IPv6 Prefix Delegation Host-Address
-
I receive an IPv6 /56 prefix from my ISP on my WAN connection. I then use the Track Interface to delegate the prefix to other interfaces in my router/network. The IPv6 Prefix ID works fine to build the appropriate prefix for the interface.
What I would like to know is if there is a way to force the interface host address to a specific address suffix.
For example, if the delegated prefix is 1111:2222:3333:4400::/56, adding the IPv6 Prefix ID of 3, it turns the address into 1111:2222:3333:4403:: and then it address the masked mac address with the ff:fe in the middle. Instead of using the EUI-64 suffix, I would like the suffix to be ::1, so the entire interface address is 1111:2222:3333:4403::1.
Is there a way to accomplish this? I prefer the ::1 suffix for the interface host address as opposed to some mac address mumbo jumbo.
-
I'm not sure what you're looking for, as you seem to have already found it. You can choose which of your 256 prefixes you wish to use by selecting the prefix ID. You can use any of them, so long as they're unique to one interface.
For example, my main LAN uses the prefix ID 0, guest WiFi is 3 and OpenVPN ff. For convenience, I use the matching 3rd octet on IPv4.
-
This is not about the prefix pfsense appends to the delegated prefix to come up with the ipv6 address to assign the interface...
This is about what comes after the prefix is appended, and how pfsense goes about figuring out the remainder (to the right of the appended prefix) of the ipv6 address to assign the interface...
-
@mxmartins said in IPv6 Prefix Delegation Host-Address:
This is not about the prefix pfsense appends to the delegated prefix to come up with the ipv6 address to assign the interface...
That depends on the host, not pfSense. There are 2 ways it's determined. One is it's based on the MAC address and the other is a random number. If you want to force a specific address then you can use a locally assigned MAC. However, this will affect only the consistent address. With SLAAC, you can have as many as 7 temporary addresses, which are all based on a random number.
The temporary addresses are used for outgoing connections and the consistent address is used for things like servers, VPNs, etc..
-
Let me include a picture of all the interfaces in my pfsense installation;
Pick interface with the ipv4 address of 192.168.10.1. For its respective ipv6 address, it shows 2606:xxxx:yyyy:d803:3eec:efff:fed9:e350. The prefix part of it ends with d803. What follows to the right of that is made up by pfsense using the EUI-64 process.
I don't want the ipv6 address to include 3eec:efff:fed9:e350 and instead want it to be ::1
In some router systems, there is an option to specify a host-address (such as ::1) that would override the EUI-64 process.Hope that makes sense now.
-
@mxmartins I don't think you can do that on pfSense. Dynamic IPv6 isn't its strength.
-
@mxmartins said in IPv6 Prefix Delegation Host-Address:
I don't want the ipv6 address to include 3eec:efff:fed9:e350 and instead want it to be ::1
Again, this is determined by the host, not pfSense. To do what you want, you have to use SLAAC with a locally assigned MAC address. Also, the most significant bits will not be affected due to the way SLAAC is implemented and fffe will be inserted in the middle to convert a 48 bit MAC address into a 64 bit host ID. It may be possible to do it with DHCP6, which I haven't used. Also, thanks to some genius at Google, Android devices don't work with DHCP6.
-
@JKnott said in IPv6 Prefix Delegation Host-Address:
Again, this is determined by the host, not pfSense.
I'm not sure what host you are referring to. But I believe it is exactly pfsense that is assigning an address to those interfaces that "track" the prefix delegation from the WAN.
There is a way to condition that ipv6 address assignment with the IPv6 Prefix ID, but the rest is generated by pfsense. And since it is controlled by pfsense, I argue there should be more options than just accepting the EUI-64 methodology.
-
@mxmartins said in IPv6 Prefix Delegation Host-Address:
I'm not sure what host you are referring to.
A host is a device on the LAN. It could be a computer, tablet, TV, cell phone, whatever. The suffix, the least significant 64 bits, is determined by the host. You can change the behaviour of SLAAC with configuration in Linux, Windows, Mac, etc.. I don't know if it can be easily changed in other devices.
-
In my example, I am not talking about a host as you defined. In my example, I am talking about the primary ipv6 address assigned to an interface that is synonymous with a "router" for all other devices in that particular subnet.
In your definition of host, I know I can use dhcpv6 to assign specific ipv6 addresses to clients based on their respective duid.
