ISP DHCP-PD and ULA at the same time

Phoenix

Hi

I have native IPv6 at my WAN side. I get a prefix via DHCP-PD. The prefix is dynamic and thus can change. For me, there are two issues with that:

- Renumbering will happen and devices like my HTPC need to have a name or an address I know
  - I have a DNS of my own, which I like to use

The issue arises, because when pfSense 2.1 is configured to use DHCP-PD it has to be done in this way:

- configure LAN IPv6 to "track interface"
  - choose Prefix ID

This leads to the situation, that RA is no longer configurable for the LAN interface, thus I can not configure an ULA nor can I define my own DNS

Desired situation:

- I am still able to configure additional IPv6 Prefixes via RA.
  - I can still announce the DNS to use via RA (and DHCPv6 - Windows seems unable to honor RA DNS Information)
    - This means, it has to honor the setting to not overwrite DNS information from DHCP

Would love to hear how to accomplish this.

regards
Philipp

ineti

I would like to see that feature to.
For internal stuff a second ULA would be great…

jimp

The idea has been tossed around to hook the PD "track" part into NPt so you can use local addresses on LAN that get, essentially, 1:1'd to your dynamically allocated prefix

razzfazz

@ineti:

For internal stuff a second ULA would be great…

If it's really internal stuff, why not use link-local addresses?

jcyr

The problem with using link local is that the client bever seems to pick the right interface to send it on. For example, on a freebsd client box:

ping6 fe80::1:1 times out

but

ping6 fe80::1:1%em0 works.

jimp

@jcyr:

The problem with using link local is that the client bever seems to pick the right interface to send it on. For example, on a freebsd client box:

ping6 fe80::1:1 times out

but

ping6 fe80::1:1%em0 works.

That's not a problem, you're supposed to scope the addresses when using link-local to tell them that. That's why it works when you used the scoped address (adding the interface, %em0) However you can't route between two segments using link-local, it is not meant to nor can it cross a router.

jcyr

Sure. I was struggling with how I might get Unbound to work with IPV6 since I couldn't manage the IPV6 dhcp server setting for LAN links with non static addresses, but it turns out that dhcpv6d.conf already has  the nameserver specified and the link's public IPV6 address, so it works fine right out of the box.

Phoenix

@razzfazz:

If it's really internal stuff, why not use link-local addresses?

Quite simple, LL adresses only exist on the same ethernet, thus are not routable, whereas ULAs are "Global" addresses, I can route ULAs between several sites. ULAs are meant for existing within an organisation and unless your organisation is one big L2 network you probably go with ULAs.

Therefore I see the use case still valid

Phoenix

I don't fully understand how NPt is supposed to work, but havin a PD Range and a ULA Range means a client would have two (2) addresses. Depending on the destination the client would choose one of thoses addresses.

So essentially any resource within the organization would be accessed by the ULA range and and any communication outbound would be done with the PD range.

For now, I can not establish my understanding of the concept of ULAs due to this missing feature, so if anyone has something to add to correct or confirm my understanding I would be glad to be enlightened

athurdent

@Phoenix:

I don't fully understand how NPt is supposed to work, but havin a PD Range and a ULA Range means a client would have two (2) addresses. Depending on the destination the client would choose one of thoses addresses.

So essentially any resource within the organization would be accessed by the ULA range and and any communication outbound would be done with the PD range.

For now, I can not establish my understanding of the concept of ULAs due to this missing feature, so if anyone has something to add to correct or confirm my understanding I would be glad to be enlightened

NPt (Network Prefix translation) is simply a static 1:1 NAT using whole nets. That way you can NAT your internal ULA/64 prefix to your Global/64 prefix one-to-one . In this case only ULA addresses would be needed on your LAN and traffic leaving to the internet would be NATed to the respective Global address.

Phoenix

I am really looking forward to have a dynamic NPt that tracks my DHCP PD assignment