IPv6 Setup - BTNet Leased Line

smaxwell2

Hi All  :D

I am probably missing something really simple here. Just trying to get my head around IPv6.

I have a BTNet Leased Line with a Managed Cisco Router and BT provide me both Static IPv4 Addresses (working fine) and Static IPv6 Addresses

They have advised the following:

IPv4 Directly Connected Section

IPV6 Network Address                      : 2A00:2381:1599:: 
IPV6 Network Mask         : /64 
IPV6 BTnet NTE Router LAN Address : 2A00:2381:1599::1

IPv6 Non-Directly Connected Section

IPV6 Network Address : 2A00:2381:1599:: 
IPV6 Network Mask : /56 
IPV6 Next Hop Address : 2A00:2381:1599::5

Now obviously the idea of IPv6 is to do away with NAT  :) But what I can't get around is my IPv6 settings in pfSense

myPfsense's WAN port is connected to the BTNet Cisco.

Probably something really simple, but I don't understand how I can assign the same subnet on the LAN / WAN interfaces

From my understanding of the above from BT they have assigned me a /64 Subnet for my WAN port of my pfSense, and then a /56 (which is the same?) for my LAN ?

pfSense WAN Port : 2A00:2381:1599::5  (/64)
pfSense LAN Port  : 2A00:2381:1599::11:241  (/56)

Hopefully someone can point me in the right direction here.  Been sat here for 2 days now ::)

Thanks in advance !

Cheers, Scott

MikeV7896

What they've done is taken the first /64 from your /56 for the WAN port. To hopefully make this easier to see, I'm going to do some expansion of the IPv6 addresses.

Your assigned /56 is: 2A00:2381:1599:0000::/56
    Your WAN gateway is: 2A00:2381:1599:0000:0:0:0:1/64
Your WAN address can be: 2A00:2381:1599:0000::::/64  (except 0:0:0:1, since that's BT's router)

Your LAN networks can be: 2A00:2381:1599:0001::/64
                      to: 2A00:2381:1599:FFFF::/64

How does it feel to have over 65,000 /64 IPv6 subnets, each with more addresses available than the entire IPv4 internet? :)

Your issue is that your LAN should be /64, not /56. You should only be using /64 for your end-user/device networks. You could delegate larger blocks (i.e. /60) to any other routers that might be on your network, and they would then break that /60 block in to 16 /64 networks.

smaxwell2

Hi virgiliomi,

You sir are a legend ! The thing I was missing that a /64 was a smaller subnet than /56.

I have now setup as you suggested and working perfectly !

Even enabled a CARP Virtual IP on both WAN and LAN side for HA  ;D Took me a while, just had to change the RA interface to this CARP IP after doing this !

Thank you so much for your spot on response :)

I owe you a beer !

Thanks, Scott

Toady

I feel the need to correct this just a little;

/56 is 256 x /64 networks

2A00:2381:1599:0000::/56 =
2A00:2381:1599:0000:0000:0000:0000:0000 -
2A00:2381:1599:00ff:ffff:ffff:ffff:ffff

Or as you are more likely to use them;
2A00:2381:1599::/64 to 2A00:2381:1599:FF::/64

Its still PLENTY of subnets.

MikeV7896

Oops… my bad! I gave away too many bits!

Toady

Easy to do - we always expect /48 and /64 assignments :)