Prefix delegation to sub nets
Brian E Carpenter
brian.e.carpenter at gmail.com
Mon Jun 28 04:18:39 CEST 2021
> Unfortunately there are ISPs that are giving out /64 or even smaller. The claim is that is only temporary, but no indication of when that would
stop.
They need to be named and shamed. We have that problem with 3GPP operators in particular.
Regards
Brian Carpenter
On 28-Jun-21 10:39, Doug Hardie wrote:
>> On 27 June 2021, at 14:07, Brian E Carpenter <brian.e.carpenter at gmail.com> wrote:
>>
>> Please don't look at ancient drafts. Look at the homenet architecture RFC:
>> https://www.rfc-editor.org/info/rfc7368
>
> I went looking when I saw the date on the draft and found the RFC.
>
>>
>> Definitively, using any prefix longer than /64 *will not work*. The /64 has been carved in stone for many years; that's *why* you get a /48 or /56
>> from the ISP.
>
> Unfortunately there are ISPs that are giving out /64 or even smaller. The claim is that is only temporary, but no indication of when that would
stop.
>
>>
>>> The B router receives the prefix via SLAAC and creates its own EUI-64
address. However, that router needs to create a smaller subnet...
>>
>> That doesn't work. B needs to get its own /64 prefix(es) from A via DHCPv6-PD (https://www.rfc-editor.org/info/rfc8415). That's what DHCPv6-PD is for. So A will indeed need to be a DHCPv6 server on its downstream interfaces.
>
> The issue is though how does the server get the prefix the client received? I suspect the script and restart of the server is probably the only
way at this tim.
>
>>
>> If you run OpenWrt on A, this is apparently supported. See https://openwrt.org/docs/guide-user/network/ipv6/dhcp6c#example. But I have no experience with that.
>>
>> Regards
>> Brian Carpenter
>>
>> On 28-Jun-21 08:32, Doug Hardie wrote:
>>>
>>> -- Doug
>>>
>>>> On 27 June 2021, at 12:41, Michael Chang <thenewme91 at gmail.com <mailto:thenewme91 at gmail.com>> wrote:
>>>>
>>>> If you actually want that topology, I think in practice the downstream
>> router (B) must be at least a /64; if you got a /48 then I think you can set up A with /56s, which it can use to sub-allocate a /64 to B.
>>>>
>>>> https://tools.ietf.org/id/draft-ietf-homenet-arch-01.html <https://tools.ietf.org/id/draft-ietf-homenet-arch-01.html>
>>>>
>>>> The config in section 7.2 of https://wiki.archlinux.org/title/IPv6#Prefix_delegation_(DHCPv6-PD) <https://wiki.archlinux.org/title/IPv6#Prefix_delegation_(DHCPv6-PD)> might be what you're looking for? (See the note
about `sla-len`.)
>>>
>>> The addresses could be done that way. However, the issue still remains, how does router B distribute the prefix? Is using a dual dhcp6c - dhcp6s the way to go and how does dhcp6s get the prefix from dhcp6c?
>>>
>>>>
>>>>
>>>> On Sun, Jun 27, 2021 at 12:05 PM Kristian McColm <Kristian.McColm at rci.rogers.com <mailto:Kristian.McColm at rci.rogers.com>> wrote:
>>>>
>>>> RFC 5375 advises against prefixes longer than /64.
>>>>
>>>> https://datatracker.ietf.org/doc/html/rfc5375#appendix-B.2 <https://datatracker.ietf.org/doc/html/rfc5375#appendix-B.2>
>>>>
>>>> A /48 gives you 65535 /64’s, why not use some of them?
>>>>
>>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>> *From:* ipv6-ops-bounces+kristian.mccolm=rci.rogers.com at lists.cluenet.de <mailto:rci.rogers.com at lists.cluenet.de> <ipv6-ops-bounces+kristian.mccolm=rci.rogers.com at lists.cluenet.de <mailto:rci.rogers.com at lists.cluenet.de>> on behalf of Doug Hardie <bc979 at lafn.org <mailto:bc979 at lafn.org>>
>>>> *Sent:* Sunday, June 27, 2021 2:54:01 PM
>>>> *To:* ipv6-ops at lists.cluenet.de <mailto:ipv6-ops at lists.cluenet.de>
>> <ipv6-ops at lists.cluenet.de <mailto:ipv6-ops at lists.cluenet.de>>
>>>> *Subject:* Prefix delegation to sub nets
>>>>
>>>> I am trying to setup an IPv6 environment. There is a primary
>> router (A) that receives a /48 prefix via DHCP6 from the ISP. That router
>> configures itself properly via dhcp6c. It also creates 2 LAN /64 prefixes and creates EUI-64 addresses on the two LAN interfaces. One of those interfaces is connected to a second router (B), among other devices. The B router receives the prefix via SLAAC and creates its own
>> EUI-64 address. However, that router needs to create a smaller subnet, /72, and distribute it to the devices on that LAN. I have not been able to figure out how to make that happen.
>>>>
>>>> Clearly, manual configuration would work, but the prefix received
from the ISP can change which would raise havoc with the network. I
>> suspect that dhcp6s needto be run alongside dhcp6c on router B and then the other devices run dhcp6c. However, I don't see how to get the prefix that dhcp6c receives on router B to the dhcp6s process on router B. I
believe I am missing something, but haven't been able to find it. Thanks,
>>>>
>>>> -- Doug
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>> This communication is confidential. We only send and receive email
>> on the basis of the terms set out at www.rogers.com/web/content/emailnotice <http://www.rogers.com/web/content/emailnotice>
>>>>
>>>>
>>>>
>>>> Ce message est confidentiel. Notre transmission et réception
de courriels se fait strictement suivant les modalités énoncées dans l’avis publié à www.rogers.com/aviscourriel <http://www.rogers.com/aviscourriel>
>>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> --
>>>> Michael Chang
>>>
>>
>
More information about the ipv6-ops
mailing list