[Dnsmasq-discuss] dhcp-range with ipv6 vlan not working?
Buck Horn
buckhorn at weibsvolk.org
Thu Apr 11 09:20:35 UTC 2024
On 10.04.24 23:51, Robert Sharp wrote:
> I have set up dnsmasq to provide dhcpv6 addresses for my network using
> a /64 prefix delegated to the LAN interface (enp3s0) using dhcpcd.
> Everything works fine, so I am now trying to extend ipv6 to a vlan I
> have set up for my wifi clients. Again, dhcpcd has obtained and
> delegated another prefix to the vlan only this time its a /68 for some
> reason.
I can't comment on dnsmasq's implementation details, but in general, you
won't have much joy using a /68 prefix.
While it is true that IPv6 routing decisions are based on arbitrary
prefix lengths of 0 to 128, quite a few RFCs require the interface id to
be 64 bit wide - to name just a few: RFC3972 (CGAs), RFC4291 (Addressing
Architecture), RFC4193 (ULAs), RFC7136 (Significance of IPv6 Interface
Identifiers).
E.g. the latter states:
> For all unicast addresses, except those that start with the binary
> value 000, Interface IDs are required to be 64 bits long. If
> derived from an IEEE MAC-layer address, they must be constructed
> in Modified EUI-64 format.
Other RFCs often refer above and adhere to it, even if their proposed
algorithm could be adopted to deal with shorter interface ids (e.g.
RFC7217).
This pretty much makes 64bit interface ids a de-facto standard.
Using prefix lengths larger than 64 would thus be likely to result in
inability to calculate such 64bit interface identifiers.
Independent of your chosen DHCPv6 sever, you should probably consider to
use a different prefix length.
If you would want to be able to semantically use some portions of the
interface id to identify a logical subnet from your DHCPv6 assigned
addresses, you may be able to use a /64 and adjust dnsmasq's dhcp-range
accordingly. Depending on your router's configuration options, you may
still be able to use a /68 for routing decisions (like vlan isolation).
However, note that when advertising a /64 prefix, clients using
NDP/SLAAC to join your network (like Androids only ever do) would use
the full 64bit for self-assigning their interface id (but using a /68
may stop them from joining your network, when they only support SLAAC's
default /64 prefix).
Again, you may be better off avoiding issues by using a maximum prefix
length of 64.
Kind regards,
Buck
More information about the Dnsmasq-discuss
mailing list