Questions about dynamic IPv6 use inside the home [closed]












1















Let me start by asking to skip dual-stack discussions at this time. Any device that can only handle IPV4 only is stuck there and I'll worry about it later, if I need to. So this discussion is just about IPV6.



I am using an Ubiquiti Firewall/router and it's currently setup for IPv4 with NAT (I want to keep that). I'm looking to setup IPV6 but I have a lot of questions. I've played with IPv6 tunnels a few years back it it seemed to work well. But I'm no longer using it. Now I want to get the IPV6 from my ISP (/60), split it at the FW/router (/64, Int 1 and Int 2) and have a separate server run the DHCP/DNS (dnsmasq, for local DNS). I'm not exactly sure where to start. I think I have a config for my FW/router (still checking it) but I'm uncertain how to get the network assignment to the DHCP server. I'm running dnsmasq on a Linux sever (but I can switch to some other software). I'm not as concerned with how to configure the DHCP/DNS as I am about what technologies (RFCs) I should understand. Does anyone have any pointers?



PS: My network is actually more complicated with redundant services but I'll simplify to just the FW/router, the one network and dnsmasq.










share|improve this question













closed as too broad by harrymc, grawity, Twisty Impersonator, LotPings, DrMoishe Pippik Jan 7 at 0:22


Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.























    1















    Let me start by asking to skip dual-stack discussions at this time. Any device that can only handle IPV4 only is stuck there and I'll worry about it later, if I need to. So this discussion is just about IPV6.



    I am using an Ubiquiti Firewall/router and it's currently setup for IPv4 with NAT (I want to keep that). I'm looking to setup IPV6 but I have a lot of questions. I've played with IPv6 tunnels a few years back it it seemed to work well. But I'm no longer using it. Now I want to get the IPV6 from my ISP (/60), split it at the FW/router (/64, Int 1 and Int 2) and have a separate server run the DHCP/DNS (dnsmasq, for local DNS). I'm not exactly sure where to start. I think I have a config for my FW/router (still checking it) but I'm uncertain how to get the network assignment to the DHCP server. I'm running dnsmasq on a Linux sever (but I can switch to some other software). I'm not as concerned with how to configure the DHCP/DNS as I am about what technologies (RFCs) I should understand. Does anyone have any pointers?



    PS: My network is actually more complicated with redundant services but I'll simplify to just the FW/router, the one network and dnsmasq.










    share|improve this question













    closed as too broad by harrymc, grawity, Twisty Impersonator, LotPings, DrMoishe Pippik Jan 7 at 0:22


    Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.





















      1












      1








      1








      Let me start by asking to skip dual-stack discussions at this time. Any device that can only handle IPV4 only is stuck there and I'll worry about it later, if I need to. So this discussion is just about IPV6.



      I am using an Ubiquiti Firewall/router and it's currently setup for IPv4 with NAT (I want to keep that). I'm looking to setup IPV6 but I have a lot of questions. I've played with IPv6 tunnels a few years back it it seemed to work well. But I'm no longer using it. Now I want to get the IPV6 from my ISP (/60), split it at the FW/router (/64, Int 1 and Int 2) and have a separate server run the DHCP/DNS (dnsmasq, for local DNS). I'm not exactly sure where to start. I think I have a config for my FW/router (still checking it) but I'm uncertain how to get the network assignment to the DHCP server. I'm running dnsmasq on a Linux sever (but I can switch to some other software). I'm not as concerned with how to configure the DHCP/DNS as I am about what technologies (RFCs) I should understand. Does anyone have any pointers?



      PS: My network is actually more complicated with redundant services but I'll simplify to just the FW/router, the one network and dnsmasq.










      share|improve this question














      Let me start by asking to skip dual-stack discussions at this time. Any device that can only handle IPV4 only is stuck there and I'll worry about it later, if I need to. So this discussion is just about IPV6.



      I am using an Ubiquiti Firewall/router and it's currently setup for IPv4 with NAT (I want to keep that). I'm looking to setup IPV6 but I have a lot of questions. I've played with IPv6 tunnels a few years back it it seemed to work well. But I'm no longer using it. Now I want to get the IPV6 from my ISP (/60), split it at the FW/router (/64, Int 1 and Int 2) and have a separate server run the DHCP/DNS (dnsmasq, for local DNS). I'm not exactly sure where to start. I think I have a config for my FW/router (still checking it) but I'm uncertain how to get the network assignment to the DHCP server. I'm running dnsmasq on a Linux sever (but I can switch to some other software). I'm not as concerned with how to configure the DHCP/DNS as I am about what technologies (RFCs) I should understand. Does anyone have any pointers?



