On 11/04/2024 10:20, Buck Horn via Dnsmasq-discuss wrote:
On 10.04.24 23:51, Robert Sharp wrote:
I have set up dnsmasq to provide dhcpv6 addresses for my network using
a /64 prefix delegated to the LAN interface (enp3s0) using dhcpcd.
Everything works fine, so I am now trying to extend ipv6 to a vlan I
have set up for my wifi clients. Again, dhcpcd has obtained and
delegated another prefix to the vlan only this time its a /68 for some
reason.
I can't comment on dnsmasq's implementation details, but in general, you
won't have much joy using a /68 prefix.
While it is true that IPv6 routing decisions are based on arbitrary
prefix lengths of 0 to 128, quite a few RFCs require the interface id to
be 64 bit wide - to name just a few: RFC3972 (CGAs), RFC4291 (Addressing
Architecture), RFC4193 (ULAs), RFC7136 (Significance of IPv6 Interface
Identifiers).
E.g. the latter states:
> For all unicast addresses, except those that start with the binary
> value 000, Interface IDs are required to be 64 bits long. If
> derived from an IEEE MAC-layer address, they must be constructed
> in Modified EUI-64 format.
Other RFCs often refer above and adhere to it, even if their proposed
algorithm could be adopted to deal with shorter interface ids (e.g.
RFC7217).
This pretty much makes 64bit interface ids a de-facto standard.
Using prefix lengths larger than 64 would thus be likely to result in
inability to calculate such 64bit interface identifiers.
Independent of your chosen DHCPv6 sever, you should probably consider to
use a different prefix length.
If you would want to be able to semantically use some portions of the
interface id to identify a logical subnet from your DHCPv6 assigned
addresses, you may be able to use a /64 and adjust dnsmasq's dhcp-range
accordingly. Depending on your router's configuration options, you may
still be able to use a /68 for routing decisions (like vlan isolation).
However, note that when advertising a /64 prefix, clients using
NDP/SLAAC to join your network (like Androids only ever do) would use
the full 64bit for self-assigning their interface id (but using a /68
may stop them from joining your network, when they only support SLAAC's
default /64 prefix).
Again, you may be better off avoiding issues by using a maximum prefix
length of 64.
Kind regards,
Buck
That sounds like a good explanation so now all I need to do is figure
out how to get dhcpcd to allocate the /64 prefix I was expecting, and
that is not for this list.
Thanks, I will post again if that makes no difference.
Robert
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
