DHCPv6: passing delegated prefix to local RA

linux ipv6 isc-dhcp

I currently have an Airport Extreme as my home office firewall. In addition to handling IPv4 NAT, my ISP (Comcast) delegates an IPv6 prefix to the Airport, which in turn assigns the delegated prefix to my LAN interface and sends the appropriate route advertisements.

I'd like to replace the Airport with a small Linux firewall - the NUC with a second ethernet interface is looking quite intriguing - but I'm having trouble determining whether the IPv6 behavior can be replicated. My basic questions are:

  • Can ISC's DHCPv6 client accept a prefix delegation, or only host IPv6 addresses?
  • If the above is true, can the DHCPv6 client assign the received prefix to a different interface? Does the client support "on commit", or is that only supported on the DHCP server?

Solution 1:

dhcpcd after 6.4.0 (or fetch the trunk from the repository) will request and disposition a ia-pd prefix.

for instance the nominal config

interface eth1

ia-pd 1/::/60 eth2/2/64 eth3/3/64

will request a prefix with a length of 60 (so four bits, a.k.a. eight networks) and assign the resulting networks to the listed interfaces, with the prefix length of 64 and the lowest four bits of the prefix set to the number between the slashes. (and the root local address of 1.

So xxxx:xxxx:xxxx:xxx0::/60 will be requested, and if received xxxx:xxxx:xxxx:xxx2::1/64 will be assigned to eth2, and xxxx:xxxx:xxxx:xxx3::1 will be assigned to eth3. etc.

Be warned that it won't work correctly with Comcast because comcast requires you to request and receive an ia_pd and an ia_na, and they issue them as separate responses from separate servers, which is a no-no (more or less).

Solution 2:

ISC DHCP certainly will request a prefix delegation from your ISP if you ask it to, but it won't actually do anything with it beyond logging it somewhere. Nor will any other DHCP client.

If you really intend to build your own router, you'll have to write your own scripts to determine the prefix that was delegated, set up static routes, and configure your router advertisement daemon and/or DHCPv6 server on your LAN.

If you want an example, OpenWrt beginning with Barrier Breaker has already done this and you may be able to reuse some of their work.

For a home office I wouldn't really bother with this, and just use something off the shelf that has proper IPv6 support...like your Airport Extreme.

Related

How can I mount the SSD drive on Amazon's m3.medium?
How can I set Postfix outgoing port to 465, but keep incoming port to default?
What IP range do I ask the system administrator to open in order for S3 to work?
How to get rid of network broadcasting of port 17500
What is the difference between proxy_cache_ and fastcgi_cache?
w32tm /resync not working instantly
nginx: HSTS on a page with www-authentication
Can I delete files in nginx client_body_temp directory?
Is it safe to execute "sudo reboot" on a Google Compute Engine instance?
How does Linux distribute load on multiple CPU cores
After domain rename - will I need to rejoin all users to the new domain?
Difference between /var/www and /srv/www in nginx