      PS: My network is actually more complicated with redundant services but I'll simplify to just the FW/router, the one network and dnsmasq.







      dhcp ipv6






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 28 '18 at 14:21









      Neil CherryNeil Cherry

      83




      83




      closed as too broad by harrymc, grawity, Twisty Impersonator, LotPings, DrMoishe Pippik Jan 7 at 0:22


      Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.









      closed as too broad by harrymc, grawity, Twisty Impersonator, LotPings, DrMoishe Pippik Jan 7 at 0:22


      Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
























          1 Answer
          1






          active

          oldest

          votes


















          2















          Now I want to get the IPV6 from my ISP (/60)




          With most ISPs on a standard consumer plan, your WAN router will need to run a DHCPv6-PD client on the WAN side, to request a "prefix delegation" (IA_PD) of the desired size.



          Smaller and/or business-oriented ISPs might also perform manual prefix assignments, e.g. via support ticket. This works like it does in IPv4. It doesn't require any software on your router's WAN side, just static address/route configuration.



          Finally, if you have a multi-homed network (and a /48 at minimum), you might have to advertise your prefix using BGP to all your ISPs. This also works exactly the same way as it does in IPv4. But I suspect this is irrelevant to your current network.




          split it at the FW/router (/64, Int 1 and Int 2)




          If the ISP has statically routed a /60 to you, then just manually pick two /64's out of it and assign corresponding addresses to the router's LAN interfaces.



          But when using DHCPv6-PD, it depends on the ISP as to how dynamic the delegated prefix actually is – if you're lucky, you'll keep the same prefix forever (or at least as long as your router keeps the same DHCPv6 DUID/IAID, I think); if you're unlucky, the prefix can even change daily.



          This means that once the DHCPv6-PD client has received a prefix delegation lease, it needs to use some internal scripts or 'hooks' to automatically configure that prefix elsewhere on the system (that is, to assign subnets on the router's LAN interfaces and put them in your dnsmasq.conf or radvd.conf).



          I assume Ubiquiti router firmware would do this automatically. If using dhclient, everything would be done through dhclient-exit-hooks.d.




          have a separate server run the DHCP/DNS (dnsmasq, for local DNS)




          DHCPv6 is a secondary autoconfiguration protocol in IPv6 – the primary method is through ICMPv6 Neighbour Discovery Protocol, specifically the Router Advertisement packets (which can be sent by radvd, dnsmasq, or bird).




          • All systems can autoconfigure their own address from ICMPv6 RA (i.e. SLAAC), but only some support doing so from DHCPv6.


          • Obtaining the DNS server address is even more mixed – some systems can only use DHCPv6 for this, others only use ICMPv6 RA (i.e. RDNSS), some support both, and some support neither.


          • You can move most DHCPv6 and ICMPv6 RA features to a separate server, but – as far as I know – the router must still send its own RAs to advertise itself as the "default gateway".


          • From what I know, there is no "DHCP Relay" equivalent to ICMPv6 RA – the advertisements must be sent directly within the target subnet.







          share|improve this answer


























          • Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

            – Neil Cherry
            Dec 29 '18 at 16:18











          • My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

            – Neil Cherry
            Jan 2 at 17:43


















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2















          Now I want to get the IPV6 from my ISP (/60)




          With most ISPs on a standard consumer plan, your WAN router will need to run a DHCPv6-PD client on the WAN side, to request a "prefix delegation" (IA_PD) of the desired size.



          Smaller and/or business-oriented ISPs might also perform manual prefix assignments, e.g. via support ticket. This works like it does in IPv4. It doesn't require any software on your router's WAN side, just static address/route configuration.



          Finally, if you have a multi-homed network (and a /48 at minimum), you might have to advertise your prefix using BGP to all your ISPs. This also works exactly the same way as it does in IPv4. But I suspect this is irrelevant to your current network.




          split it at the FW/router (/64, Int 1 and Int 2)




          If the ISP has statically routed a /60 to you, then just manually pick two /64's out of it and assign corresponding addresses to the router's LAN interfaces.



          But when using DHCPv6-PD, it depends on the ISP as to how dynamic the delegated prefix actually is – if you're lucky, you'll keep the same prefix forever (or at least as long as your router keeps the same DHCPv6 DUID/IAID, I think); if you're unlucky, the prefix can even change daily.



          This means that once the DHCPv6-PD client has received a prefix delegation lease, it needs to use some internal scripts or 'hooks' to automatically configure that prefix elsewhere on the system (that is, to assign subnets on the router's LAN interfaces and put them in your dnsmasq.conf or radvd.conf).



          I assume Ubiquiti router firmware would do this automatically. If using dhclient, everything would be done through dhclient-exit-hooks.d.




          have a separate server run the DHCP/DNS (dnsmasq, for local DNS)




          DHCPv6 is a secondary autoconfiguration protocol in IPv6 – the primary method is through ICMPv6 Neighbour Discovery Protocol, specifically the Router Advertisement packets (which can be sent by radvd, dnsmasq, or bird).




