets advertised to the L3 switch across the transit network. I hope this helps, and I appreciate the responses!!
-
@CNLiberal said in Split a /60 between interfaces on pfSense and downstream L3 switch:
There's an OSPF adjacency between pfSense and that L3 switch so each subnet knows how to talk to each other and the internet (via pfSense).
I'm not sure what you're referring to. If you have OSPF running, the routing should be done automatically. If you're talking about the link between pfSense and the Cisco switch, then all you need is the link local addresses, which are normally used for routing. This differs from IPv4, where you have to provide routeable IP addresses for the link.
If you want to split the prefix on the Cisco, that's beyond what you can do in pfSense.
If you want to tell the switch what prefixes are available you can set up a DHCPv6-PD server on pfSense to pass on the prefix.
-
@JKnott Let's ignore OSPF for now (since it's OSPFv4). I shouldn't have mentioned that as it muddies the waters.
It sounds like you're agreeing with me that I need to "tell the switch what prefixes are available." I'm asking how do I do that. I'm assuming from pfSense > Services > DHCPv6 Server. In the screenshot I provided, I don't know what to put in the PREFIX DELEGATION "FROM" and "TO" fields. I've tried:
::0/61 ::7/61
:0::0/61 :7:ffff:ffff:ffff:ffff/61
and othersI can't seem to figure out what to enter in these fields. I think these fields would distribute the PDs that are available to the L3 switch (Xfinity PD 0-7). Do you or anyone else know? Thanks!
pfSense 2.7.2-RELEASE
Dell R210 II
Intel E3-1340 v2
8GB RAM
SSD ZFS Mirror
Intel X520-DA2, RJ45 SFP+ (WAN) and 10Gb SFP+ DAC (LAN)
1 x Cisco 3850 12XS-S (Core Switch)
2 x Cisco 3750X PoE Gig Switch (Access Stack)
3 x Cisco 2802i APs (Mobility Express) -
So this might be the answer. Since I want to assign a /61 with 0 as the starting address and 7 as the ending, I put in:
From:
::0
To:
::0Prefix Delegation Size: /61
I was able to save with no issues. Hopefully tomorrow I'll get to see if the switch likes that.
-
@CNLiberal I have never set up a DHCPv6-PD server, so I can't help with that.
