IPv6 - the beginning #2

From now on My ISP offers IPv6 only.
By logging to ISP Box i have found: Delegated Prefix = 2001:aaaa:bbbb:ccc0::/60

Before I start to play around with OpenWRT configuration, I just connected a PC to the ISP box and this is what I see:

enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.212  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fdaa:1111:2222:0:5d4f:b6be:4a55:1317  prefixlen 64  scopeid 0x0<global>
        inet6 2001:aaaa:bbbb:ccc0:a454:2b80:b989:194e  prefixlen 128  scopeid 0x0<global>
        inet6 2001:aaaa:bbbb:ccc0:afa7:c735:7132:2c8  prefixlen 64  scopeid 0x0<global>
        inet6 2001:aaaa:bbbb:ccc0:5de9:894d:906e:178d  prefixlen 64  scopeid 0x0<global>
        inet6 fdaa:1111:2222:0:e761:7c7e:339d:19e5  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::2285:c634:7ce7:3006  prefixlen 64  scopeid 0x20<link>

Questions:

  1. How can I tell out of this output, what Global Unicast IPv6 address has been assigned to my PC?
  • Global Unicast IPv6 address "2001" - why there are 3 and one has /128 prefix length?
  • Local Unicast Addresses "fdaa" - why there are 2?
  • Link Local Address "fe80" - this is clear
  1. My Delegated Prefix = 2001:aaaa:bbbb:ccc0::/60
    2001 - 16bit
    aaaa - 32bit
    bbbb - 48bit
    ccc0 - 60bit and if there was anything else than "0", it would be then 64 bit prefix, correct?

3.What is the other way to find out what is my "Delegated Prefix"?
I know it only because I logged to ISP box.

Dump the network config and start digging:

$ ubus call network.interface dump
... cut 100s of lines ...
                        "ipv6-prefix": [
                                {
                                        "address": "2602:8800:4209:6010::",
                                        "mask": 60,
                                        "preferred": 43186,
                                        "valid": 43186,
                                        "class": "wan6",
                                        "assigned": {
                                                "lan": {
                                                        "address": "2602:8800:4209:6010::",
                                                        "mask": 60
                                                }
                                        }
                                },
...

These are all in the same /64 prefix (the first 64 bits 2001:aaaa:bbbb:ccc0 are the same) so they can be used interchangeably. PCs do this for privacy reasons, choosing new random /64 suffixes periodically so the individual PC can't be readily tracked. Of course anything within the /64 is coming from the same ISP customer and that can be tracked, like an IPv4 would be.

The ULAs cannot be routed on the Internet but the ISP may host their DNS service there for example. Again we see the PC choosing two random /64 IPs within the same prefix.

PCs do not request a delegated prefix. They only need one IP (or possibly additional ones within the same /64) to handle all requests to the Internet. Prefix delegation is used by routers so that different prefixes can be assigned to different LANs. If they only support /60 there is not a lot of that that you can do even with a router. With a reasonably large number of prefixes, a cascade of routers can be built for example at a campus with multiple buildings, each holding a block of prefixes which they further delegate to networks inside their building.

2 Likes

Hi MK24, thank you for your reply.

  1. I understand, if I connected my OpenWRT router to the ISP Box then I would get just one GUA? (yes/no)
  2. My Delegated Prefix = 2001:aaaa:bbbb:ccc0::/60, then why my PC have received /64 address?
    I was expecting to get something like: 2001:aaaa:bbbb:ccc0:5de9:894d:906e:178d prefixlen 60 and NOT 64.

A "link" or local network is / should be always a /64. Smaller networks should only be used on i.e. point to point links and even then a 64 is just fine...
Larger allocations are only set to enable prefix delegation to additional down stream routers to get additional prefix which can then be used on the down stream routers. Do not confuse this with access points or other devices which just extended the layer-2 (read as bridges or switches).

2 Likes

Depends on the setup of the ISP.
You could get an address via slaac and dhcpv6, or only slaac, or only dhcpv6. In the end it does not make that much of a difference.
If the ISP has a "proper" setup you should have a dedicated prefix/address for your wan interface and via prefix delegation a prefix which is used on the lan (one or more 64 like when multiple vlans are in use).

1 Like

Hi Bernd,
Thank you for quick reply.

In my question, I am referring to Global Unicast IPv6 address "2001", not to Link Local Address "fe80".
Is this still the case that although My Delegated Prefix = 2001:aaaa:bbbb:ccc0::/60, my local devices receive GUA "2001" /64 not /60?

Yes.
Just to repeat it. You have a link, a layer-2, and on this link a IPv6 host has always a link local address, and one or more gua on that link. (ULA is also of the scope GUA)
You could even end up with multiple addresses from different prefixes. Like when prefix assignments reach their validity.
And the Openwrt default setting on LAN with the 60 applies only then when a downstream devices (a router) requests not only an address but also one or more prefixes.
An example.i have on my wan an address only via dhcpv6 and my ISP hands me a /56. Out of this /56 I can delegate various /64 to each Vlan and a /60 which can be used by downstream routers...

