I've a FritzBox 6591 handing out PrefixPD to my routers. They are connected all over WAN interface with a switch between Fritzbox and Routers. Each LAN is getting its own Prefix. Recently I had a power failure. The devices were starting up with different speeds.
I realized that two of them suddenly had changed their prefixes.
RouterA had 2xxx:xxxx:xxxx:5550. Now its ...5551.
RouterB had 2xxx:xxxx:xxxx:5551. Now its ...5550.
On the FritzBox I didn't found any setting to influence the prefixes delegated to the devices.
I've found "Custom delegated IPv6-prefix" on OpenWrt.
If I change this I'm getting the old prefix and the new one I've defined under "Custom delegated IPv6-prefix".
How can I prevent OpenWrt to use/assign the other prefix which FritzBox is offering in addition to the one I've defined?
I avoided to restart Fritzbox so far. Maybe it will delete the "lease" for the other delegated prefix. But that would not solve the problem if I have same situation again. Any idea?
Tough situation. The Fritz should be able to distinguish somehow which prefix to delegate to each router. By using the custom delegated prefix you can have conflicts. If no one has a better idea, I'd advise you to go for static.
Yes this is really ugly. I can define static leases for IPv4 as usual (bound on MAC). But I cannot control anything for IPv6.
The FritzBox is giving away the prefixes in the order devices are requesting. Starting from xxx1.
The only option came in mind so far was to replace the switch in front with a router, grab the delegated /57 and delegate further down to the other routers. Even more ugly. Esp. for what I do have prefixes. ... USV for routers? Never thought about. -.-
I don't have SSH access to this box and I doubt its OpenWrt based. It is a provider box. The only "hack" I have for this is to save the config into a file and decrpyt it. I have a script for that and activated requesting a -/56 prefix instead a -/62 in the past already. But it has 4k lines and another 1k lines extra crypted (guess by provider). I was looking into already. Didn't find any hint for so-called fixed prefix delegation. Maybe it exist, maybe it even doesn't exist.
For the moment I've deactivated wan6 on all connected routers and I'm activating it on boot over rc.local "manually" with different time delay now. So if another power failure will hit (very rare anyway) each device is getting its desired IPv6 prefix.
Not beautiful but it works.
What I do not understand it has assigned and uniqid, mac and ifaceid (reverted mac) to each device. So it should not be a problem for the box itself. Maybe the option has just to be added. But there are not so many FritzBox configs outside to compare.
One general comment:
Devices might have several ipv6 addresses. For outgoing traffic, the random prefixes & addresses give some additional security. The "preset" known prefixes are mostly necessary for incoming traffic, so that you can reach the devices via DNS names and defines exceptions to firewall, if necessary.
So I am not sure if having additional automatic prefixes would hurt if the device can still be reached also with the prefix that you have set by yourself.
Nice catch. But I don't have any clue about radv. I have to read through first which need time.
Do you mean with downstream interface the devices connected to Fritzbox? Like "landevice" I've posted above (2nd part of config). If yes then there are 4 landevices defined. 3 Routers (getting prefix delegation) and 1 Raspi acting as DNS resolver (getting an IP only). Or do you mean another "radv" section?
For the 3rd router I cannot give atm. Because I've disabled IPv6 on this for now. Just to have one factor less if FB is handing out prefixes. Like watch and learn what is going on. ^^
But I guess I've already changed to much. Before I got /57 for all devices.
The /58 I've got (if I remember correct) after adding "Client ID to send when requesting DHCP" to that router. I've added "0EBF". So the length is mandantory (I think).
If I understand correctly, when the server issues a prefix, it adds a route to the prefix via the client IP.
Thus, a custom static prefix may not work unless the client explicitly uses some option to request it.
Well I don't have much options. I think the route is added due to options for IPv6 in FB. It changes nothing in terms of prefix delegation. The route is just removed if I change back from:
Assign DNS server, prefix (IA_PD) and IPv6 address
to
Assign DNS server and IPv6 prefix (IA_PD)
Well I think its a waste of time already. There is no option on FB to influence prefix delegation. I have no clue what is the "standard" for that. Do the client has to request propberly or do the "delegator" has to decide what to do?
This overcharges me a bit. ... What could I try to capture? I changed verbosity of odhcpd to 7 already. Nothing about PD negotiations. I would not even know which numbers I have to enter for reqopts. Does it make sense to fire up tcpdump and watch out for sth. usefull?
I saw this option also already. For me it sounds like "Custom delegated IPv6-prefix".
How would the syntax look like?
As I can see so far this is a bit more complicated and time consuming then I expected at the beginning. I have to switch off my whole network every time to reset everything and see if sth. has changed. Because as long FB is up every router is getting the same prefix after restart/changes as it had before.
My Routers are getting /57 prefixes automatically usually.
I've changed them to 57 for Router 1, to 58/ for Router 2 and /59 for Router 3.
This is working relayable.
I've tested also with assigning an IPv6 to the WAN interfaces to the Routers (I didn't do that before) in connection with the option
"Client ID to send when requesting DHCP" on Router side. It looks promising. Need more testing.
So after resetting the box it seems everything is running as intended. I cannot track the issue down anymore. What I can say it is running relayable if I activate the assigning an IP over DHCP to the client rouers on FB and if I enable on OpenWrt side client id sending (prob. not necessary).
I can see now on FB side config that if I add a IPv6 device it's saving an IP (with mac included). It might be that I've changed MAC on devices and saved it only with IPv4 enabled as static device on FB. So not data entry for IPv6 saved on FB. Then it is like every time a new device is requesting IPv6 PD and first device asking is served with the first available PD. Sounds logical.