Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
userdoc:tt_ipv6_ula_nptv6_config [2017/06/03 17:26] abelbeck [OpenVPN IPv6 ULA] |
userdoc:tt_ipv6_ula_nptv6_config [2017/06/04 12:51] abelbeck [IPv6 ULA / NPTv6 Configuration] |
**[[userdoc:tt-dhcpv6-prefix-delegation|DHCPv6 with Prefix Delegation]]** | **[[userdoc:tt-dhcpv6-prefix-delegation|DHCPv6 with Prefix Delegation]]** |
| |
!!Note: AstLinux 1.3.0 or later is required!! | Should everyone configure IPv6 with ULA / NPTv6 ? Not everyone. For some, simply selecting "Assign GUA Prefix" for your LAN internal interface is all that is needed to provide global IPv6 connectivity for your devices. |
| |
| Listed are common situations when IPv6 with ULA / NPTv6 is useful, if any applies continue reading below: |
| |
| * OpenVPN Server - you want to route IPv6 in the tunnel |
| * Downstream IPv6 subnets that are statically defined |
| * Transition from IPv4 to IPv6 but don't want GUA's everywhere |
| * Define static firewall rules based on ULA's |
| * Want to design an IPv6 network without any ISP //owned// IPv6 prefixes |
| |
| |
| !!Note: AstLinux 1.3.0 or later is required!! |
===== Unique Local Addresses (ULA) ===== | ===== Unique Local Addresses (ULA) ===== |
| |
!!Tip ->!! If the IPv6 address begins with ''2'' it is a GUA. | !!Tip ->!! If the IPv6 address begins with ''2'' it is a GUA. |
| |
If you want to connect to an IPv6 server on the internet, your device must either have a GUA, or a ULA and ULA->GUA prefix translation is available. | If you want to connect to an IPv6 server on the internet, your device must either have a GUA, or a ULA with ULA->GUA prefix translation available. |
===== Network Prefix Translation (NPTv6) ===== | ===== Network Prefix Translation (NPTv6) ===== |
| |
!!Important ->!! Carving the ULA/48 into ULA/64's that will result in a 1:1 mapping to a GUA/60 is important to understand. In the example above we used ''IPv6/nn'' entries of ''<ula>:1::1/64'' and ''<ula>:2::1/64'' (where ''<ula>'' is shorthand for ''fd06:d115:91f1''). For a ULA/60 the largest possible sequence is ''<ula>:0::1/64'' to ''<ula>:f::1/64'', which are 16 possibilities, but be careful the first ''<ula>:0::1/64'' can't be used since that will conflict with the first "Assign GUA Prefix", since they are indexed 0, 1, etc. . If we had selected a second "Assign GUA Prefix" (index 1) we would have to start the ''IPv6/nn'' entries with ''<ula>:2::1/64'' or higher, best to start a little higher. | !!Important ->!! Carving the ULA/48 into ULA/64's that will result in a 1:1 mapping to a GUA/60 is important to understand. In the example above we used ''IPv6/nn'' entries of ''<ula>:1::1/64'' and ''<ula>:2::1/64'' (where ''<ula>'' is shorthand for ''fd06:d115:91f1''). For a ULA/60 the largest possible sequence is ''<ula>:0::1/64'' to ''<ula>:f::1/64'', which are 16 possibilities, but be careful the first ''<ula>:0::1/64'' can't be used since that will conflict with the first "Assign GUA Prefix", since they are indexed 0, 1, etc. . If we had selected a second "Assign GUA Prefix" (index 1) we would have to start the ''IPv6/nn'' entries with ''<ula>:2::1/64'' or higher, best to start a little higher. |
| |
^ Suggestion on how to manage your ULA's with a GUA/60 prefix: ^^ | ^ Suggestion on how to manage your ULA's with a GUA/60 prefix: ^^^ |
| GUA Prefix Delegation | ''<gua>0::1/64'', ''<gua>1::1/64'', etc. | (dhcp6c automatic indexing 0, 1, etc.) | | | GUA Prefix Delegation | ''<gua>0::1/64'', ''<gua>1::1/64'', etc. | (dhcp6c automatic indexing 0, 1, etc.) | |
| ULA's with Assign GUA Prefix | ''<ula>:5::1/64'', ''<ula>:6::1/64'', etc. | (use ''IPv6/nn'' in Network tab with "Assign GUA Prefix") | | | ULA's with Assign GUA Prefix | ''<ula>:5::1/64'', ''<ula>:6::1/64'', etc. | (use ''IPv6/nn'' in Network tab with "Assign GUA Prefix") | |
For completeness, a ULA/56, the largest possible sequence is ''<ula>:00::1/64'' to ''<ula>:ff::1/64'', which are 256 possibilities. In the GUA/56 with ULA/56 case, it is a good idea to start your ''IPv6/nn'' entries with ''<ula>:10::1/64'' or such to leave plenty of room for reserved "Assign GUA Prefix" entries since you have plenty to use. | For completeness, a ULA/56, the largest possible sequence is ''<ula>:00::1/64'' to ''<ula>:ff::1/64'', which are 256 possibilities. In the GUA/56 with ULA/56 case, it is a good idea to start your ''IPv6/nn'' entries with ''<ula>:10::1/64'' or such to leave plenty of room for reserved "Assign GUA Prefix" entries since you have plenty to use. |
| |
^ Suggestion on how to manage your ULA's with a GUA/56 prefix: ^^ | ^ Suggestion on how to manage your ULA's with a GUA/56 prefix: ^^^ |
| GUA Prefix Delegation | ''<gua>00::1/64'', ''<gua>01::1/64'', etc. | (dhcp6c automatic indexing 00, 01, etc.) | | | GUA Prefix Delegation | ''<gua>00::1/64'', ''<gua>01::1/64'', etc. | (dhcp6c automatic indexing 00, 01, etc.) | |
| ULA's with Assign GUA Prefix | ''<ula>:10::1/64'', ''<ula>:11::1/64'', etc. | (use ''IPv6/nn'' in Network tab with "Assign GUA Prefix") | | | ULA's with Assign GUA Prefix | ''<ula>:10::1/64'', ''<ula>:11::1/64'', etc. | (use ''IPv6/nn'' in Network tab with "Assign GUA Prefix") | |