1 Like

All 'delegated prefix' means (in this sense at least) is that the ISP has given you this address space for your own use. So you can use addresses from 2001:aaaa:bbbb:ccc0:: to 2001:aaaa:bbbb:cccf::.

As _bernd has explained, actual devices will (generally) use /64 addresses so that means you can allocate out 16 separate subnets within your network to use as you will. Now you might just be happy to have all your devices in one subnet in which case they'll all have 2001:aaaa:bbbb:ccc0::/64 addresses. But you might want to have a guest network, or an IOT/smart devices network, or both etc. so you can use ccc1, ccc2, ccc3, and so forth for other networks.

1 Like

Hi, thank you guys your replies.
I think its getting now more clear.

Lets see: so my Delegated Prefix is /60 bit long (ends at last "c") and 64th bit is where I have my address space.
That gives up me to 16 subnets to use (behind my OpenWRT router / downstream from my router) and each of these 16 subnets allows to allocate/assign 64 bit long GUA / IP addresses, right?

2001:aaaa:bbbb:ccc0
                  1
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  a
                  b
                  c
                  d
                  e
                  f

Yep, that's the case.

Great, thanks :slight_smile:

Side question: why does my ISP provides public IPv4 along IPv6?
That IP seems to be useless - I cannot ping it or reach it from outside.

But inet 192.168.1.21 is not public....

As IPv4 is really spare nowadays many ISP do either CG-NAT or provide v4 via v6. (There even multiple ways to transport IPv4 via IPv6 networks without tunnels, encapsulation or other translation techniques.)

Hi _bernd,
I am saying about Public IPv4 which is assigned to ISP box/router.
(not 192.168.x.x which is assigned to my LAN devices).

Because a significant amount of the internet still only runs over IPv4. It's very useful to have if you run any sort of services at home that you might want to connect to remotely.

Often the WAN IPv4 you have is a compatibility protocol that is interpreted inside the modem or gateway. The ISP has a connection to the IPv4 Internet so that sites which are V4 only can be reached. There are numerous ways that the customer's IPv4 is transported and NATd through the ISP's network which may be IPv6 only.

In many cases you can support IPv4 compatibility within OpenWrt (if there are V4 only devices on your network) and treat the WAN and modem as a V6 only link.

I got this from your first post and forgot about that these where from your PC on lan.

Besides that, even with nat64 and dns64 not everything can go via v6. Like connections with literal v4 addresses. IIRC you need xlat. So as long as there are that many legacy IP systems out there we need dual stack networks.

Ok, thanks for your replies.
This public IPv4 is assigned to my ISP box and ISP told me that there is no way to set their box into bridge mode.

So this how I understand my situation:

  • Public IPv4 on ISP Box is NATing IPv4 traffic from my LAN.

  • Once I connect my OpenWRT router to it, Im expecting that WAN(v4) interface will get private IP (192.168.1.x from ISP box) therefore I probaably should change on OpwnWRT LAN addresation to something else (eg. 192.168.2.x).

  • The above means that my OpenWRT will be IPv4 NAT behind ISP box IPv4 NAT (yes/no)?

  • To reach/connect to my OpenWRT router from outside/internet, I must use IPv6 assigned on WAN6 interface of my OpenWRT as this is only Public IP on my OpenWRT - yes/no?

Right, if the box can only be configured to NAT, a basic dual stack configuration will NAT twice (and it will almost certainly NAT again within the ISP network). This makes incoming IPv4 connections not possible.

See if they are doing DNS64 and NAT64, which is a way to support V4 from the edge of a network that is otherwise V6 only. Configure your router to use the ISP DNS server-- not a third party-- then run nslookup ipv4only.arpa. If this returns an IPv6 address it will be a special prefix that leads to a big NAT box at the ISP connected to the IPv4 Internet. OpenWrt supports doing this inside the router, so you don't need to make an IPv4 connection to the modem at all.

2 Likes

I have reset OpenWRT to initial settings/default settings and then connected OpenWRT WAN Port to ISP router's LAN port. Result is:

OpenWRT:

  • WAN port gets IPv6 but I cannot see Delegated Prefix (neither GUI nor CLI)
  • WAN port gets IPv4 local address 192.168.1.x

Devices in my LAN:

  • eth0 gets IPv6 but fdf9 type (not public)
  • eth0 gets PIv4 from OpenWRT DHCP 192.168.0.x

LAN devices do get access to the internet hosts but this is happening probably only because of IPv4 NAT and IPv6 is not in use.
Little help here please. What am I doing her wrong?