What ISP needs to provide in order to route native IPv6 /56 range to several VLANs

mr.b asked:

I have a theoretical question. Network topology is like this:

ISP <--- eth0 -> Router1 <- eth1 ----+--> VLAN1
                                     '--> VLANx

For the sake of argument, let’s assume that a Router1 is a Linux 3.2.x device.

Say that I wish to receive a single /56 range from my ISP. Which pieces of information my ISP has to provide me with, so that I can:

  1. have native IPv6 connectivity on Router1
  2. advertise a /64 segment of allocated address space on each VLAN, so that clients in LAN are able to autoconfigure themselves properly?

To explain further a bit, I am asking this question so that I could learn what exactly do I have to ask my ISP to provide me with, in order to be able to reach goals 1 and 2. From my understanding, when I am given only a single IP range (/64, /56 or /48) and a gateway address inside of that range, there is no way to route part of that range to physically separate network on the other side of router.

My answer:

You’re not going to get a gateway address inside the allocated /56 or whatever IPv6 block that’s assigned to you and routed to your premises. If you somehow do, you politely ask the ISP to put someone on the phone who knows what they’re doing. Or perhaps less than politely.

Usually, you don’t have to worry about the upstream IPv6 address at all, as it will be autoconfigured as soon as you plug in your router. Most ISPs seem to be doing this with DHCPv6 (with prefix delegation), though it could also be done with straight up SLAAC if you have a statically assigned prefix.

Once the /56 comes into your network, you can subnet it however you like.

An example, with one possible (only partially fleshed out, and probably not very useful as-is) network design appears below. In any case, the IPv6 address of your upstream connection to your ISP is provided by the ISP and is outside your assigned prefix. You generally only need to worry about the inside interfaces. This example supposes you have an edge router with an integrated 4-port switch, such as many small business or SOHO routers.

IPv6 Address: (static, DHCPv6)  IPv6 address: (SLAAC)
2001:db8:3481:2000::2/64        2001:db8:3481:2000::021d:e1ff:fe1a:630
Gateway: (static, DHCPv6)       Gateway: (SLAAC)
2001:db8:3481:2000::1           fe80::0208:30ff:fe9d:aa61%ether1

ISP <-----+
|    Edge Router    |
|-------------------|  Your Prefix:    __
|        \ /        |  2001:db8:3481:a700::/56
|         X         |  ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
|        / \        |  Switch Ports example:
| VLAN trunk/switch |  1: VLAN 1-64    2001:db8:3481:a700::/58
+---------+---------+  2: VLAN 65-128  2001:db8:3481:a740::/58
          |ether2      3: VLAN 129-192 2001:db8:3481:a780::/58
          +----> Core  4: VLAN 193-256 2001:db8:3481:a7c0::/58

Downstream in your core, you can further subnet these at core routers (or even layer 3 switches, more SOHO routers, etc.). I’ve also assumed every /64 will be on its own VLAN, though whether you do that is another detail you’ll have to work out on your own.

You can also use DHCPv6 with prefix delegation to actually handle the addressing, which is probably easiest. Or you can go with SLAAC, which requires a bit more setup, or even assign manually, which I wouldn’t generally recommend simply because it would be too labor intensive.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.