Multiple IPv6 ranges in LAN

Started by kryptonian, May 01, 2024, 01:54:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 01, 2024, 01:54:48 PM
It seems that there's no way to currently add more prefixes to LAN other than static or track?
I think it should be allowed to also allow for ULA prefix to be set for interfaces, as if you're using a DHCPv6 delegated address for BGP neighbors, that's going to be very painful to have to change when your prefix happens to change instead of just doing BGP over the ULA?

The IPv6 standard allows for multiple prefixes, so why not opnsense?
May 01, 2024, 02:23:05 PM #1
> It seems that there's no way to currently add more prefixes to LAN other than static or track?

To be precise: when tracking you can only track one /64 subnet per interface. In static configurations you can do whatever you want (with virtual IP additions).

And to be frank: you can set up prefix delegation for your LAN, but then again you haven't explained your use case at all...

> I think it should be allowed to also allow for ULA prefix to be set for interfaces, as if you're using a DHCPv6 delegated address for BGP neighbors, that's going to be very painful to have to change when your prefix happens to change instead of just doing BGP over the ULA?

I don't think someone stops you from giving out a ULA via PD in DHCPv6 through LAN (see above), but the whole need for this trickery eludes my understanding.

> The IPv6 standard allows for multiple prefixes, so why not opnsense?

I'm not sure if you are shifting scope or mixing up terminology...

Multiple prefixes via DHCPv6 are possible, but OPNsense only uses the first one given by the ISP.

Prior you talked about multiple prefixes on LAN, but you don't have multiple prefixes on LAN you have multiple subnets unless you want to hand them over via DHCPv6 PD to a downstream router?!

Consider me confused.


Cheers,
Franco
May 01, 2024, 04:47:51 PM #2
Let me try to be more precise.

I'm trying to have IPv6 TRACK from WAN on my LAN interfaces, whilst having a separate ULA prefix on LAN for BGP communication (Kubernetes) due to to how the IPv6 delegation on WAN tends to change, with it my other interfaces too as they track it so it works like it's supposed to.

The ULA (Unicast Local Address) has nothing to do with my upstream ISP's DHCPv6 and thus prefix delegation.

Example:

I have an host in LAN, that has 2 IPv6 address from two separate subnets: 2001:14ba::* and fd9d:7a72:44eb:d::/64 before moving to opensense. I want to keep that. The first subnet is from a DHCPv6-PD though the track interface.

I DO NOT want DHCPv6 on LAN, as that's handled via SLAAC / Router Advertisements.


The question thus is: Can I currently not have a track IPv6 in use for a LAN interface AND manual static IPv6 prefix on the same interface? If it's possible, what's the correct way to do so?

I don't know how it wasn't clear on the first post, prefix/subnet to me are the same thing or at least they are usually used interchangeably.
May 01, 2024, 05:13:19 PM #3
Can't you assign an ULA in addition to the "track" setting, then? I use static configuration, so my test might not be applicable to your system, but seriously - that should "just work".

1. Interfaces > Virtual IPs > Settings
2. See screenshot
3. Result:
Code Select
root@opnsense:~ # ifconfig vlan01
vlan01: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN (lan)
options=4000000<NOMAP>
ether f4:90:ea:00:ca:6a
inet6 fe80::f690:eaff:fe00:ca6a%vlan01 prefixlen 64 scopeid 0xb
inet6 2003:a:d59:3800::1 prefixlen 64
inet6 fd5d:1832:72cd::1 prefixlen 64
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255


Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 01, 2024, 05:21:35 PM #4
Hey,

Thanks for that. I got confused as the interface page wouldn't let me do it so I was able to do it via Virtual IPs and set the type to Alias IP.
Print
Go Up Pages1
User actions