Sponsored Links

Community Fibre CGNat

I think client devices IPv6 prefix are sticky for many reasons:

1) ISP auditing / logging is simpler
2) devices are not frequently changing prefix and causing issues
3) firewall rules need sticky IP addresses
4) IPv6 has sufficient capacity in the design to allocate /48 or /56 per customer
 
Sponsored Links
I think client devices IPv6 prefix are sticky for many reasons:

1) ISP auditing / logging is simpler
2) devices are not frequently changing prefix and causing issues
3) firewall rules need sticky IP addresses
4) IPv6 has sufficient capacity in the design to allocate /48 or /56 per customer
Oh I thought the router and devices had the same prefix. Anyway, I need to learn more about IPv6, so we don't turn the thread into IPv6 basics.
 
I think most are in the same boat as IPv6 is complicated.

Final point on Router WAN IPv6 address is that its a /128 and assigned from a different prefix to the /48 prefix delegation assigned to the LAN networks. You can have many LAN networks and assign each a separate /64 prefix. A /48 network has 65,536 /64 subnets.
 
I think most are in the same boat as IPv6 is complicated.

Final point on Router WAN IPv6 address is that its a /128 and assigned from a different prefix to the /48 prefix delegation assigned to the LAN networks. You can have many LAN networks and assign each a separate /64 prefix. A /48 network has 65,536 /64 subnets.
I see, so the router is a network of one with an IPv6 address assigned by CF, and the devices are in one or more subnets with prefixes assigned by CF (but sticky) and with host portions assigned by the router (which are also sticky). Therefore, devices have pretty sticky IPv6 addresses, and a change in the router's IPv6 address doesn't affect the devices.

Was this remotely correct?

I'm thinking in terms of IPv4 where routers and their devices have the same public IP, that's why I'm getting confused.
 
I think most are in the same boat as IPv6 is complicated.
It's only complicated if you are thinking it's a *version* of IPv4. If you dig a bit deeper and understand the concepts it's actually far less complex..

In it's simplest form the 128 bit long IPv6 address is split into two parts.

The first 64 bits are the prefix and the second 64 bits is the (node) address. The first 64 bits are primarily for routing purposes the second 64 bits are to identify the node (the client address) once the route has been identified/completed

If the first 64 bits are less than 64 bits (like 60 or 56 or 48 or 32) then you have a prefix which is smaller, and the address/routing options are much larger, and can be subdivided by a router.

A /64 (the second half of the address) is just one subnet conceptually similar to 192.168.1.0/255.255.255.0 is one IPv4 subnet.

The difference is IPv6 has 18 million trillion addresses in that subnet, IPv4 has only 256 addresses..

Final point on Router WAN IPv6 address is that its a /128 and assigned from a different prefix to the /48 prefix delegation assigned to the LAN networks
Normally this is not true, the CPE address from the upstream provider is assigned from the same prefix. The CPE (customer router) requests an address during the DHCPv6 client solicitation process (DHCP option 3) , the upstream provider issues an address in the form of the prefix plus the IPv4 address in hex form (with some f's in the middle to pad the address out to 64 bits) . the router ends up with a /128 address (/64 prefix plus /64 node address)
This only ever changes if your upstream provider changes the prefix (and/or the IPv4 address). Once the router has that address the upstream provider will route any IPv6 blocks to the /128 address. Depending on the ISP this might be a single /64 subnet or multiple /64 subnets in the form of a /60, /56 or /48 or whatever prefix. The CPE/customer router then takes over and routes those prefixs as required.

Andrews and Arnold have a good explanation here.


In a SLAAC setup the router only advertises the prefix to any clients via router advertisements and neighbor discovery. The clients themselves decide the address and ensure there are no duplicate addresses. There is no need for a DHCP type server in local IPv6 networks. The clients themselves should then depreciate and update those addresses (the second 64 bits of the address) on a regular basis. This is called privacy or temporary address and enhances security by *not* providing sticky addresses.
You can have many LAN networks and assign each a separate /64 prefix.
You can *only* assign a /64 subnet to an interface. anything bigger than that needs to be chopped up by the router and handed out as a separate subnet and then provide the routing between them.

2) devices are not frequently changing prefix and causing issues
Ideally once the ISP issues a prefix it shouldn't need to change because the address space is so vast that its just not necessary to constantly churn the prefixes.
Saying that a prefix change should not cause issues as the router will update and the prefix flows downstream to the nodes.

