Should the openwrt ipv6 address be within its ipv6-pd prefix?

I'm trying to fix lost ipv6 connectivity, but first, I have a question about ipv6-pd, which may be related.

The ipv6-pd address is a /56 subnet, so all its addresses should have the same first 56 bits (7 bytes). But the first 7 bytes of the interface ipv6 (/128) address are not the same as the first 7 bytes of the interface ipv6-pd (/56) address. Only the first 4 bytes (32 bits) are the same. Is this normal, or is there a misconfiguration somewhere (either my openwrt configuration or the ISP configuration). Why would my ISP give my router a /56 subnet, and also give the same router a separate /128 address? According to my ISP documentation of ipv6, it "provides IPv6 through 6RD using a tunnel" and "IA_NA / IA_PD. IA_NA gets a v6 on the RG WAN interface. PD (Prefix Delegation) gets subnets (the /56) to the router so it can dole out assignments for networks."

My openwrt device has both ipv4 and ipv6 connectivity (ping -4 and ping -6 work). But my laptop, connected to the openwrt lan, does not have ipv6 connectivity (ping -6 to and other ipv6 addresses does not return any packets). A few days ago, both the openwrt router and my laptop had both ipv4 and ipv6 connectivity. I have not made any configuration changes. I had a daily openwrt cronjob running "/sbin/ifup wan; /sbin/ifup wan6" to get new IP addresses every day, and it did get new ipv6 and ipv6-pd addresses. I stopped running this cronjob for now, until I resolve the ipv6 connectivity problem. All pairs of ipv6 and ipv6-pd addresses that I've seen do not have the same first 7 bytes.

My WAN IPv6 address is 2001: while my LAN PD is 2601: using Comcast/Xfinity in the US. I consider it normal.

1 Like

For your LAN.

So it (and the rest of the internet) knows where to route traffic for your /56 delegation.

1 Like

What you describe e.g. the different /128 address of the wan is perfectly normal.

Running the cronjob like you are doing is not recommended.

Try to power down the modem and router.
After 5 min power up the modem, after 5 more minutes power up the router


The /128 that your router gets for its WAN makes it part of your ISP's network. Your neighbors up the street and across town probably have a WAN address in the same /64, again making them part of the same network.

The ISP then creates a separate /56 prefix that it delegates to your router for use on your LAN and sets up a route that maps the /56 to your router. You can use the /56 to create your own subnets, say delegate /60s to each of your half dozen subnet routers (assuming you have a very large home network :grinning:).

It is more normal than not for the WAN address to come from the ISP's DHCPv6 pool, than it is to be part of the PD space (I've never seen otherwise although it's theoretically possible).


I did that and got the same exact ip addresses (ipv4, ipv6, ipv6-pd), and the same problem.

From the informative answers here (thank you), I deduce that my wan ipv6 address is routed correctly, but my ipv6-pd address is not. I ran the openwrt Ipv6 Traceroute diagnostic, and it seems to succeed, using the ipv6 (wan) address. How can I run the same test using the lan address? If not from openwrt, then from my linux laptop?

Which ipv6 address can I use to ssh to my openwrt router from my LAN?

Sorry for not looking this up. It seems that I needed to install "traceroute", and then run something like:

traceroute -6

Using traceroute from my laptop, I find that the first hop is to the ::1 address of the LAN network. I can ssh to the router using this address.

You can use a traceroute tool/website. You must test from the Internet if you want to see a full trace.

You can use any IP assigned to the device, as long as the SRC zone allows the input traffic.


Hosting providers seem to do it differently. Each of my Hetzner cloud servers, for example, gets a /64 ipv6 address. It doesn't get separate ipv6 and ipv6-pd addresses.

Comparing an ISP and a (cloud) datacenter is like comparing apples with oranges...
As always: it depends.

For an ISP it is more "sane" to define the customer wan link a dedicated subnet and then route the customer prefix via this wan subnet.
Within a "typical" cloud environment where customers just expect to deploy VMs but dont care to manage the network or routers, it's "easier" to just attach the same layer 2 network to all VM.
But you can also build a pure layer 3 / routed network as an cloud provider.

Edit: iirc Openstack for example supports customer prefix delegation