4. IPv6 Setup - BTNet Leased Line

IPv6 Setup - BTNet Leased Line

  • S

    Hi All  :D

    I am probably missing something really simple here. Just trying to get my head around IPv6.

    I have a BTNet Leased Line with a Managed Cisco Router and BT provide me both Static IPv4 Addresses (working fine) and Static IPv6 Addresses

    They have advised the following:

    IPv4 Directly Connected Section

    IPV6 Network Address                      : 2A00:2381:1599:: 
    IPV6 Network Mask         : /64 
    IPV6 BTnet NTE Router LAN Address : 2A00:2381:1599::1

    IPv6 Non-Directly Connected Section

    IPV6 Network Address : 2A00:2381:1599:: 
    IPV6 Network Mask : /56 
    IPV6 Next Hop Address : 2A00:2381:1599::5

    Now obviously the idea of IPv6 is to do away with NAT  :) But what I can't get around is my IPv6 settings in pfSense

    myPfsense's WAN port is connected to the BTNet Cisco.

    Probably something really simple, but I don't understand how I can assign the same subnet on the LAN / WAN interfaces

    From my understanding of the above from BT they have assigned me a /64 Subnet for my WAN port of my pfSense, and then a /56 (which is the same?) for my LAN ?

    pfSense WAN Port : 2A00:2381:1599::5  (/64)
    pfSense LAN Port  : 2A00:2381:1599::11:241  (/56)

    Hopefully someone can point me in the right direction here.  Been sat here for 2 days now ::)

    Thanks in advance !

    Cheers, Scott

    0
  • V

    What they've done is taken the first /64 from your /56 for the WAN port. To hopefully make this easier to see, I'm going to do some expansion of the IPv6 addresses.

    Your assigned /56 is: 2A00:2381:1599:0000::/56
        Your WAN gateway is: 2A00:2381:1599:0000:0:0:0:1/64
    Your WAN address can be: 2A00:2381:1599:0000::::/64  (except 0:0:0:1, since that's BT's router)

    Your LAN networks can be: 2A00:2381:1599:0001::/64
                          to: 2A00:2381:1599:FFFF::/64

    How does it feel to have over 65,000 /64 IPv6 subnets, each with more addresses available than the entire IPv4 internet? :)

    Your issue is that your LAN should be /64, not /56. You should only be using /64 for your end-user/device networks. You could delegate larger blocks (i.e. /60) to any other routers that might be on your network, and they would then break that /60 block in to 16 /64 networks.

    0
  • S

    Hi virgiliomi,

    You sir are a legend ! The thing I was missing that a /64 was a smaller subnet than /56.

    I have now setup as you suggested and working perfectly !

    Even enabled a CARP Virtual IP on both WAN and LAN side for HA  ;D Took me a while, just had to change the RA interface to this CARP IP after doing this !

    Thank you so much for your spot on response :)

    I owe you a beer !

    Thanks, Scott

    0
  • T

    I feel the need to correct this just a little;

    /56 is 256 x /64 networks

    2A00:2381:1599:0000::/56 =
    2A00:2381:1599:0000:0000:0000:0000:0000 -
    2A00:2381:1599:00ff:ffff:ffff:ffff:ffff

    Or as you are more likely to use them;
    2A00:2381:1599::/64 to 2A00:2381:1599:FF::/64

    Its still PLENTY of subnets.

    0
  • V

    Oops… my bad! I gave away too many bits!

    0
  • T

    Easy to do - we always expect /48 and /64 assignments :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy