• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

3 Routers & IPV6

Started by rahulparekh, October 22, 2019, 03:55:47 AM

Previous topic - Next topic

rahulparekh

Hello all,
I have below setup:

HE Tunnel broker to Dlink DIR 819 using 6 in 4 - This gets a Routed /64 IPV6 address as 2001:470:2222:225:: or I can allocate a /48 also.
Dlink DIR 819 with LAN Prefix as 2001:470:2222:225:: to TPLink 470t+ (Bridge mode)
TPLink 470t+ to Tplink Archer c60 (Bridge Mode)
Archer C60 - this gives IPV6 to all devices connected to it. wired or wireless. (again this also set as bridge mode for internet setup in TPLink Archer C60)

I can get internet in all devices with the above setup as ip address as 2001:470:2222:225:xxxx:xxxx:xxxx:xxxx in various devices.

Now my question is that if I wish to manually configure all three routers can I get all devices to run IPV6? it means I do not use bridge mode. Can anyone help me in this manual configuration please.
does that mean I will have to use /48 route or /64 route is sufficient to use in the non bridged manual setup.

Let me know if you can help in my question or if you need any additional details.

cholzhauer

The outside interface of the  DIR819  needs to have the ::2 address from your tunnel /64

As for the others, if you need more than a single subnet, you'd need to use addresses from your /48 and not worry about the routed /64.

rahulparekh

#2
Actually I have three routers back to back in same LAN.
The DIR 819 gets the tunnel end point ::2
and then the Router /64 on DIR 819 outer interface.
The next router is IPV6 bridged
The next to next router is IPV6  bridged.

The above configuration works properly when end devices are connected and all can ping ipv6.google.com

My question is that instead of IPV6 bridge mode in the second & third router, can that part manually configured with like say static ip or SLAAC / DHPCV6

You may check the router emulator for my exact router.
Router 2 https://emulator.tp-link.com/TL-R470T+_UN_6.0-Emulator-180929/index.html
Router 3 https://emulator.tp-link.com/c60/index.html

cholzhauer

I don't see why they couldn't be set that way...any reason you couldn't try it and see if it works?

rahulparekh

I tried a lot, but did not succeed.
The Tplink 470t+ is a load balancing router with 4 WAN ports+1LAN port & C60 is simple dual band wifi + 4port router.
All 4 WAN ports have ipv4.
On the 4th WAN , I have the IPV6 with DIR 819 HE Tunnel outer part routed /64 IP.

It seems it just works perfect with bridge modes. I am trying with the manual static & Slaac but failing.

Can you help me with the manual settings....


cholzhauer

Do you have a diagram of the Ipv4 settings?

tjeske

You need the /48, not the /64, cause u need at least one /64 per subnet.

rahulparekh

The three routers I was talking are very basic routers so this is not possible manually with stock firmwares...

tjeske

The downstream routers need to be able to do prefix delegation.

But what's wrong with bridged mode?

rahulparekh

Bridge mode in downstream routers are working perfect as all end devices get the ip's from the first router where the tunnel end point is located.
I will still try the manual config when I get time....

kumowoon1025

Quote from: rahulparekh on October 23, 2019, 04:44:58 AM
It seems it just works perfect with bridge modes. I am trying with the manual static & Slaac but failing.

Well at each point you turn off bridging you're essentially cutting off and creating a separate network so you will have to manually configure at least one thing that can actually route ipv6 (respond to rs that is)

How exactly are you configuring the devices manually? Also is there way to get into the settings anything other than the web based one because it was completely useless at least to me.

rahulparekh

The question comes down that are the Dlink DIR 819, TP Link TL-R470T+ & TPLINK Archer C60 routers capable of IPV6 with /48 prefix?
As far as I can understand they are good only for /64 prefixes.

kumowoon1025

Wow yeah take a look at the js for the gui, forget about ipv6 this router pretty much depends on classful ipv4. Perhaps you could find some alternative firmware to run on it. For one take a look at the regex that's supposed to parse ipv6 notation.


...
ipv6:{
   isPrefixFlag:false,
   canbeLinkLocalAddr:false,
   regex: /^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/,
   vtypeText: $.su.CHAR.VTYPETEXT.IPV6,
...


I'd say forget about slaac or dhcpv6 configured subnets :s It looks like if you set the wan address of each "router" to a static address in the subnet for the lan it might work, but idk... Another possible way could be to terminate the tunnel at the deepest router in your network and branching out the opposite direction? Might sound counterintuitive but simple enough in this case that it might just work.

rahulparekh

Thanks kumowoon1025 to confirm !
These are basic routers and only used for simple ipv6 which uses one ready made /64 route.
We cant expect /48 PD delegations.

On your other suggestion to terminate at the deepest router, it is possible but it goes against the protocol of delegation :)
With these routers, I can best do a first router termination of a single /64 branch and bridge all rest routers till end so the end device use the first router's DHCP (Slaac ) for IPV6.



rahulparekh

Quote from: kumowoon1025 on November 15, 2019, 10:05:49 PM
I'd say forget about slaac or dhcpv6 configured subnets :s It looks like if you set the wan address of each "router" to a static address in the subnet for the lan it might work, but idk... Another possible way could be to terminate the tunnel at the deepest router in your network and branching out the opposite direction? Might sound counterintuitive but simple enough in this case that it might just work.

I have tried this static address also, but these routers do not have manual ipv6 routing option. So the gateway is lost while doing static way.