IPv6 setup
-
Hi!
I'm having some trouble with a fresh install where I try to setup IPv6. I'm running release 2.2.
First problem is to get assigned a DHCPv6 address to the WAN-interface. I've read about similar problems, and have tried most work-arounds with no luck. After trying opening different firewall rules (removing Block bogon networks, opening IPv6 udp 546/547 etc) I tried to do a tcpdump on the wan interface to intercept the packets. The only packets I see is SOLICIT on outgoing to ff02::1:2 on multicast. No ADVERTISE packets returns to the interface. I have called the service provider to open a ticket, I guess it might be a SP-problem on the DHCPv6 side… I have had this up and running earlier on different platforms, but none got up today, so I guess that might be the problem. Will keep this updated.
The other problem is also pretty strange... I'm running a external DHCPv6 server for my internal network, and want to keep it that way. So in the pfSense installation I only run Router Advertisements on the LAN interface. Settings is "Assisted" and "High". LAN IPv6 address is set to fdbc:101::1/64. The strange think is that it is the Link Local address (fe80::1:1) that is announced for the clients as the router... Guess this is not how it should be? Gateway address fdbc:101::1 should be announced as router and default gateway for the network?
-
The strange think is that it is the Link Local address (fe80::1:1) that is announced for the clients as the router… Guess this is not how it should be? Gateway address fdbc:101::1 should be announced as router and default gateway for the network?
No. That's just perfectly fine as it is.
-
@doktornotor: Now now….. that was terse, correct but terse. Are you let him hang out to dry like that?
-
It's generally better for IPv6 gateways to be handled via link-local addresses, the exception being CARP, but even then if one were high and the other wasn't, carp could still work by advertising the individual link-local addresses.
Functionally for the user, there's no difference between advertising the link local vs the actual interface IP. They both lead to the same place.
-
Thank you all for your responses. The reason I'm asking is that I have seen different behavior on different vendors, and I thought the normal thing was to announce the actual address. If you have a mixed environment with some static and some dynamic addresses, it would all give more sense to announce the same gateways on the same subnet. And I can't really see any reasons why not use the actual IP-address of the interface?
-
With IPv6 you can have multiple /64s on the same subnet. All hosts on all subnets will have the link-local address of the connected router interface as their default gateway. That way all subnets can route at the same time and the subnet on the host can be changed at will.
Contrast that with IPv4. If you have a host on 192.168.1.10/24 and it has a default gateway 192.168.1.1 and you want to move the host to 192.168.2.10, the default gateway has to be simultaneously changed to 192.168.2.1 or there's a traffic outage.
Not explaining it very well but that's how I understand things. My IPv6 knowledge is admittedly limited.
-
With IPv6 you can have multiple /64s on the same subnet. All hosts on all subnets will have the link-local address of the connected router interface as their default gateway. That way all subnets can route at the same time and the subnet on the host can be changed at will.
Contrast that with IPv4. If you have a host on 192.168.1.10/24 and it has a default gateway 192.168.1.1 and you want to move the host to 192.168.2.10, the default gateway has to be simultaneously changed to 192.168.2.1 or there's a traffic outage.
Not explaining it very well but that's how I understand things. My IPv6 knowledge is admittedly limited.
I see what you mean, but I'm still unsure if that is good engineering of the ipv6-networks :-) The reason might be my limited skills on ipv6 after 15+ years of ipv4-engineering brainwash! :-)
-
If you can use link-local, you should. It won't change like some can. Imagine you have a local IPv6 network where the prefix changes periodically (DHCP6-PD, etc).
There is no benefit to using the actual interface IP over the link-local at a network level except in cases when it may be easier for a person to remember.
It's just an odd concept for those familiar with IPv4 to grasp.
All clients will always have a link-local address, even if they don't yet have an actual routable IPv6 address, so it's always more reliable to talk to a link-local address if you can.
