IPv6 prefix delegation

2

I'm a complete noob at IPv6, but have some practical experience of IPv4 (just because I had to deal with it).

My home router is behind CGNAT so they don't offer public IPv4 addresses, but I'd asked about getting an IPv6 address and my ISP has kindly provided me with one. In their reply they said my address is 2a01:XXXX:XXXX:4000::/56. Reading about it, I got the idea that I can and should provide my network devices with GUAs which is kind of appealing to me.

Behind my ISP's router I've got a OpenWRT one for educational purposes. All my other devices are behind the latter. In order to properly run DHCP my OpenWRT needs to get a prefix from my ISP's router (that is DHCPv6 enabled as well).

My confusion comes about the /56 at the end of the address. I guess network masks don't make sense for GUAs so is that the delegated prefix that I can use for my private network? If so when assigning the prefix to my OpenWRT router should I narrow it down in case I decide to have more devices behind my ISP's router in the future?

How can I validate that the whole thing works as expected? My ISP's router has a crappy UI and no console, I can see the GUA having been assigned but not the /56 (which I won't put a name on because I'm not sure what it's called yet). My OpenWRT assigns addresses to hosts based on its global ULA settings which means its not taking into account whatever prefix the other router may be publishing (if it even works properly).

The ISP router has a checkbox to enable prefix delegation based on the WAN settings (which is checked) and another section for static prefixes which is empty atm.

marius-O

Posted 2018-10-11T08:59:57.123

Reputation: 336

It might be useful for you to read this related question. Something is not right in the information you got from the ISP. If they provide you with a global unicast address with a prefix length, then that's supposed to be the WAN link prefix which is supposed to be a /64. A /56 is appropriate for a routed prefix, but then it should only have 56 bits specified in the prefix. Does the address look like 2001:db8:39a3:bb00::/56 or like 2001:db8:39a3:bb00::2/56?

– kasperd – 2018-10-11T09:14:10.513

Sorry I was sloppy in my question, their email stated they've assigned the 2a01:XXXX:XXXX:XXXX::/56 to my router, when I go on the router I can see the 128 bits address, which makes sense as this would be the interface address, whereas their would specify the assigned prefix (hopefully I'm using the right terminology here). Thanks! – marius-O – 2018-10-11T10:03:10.473

The last two digits are important. There is a major difference between whether they wrote 2001:db8:39a3:bb00::/56 or 2001:db8:39a3:bb3a::/56. – kasperd – 2018-10-11T10:08:51.207

That would be 2a01:XXXX:XXXX:4000::/56 – marius-O – 2018-10-11T10:14:58.930

1That's a routed prefix. The two layers of routers make the configuration more complicated, but a /56 is definitely enough to configure two layers of routers. I recommend routing a /60 from the outer router to the inner router. But before getting into that, I recommend getting the configuration working for devices connected directly to the outer router. A screenshot of the UI for the outer router may help understand how it is to be configured. – kasperd – 2018-10-11T10:23:33.453

Sorry for the delay, here are some screenshot for my ISP router UI: http://screenshots.portforward.com/routers/ZTE/ZXHN_H298N_-_Hyperoptic/ with the relevant screens being http://screenshots.portforward.com/routers/ZTE/ZXHN_H298N_-_Hyperoptic/Prefix_Delegation.htm and http://screenshots.portforward.com/routers/ZTE/ZXHN_H298N_-_Hyperoptic/Static_Prefix.htm When I get back home I'll also post the IP address OpenWRT gets on its wan6 (if I remember correctly it's a /128 which means there's no delegation happening). Also devices connected directly into ISP router get IPv6 connectivity e2e

– marius-O – 2018-10-12T08:31:12.527

Answers

2

My confusion comes about the /56 at the end of the address

It's the "prefix length" (number of relevant bits counting from the left). Also called the "CIDR notation" of what used to be expressed as a netmask. For example, in IPv4, "/24" equals a netmask of 255.255.255.0 and "/17" corresponds to 255.255.128.0, and so on. And although the netmask form is very rarely used in IPv6, the equivalent of /56 would be "ffff:ffff:ffff:ff00::".

The whole 2a01:XXXX:XXXX:4000::/56 is the prefix, or just the network, that the ISP has routed towards you. (It is not a single device's address!)

I guess network masks don't make sense for GUAs

They do. However, in both IPv4 and IPv6, they can describe two slightly different things: a network routed to somewhere else (an intermediate 'gateway' route) and a subnet that the device is directly in (a final 'on-link' route which cannot go or be divided any further).

IPv6 prefix delegations are always routed – the ISP's router has a route 2a01:XXXX:XXXX:4000::/56 via <your_router's_wan_IP>. Your router is expected to divide it up however you want. You can directly assign /64's as LAN subnets, or you can further delegate larger chunks (e.g. /60's or even the whole /56) to other routers in your network. (You can perform this delegation by adding static routes or by setting up DHCPv6-PD like ISPs themselves do.) You could technically use one massive /56 subnet but this not recommended; stick with /64's for those.

... OpenWRT gets on its wan6 (if I remember correctly it's a /128 which means there's no delegation happening).

No, it doesn't mean that.

When configuring an IP address on a device, again regardless of IPv4 or IPv6, the netmask or prefix length always reflects the latter: the final subnet size. So even though a /56 is routed to your router, it is perfectly valid for it to only show /64's or /128's on interface configurations.

Any prefixes that the router automatically obtains via DHCPv6-PD would be shown in a separate area.

In order to properly run DHCP my OpenWRT needs to get a prefix from my ISP's router

The automatic method would be DHCPv6-PD, if the ISP's router supports providing it (as opposed to just requesting).

The manual method would be to add a static route in the ISP router, and then configure OpenWRT LAN interfaces using subnets that you want. This is probably more reliable, and I'd actually route the whole /56 towards the OpenWRT device. (It's perfectly fine if the route overlaps a /64 used by the ISP router's LAN.)

user1686

Posted 2018-10-11T08:59:57.123

Reputation: 283 655

Thanks for you effort in explaining all of the above. They do make sense now especially after swapping the routers in between (actually the ISPs router has been decommissioned altogether as it was simply dumb - didn't do PD, although it did request it by what I could figure in the UI, also there was no way for me to add static routes - I believe this was an ISP feature lockdown as the manual shows a section for adding static routes). It all works fine and as described in your post with OpenWRT. – marius-O – 2018-12-27T17:01:20.917

Asked: 2018-10-11T08:59:57.123

Viewed: 1 781 times

Active: 2018-10-12T19:24:42.817