Route /64 IPv6 block to device

My ISP gives me a whole /48 IPv6 block. I would like route an entire /64 block to a device on the LAN. How would I go about doing this?

Using a dynamic routing protocol or set a static route?

I really have no idea how to even approach this. I set up a static /64 range (2a02:b46e:8dfc:1111::1/64) in addition to DHCPv6 (2a02:b46e:8dfc::234) on my interface on Debian, but it's not routable on the network.

3: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 1c:fd:08:74:9e:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.234/24 brd 192.168.1.255 scope global dynamic enp5s0
       valid_lft 25186sec preferred_lft 25186sec
    inet6 2a02:b46e:8dfc:1111::1/64 scope global deprecated 
       valid_lft forever preferred_lft 0sec
    inet6 fdc5:3ccd:3bdc::234/128 scope global dynamic 
       valid_lft 43102sec preferred_lft 43102sec
    inet6 2a02:b46e:8dfc::234/128 scope global dynamic 
       valid_lft 43102sec preferred_lft 43102sec
    inet6 fe80::1efd:8ff:fe74:9e0c/64 scope link 
       valid_lft forever preferred_lft forever

So my questions are:

  • How do I make packets to 2a02:b46e:8dfc:1111::/64 route to this device?
  • How do I make it routable on the WAN?

Note: I changed some digits in the public address for privacy reasons.

Routing is destination based: each time a packet reaches a routing device, the destination IP is looked up in a routing table is to see where it should be sent next.

So installing a route in with the (destination) interface being the eth port that the packet arrived on doesn't make any sense. The packet must not be forwarded out the port that it came in on. Instead the device will either in its kernel/userspace consume and reply to the packet, or forward it onward to another interface.

On the WAN side, the ISP has already set up routes so that anyone on the Internet can send a packet to any IP within your /56 prefix, and it will arrive at your router's wan port. Then your router would again either consume and reply to the packet, or look up in a routing table where to send it next. For forwarding a /64 subnet from the /56 prefix to a particular LAN where the Debian machine is connected, this takes just one route in the router's routing table. Also of course the firewall needs to be set to allow this incoming forward.

Could you help me with that?

What are you trying to achieve as an end result here? (Beyond the obvious answer of giving a device a /64 block of addresses)

It's for a little experiment of abusing IPv6's large address space. I want every ICMP packet targeted towards an address in that subnet to go to said device on my network.

So currently my network has addresses under 2a02:b46e:8dfc::/48, but I want everything under 2a02:b46e:8dfc:1111::/64 to route to that device.

Hi
then ...
assign 2a02:b46e:8dfc:0001::1/64 to LAN, fix debian on 2a02:b46e:8dfc:0001::2/64
and then
ip r a 2a02:b46e:8dfc:1111::/64 via 2a02:b46e:8dfc:0001::2

Can I assign 2a02:b46e:8dfc::1/64 to LAN instead or must the last hextet not be zero? Also how do I do this in LuCi?

Compressed Address: 2a02:b46e:8dfc::1/48
Range: 2a02:b46e:8dfc:0:0:0:0:0
so, yes ...

did you try to assign address manually ?

something like this

network->ruting->static ipv6 routes

example:

So I should create a new interface? Cause I can't have anything else in the /64 subnet obviously. What device do I attach the interface to? I see you attached it to a switch.

Hi

no, noooo, no
you asked how to do things in LUCI
since you asking basic question, i tried to make a few screenshot for you
these was an EXAMPLE
to see where you need to put values

no, don't create new interface
you want 2a02:b46e:8dfc::1 on LAN interface? righ, then, assign lo LAN