Lost in translation … native ipv6, CARP and route



  • Hello

    I'm totally lost

    My ISP gives me this:
    2a01:cb00:4f4:xxxx::/56

    I have 2 pfsense in CARP mode

    On the 2 pfsense WAN is in DHCP6

    Lan1 is:
    fd21:da3c:747:2fb6::200

    Lan2 is:
    fd21:da3c:747:2fb6::201

    VIP is:
    fd21:da3c:747:2fb6::1000

    And I'm unable to ping google DNS on ipv6, nor browsing nor pass ipv6test

    Thank you for help and explanation
    :D



  • Your config isn't going to work.

    WAN interfaces must have routable ipv6 addresses, same for LAN interfaces.

    fd00::/8 is private ipv6 space.  If you got that from your ISP, change ISP!

    CARP isn't going to work with DHCP.

    Ask your ISP for a static /64 IPv6 subnet with static /56 routed to it, for example you get 2001:0db8:dead:beef::/64 and 2001:0db8:0123:4500::/56 from your ISP, and the ISP sets up 2001:0db8:0123:4500::/56 to be routed to 2001:0db8:dead:beef::1.

    On the WAN side you would have:
    2001:0db8:dead:beef::1 = VIP
    2001:0db8:dead:beef::2 = BOX 1
    2001:0db8:dead:beef::3 = BOX 2

    On the LAN side, split out a /64 from the /56 and assign it the same way. 
    A /56 will give you 256 /64 subnets from
    2001:0db8:0123:4500::/64
    to
    2001:0db8:0123:45FF::/64

    So if you use the first subnet on the LAN side your LAN config looks like this:
    2001:0db8:0123:4500::1/64 = VIP
    2001:0db8:0123:4500::2/64 = BOX 1
    2001:0db8:0123:4500::3/64 = BOX 2



  • Thanks

    The sad thing is my isp only give :
    2a01:cb00:4f4:xxxx::/56

    :-[



  • And it sounds like it's only provided via DHCP6 PD, which means you can't use it with CARP. It has to be statically routed in that case for automatic failover.



  • Ok
    Thanks

    And how do you do that ?  :-\



  • That means your ISP has to give you a static WAN assignment, and route your LAN /56 subnet to one of those WAN IPs (which will be your WAN-side IPv6 CARP IP).



  • They don't for the moment

    the only static thing I got is that (the gateway ?)

    2a01:XXXX:YYYY:2400:278:9eff:fe8d:4806

    thanks again for your precious help



  • Do you get the same PD on both primary and secondary? Same IPv6 subnet on LAN under Status>Interfaces?



  • I can put on the 2 wan a fixed IP ?

    2a01:XXXX:YYYY:2400:278:9eff:fe8d:200

    2a01:XXXX:YYYY:2400:278:9eff:fe8d:200

    Carp
    2a01:XXXX:YYYY:2400:278:9eff:fe8d:1

    Could it help ?

    PS: ton answer your question …strangelly DHCP6 gives me fe80::250:56ff:fe80:36e9 ... for the first time



  • cmb any idea ??

    Thanks again



  • @stanthewizard:

    I can put on the 2 wan a fixed IP ?

    That's a question only your ISP can answer. If your IPv6 comes via PD, then most likely the answer is no. But not necessarily, your assignment and routing could be static, in which case yes that would be possible.



  • And I'm not going to have an answer on that

    Do you thinks that what I wrote could work ?