As a router behind a router with DHCP6 & Track Interface



  • I request a subnet ofcourse and get a response which depends on the value for  WAN / "DHCPv6 Prefix Delegation size".
    Whatever one may select (/64, /62, /60,…) and get different choices for LAN / "IPv6 Prefix ID", I expect an IP with listening /64 for radvd.

    Well, this /64 for radvd is happening only when you use /62 for "DHCPv6 Prefix Delegation size", and you get 2^2 choices for "IPv6 Prefix ID" (subnets). If not /64 then even in the logs radvd is reporting something like "must be /64, but continuing  anyway".

    I suspect it an unwanted feature or "bug", because I just want, or can get, only one (1) LAN Track Interface delegated.
    How does it all compare to RFC 4291 ?

    PC-Engines/pfSense 2.1.4
    ISP supplies a /48



  • @hda:

    Well, this /64 for radvd is happening only when you use /62 for "DHCPv6 Prefix Delegation size", and you get 2^2 choices for "IPv6 Prefix ID" (subnets). If not /64 then even in the logs radvd is reporting something like "must be /64, but continuing  anyway".

    I think I've seen that error message when what the ISP actually delegates to me (in the DHCP response) doesn't match what I asked for via "DHCPv6 prefix delegation size".

    I suspect it an unwanted feature or "bug", because I just want, or can get, only one (1) LAN Track Interface delegated.
    How does it all compare to RFC 4291 ?

    I'm not sure what you're trying to say here… If all you want is a single delegated prefix, what is the problem with requesting a /62 (which sounds like it works) and only using one of the assigned prefix IDs?



  • @razzfazz:

    @hda:

    I suspect it an unwanted feature or "bug", because I just want, or can get, only one (1) LAN Track Interface delegated.
    How does it all compare to RFC 4291 ?

    I'm not sure what you're trying to say here… If all you want is a single delegated prefix, what is the problem with requesting a /62 (which sounds like it works) and only using one of the assigned prefix IDs?

    My ISP delivers /48 on a 1st router, (locally I set /64 on this 1st router for my LAN,) on 2nd router (pfSense) you expect based on cooperation with a SLAAC 64 bits Interface ID:

    ask WAN /64, get LAN choice "0" i.e. 1 subnet listening on /64 (not on /62 as now with 2.1.4)
    ask WAN /63, get LAN choice "0 tru 1" i.e. 2 subnet allocated and choose 1 listening /64
    ask WAN /62, get LAN choice "0 tru 3" i.e. alloc 4 and choose 1 listening /64
    ask WAN /60, get LAN choice "0 tru F" i.e. alloc 16 and choose 1 listening /64
    etc.

    There is obviously pfSense evaluation against /64. Look, /60 reponds 2^4 subnets is 2^(64 - 60).

    Why is it that WAN /64 starts LAN listening on /62 ? It looks wrong. It seems a weird implementation.



  • I'm still not clear on your setup… It sounds like you have one router behind the other? Are you doing DHCP-PD on both, or just on the second one? (If the latter, how did you set up the server side of DHCP-PD on your first router?) Did you check the "send prefix hint" option on the second router's WAN interface?

    @hda:

    ask WAN /64, get LAN choice "0" i.e. 1 subnet listening on /64 (not on /62 as now with 2.1.4)

    Like I was saying, if you set "prefix delegation size" to 64 and you end up with anything but a /64 on your LAN, that points towards the DHCP server not actually delegating a /64. pfSense blindly assumes that the DHCP server always returns a prefix with the exact size specified in "prefix delegation size"; in particular, pfSense will strip log2(delegation size) from whatever prefix is returned by the server to generate the LAN prefix(es). Thus, if the actual length of the delegated prefix (as per the DHCP response) is different from what you selected, that will cause these issues with non-/64 LANs.



  • @razzfazz:

    I'm still not clear on your setup… It sounds like you have one router behind the other? Are you doing DHCP-PD on both, or just on the second one? (If the latter, how did you set up the server side of DHCP-PD on your first router?) Did you check the "send prefix hint" option on the second router's WAN interface?

    Yes, one router(Alix-pfSense) behind the other(Fritzbox-7360(linuxbase)). 7360 requests IP with DSL/PPPoA DHCP. No I did not use "send prefix hint".

    Got it all right with "DHCPv6 Prefix Delegation size" /64 request and using your tip "Send IPv6 prefix hint" = true and complete routertrain rebooting. Thank you for your help.

    What exactly is "Send IPv6 prefix hint" sending and triggering on the serverside ?



  • Pretty much what it says: When that option is enabled, the DHCP request sent out by pfSense will include info on what size prefix we would like to have delegated to us (which the DHCP server may or may not honor – hence, "hint"); without that option, the DHCP request will just ask for a prefix without specifying the desired length, so the DHCP server will generally just delegate a prefix with some default size, and that obviously may not match what you selected as "prefix delegation size" in pfSense.