-
Well, you could go with a static address, though that may cause problems if your prefix changes.
-
I would be inclined to do what you suggest but since I have so many devices with static/dhcpv6 address allocations, it would be quite the ordeal to change all of them every time the allocated prefix changes.
I think this would be a great new feature for the pfsense ipv6 implementation.
-
@mxmartins said in IPv6 Prefix Delegation Host-Address:
I receive an IPv6 /56 prefix from my ISP on my WAN connection. I then use the Track Interface to delegate the prefix to other interfaces in my router/network. The IPv6 Prefix ID works fine to build the appropriate prefix for the interface.
What I would like to know is if there is a way to force the interface host address to a specific address suffix.
For example, if the delegated prefix is 1111:2222:3333:4400::/56, adding the IPv6 Prefix ID of 3, it turns the address into 1111:2222:3333:4403:: and then it address the masked mac address with the ff:fe in the middle. Instead of using the EUI-64 suffix, I would like the suffix to be ::1, so the entire interface address is 1111:2222:3333:4403::1.
Is there a way to accomplish this? I prefer the ::1 suffix for the interface host address as opposed to some mac address mumbo jumbo.
Same for me, and probably everybody.
That said, my IPV6 LAN devices don't use 'mambo jambo' GUA's like (exception : created for this post, the first line)
all my LAN devices have an IPv6 like
ISP-prefix+prefix+the least 64 bit part that I decide, for example ::87 for my 'Ricoh' printer.
So
2a01:cb19:dead:a6 + e2 + ::87
where e2 or '226' decimal is the current prefix number out of the 256 of FF or /56 (255 prefixes avaible).The answer is : use
What I would like to do is : why does pfSense assigned for it's LAN interface something like
where the local part is DUID (time, mac, position of the moon, etc) based.
Why wouldn't I be able to set it to LAN to ::1 instead of "92ec:77ff:fe29:392c" ?I would like to set my LAN IPv6 to 2a01:cb19:dead:a6 + e2 + ::1
-
@Gertjan said in IPv6 Prefix Delegation Host-Address:
I would like to set my LAN IPv6 to
But why, just old habits? There is far more important stuff to do in regards to dynamic IPv6 than this. You loose nothing if you can't set it to :1.
-
@Bob.Dig said in IPv6 Prefix Delegation Host-Address:
But why, just old habits?
Exact.
DNS works fine for me, so I don't have to deal with "192.168.1.1" or "2a01:dead:beef:a6e2:92ec:77ff:fe29:392c" anymore.Maybe just a way to de-clutter :
but at the end, yes, I prefer the good old IPv4 for the simple looks, I guess
No "help me" PM's please. Use the forum, the community will thank you.
-
@Gertjan said in IPv6 Prefix Delegation Host-Address:
DNS works fine for me, so I don't have to deal with "192.168.1.1" or "2a01:dead:beef:a6e2:92ec:77ff:fe29:392c" anymore.
Same here. That's what DNS is for.
-
I do the same in terms of devices within a network/vlan. But what I am talking about here is the interface address itself... Some of you are confusing the discussion between devices within a network, and the interface/subnet address, that normally is associated with the router level address.
-
While I don't disagree there are bigger fish to fry, I find it hard to believe this would be a difficult improvement to achieve.
While old habits die hard, there are good reason why routers were usually given a .1 address. I'm a firm believer in if it ain't broken, then don't fix it...
-
@mxmartins said in IPv6 Prefix Delegation Host-Address:
But what I am talking about here is the interface address itself...
Me also :
I would really like it to set it to ::1
instead of this 'random' :92ec:77ff:fe29:392c
Just like I can set the others.I know my LAN is using "tracking" == the prefix part comes from 'above', obtained by the dhcpc6 client on the WAN.
The thing is : I don't know who or what (or where) the local part is assigned. -
@Gertjan said in IPv6 Prefix Delegation Host-Address:
The thing is : I don't know who or what (or where) the local part is assigned.
I'm not 100% sure but I believe it is done in or around dhcp6c. I believe older implementations use to have a host-address setting where one could specify the suffix part of the ipv6 address. However, I am not seeing it in the documentation for the latest version.
But it is clear pfsense or some package within pfsense is relying on the EUI-64 logic to implement the suffix. Maybe there could be a way to override that choice.
