How do IPv6 Router Advertisements get across VLANs?

Started by barney, April 20, 2026, 03:01:31 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
April 22, 2026, 04:59:52 AM #15 Last Edit: April 22, 2026, 10:33:38 AM by barney
QuoteIf the Dirigera has no internet access, how can devices behind it have internet?

Neither the Dirigera nor any of the devices behind have internet access (see note below) - all of my monitoring / automation is local using openHAB. If I want to access stuff remotely I can VPN in to my openHAB server and control it via that.

Note: I did need to allow the Dirigera internet access when first commissioning it as it wanted to check / download the latest firmware before letting me do anything. I'll also open that up again if later firmware is released. If specific device firmware updates are release I may need to allow the devices internet access at that time.

I have no real problem with connecting stuff to the cloud if they need it, but as a general approach I just don't let anything out unless I want it to - not because the manufacturer wants it! If I do ever get a device that really does require cloud access then I'll create a rule to let that out.

QuoteI shouldn't have assumed how your environment is.

No problem - I appreciate you taking the time help.
April 22, 2026, 01:39:45 PM #16 Last Edit: April 22, 2026, 01:41:26 PM by mooh
Quote from: barney on April 22, 2026, 03:39:44 AMI think I must be using the latter... all of the matter devices in the thread network have a ULA IPv6 address that is routeable across the network (Dirigera supports Matter 1.4 if that makes a difference) - this is the address that is published in the mDNS message.

Very interesting. Looks like I have some reading to do, especially why there are multiple ULAs per device. Anyway, ULAs are not globally routable, just like link-local addresses. So my basic point is still true. These devices cannot reach the internet without some sort of proxy and none of your local networks without routing support.

Do you happen to have multiple thread networks in your home?
April 22, 2026, 05:19:27 PM #17
I just performed a little experiment setting up a new Matter over Thread border router and added 2 devices to it. The router was connected to a WiFi network, too. The border router created a unique local prefix for the Thread network and another one for WiFi. It did route between the two. It also got a GUA and an IPv4 address on the WiFi interface.

So, my statement that Thread uses link-local addresses is wrong. It uses ULAs.

I may have another look into this later.
Today at 01:32:21 AM #18
Quote from: mooh on April 22, 2026, 01:39:45 PMULAs are not globally routable, just like link-local addresses. So my basic point is still true. These devices cannot reach the internet without some sort of proxy and none of your local networks without routing support.
Yep, exactly - that was the point of my initial post. The RA the Dirigera publishes makes these devices routable within the VLAN but I needed to reach them from a server on a separate VLAN. My initial thought was to reuse the same RA, but adding a manual gateway / route seems a much better option.

Quote from: mooh on April 22, 2026, 01:39:45 PMDo you happen to have multiple thread networks in your home?
Nope, not yet. I've only just started with Thread so only have a few devices. If I expand on those I'm most likely going to put a Thread-enabled GPO or two in each room, which should establish a pretty solid mesh but it's still just extending the same network not creating a new one.

Cheers,


Print
Go Up Pages 1 2
User actions