• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How to assign and understand the assign IPv6 Prefixes (/64 & /48)

Started by sparkyccnp, January 06, 2014, 01:28:28 PM

Previous topic - Next topic

sparkyccnp

I have configured and setup my Tunnel to Hurricane successfully along with default route.

I can ping the IPv6 remote end and have configured the given IPv6 DNS server on the router (Cisco 2621XM)
and can ping the DNS server;


R1#ping 2001:470:20::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:470:20::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms

Im just alittle confused as to how to assign/break up the network prefix, could you advise please?

I have Routed /64:2001:470:1f09:ff7::/64


How do i break this? is it a simple case of say

2001:470:1F08:FF7::2/64 on say R1's interface
2001:470:1F08:FF7::3/64 on another router interface
etc etc?

Many thanks people, sorry if this has been asked already

cholzhauer

That will work, but you're really free to do what you want.  Normally the ::1 address from your routed subnet goes on the inside interface of your router and you assign addresses from there

broquea


Lonney1

I'm also trying to understand this and get a picture of how it all fits together..

I have a tunnel with HE setup on pfsense, and DHCPv6 on my LAN, and everything works as expected after following this guide https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker

I have OpenVPN setup, on the IPv4 settings for this it has a tunnel network that is a different subnet from the IPv4 LAN, OpenVPN that clients are assigned addresses from this tunnel network. There is also matching options for IPv6 - IPv6 Tunnel Network and IPv6 Local Network/s.

From my (limited) understanding I need to get a /48 routed prefix, which will allow a /64 for the LAN, and a /64 for the tunnel network which is used to assign addresses to the OpenVPN clients.

At the moment I only have a /64 routed prefix which appears to be the default.

What happens when I click the "Assign /48" link on the HE tunnel details page? I'm guessing this might affect the existing HE tunnel settings in pfsense?

cholzhauer

No to all of the above.

You're assigned two /64's by default...one for your tunnel and one for you to assign to clients.

You only need a /48 if you are doing VLAN's or multiple subnets where you need to assign a /64 to each one.

Lonney1

Lets not confuse HE tunnel with my OpenVPN tunnel network for the VPN clients - which needs to be on its own different sunbet from the LAN (this it how it works in IPv4 land, and there are the same options for IPv6 land in the OpenVPN server setup) - I effectively need two IPv6 subnets.

From what I understand the correct way to do this is to request a /48, from which I can make 2 or more /64 networks. I cant take my existing /64 and "slice" it up (even though it's possible it breaks things).

cholzhauer

You're better off requesting a /48, splitting it up into as many /64's as you need, and changing your routing to reflect that.

Lonney1