8

(this was flagged as off-topic over at Network Engineering, and suggested to move here)

I have finally got an IPv6 address for my network. Being able to do VoIP and peer-to-peer networking without NAT intermediaries is great. My (Linux-based) router receives a 128-bit IPv6 address corresponding with a 64-bit IPv6 subnet (e.g. 2aaa:::1234/64) from the ISP.

I'm trying to understand what is (are?) the correct, standard, flexible, future-proof ways to distribute IPv6 addresses to other systems within my home network. It appears that any of the 2^64 addresses within the /64 block assigned to the router will be routed to it. Great, but… there are a few things about IPv6 addressing and routing that are confusing me:

  1. I gather that "standard" IPv6 subnets are not supposed to be any smaller than /64. If that's the case, how is a home router with a /64 address supposed to subdivide this network to assign it to different devices within the network?
    • Is it sane/valid/reasonable for me to route the same /64 subnet to both the Internet-facing and LAN-facing interfaces of the router?
  2. Ignoring stateful firewalling, it seemed at first that I might not need the router to do anything at all other than forward IPv6 packets between its interfaces (Internet-facing and LAN-facing). It seems that the IPv6 address autoconfiguration mechanisms (SLAAC, DAD, RA) can in some cases remove the need for the intermediate router altogether; no NAT, no DHCP, nothing.
    • I tried this, but it doesn't seem to work on Android devices. If my router just forwards packets, the Android devices don't configure themselves to use IPv6; it appears I need DHCPv6 for this.
  3. Is prefix delegation part of the answer here? I'm fuzzy on exactly what it entails, but I believe it's supposed to mean that the ISP provides me with both an Internet-facing IPv6 /64 subnet as well as a LAN-facing IPv6 /64 subnet. I can't find a fully worked-through example of PD, though, and might be off-base.
    • Per rdisc6, my ISP gives me only a single /64 prefix… not multiple prefixes like in some examples I can find.

I guess what it comes down to is this: I have an Internet facing IPv6 address and 64-bit IPv6 subnet. What is the preferred standards-compliant, and ideally straightforward and portable, way for me to distribute IPv6 addresses to devices within the local network?

Improve this question
0

2 Answers 2

Reset to default
1

One /64 prefix is only enough for a single network, such as a single Ethernet LAN. If you want to have multiple separate IPv6 networks on your greater home network, such as a separate guest network or a separate IoT network, then you need your ISP to delegate a shorter prefix (more address space) to you, such as a /60, which would give you 16 /64's to play with. IPv6 prefix lengths are often multiples of 4 bits for various logistical reasons.

The standard way to have your devices get addresses is via SLAAC. It's universally supported and doesn't require any additional setup. I don't know why you saw an Android device fail to do SLAAC on your network. That's probably an issue to troubleshoot on your network or on your device, not a problem with all Android devices on all networks.

Prefix delegation is a way for an upstream network (router plus DHCP server) to tell a downstream router what prefix the downstream router should use on the downstream side. If you were already getting more than one /64, and you were setting up multiple separate IPv6 routers within your home, you could conceivably set up prefix delegation within your home, but that would probably be more hassle than it's worth. It would be way simpler to just manually configure each of your in-home IPv6 routers with the right prefixes, and configure your head-of-network IPv6 router with static routes to those routers.

Improve this answer
4
  • 1
    I really only need a single network. One of the things that's a bit confusing to me is that it seems IPv6 standards don't want me to be subdividing a /64 network further. So, given that my router's WAN interface has been assigned a “whole” /64, what part of it it should the router “keep” routed to itself, and what part should be routed to clients? Should the router's WAN interface only have a /128 routed to it, with everything else in the /64 subnet routed to the LAN interface?
    – Dan
    Commented Apr 27, 2020 at 18:35
  • What I've ended up doing is: take the $ADDR/64 given to the WAN side of the router, and reassign it to the LAN side, while keeping /128 for the LAN side (ip addr del $ADDR/64 dev $WAN; ip addr add $ADDR/128 dev $WAN; ip addr add $(ADDR_INCREMENTED_BY_ONE)/64 dev $LAN). Then enable forwarding and tell dnsmasq to advertise the /64 route to LAN clients (with ra-stateless, ra-names, slaac). Seems to be working fine though I don't know if this is in any way a standard approach, or if I'm doing extra configuration unnecessarily…
    – Dan
    Commented Apr 29, 2020 at 23:15
  • 1
    @Dan What usually happens on Ethernet-like WAN links is the ISP's router uses router advertisements to advertise the prefix of the WAN link, and the customer's router uses SLAAC to give its WAN port a host address on that prefix. The customer's router also makes a DHCP-PD request to get a prefix delegated to it by the ISP's network infrastructure, and then the customer's router uses the prefix it was delegated as its LAN prefix (and advertises it via router advertisements on its LAN side). I don't think I'm fully tracking with your description of what you're doing, but it sounds backwards.
    – Spiff
    Commented Apr 30, 2020 at 1:08
  • "The customer's router also makes a DHCP-PD request to get a prefix delegated to it by the ISP's network infrastructure." Right. What appears to happen with my ISP is that I get the RA on the WAN link, giving me a /64 prefix… but I can't get another prefix delegated. I test with rdisc6 and I always just get the same /64 prefix; no others.
    – Dan
    Commented Apr 30, 2020 at 3:22
0

On a 128 bit IPv6 address, it's spilt in half between the Network side(the first side) and the host side. You should have 2 (More but to simplify the answer)IPV6 addresses from your ISP.

The same as IPV4 you will have a fixed address for your outside interface and an internal /64 for your network. 2001::

There can be some configuration needed using SLACC or DHCPv6. You would need to look at your router(DHCP Server) and Android device settings to make sure it's all right.

I don't think it's prefix designation

https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113141-DHCPv6-00.html

unless you do not have an outside interface IP yet; then it would be an PPPoE issue.

Bottom line, if you only want that /64 be a single flat LAN; you're good to go. If you're doing separate networks you can break them down to /127s. The /64 matters for the network side of address to function as intended. Like if you started handing out /50s it would freak your host gear out.

If you want to post some more info we can go over it.

Improve this answer
3
  • I definitely only get a single /64 from my ISP. I've confirmed this by playing around with rdisc6.
    – Dan
    Commented Apr 27, 2020 at 16:24
  • Can you google "what's my ip?" Just block out an octect. Not the first.
    – Reckless Liberty
    Commented Apr 27, 2020 at 16:45
  • Post the results of an ipconfig/ifconfig \all off a device that is getting an address too plz
    – Reckless Liberty
    Commented Apr 27, 2020 at 16:46

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .