Ip6assign configuration

Why I can't use less a prefix less than 64 on the ip6assign option? All ISPs where I live will only give /64 to clients and it would be nice if I could use something like /80 since I have multiple LAN interfaces.

Or maybe I'm doing something wrong here that needs to be figured out, will appreciate help either way.

The minimum prefix length for a network is 64, as the rest 64 bits are expected to identify the host.
Giving only a /64 to clients is rather cheap and it is worrying me that I read it again here not so long ago.
Where do you live, out of curiosity?

2 Likes

Extending trendy's reply, SLAAC (which is used by all android based devices and some IoT ones) hard-depends on having a /64 subnet at its disposal, as it derives its IPv6 addresses from the MAC address (plus privacy extensions, so outgoing connections will not leak your MAC); it is not possible to use devices using SLAAC with smaller prefixes. DHCPv6 'could' work with smaller prefixes, but even there having a /64 prefix is the expected behaviour and you will be faced with numerous subtle and less subtle issues (and bugs) if you divert from assigning a /64 for your network(s).

ISPs are supposed to issue prefixes large enough for multiple /64 subnets to their users, a common prefix lengths for consumer contracts would be a /56, sometimes even up to a /48. If you only get a single /64 subnet and not at the very least a /62 or /60, I would complain to your ISP and look for alternatives.

Dynamic IPv6 prefixes are another common misfeature you'll inevitably face with consumer contracts, with quite wide ranging consequences - but rarely a(n economically feasible) way out of this.

2 Likes

@trendy Central Brazil

@slh Oh ok, so /64 is a hard requirement. Getting another provider is out of question for now and I don't think this would help me since I'm yet to see another provider giving off more than /64, this is a very common occurrence. Also, I don't think complaining would do any better since dual stack is "test feature" they offer. Is there anything I can do on my end before I say i'm royally screwed?

LAN ipv6 segmentation management, if that is the concerned matter, is independent of the ISP's prefix delegation and can be done with a ULA prefix /48.

Whilst in my use case the ISP provides a /56 prefix for downstream delegation it nonetheless rolls the prefix every 24 hours and thus providing only a dynamic ipv6 range unsuitable for LAN management. For that purpose I manage the LAN ipv6 segmentation with a stable ULA prefix /48.

This is a bit different problem here, as the OP can only have only one IPv6 enabled interface with the unique /64 prefix his ISP delegates him.

1 Like

Then perhaps I do not see what the actual problem is and having a hard time to comprehend the deprecatory comments about a publicly routable ipv6 /64 prefix delegated from the ISP.

No such comments are made about /32 ipv4 prefix delivered from the ISP and LAN being managed behind NAT within the private/local ipv4 address space - sort of what ULA is for in ipv6.

For the management of LAN ipv6 subnets I would not leverage the publicly routable ipv6 prefix delegated from the ISP in the first place but ULA instead, similar to the private/local ipv4 address space, and be independent from what the ISP delegates downstream (be it a /64 prefix and/or dynamic prefix).

Another use case, perhaps not that common, is a travel router that gets frequently exposed to different ISPs that may not even offer ipv6 and yet still the LAN ipv6 space can be set/managed conveniently with stable ULA.

The problem is that he has more than one LAN interfaces. Maybe an IoT, some Guest, etc. Those are not able to work with Global IPv6.

1 Like

Why not? With the publicly routable ipv6 /64 prefix each host gets the same delegated ipv6 /64 prefix which is then trailed by the unique host identifier (incl. potential privacy extensions). Where is the problem in that for accessing the public inet space?

ULAs are nice, but they won't get you a globally routable address - if you only define IPv6 ULAs, you can't reach the outside via IPv6 (as, contrary to IPv4, there is no NAT going on for IPv6).

1 Like

The OP did not mention any issue getting a publicly routable ipv6 /64 prefix for each host in the network but stated

and that can be achieved conveniently with ULA (/48 prefix), if the concern is the management of LAN ipv6 subnets.

If there is no problem, please show a configuration example for 2 interfaces LAN1 and LAN2 sharing the /64 prefix delegated.

1 Like

There is no LAN iface configuration example for SLAAC due to its design (advertisement | solicitation)

Why anyone wants to use the publicly routable ipv6 prefix (being depended on the ISP) for the management of LAN segmentation is a bit baffling, unless publicly routable subnets are somehow required.

For public routing purposes the /64 prefix, with a total address space of 18,446,744,073,709,551,616 IPs, suffices.

If one does have no use for ULA to manage LAN segmentation but wants segregation between different LAN ifaces VLAN and/or appropriate packet filtering (firewall) are common tools.

Too much blah blah, no solution.

2 Likes

Perhaps you would like to share what problem you are facing and seeking a solution to?

To sum up:

  • publicly routable ipv6 prefix /64 provides suitable ipv6 address space for downstream hosts
  • SLAAC by design (advertisement | solicitation) handles the ipv6 address generation for each downstream host
  • if publicly routable ipv6 subnets are required the ISP would have to provide larger address space with a different prefix than /64 or else no dice

This is the conclusion we came up from the beginning. For some reason you got stuck with ULA for management, which is not OP's concern.

1 Like

The OP did not state that publicly routable ipv6 subnets is the requirement but

For me it just was not clear whether OP sought a way to manage ipv6 subnets in a LAN environment or requires publicly routable ipv6 subnets.
We just may have interpreted the OP's concern differently.

The OP is complaining that his ISP is allocating only a /64 prefix and that he cannot allocate that to multiple interfaces, because the minimum in ip6assign option is 64. So he was wondering why he cannot split the /64 he was delegated into /80.

1 Like

It is nowhere mentioned whether the subnet segmentation is required in public address space (GUA) or private address space (ULA). That the ISP is allocating a /64 prefix was given as a supplementary fact. If you infer from it that GUA is the requirement then let me repeat

Um, all the IPv6 terminology is quite confusing to me as I'm rather new to this, it's my first time trying to setup an IPv6 network.
Basically, I want to distribute this /64 to not only my LAN but also my homelab interfaces by whatever means possible and that's why I got stumped when I couldn't divide it into /80s. The wiki docs didn't help me much beyond setting up SLAAC.