          • All systems can autoconfigure their own address from ICMPv6 RA (i.e. SLAAC), but only some support doing so from DHCPv6.


          • Obtaining the DNS server address is even more mixed – some systems can only use DHCPv6 for this, others only use ICMPv6 RA (i.e. RDNSS), some support both, and some support neither.


          • You can move most DHCPv6 and ICMPv6 RA features to a separate server, but – as far as I know – the router must still send its own RAs to advertise itself as the "default gateway".


          • From what I know, there is no "DHCP Relay" equivalent to ICMPv6 RA – the advertisements must be sent directly within the target subnet.







          share|improve this answer


























          • Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

            – Neil Cherry
            Dec 29 '18 at 16:18











          • My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

            – Neil Cherry
            Jan 2 at 17:43
















          2















          Now I want to get the IPV6 from my ISP (/60)




          With most ISPs on a standard consumer plan, your WAN router will need to run a DHCPv6-PD client on the WAN side, to request a "prefix delegation" (IA_PD) of the desired size.



          Smaller and/or business-oriented ISPs might also perform manual prefix assignments, e.g. via support ticket. This works like it does in IPv4. It doesn't require any software on your router's WAN side, just static address/route configuration.



          Finally, if you have a multi-homed network (and a /48 at minimum), you might have to advertise your prefix using BGP to all your ISPs. This also works exactly the same way as it does in IPv4. But I suspect this is irrelevant to your current network.




          split it at the FW/router (/64, Int 1 and Int 2)




          If the ISP has statically routed a /60 to you, then just manually pick two /64's out of it and assign corresponding addresses to the router's LAN interfaces.



          But when using DHCPv6-PD, it depends on the ISP as to how dynamic the delegated prefix actually is – if you're lucky, you'll keep the same prefix forever (or at least as long as your router keeps the same DHCPv6 DUID/IAID, I think); if you're unlucky, the prefix can even change daily.



          This means that once the DHCPv6-PD client has received a prefix delegation lease, it needs to use some internal scripts or 'hooks' to automatically configure that prefix elsewhere on the system (that is, to assign subnets on the router's LAN interfaces and put them in your dnsmasq.conf or radvd.conf).



          I assume Ubiquiti router firmware would do this automatically. If using dhclient, everything would be done through dhclient-exit-hooks.d.




          have a separate server run the DHCP/DNS (dnsmasq, for local DNS)




          DHCPv6 is a secondary autoconfiguration protocol in IPv6 – the primary method is through ICMPv6 Neighbour Discovery Protocol, specifically the Router Advertisement packets (which can be sent by radvd, dnsmasq, or bird).




          • All systems can autoconfigure their own address from ICMPv6 RA (i.e. SLAAC), but only some support doing so from DHCPv6.


          • Obtaining the DNS server address is even more mixed – some systems can only use DHCPv6 for this, others only use ICMPv6 RA (i.e. RDNSS), some support both, and some support neither.


          • You can move most DHCPv6 and ICMPv6 RA features to a separate server, but – as far as I know – the router must still send its own RAs to advertise itself as the "default gateway".


          • From what I know, there is no "DHCP Relay" equivalent to ICMPv6 RA – the advertisements must be sent directly within the target subnet.







          share|improve this answer


























          • Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

            – Neil Cherry
            Dec 29 '18 at 16:18











          • My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

            – Neil Cherry
            Jan 2 at 17:43














          2












          2








          2








          Now I want to get the IPV6 from my ISP (/60)




          With most ISPs on a standard consumer plan, your WAN router will need to run a DHCPv6-PD client on the WAN side, to request a "prefix delegation" (IA_PD) of the desired size.



          Smaller and/or business-oriented ISPs might also perform manual prefix assignments, e.g. via support ticket. This works like it does in IPv4. It doesn't require any software on your router's WAN side, just static address/route configuration.



          Finally, if you have a multi-homed network (and a /48 at minimum), you might have to advertise your prefix using BGP to all your ISPs. This also works exactly the same way as it does in IPv4. But I suspect this is irrelevant to your current network.




          split it at the FW/router (/64, Int 1 and Int 2)




          If the ISP has statically routed a /60 to you, then just manually pick two /64's out of it and assign corresponding addresses to the router's LAN interfaces.



          But when using DHCPv6-PD, it depends on the ISP as to how dynamic the delegated prefix actually is – if you're lucky, you'll keep the same prefix forever (or at least as long as your router keeps the same DHCPv6 DUID/IAID, I think); if you're unlucky, the prefix can even change daily.



          This means that once the DHCPv6-PD client has received a prefix delegation lease, it needs to use some internal scripts or 'hooks' to automatically configure that prefix elsewhere on the system (that is, to assign subnets on the router's LAN interfaces and put them in your dnsmasq.conf or radvd.conf).



