2

I am colocating some hardware in a local datacenter, and I'm trying to get IPv6 going. My datacenter has assigned me a /64, but they have given me a gateway address within that /64.

The gateway (that I don't control) is 2606:1000:1000:1::1

I have two uplinks into the datacenter, which go to (my) two Ubiquiti Edgerouters that I control. Eventually, I'd like to get VRRP going, but for now, I just have some of my IP space on 1 router, and some on the other.

So on one of the edgerouters, I've configured the following:

  • eth0 = 2606:1000:1000:1::11/64
  • eth2 = 2606:1000:1000:1::111/64
  • static route is set like so: set protocols static route6 '::/0' next-hop '2606:1000:1000:1::1' interface eth0
  • I've assigned 1 of my hosts the following IP: 2606:1000:1000:1::210/64

My symptoms are as follows:

  • The router can ping6 google.com and get responses back.
  • The host can ping6 2606:1000:1000:1::111 and get responses back.
  • The host cannot ping6 google.com.
  • The router can NOT ping6 the host at 2606:1000:1000:1::210

I feel fairly positive that the router's set protocols static route6 is causing the issue here, but I'm having trouble figure out how to get a static route setup for the /64 to hairpin it back into eth2.

The following attempt doesn't work, when I try to configure a static route for my own /64:

cha-rtr1# set protocols static route6 '2606:1000:1000:1::0/64' next-hop '2606:1000:1000:1::111' interface eth2
[edit]
cha-rtr1# commit
[ protocols static route6 2606:1000:1000:1::0/64 next-hop 2606:1000:1000:1::111 ]
Error: Nexthop address cannot be same as own interface address

What am I missing here? Can someone help explain to me how I can get traffic flowing to my host? Or do I need to contact my datacenter, and ask them to stop being cheap, and allocate a /48 to me, or something?

David W
  • 155
  • 5
  • 1
    Routers route between different networks, not from a network back to the same network. You want to use a switch, not a router. If you want to use a router, you need a shorter prefix from which you can have a transit network and be able to use IPv6 prefix delegation for other networks. It sounds like you were given a transit network, but need one or more networks for you access network(s). – Ron Maupin Jun 28 '21 at 00:16
  • 1
    By the way, it is not being cheap because there are plenty of /64 networks. You could get a /60 prefix that would give you a /64 transit network and 15 /64 access networks. I'm guessing the data center guys really do not understand IPv6 or the fact it was designed to waste addressing, and they are trying to apply IPv4 address conservation that is detrimental to IPv6. – Ron Maupin Jun 28 '21 at 00:20
  • My infrastructure will hopefully be dual stack (if I can get IPv6 working). I do currently have 3 different switches in my network, but currently my uplinks are both plugged into my two EdgeRouters. It sounds like you're saying I need to put my host onto the same broadcast domain as my uplinks into the datacenter, and use the gateway that my datacenter has provided me as the same gateway for my host. Is that correct? The way my IPv4 network is currently setup, that's not possible. – David W Jun 28 '21 at 00:29
  • Yes, if you only have one IPv6 network, then that can only be used as your transit network. Just like with IPv4, you need separate networks on each router interface. Routers route packets between networks, but switches switch frames on the same network. – Ron Maupin Jun 28 '21 at 00:33
  • Ok, so I've read in some places that a /64 is akin to a single LAN in IPv4 networking. So this is starting to make more sense now. Thank you. I'll ask the datacenter to give me a larger prefix. My contract with them actually states that they would give me a /32, but when they gave me a /64, I didn't push back. Now I will. :) Feel free to actually "answer" this, and I'll accept it. – David W Jun 28 '21 at 00:36
  • You may have been given the /64 as a transit network, and you are supposed to use IPv6 Prefix Delegation to get the /32 from the data center router. – Ron Maupin Jun 28 '21 at 00:37
  • Thank you. I've emailed them for clarification on the /64 they gave me, and will work with them further on this. If they did just give me a basic /64, I've asked them for a bigger prefix. – David W Jun 28 '21 at 00:50
  • 1
    No, you want a smaller prefix (32 is smaller than 64). Nothing larger tan 64. – Ron Maupin Jun 28 '21 at 00:52
  • /56 or /48 would be a more common size allocation -- depending on your needs. /32 would be a RIR direct allocation. (and that's not free.) [[ https://www.arin.net/resources/guide/ipv6/first_request/ ]] – Ricky Jun 28 '21 at 18:13
  • Yeah, I have no idea why they included a /32 in my contract. I'm guessing it was a disconnect between their sales guys and their technical guys. I double checked. Paperwork definitely says a /32. But their technical guys definitely just emailed me today and said smallest prefix (thanks, @RonMaupin for the clarification) they can give me is a /64. I'm considering going ahead and getting my own /40 direct from ARIN, but I'll see what they come up after I pointed out to them I'm unable to route anything right now. – David W Jun 28 '21 at 19:40
  • That seems ridiculous. The data center probably got a /32 prefix from ARIN (RIPE gives out /29). That means the datacenter has 4,294,967,296 /64 networks (the same number of IPv6 networks as the total number of individual IPv4 addresses, including multicast and reserved). People just do not realize that IPv6 is designed to waste addressing, and trying to impose IPv4-style address conservation is detrimental. – Ron Maupin Jun 29 '21 at 00:29
  • Currently, only 1/8 of the total IPv6 address space is allocated for global IPv6 addresses, which works out to 2,305,843,009,213,693,952 standard IPv6 /64 networks, and if the world population is 21 billion in the year 2100 (a somewhat realistic number), every one of those 21 billion people could have 109,802,048 standard IPv6 /64 networks, each network having 18,446,744,073,709,551,616 possible host addresses. – Ron Maupin Jun 29 '21 at 00:29

1 Answers1

2

Ok, so I've read in some places that a /64 is akin to a single LAN in IPv4 networking.

There are reasons to only use /64 IPv6 networks (/127 for point-to-point and /128 for loopback are the exceptions).

My contract with them actually states that they would give me a /32, but when they gave me a /64, I didn't push back

You need to get clarification on this. It is very possible that the /64 network you were given was for a transit network, and you are expected to configure your router for IPv6 Prefix delegation to get your /32 prefix from the data center router. (I'm not sure your router can do that, so you need to check on it.)

Just like with IPv4, routers route packets between networks, not from a network back to the same network, so each router interface is in a different network. Switches switch frames on the same network. Either the data center guys do not really understand IPv6, they are confused about what you get, or they expect you to use IPv6 prefix delegation.

Ron Maupin
  • 99,565
  • 26
  • 120
  • 195