For the past ten years I’ve been using Hurricane Electric’s Tunnel Broker service to get IPv6 transit at home long before it was available from my ISP (Cox Communications).
Today, I bit the bullet and switched to native IPv6 from my ISP. While Hurricane Electric has has been fantastic, it’s not a perfect solution for most residential users. Being a tunnel you’re force to have a lower MTU than you’d otherwise have, and streaming video providers have a propensity to block tunnels as “VPNs”.
But I have multiple networks at home (in part due to running Triton),
so a single
/64 was never going to work for me. When I learned recently that
DHCPv6-PD (Prefix Delegation) clients can request longer prefixes I was
motivated to try it. I have Ubiquity Unifi network equipment at home,
so I’ll describe the specific configuration, but the general idea should work
for any router that properly supports DHCPv6-PD.
Because I already had IPv6 transit that I was relying on, I wanted to take it slowly to not break anything in the process. Expecially since I couldn’t really find anybody who had gone through the process and documented it well. Neither Ubiquiity nor Cox have helpful documentation in this area.
The first thing to know, is that to get shorter prefix you need to supply a “PD hint”. Unifi, thankfully, just calls this the Prefix Delegation Size.
This is the prefix length that you want. I wasn’t quite sure what to put here
at first. It defaults to
64, but after enabling it I couldn’t see anything
different anywhere. Looking directly on my USG didn’t really help either
because the assigned prefix doesn’t go into config and due to my existing IPv6
settings anything different just wasn’t immediately obvious.
I initially tried both
48 (my existing allocation from HE.net) and
(enough prefixes for all 4096 VLAN IDs). Neither of those seemed to do anything.
To see if it was even working, I decided to
tcpdump it. DHCPv6 uses UDP ports
546 and 547. So I ssh’d over to my USG, and because tcpdump isn’t in the
PATH I ran
/usr/sbin/tcpdump -i eth0 udp port 546 or port 547
So next I put in
56, suddenly I saw the output I was looking for (line breaks
11:06:10.338366 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 173) fe80::2e86:d2ff:fe89:b019.547 > fe80::e263:daff:fe21:f971.546: [udp sum ok] dhcp6 advertise ( xid=1b40e4 (client-ID hwaddr/time type 1 time 473386509 e063da21f971) (server-ID hwaddr/time type 1 time 1430756204 c81f66e5519b) (DNS-server 2001:578:3f::20 2001:578:3f:1::20) ( IA_NA IAID:0 T1:43200 T2:69120 (IA_ADDR 2600:8801:ff00:600:6df1:830e:204d:83b9 pltime:86400 vltime:86400) ) ( IA_PD IAID:0 T1:43200 T2:69120 (IA_PD-prefix 2600:8801:8606:8500::/56 pltime:86400 vltime:86400) ) )
Now I knew not only that it was working, but what my prefix was. The next step was to configure my local networks. This was fairly straightforward, but correctly configuring it was not immediately obvious. The important bit is first (obviously) enabling IPv6 with Prefix Delegation. The other important setting is the Prefix ID.
This value gets appended to your prefix. I like having the v6 subnet and
vlan id match, so since this vlan is 172, I first tried setting
returned an error that this was too large for my delegated prefix. Realizing
this must be a hex value, I put in
ac (because 172 == 0xAC), it took that.
A few minutes later once the config had been provisioned to my USG, I could see the configured interface.
admin@Mist:~$ ip -6 addr show eth1.172 10: eth1.172@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 inet6 2600:8801:8606:85ac:e263:daff:fe21:f972/64 scope global valid_lft forever preferred_lft forever inet6 fe80::e263:daff:fe21:f972/64 scope link valid_lft forever preferred_lft forever
At this point I knew everything would work. Configuring the rest of my networks and updating my firewall rules to the new prefix took only a few minutes.
All things considered, this was very easy, and now I can remove all those black hole routes for Netflix. The things I didn’t know before hand that would have made it easier are:
The Prefix Delegation Size (sometimes called the pd-hint) is the desired prefix length. The default for most ISPs will be
/64. I successfully received a
The IPv6 Prefix ID is a hex value that gets appended to your prefix to create a
/64for that vlan/network.
/60a single hex digit,