          I assume Ubiquiti router firmware would do this automatically. If using dhclient, everything would be done through dhclient-exit-hooks.d.




          have a separate server run the DHCP/DNS (dnsmasq, for local DNS)




          DHCPv6 is a secondary autoconfiguration protocol in IPv6 – the primary method is through ICMPv6 Neighbour Discovery Protocol, specifically the Router Advertisement packets (which can be sent by radvd, dnsmasq, or bird).




          • All systems can autoconfigure their own address from ICMPv6 RA (i.e. SLAAC), but only some support doing so from DHCPv6.


          • Obtaining the DNS server address is even more mixed – some systems can only use DHCPv6 for this, others only use ICMPv6 RA (i.e. RDNSS), some support both, and some support neither.


          • You can move most DHCPv6 and ICMPv6 RA features to a separate server, but – as far as I know – the router must still send its own RAs to advertise itself as the "default gateway".


          • From what I know, there is no "DHCP Relay" equivalent to ICMPv6 RA – the advertisements must be sent directly within the target subnet.







          share|improve this answer
















          Now I want to get the IPV6 from my ISP (/60)




          With most ISPs on a standard consumer plan, your WAN router will need to run a DHCPv6-PD client on the WAN side, to request a "prefix delegation" (IA_PD) of the desired size.



          Smaller and/or business-oriented ISPs might also perform manual prefix assignments, e.g. via support ticket. This works like it does in IPv4. It doesn't require any software on your router's WAN side, just static address/route configuration.



          Finally, if you have a multi-homed network (and a /48 at minimum), you might have to advertise your prefix using BGP to all your ISPs. This also works exactly the same way as it does in IPv4. But I suspect this is irrelevant to your current network.




          split it at the FW/router (/64, Int 1 and Int 2)




          If the ISP has statically routed a /60 to you, then just manually pick two /64's out of it and assign corresponding addresses to the router's LAN interfaces.



          But when using DHCPv6-PD, it depends on the ISP as to how dynamic the delegated prefix actually is – if you're lucky, you'll keep the same prefix forever (or at least as long as your router keeps the same DHCPv6 DUID/IAID, I think); if you're unlucky, the prefix can even change daily.



          This means that once the DHCPv6-PD client has received a prefix delegation lease, it needs to use some internal scripts or 'hooks' to automatically configure that prefix elsewhere on the system (that is, to assign subnets on the router's LAN interfaces and put them in your dnsmasq.conf or radvd.conf).



          I assume Ubiquiti router firmware would do this automatically. If using dhclient, everything would be done through dhclient-exit-hooks.d.




          have a separate server run the DHCP/DNS (dnsmasq, for local DNS)




          DHCPv6 is a secondary autoconfiguration protocol in IPv6 – the primary method is through ICMPv6 Neighbour Discovery Protocol, specifically the Router Advertisement packets (which can be sent by radvd, dnsmasq, or bird).




          • All systems can autoconfigure their own address from ICMPv6 RA (i.e. SLAAC), but only some support doing so from DHCPv6.


          • Obtaining the DNS server address is even more mixed – some systems can only use DHCPv6 for this, others only use ICMPv6 RA (i.e. RDNSS), some support both, and some support neither.


          • You can move most DHCPv6 and ICMPv6 RA features to a separate server, but – as far as I know – the router must still send its own RAs to advertise itself as the "default gateway".


          • From what I know, there is no "DHCP Relay" equivalent to ICMPv6 RA – the advertisements must be sent directly within the target subnet.








          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 28 '18 at 18:33

























          answered Dec 28 '18 at 18:27









          grawitygrawity

          236k37500554




          236k37500554













          • Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

            – Neil Cherry
            Dec 29 '18 at 16:18











          • My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

            – Neil Cherry
            Jan 2 at 17:43



















          • Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

            – Neil Cherry
            Dec 29 '18 at 16:18











          • My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

            – Neil Cherry
            Jan 2 at 17:43

















          Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

          – Neil Cherry
          Dec 29 '18 at 16:18





          Thanks, this is helping my understanding a lot. I've setup my FW & it appears there might be an issue with the FW (Ubiquiti Ether Lite) and IPv6. I am asking for a /60 with a prefix id of ::2 (I think this will ask fo4 2 networks). I get addresses to the PCs but I get no routing from the PCs to the Internet even though there is a route.

          – Neil Cherry
          Dec 29 '18 at 16:18













          My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

          – Neil Cherry
          Jan 2 at 17:43





          My IPv6 setup died, there is a router firmware issue (IPv6 route tables are going nuts). So I will put the project on hold until I see stable firmware. Bu this did answer my question. Thanks

          – Neil Cherry
          Jan 2 at 17:43



          Popular posts from this blog

          Сан-Квентин

          Алькесар

          Josef Freinademetz