dnsmasq and ipv6 config

[Patrick M. Hausen]

You can't. A /64 is the only possible network size on a broadcast (Ethernet) interface. Your ISP is supposed (by recommendation of all regional Internet registries like e.g. RIPE for Europe) to assign you a /56 and never anything smaller.

[Monviech (Cedrik)]

Or you use the ndp proxy from earlier which helps you to provide the same /64 to any amount of downstream vlans. You dont need to think about subnetting when using it since it targets each individual host automatically via host routes.

Just turn off any dhcpv6 and RA service when using it.

[muchacha_grande]

Ok, from what Patrick said, if I can't subnet a /64 I have two options from here:

1. Pin to ISC that will be soon a plugin and discontinued afterwards

2. Implement NDP and forget about subnets (have to change my mind) and after that migrate to Dnsmask


Thank you Patrick and Monviech for you advice. I think I'll go on with the second option. Will post the results here of course.

[Maurice]

Why do you feel the need to internally use /80s based on your public /64? You could choose any unused /48 and subnet it into /64s for your VLANs. Since you use NAT anyway, your internal addresses don't really matter.

The ND proxy solution (without NAT) is preferrable though.

While it's technically possible to use prefixes longer than /64, it's not recommended and issues are to be expected.

[Patrick M. Hausen]

3. Kick your ISP until they follow recommended practice 🙂

https://www.rfc-editor.org/rfc/rfc3177

Code Select Expand

3. Address Delegation Recommendations

   The IESG and the IAB recommend the allocations for the boundary
   between the public and the private topology to follow those general
   rules:

      -  /48 in the general case, except for very large subscribers.
      -  /64 when it is known that one and only one subnet is needed by
         design.
      -  /128 when it is absolutely known that one and only one device
         is connecting.

   In particular, we recommend:

      -  Home network subscribers, connecting through on-demand or
         always-on connections should receive a /48.
      -  Small and large enterprises should receive a /48.
      -  Very large subscribers could receive a /47 or slightly shorter
         prefix, or multiple /48's.
[...]

So even a /56 is debatable although in most cases enough (I can theoretically have 256 VLANs with my /56 I get from Deutsche Telekom).

[muchacha_grande]

Kick your ISP until they follow recommended practice

Patrick, here in Argentina ISPs are offering to home user, services like the one I have. If I want a /48 prefix I need to pay a business plan and the costs are much higher. They argue that business plans has less downtime also, but I can see on the streets that the infrastructure is the same that of the home users (cables and equipment) so paying more money only to have a fixed IP or a /48 prefix doesn't worth it, for now. The game changer will be the day that they put me in a CGNAT network. That day I will have to go for a higher plan to keep a public IP.

Why do you feel the need to internally use /80s based on your public /64?

Some years ago, when I was configuring IPv6 for the first time, I had to chose between using GUAs or ULAs and someone advice me to use GUAs because Windows had some problems with ULAs. As I was using Windows at that time, I went with GUAs. Now I'm mostly using Linux and could try using ULAs.
I understand that when you say that I could chose any unused /48, you are talking about ULAs. Are you?

[Patrick M. Hausen]

You could write to LACNIC asking if there is any way to exert some pressure on ISPs who do not follow proper conventions. ISPs in your country get their IP addresses from LACNIC and with almost certainty signed that they will use them adhering to standards.

Yes, for NAT66 you could use some GUA that you know are unused. ULA is not recommended, because happy eyeballs prioritises it after IPv4.

[OPNenthu]

However, there are no IPv6 leases being registed in dnsmasq.  The only way I am able to get the leases registed is if I enter start and end IPv6 addresses, which adds an EXTRA IPv6 address to each device.

Re the DNSMASQ RA configuration I've tried all the options and no IPv6 address is assigned to the client.

I'm starting to think that dnsmasq is incapable of assigning an ipv6 address to the clients.

Where am I going wrong?

Ozzi, I think you might be getting mixed up about the different IPv6 RA modes and expectations with regard to the Leases table.  It's only when you're using DHCPv6 that IPv6 addresses are assigned to clients and in those cases the leases are tracked.  If you're using SLAAC (and only SLAAC) then those are stateless addresses generated on the clients themselves and they aren't tracked.

In the context of IPv4, yes, you are replacing (or "migrating") ISC with Dnsmasq because the DHCP server is typically used.

In the context of IPv6, there is no migration from ISC unless you were previously also using ISC DHCPv6 for leases, which is not typically used.  If you were only using SLAAC then you're not really "migrating" from ISC for IPv6.  You're just changing RA services.

Some clarifying questions to help us understand your goals:

1) Were you in fact using DHCPv6 before?  If so, do you have a specific reason or need for that? (e.g. some oddball clients that don't do SLAAC)
2) Are you OK giving up the idea that IPv6 clients should show up in the Leases table?

[muchacha_grande]

You could write to LACNIC asking if there is any way to exert some pressure on ISPs who do not follow proper conventions.

I will pass from that for now.

Yes, for NAT66 you could use some GUA that you know are unused. ULA is not recommended, because happy eyeballs prioritises it after IPv4.

That's ok. It is possible because NAT66 do the translation into a routable IP. Will do that.

Thank you.