3) firewall rules need sticky IP addresses
Firewall rules primarily act on UDP/TCP protocols and ports not on specific IP addresses. You can of course also block specific IP addresses in both IPv4 or IPv6.

I'm thinking in terms of IPv4 where routers and their devices have the same public IP, that's why I'm getting confused.
That's because of NAT (Network address translation) which does not exist in IPv6 networks. Every assigned IPv6 address is nominally addressable from anywhere (unless blocked by firewalls or routing rules)

Typed up super quick, so apologies for the typos and if that's not clear enough for you.
 
A /64 (the second half of the address) is just one subnet conceptually similar to 192.168.1.0/255.255.255.0 is one IPv4 subnet.

The difference is IPv6 has 18 million trillion addresses in that subnet, IPv4 has only 256 addresses..
Isn't this super wasteful? I guess there are so many addresses, even with just the first 64-bit portion that it doesn't matter.

That's because of NAT (Network address translation) which does not exist in IPv6 networks. Every assigned IPv6 address is nominally addressable from anywhere (unless blocked by firewalls or routing rules)
Right but even without NAT, I just naturally assume that the router and devices would have the same prefix, I don't know why. Isn't the router part of any subnet that it's managing, that's how I think of it. It's strange to me that the router is technically a separate network.

So unrelated, with CF and IPv6, should I select Passthrough mode or Native mode? Asus says if you use Automatic IP (which I assume is how CF works) you should use Passthrough. I guess with Passthrough, CF will do DHCP instead of my router, is there a downside to that... What do you recommend.
 
Sponsored Links
Normally this is not true, the CPE address from the upstream provider is assigned from the same prefix. The CPE (customer router) requests an address during the DHCPv6 client solicitation process (DHCP option 3) , the upstream provider issues an address in the form of the prefix plus the IPv4 address in hex form (with some f's in the middle to pad the address out to 64 bits) . the router ends up with a /128 address (/64 prefix plus /64 node address)
This only ever changes if your upstream provider changes the prefix (and/or the IPv4 address). Once the router has that address the upstream provider will route any IPv6 blocks to the /128 address. Depending on the ISP this might be a single /64 subnet or multiple /64 subnets in the form of a /60, /56 or /48 or whatever prefix. The CPE/customer router then takes over and routes those prefixs as required.

Andrews and Arnold have a good explanation here.
The context here is CF, what other ISPs do with their implementation of IPv6 is irrelevant here. There are no f’s padding the WAN IPv6 address on my router and nor has it got the IPv4 address appended as hex.

The WAN IPv6 address and prefix delegation use different ranges with no overlap.
 
Isn't this super wasteful? I guess there are so many addresses, even with just the first 64-bit portion that it doesn't matter.
Yes it is, but it doesn't matter because of the shear number of addresses that are available. it's not quite infinite but it's not far off....

Right but even without NAT, I just naturally assume that the router and devices would have the same prefix
The router and any downstream devices *have* the same prefix. The router is essentially just handing out the prefix and then routing between subnets (if you have a /60 or /56 prefix or the wider internet. The clients do their own thing with their addresses once the router tells them what the prefix is..

Isn't the router part of any subnet that it's managing,
Yes it's part of the subnet its managing. but it can also be part of another subnet. Remember the smallest subnet in a IPv6 network is a /64 so if the router is managing a /56 prefix it will be managing and routing multiple /64 subnets.

It's strange to me the router is technically a separate network
Its part of the network and subnets it is managing (probably badly explained by me above)
 
The context here is CF, what other ISPs do with their implementation of IPv6 is irrelevant here.

Calm down buddy, did you not notice the word *normally* that started the paragraph. I'm not a community fiber customer but in 100% of the networks that I've been involved in what I described is exactly how it's configured.

There are no f’s padding the WAN IPv6 address on my router and nor has it got the IPv4 address appended as hex.
This makes no sense, as I describe above the WAN address is made up of two parts, a prefix and a node address. Nothing is appended to anything. The prefix is handed out by the ISP and the node address is *normally* the IPv4 address or less often the interface mac address, both with padding to align as 64 bit numbers (neither mac or IPv4 address are 64 bit numbers)

Having multiple prefix's on one interface as you described is not logical or workable in practice.

Why not explain how you think it works?
 
Do you both have CF? Cause you're saying different things re prefixes of router and devices. Ultimately it doesn't matter though, as long as I can ping something remotely...

And thank you both for helping me understand, I think I've learned enough for one day, hopefully CF will agree to assign me an IPv4 address and I won't have to worry about IPv6.
 
