Static, nonchanging IPv6 subnet prefix on dynamic /56 ISP prefix?


My ISP assigns a /56 subnet to me. I am assigning each of my interfaces a /64 using the IPv6 assignment length parameter. Every DHCPv6 client which does not use SLAAC gets a /128 subnet AKA a single ip address. That is all good and I like it.

However I have servers in some of my interfaces I'd like to assign multiple IPv6 adresses to. The /56 subnet I get changes every time I reconnect my PPPoE connection so I can't use static addresses on the server. So my idea was to request a subnet prefix on the server, which works fine, I'll get a /62. I don't know why exactly a /62 because I never found an option to change that but this also OK for the moment. The /62 also shows up in the " Active DHCPv6 Leases" list.

The problem is that I don't know if the subnet prefix is subject to change and how it is determined. I would like to have everything static beside of the /56 network prefix so I am able to adapt firewall settings and everything else. That works fine for hosts but I did not find something to do that with delegated prefixes.

Or do you have other ideas how to do that?

Using a static address for my servers would be also fine but as said, I don't know which /56 network prefix I am currently sitting on so I can't use the full address in any network configuration which leaves me to either DHCPv6 or SLAAC. Using DHCPv6 have to request a prefix and I am at the same problem as described above.

don't you really want dynamic DNS, and then DHCPv6 assigns your server something and your server or your router or someone updates DNS entry?

I guess it can be determined from Router Advertisements sent out by openwrt when it receives a new prefix. It should deprecate the old prefix, when it enables the new prefix I think.

Or you could use ULAs on the servers and then use network prefix translation (NPT) on the router to translate to the current global IPv6 prefix.

That would work, tried it. But I have to open up ports in OpenWRT and I found something using masks to just exclude the /56 prefix. If I don't know the remaining address in the firewall config, I can't do that.

Set up a rule with an ipset. When a new prefix comes along, update the DNS, and then add the new address to the ipset.

You can also let the server itself add a static IP for each prefix it knows about... let's say you want your server to be ::abcd:1234 for every prefix you have. The server detects a new prefix being advertised, it runs ip addr add ....::abcd:1234 dev eth0 and then updates the DNS. Now you can have a rule using the mask ::ffff:ffff:ffff:ffff looking for ::abcd:1234

there's no reason why servers need to get their addresses from a DHCPv6 server. they can just add them on their own.

Right, thanks for your input. I just realized that even if I manage to handle to have static IPv6 adresses I still have to reconfigure NGINX because of the changing prefix. I'll just leave to a static /128, have nginx listen on all ipv6 interfaces for every site and depending on the transmitted domain return a different website, like I already do with my regular IPv4. Everything else is too complex with a dynamic prefix.