Hi Community, how do I stop dhcpv6 from assigning GUAs (like 2001:db80:abcd:1234::567/128 (from my ISPs (DTAG) delegated ip6 prefix)) to my lan clients? My lan clients also do SLAAC, so in my opinion there is no need for dhcpv6 to assign GUAs.
I already tried:
dhcpv6-mode stateless, which doesn't do/change anything for me, my lan clients still get GUAs assigned from dhcpv6
setting option dhcpv6_na '0' on my lan interface (in dhcp config file), which doesn't do/change anything for me, my lan clients still get GUAs assigned from dhcpv6
setting ip6class 'local' on my lan interface (in network config file), this kind of does what i want, it stops dhcpv6 from assigning GUAs to my lan clients (and still assigns ULAs, exactly as i want it), but this also breaks global ip6 connectivity for my lan clients at the same time (well, works as designed i guess since this option will only accept local (ULA) ip6 traffic on the lan interface according to the docs)
So how do I (properly) stop dhcpv6 from assigning GUAs (and only GUAs) to my lan clients without breaking global ip6 connectivity at the same time?
yeah, i already tried setting ip6class="local" but then my lan clients loose global ip6 connectivity
or do i have to do all the settings under extra? (Using IPv6 by default + Disabling source routing + Announcing default IPv6 route + Disabling GUA prefix + Missing GUA prefix)
but when i disable dhcpv6 entirely what happens then to the ULAs?
you can disable the dhcpv6 and you'll get the slaac addresses only for the ULA and GUA. You can control the addresses given with ip6class, as mentioned earlier.
Using SLAAC XOR DHCPv6 is a client-side decision, nothing you could influence on the router (aside from not offering DHCPv6 or RAs at all, breaking all IPv6 connectivity), you should end up with one or more GUAs in either way.
As expected, you can't reach the internet without either NAT64 (horrible idea) or GUAs.
Thanks to the heavily dynamic IPv6 prefix assignments by DTAG (guaranteed to change on every login), there's no way for static IPv6 address assignments either, you effectively must use DHCPv6 or SLAAC (and get your GUA that way).
my lan clients have slaac GUAs all the time, so why is ip6 internet connectivity broken for them when i set ip6class 'local' on my lan interface? is local ip6class also supposed to stop slaac GUAs from working and/or connecting to the internet?
Of course you can, by filtering (option ip6class 'local') for the ULA prefix only. Doing so just doesn't make sense, your clients wouldn't have IPv6 connectivity to the outside anymore - you can't access the internet with an IPv6 address from an ULA prefix.