I have WAN and 2x LAN interface’s setup as follows for IPv6 on my 3rd party router connected to CF.

WAN IPv6 interface - dynamically assigned /128 from 2a02:6b60 prefix
LAN1 IPv6 interface - SLAAC PD delegation :1 2a02:6b61:XXXX:1::1/64
LAN2 IPv6 interface - SLAAC PD delegation :2 2a02:6b61:XXXX:2::1/64

As the router has an IPv6 address on every LAN interface it can route the connected devices.
 
Sponsored Links
I have WAN and 2x LAN interface’s setup as follows for IPv6 on my 3rd party router connected to CF.

WAN IPv6 interface - dynamically assigned /128 from 2a02:6b60 prefix
LAN1 IPv6 interface - SLAAC PD delegation :1 2a02:6b61:XXXX:1::1/64
LAN2 IPv6 interface - SLAAC PD delegation :2 2a02:6b61:XXXX:2::1/64

As the router has a LAN IPv6 address on every interface it can route the connected devices.
Could this be because of how you've set it up? Maybe if you used passthrough mode, CF would assign the same prefix to everything?

I don't know what I'm talking about though.
 
Do you both have CF? Cause you're saying different things re prefixes of router and devices. Ultimately it doesn't matter though, as long as I can ping something remotely...

And thank you both for helping me understand, I think I've learned enough for one day, hopefully CF will agree to assign me an IPv4 address and I won't have to worry about IPv6.
Not a community fiber customer, just 15 years of IPv6 implementation and usage.. :)

Maybe if you used passthrough mode, CF would assign the same prefix to everything?
Pass through mode just means delegating the local IPv6 address allocation to the ISP (ie. each client asks the upstream DHCPv6 servier to give it an address) which probably won't support that. Don't do it!
 
Not a community fiber customer, just 15 years of IPv6 implementation and usage.. :)


Pass through mode just means delegating the local IPv6 address allocation to the ISP (ie. each client asks the upstream DHCPv6 servier to give it an address) which probably won't support that. Don't do it!
Hm ok, Asus recommends it if you get your WAN with Automatic IP, and Native if it's PPPoE. So I don't know, I guess I can try both and see.
 
Sponsored Links
Hm ok, Asus recommends it if you get your WAN with Automatic IP, and Native if it's PPPoE. So I don't know, I guess I can try both and see.
Your Asus router has very limited options for Automatic IP so I’m 50-50 whether it will work without some tinkering via the CLI.
 
I have WAN and 2x LAN interface’s setup as follows for IPv6 on my 3rd party router connected to CF.

WAN IPv6 interface - dynamically assigned by ISP 2a02:6b60:XXXX:YYYY:ZZZZ:1/64
LAN1 IPv6 interface - SLAAC PD delegation :1 2a02:6b61:XXXX:1::1/64
LAN2 IPv6 interface - SLAAC PD delegation :2 2a02:6b61:XXXX:2::1/64
Maybe you've missed typed something but
2a02:6b60:XXXX:YYYY:ZZZZ:1/64
is not a valid IPv6 address, it's only got 6 octets, it should have 8... You've not used double colons so I'm assuming it's a typo

What is the prefix length assigned to you?

This is one complete /64 subnet
LAN1 IPv6 interface - SLAAC PD delegation :1 2a02:6b61:XXXX:1::1/64
This a second complete /64 subnet.
LAN2 IPv6 interface - SLAAC PD delegation :2 2a02:6b61:XXXX:2::1/64
That's two completly separate subnets, so presumably you have at least a switch attached to each of those interfaces sharing each subnet with multiple 100 's of clients?
 
I simplified the example LAN 1 & 2 are VLANs which I use to separate Guest devices on a different WiFi SSID.

I have a Ubiquiti Edgerouter and Unifi 6 APs.

WAN IPv6 interface has the format - 2a02:6b60:0:XXXX::YYYY/128

Sorry tor the typos, I’ve exhausted my IPv6 knowledge but the configuration has been working successfully since I enabled a few months ago.
 
Sorry tor the typos,
No worries.. apology accepted ;)

WAN IPv6 has the format - 2a02:6b60:0:XXXX::YYYY/128
Whats prefix length have Community Fiber assigned you /56 or a /48 or something else?

Once we know that we can decode it.

(Tip: It's perfectly safe to post the second 64 bits (5th to 8th octets) of your addresses, and mask a portion of the prefix (1st to 4th) . I can find you with the prefix but I can't find you with only the node address..)
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3639)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2144)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1814)
  11. Virgin Media (1763)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1405)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules