How to use the entire delegated prefix for SLAAC?

Started by trick77, April 25, 2024, 08:47:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 25, 2024, 08:47:43 AM
I have a very simple IPv6 setup. No VLANs, no prefix delegation to other routers. I request a prefix from my ISP, get a (random) ::/56 assigned and use Track Interface on the LAN-side which chops the /56 into /64s depending on the prefix id. A static /56 DHCPv6 configuration on the LAN side breaks every time I'm getting a new prefix. That's why I'm only using SLAAC via an unmanaged RA in the LAN.

Now, since I like the Privacy Extension very much, I would like to make the entire /56 available for SLAAC on the LAN side instead of just one /64. How could I do this with a non-static/stateless (redarding a specific IPv6 prefix) approach?

I already tried with 0 in "Prefix Interface Site-Level Aggregation Length" (instead of 8 ) which did not work in combination with the Track Interface option.
April 25, 2024, 08:50:38 AM #1
Keep in mind SLAAC is only /64 anyway. You could assign multiple /64 but it's not supported by the config.

You can distribute part of the prefix via DHCPv6 PD to further downstream routers, but all they do is break it up and deliver /64 networks again via DHCPv6 NA or SLAAC. ;)


Cheers,
Franco
April 25, 2024, 08:50:53 AM #2
Every broadcast domain is a /64 in IPv6. One size fits all. That is the size of the legacy (IPv4) Internet squared, already.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 25, 2024, 08:53:08 AM #3
Ahh too bad :-\
Thanks guys!
April 25, 2024, 08:53:23 AM #4
See https://docs.opnsense.org/manual/ipv6.html#track-interface
QuoteThis mode uses a WAN DHCPv6 interface to assign a single /64 network to your LAN interfaces.

I don't get why 2^64 IPs should not be enough to obfuscate your IPs.
April 25, 2024, 08:59:51 AM #5
It's not about the size of the wave, it's about the motion of the ocean ;)

That's why I mentioned the Privacy Extension in my post. I want to randomize all address over the ocean, in this case the /56. Addresses in a /64 are regarded as coming from the same source when it comes to tracking, like a /32 in IPv4 terms. Using the full /56 would make it a little harder to track. Why waste them.
April 25, 2024, 12:04:39 PM #6
Quote from: trick77 on April 25, 2024, 08:59:51 AM
Why waste them.
Privacy Extension do only work on the same /64-prefix. You, as a beginner, shouldn't try to invent things. And for me, the whole /56 changes on a daily bases. There is no need to have more than one /64 involved with Privacy Extension anyway.
April 25, 2024, 12:25:26 PM #7
Tracking can use IP adresses but it is more effective using different methods. Mobile devices change their prefixes (between wifis and cell service) over and over again. Doesn't help them. :-)
April 25, 2024, 04:45:22 PM #8
Quote from: Bob.Dig on April 25, 2024, 12:04:39 PM
You, as a beginner

LOL love the spirit here!
April 25, 2024, 05:03:14 PM #9
Hardware:
DEC740
Print
Go Up Pages1
User actions