IPv6 - How does my ISP know how to route traffic to my delegated subnet?

My question is somewhat related to this question: What ISP needs to provide in order to route native IPv6 /56 range to several VLANs Where that question focused on the private side of a router, my question focuses on the public side and is related to how an ISP performs its job.

Let's assume that my ISP has given me an IPv6 network prefix of 2001:db8:beef:a700::/56. Let's assume I don't subnet it - I simply place my router's LAN interface in that subnet. Let's assume the WAN interface of my router has address 2001:db8:face:2000::2/64 (assigned via DHCP), with an upstream gateway of 2001:db8:face:2000::1. When the upstream gateway gets a packet with a destination address of 2001:db8:beef:a700::abcd from the public Internet, it must route that packet to my router at 2001:db8:face:2000::2. How does the upstream gateway learn that this is what it must do?

This question is being asked with these assumptions:

  • The customer equipment is not running any dynamic routing protocols. I haven't seen customer equipment running routing protocols, so I must assume that the upstream gateway has learned of the 2001:db8:beef:a700::/56 network through some other means. What means might that be?
  • The DHCPv6 server that is handing out prefixes is not running on the upstream gateway. Instead, the upstream gateway is performing DHCP relay. This allows a single DHCP server to serve many networks that may be associated with neighborhoods or towns.

I attempted to test this with some Linux hosts and pfSense routers, but I was unable to replicate the functionality that ISPs provide. I more than welcome corrections to misconceptions I may have developed while learning IPv6.


Solution 1:

IPv6 to consumer networks/customers is usually provided by using DHCPv6-PD between the ISP router and the home router (CPE). The PD stands for Prefix Delegation and is an addition to the normal DHCPv6 options. It not only provides on-link addresses to the CPE, but also gives it a whole prefix that it can then use to further distribute within its own network.

To be able to route the prefix to the right CPE the ISP router has to remember which prefixes got delegated to which CPE. To do that it remembers the DHCPv6 client ID (DUID), its link-local (fe80:) address, the delegated prefixes and the lease time. It then automatically creates a static route for each prefix with the link-local address of the CPE as next-hop, and it will remove that route again when the lease expires.

If the ISP router is not itself the DHCPv6 server (which it usually isn't) then instead it performs the role of DHCPv6 relay. It will relay DHCPv6 requests from the CPEs to a central DHCPv6 server which will provide each CPE with prefixes. When relaying those messages the ISP router will snoop inside them to see if prefixes are being delegated, and it will update its routes based on that.

As an example, here is some Cisco documentation of this feature.

There are also switches that snoop DHCPv6 traffic. This is done for security instead of for routing. By looking at which ethernet port was given which IPv6 addresses and prefixes the switch can make sure that devices on other ports can't spoof packets using someone else IPv6 address. This is called a Lightweight DHCPv6 Relay Agent and specified in RFC 6221.

Solution 2:

It works the same way as routing for IPv4.

Routers learn routes in three different ways:

  1. Directly connected networks
  2. Statically configured routes
  3. Dynamically through routing protocols

If you are not running a routing protocol between the CE and PE, then the PE is configured to route any traffic destined to the /56 network to the CE router. The ISP uses an IGP or iBGP to advertise the /56 prefix within its own network, and it advertises it (probably within a larger aggregated prefix) to the public Internet.