[Solved] SLAAC, how to use of /60 prefix delegated?

I have working SLAAC configured no DHCPv6 by choice. PD /60 form the ISP.

Out of 16 possible /64 subnets available from PD 60. odhcp only advertise first /64 subnet, remaing 15 subnets are never advertised and wasted.

If I understand correctly, SLAAC can only advertise single /64 not larger /62 or /60 etc.

Is it possible for SLAAC to pick up random /64 out of 16 possible subnets for advertisement? How can I utilize addresses beyond first /64 subnet. I would like to avoid DHCPv6. Thanks in advance.


Prefix Delegated: 2000:aaaa:bbb:ccc0::/60

Possible /62 subnets

2000:aaaa:bbbb:ccc0::/62
2000:aaaa:bbbb:ccc4::/62
2000:aaaa:bbbb:ccc8::/62
2000:aaaa:bbbb:cccc::/62

/etc/config/dhcp

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'disabled'
        option dhcpv4 'disabled'
        option ndp 'disabled'
        option ra 'server'
        option ra_default '0'
        option ra_slaac '1'
        option ra_flags 'none'
        option dns_service '0'
        option ra_mininterval '2400'
        option ra_lifetime '3600'
        option ra_dns '0'
        option ra_management '0'

/etc/config/network

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipv6 '1'
	list ipaddr '192.168.1.1/24'
	option ip6assign '60'
	option ip6ifaceid 'random'


Wireshark ICMPv6 134 capture

    ICMPv6 Option (Prefix information : 2000:aaaa:bbbb:ccc0::/64)
    ICMPv6 Option (Route Information : Medium 2000:aaaa:bbb:ccc0::/60)
1 Like
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option cachesize '10000'
        option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        option ra_preference 'medium'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '12h'



config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'ffc::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'wan'
        option proto 'pppoe'
        option ipv6 'auto'
        option username '
        option password ''

config device 'wan_wan_dev'
        option name 'wan'
        option macaddr '5acf'

config interface 'wan6'
        option ifname 'wan'
        option proto 'dhcpv6'

config interface 'guest'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.2.1'

Any creative workaround e.g creating VLANs, multiple RA etc.

Three reasons why I do not have DHCPv6 ...

  1. SLAAC works on all devices, including Android.
  2. I prefer unpredictable IPv6 addresses.
  3. DNS only on IPv4, I do not know how not to send IPv6 DNS address with DHCPv6.

I tried odhcp and dnsmasq, both send IPv6 DNS IP address. Any configuration to force not to send IPv6 DNS or send IPv4 DNS via DHCPv6?

Block and drop DNS queries on IPv6 is possible. But it is not neat solution. It waste time and resources.

One /64 can fit all the devices of the world, so what exactly do you want to achieve with the /62?
The remaining subnets from the /60 can be used in other interfaces (which you don't have) or delegated in other routers within lan (which won't work without dhcp6d)

That is correct. The router advertisement is offering a /64 network prefix and the host combines it with the rest host suffix to create the address.

You could change the ip6hint and restart the lan interface, but this can lead to disconnections from hosts which persist in using the old address until it expires.

ip6hint

dhcpv6 has nothing to do with that. If you want to stay stealthy, it is responsibility of the host to use ephemeral suffixes.

4 Likes

Thanks for the detailed reply.

You are correct we can fit whole Internet in few IPv6 subnets. That is so IPv4 thinking. IPv6 is designed not to repeat IPv4 mistakes.

Yes, I can use remaining /64 subnets on different router or interfaces. But there is no automated or documented way to do that.

ip6hint works within /64 prefix. It will be in the same /64 subnet. It is not going pick another /64 from /60 pool.

Downstream configuration for LAN interfaces

Actually not, otherwise there's no point using it.

There's an option available on OpenWrt snapshot.

2 Likes

It doesn't. With a /60 delegated you have 16 /64 networks, so in hint you can define one hex digit.

Expanded Notation:	FD00:0000:0000:0000:0000:0000:0000:0000
Condensed Notation:	FD00::
Prefix Length:	60
Network Prefix with Mask:	FD00:0000:0000:0000:0000:0000:0000:0000
Prefix Address:	FFFF:FFFF:FFFF:FFF0:0000:0000:0000:0000
Host Range:	FD00:0000:0000:0000:0000:0000:0000:0000 -
FD00:0000:0000:000F:FFFF:FFFF:FFFF:FFFF
Total number of hosts:	295,147,905,179,352,830,000
% of total IPv6 Pool:	< 0.0000001%
Subnetwork Prefix:	64
Number of Subnets in Network:	16
Number of Hosts in Network:	18,446,744,073,709,552,000
Subnet Prefix Subnetted:	FD00:0000:0000:000s:hhhh:hhhh:hhhh:hhhh
3 Likes

Thanks everyone.
I understand it better now. ip6hint will be helpful in distributing /64 to other interfaces downstream.

option ip6hint '0'
.
.
.
option ip6hint 'f'

2 Likes

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.