• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

hosts getting IPv6 via DHCPv6 and hosts configured with fixed IPv6

Started by Walter H., August 21, 2022, 06:13:32 AM

Previous topic - Next topic

Walter H.

Hello,

my routing box is just a ZBOX with a general purpose linux - a CentOS

with the tunnel I get a /64 and optional a /48

let's say the /48 is:  2001:db8:1::/48

now what I have/did ...

the NIC on LAN side of the routing box has  2001:db8:1::1 with a prefix length of 48
and fe80::1 as a secondary scope:link IPv6

as I share the LAN with my room mate and I told him, that he can use this:   2001:db8:1:2000::/64
and all his Windows machines (physical and virtual) have addresses within this prefix and a configured prefix length of 48

I myself use this:  2001:db8:1:1::/64 and also a configured prefix length of 48

the default gateway either coming by RADVd or for fixed IPv6 configuration is always fe80::1

there I have a few linux servers virtualized:

a Mail server         2001:db8:1:1::10
a DNS server         2001:db8:1:1::1
and a proxy server 2001:db8:1:1::20

they all have 48 as prefix len configured on their virtual NIC

the ISC DHCP I configured with this:

/etc/dhcp/dhcpd6.conf

ddns-updates off;
update-static-leases true;
allow leasequery;

authoritative;

default-lease-time 7200;
max-lease-time 86400;

dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases";

subnet6 2001:db8:1::/48 {
        range6 2001:db8:1:7fff:0:0:0:0 2001:db8:1:7fff:ffff:ffff:ffff:ffff;
        range6 2001:db8:1:7fff::/64 temporary;

        option dhcp6.name-servers 2001:db8:1::1, 2001:db8:1:1::1;
        option dhcp6.domain-search "example.com";

        option dhcp6.info-refresh-time 600;
        option dhcp6.preference 255;
}


the /etc/radvd.conf looks this simple:

interface br0
{
        AdvSendAdvert on;

        # stateful DHCPv6: on
        # stateless DHCPv6 (SLAAC): off
        AdvManagedFlag on;

        # get DNS from DHCPd6: on
        # get DNS from RADVd: off
        AdvOtherConfigFlag on;

        MinRtrAdvInterval 5;
        MaxRtrAdvInterval 15;

        route fe80::1/64
        {
                AdvRouteLifetime infinity;
                AdvRoutePreference high;
        };
};


on the routing box the br0 device is a bridge between
the LAN device eth0 and the WLAN device wlan0

connections from any host configured with a fixed IPv6 to the 4 mentioned servers is no problem;
but from hosts getting their IPv6 from DHCPv6 this times out and no connection possible;
native connection to the internet is no problem;

just for a testing purpose I changed the configured prefix len of 48 to 64 at the mail server;
then it is possible for DHCPv6 configured clients to connect, but when I do a ping on the mail server to such a host
this looks like:

# ping6 2001:db8:1:7fff:2008:2dc9:82ed:1d14
PING 2001:db8:1:7fff:2008:2dc9:82ed:1d14 56 data bytes.
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=1 ttl=128 time=0.541 ms
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=1 ttl=128 time=0.541 ms (DUP!)
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=2 ttl=128 time=0.540 ms
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=2 ttl=128 time=0.540 ms (DUP!)


where did I made some mistake?

the goal should be the following:

the router box should have 1 IPv6 address as it has now, and I guess this must be configured with prefix len 48
and IPv6 addresses of several /64 prefixes are used independent;

please tell me what I should/must do different;

Thanks,
Walter

cholzhauer

None of your subnets should have a /48, you need to subnet the /48 into /64s and use those

Walter H.

can you please tell a little bit more details ...

e.g. the workstation of my mate should use an IPv6 from 2001:db8:1:2000::/64
and for my workstation I want to use an IPv6 from 2001:db8:1:1::/64

which IPv6 addresses must be configured on the routing box?
and can any host use this default gateway fe80::1 as they are all inside the same LAN?

Thanks
Walter

pmf026

2001:db8:1::/48 that's like 65535 /64 networks...


Quoterange6 2001:db8:1:7fff:0:0:0:0 2001:db8:1:7fff:ffff:ffff:ffff:ffff;
you don't have to define absolute network boundaries anymore, it's not v4, just take the range that you gonna be working with, but first you need to delegate prefix inside that subnet6 /48 statement, any number in quad 4 is a network, so, first you trim that number to whatever you need.. so for example, 16 networks would make it /60

I'll try to explain it as simply as I can.

subnet6 2001:db8:1::/48 {
       prefix6 2001:db8:1:000[0]:: 2001:db8:1:000[f]::/60; # I put network range here in brackets
        range6 2001:db8:1:000[0]:: 2001:db8:1:000[f]::; # nice starting range for the routers yeah

# don't have routers? no problem, you can skip network division by commenting out two lines above and jump
# straight to address-space by delegating # /64 instead, you'd still need to pick network for that space.

# Understand the address-range you working with here:
# let's say you picked network "f",

        prefix6 2001:db8:1:000[f]::0 2001:db8:1:000[f]:ffff:ffff:ffff:ffff/64; # that'd be one
                                                    # [       /64         ]    # /64 of the 000f/60 network
                                              #[          /48             ]    # ..or one of 65535 in /48
         range6 2001:db8:1:000f::a8:[0000] 2001:db8:1:000f::a8:[ffff]; # you can narrow it down further
                                                              #[/112]  # for convenience (/112 in this example,
                                                                       # or 65535 addresses)
                                                             
};

I think that's about right.

Take your time to plan your future network structure, because once you picked the network (quad 4) - you have to commit to that prefix for at least a year. got 7fff by accident? :7fff: it is...
by the way, 2001:db8:: is used for documentation only)

Anyways I hope it helps.