IPV6 Problem



  • My Above setup is working perfect for IPv4 and BGP.

    Its not working so great for my IPv6

    I can ping out to the internet from the the Edge, Primary, and COLO firewalls (all pfsense)

    But when i try to do DHCP6 for the Internal Networks nothing works. I dont get a router for internet but i do get an IP address.

    RA : Managed
    Router Priority: high
    RA Subnet : None

    DNS: Use SAME settings as DHCPv6 Server.
    When i try to ping the internal interface of the Primary or COLO Firewall i dont even get a ping response. ( i have a floating rule that allows all ICMP on all interfaces)

    Should i change my setup to let the edge routed just do DHCPv6 and move on from there and is there any examples of the setup i should use. I am new to IPv6 but not networking. im trying to get all of our offices to ipv6 but this is proving very problematic


  • Banned

    What is that /80 on the LANs? Do not do such things, ever. Anything smaller than /64 is not routable.

    P.S. I noticed you mentioned BGP. Not really sure what you are trying to do. You'll have a hard time getting prefixes longer that /32 globally routable, RFCs or not.



  • @doktornotor:

    What is that /80 on the LANs? Do not do such things, ever. Anything smaller than /64 is not routable.

    P.S. I noticed you mentioned BGP. Not really sure what you are trying to do. You'll have a hard time getting prefixes longer that /32 globally routable, RFCs or not.

    Per you reply i checked. You are right. My BGP is not announcing the /48 because the IPv6 pool was provided by comcast. So im working on getting a /32 from ARIN atm

    Pulling BGP out of the equation i have this setup (per you comment about anything smaller then /64 is not routeable)

    Now i can ping devices on the same network.
    ie: LAN Device can ping LAN Gateway

    but i ran into a new issue. LAN Device cant ping Edge Firewall or any of the external interfaces

    ie: X:X:X:1000::5 can not ping X:X:X:F000:1 or X:X:X:F000:3 but can ping X:X:X:F000:2

    is there any other information i need to provide for the example?

    Edge Router has a IPV6 Any to Any Rule

    Both Firewall have IPV6 ICMP from Any as Allowed.

    the Edge Firewall has Gateways setup and showing the firewalls as up. I have a feeling I am missing something really basic here and its make me feel stupid.

    is there an easier way to do this ??

    with prefix delegation and or DHCPv6 on the edge firewall?



  • Yes, your edge firewall is a master holding the /48. Request by slave DHCP(PD).

    Stop the /52-ing internal. Peel off /64-ers from your comcast /48. Stick to /64 routing.


Log in to reply