Setting up and understanding IPv6

I'm still trying to get my head around IPv6 and despite the amount of free reading and watching tutorials on the internet I've been doing, I'm now stuck in regards to setting it up on OpenWrt especially with my current setup. I've had a look at some courses on Udemy but not sure if they will help me and whether they will cover enough detail. I think if I can understand IPv6 and set it up on OpenWrt I will understand IPv6 a lot better anywhere I use it.

Some basics I know about IPv6

  1. Every interface creates a link-local address that is pre-fixed with fe80. This is equivalent to 169.254.0.0 addresses seen in IPv4.

  2. The 128bit IPv6 address is made up of 8 × 16bit blocks known as hextets

  3. The first 64bits are the routing prefix (also known as the global prefix) and the remaining 64bits are for the host.

  4. ULA (unique local addresses) prefix is the equivalent of the private addresses in IPv4 (RFC1918). The address range is from fd00:0000:0000:0000:0000:0000:0000:0000 through to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff which is a lot of IP addresses! It's written as FD00::/8

  5. Each hexadecimal character represents a nibble which is 4-bits across a base 16 numeric system

My network consists of three OpenWrt wireless routers (two of which are dumb APs) and two Netgear managed switches. I have several VLANs setup on all of the switches and everything is handled by the main OpenWrt router a Linksys WRT1900ACS v2.

To make everything easy to remember and manage, the third octet of the network interface's IPv4 address is also the VLAN ID. Below are some of the static IPv4 addresses I have on the network interfaces:

  1. 192.168.1.0/24 (Admin/Management VLAN)

  2. 192.168.5.0/24 (Private. VLAN)

  3. 192.168.6.0/24 (Guest VLAN)

  4. 192.168.7.0/24 (IoT VLAN)

  5. 192.168.8.0/24 (Servers Management VLAN)

Essentially I would like to set equivalent static IPv6 addresses on these interfaces too. On my dumb APs I will need to use these static IPv6 addresses to point to the gateway and DNS server on the main router.

My ISP gives me a dynamic IPv6 WAN address with a /56 subnet which leaves me 256 subnets in which I can create VLANs. I've worked out that I can use the IPv6 assignment hint to create subnets within the network portion of the address (bits 60 - 64) and I have this matching my VLAN IDs.

Using the IPv6 ULA prefix defined under LuCI > Network > Interfaces > Global network options this leaves me the following IPv6 addresses for VLAN interfaces:

fd0e:47f3:5fa8:1::1/64 (Admin LAN)
fd0e:47f3:5fa8:5::1/64 (Private LAN)
fd0e:47f3:5fa8:6::1/64 (Guest LAN)
fd0e:47f3:5fa8:7::1/64 (IoT LAN)
fd0e:47f3:5fa8:8::1/64 (Server Management LAN)

Looking at my LAN interface I can also see the IPv6 assignment hint being contained inside my public IPv6 address, e.g.

2a00:abcd:1234:ef05::1/64

Now after watching this video again I think I have slight understanding of the Global Unicast Address (GUA) and worked out what the IPv6 assignment length does in OpenWrt. With 128 total bits in an IPv6 address, from a logical guess the 64 bits from the GUA plus the 64 bits in the ULA equal the 128-bit IPv6 address (GUA /64) + ULA /64 = IPv6 /128).

Below is the DHCP settings for my private LAN:

config dhcp 'lan'
	option interface 'lan'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option limit '100'
	option start '20'
	list dhcp_option '6,192.168.5.1,192.168.5.1'
	option ra_management '1'
	option ra_default '1'
	list dns 'fd0e:47f3:5fa8:5::1'

For perspective, on my phone I have the following IPv6 addresses:

1) fe80::3b27:220c:f91:4bb9
2) fd0e:47f3:5fa8:5:65b3:8083:e449:2354
3) fd0e:47f3:5fa8:5:797a:fe5c:3a7d:156a99
4) 2a00:abcd:1234:ef05:6be6:dd9e:3bc0:793a
5) 2a00:abcd:1234:ef05:65b3:8083:e449:2354

With the IPv6 assignment length set to /64, this defines the network prefix from my ISP (including my subnet defined by the IPv6 assignment hint) and I can see this in lines 5 and 6. I can also see that the remaining 64 bits of line 5 are also within the last 64 bits of lines 2. I can't understand the need for the second ULA though?

Now if my phone was using EUI-64 derived from the router I would see my phone's MAC address as shown below within the IPv6 address:

0c:ec:8d:a4:78:a8

I assume in my case my phone is using a randomised ULA as I've read on the internet that Android uses SLAAC only? Could someone explain why there is so many slight variations of IPv6 addresses, and is there a easy way to read IPv6 addresses?

I have also created a post on IPv6, WireGuard, NAT6 and DDNS and is posted here.

Your phone should have one semantically opaque IPv6 address in each prefix (they replaces addresses derived from EUI-64). (https://datatracker.ietf.org/doc/html/rfc7217). And also at least one temporary IPv6 address in each prefix. It may have multiple since temporary addresses are first preferred for some time, such as 24h, and valid for a longer time before they are removed. For privacy reasons temporary IPv6 addresses are usually used for outbound connections. But if you want to run a server then you probably want to use another address such as a semantically opaque address.

1 Like