[Dnsmasq-discuss] dhcp-range with ipv6 vlan not working?

Robert Sharp sysadmin at osburn-sharp.uk
Thu Apr 11 21:09:37 UTC 2024


On 11/04/2024 10:20, Buck Horn via Dnsmasq-discuss wrote:
> On 10.04.24 23:51, Robert Sharp wrote:
>> I have set up dnsmasq to provide dhcpv6 addresses for my network using
>> a /64 prefix delegated to the LAN interface (enp3s0) using dhcpcd.
>> Everything works fine, so I am now trying to extend ipv6 to a vlan I
>> have set up for my wifi clients. Again, dhcpcd has obtained and
>> delegated another prefix to the vlan only this time its a /68 for some
>> reason.
>
>
> I can't comment on dnsmasq's implementation details, but in general, you
> won't have much joy using a /68 prefix.
>
> While it is true that IPv6 routing decisions are based on arbitrary
> prefix lengths of 0 to 128, quite a few RFCs require the interface id to
> be 64 bit wide - to name just a few: RFC3972 (CGAs), RFC4291 (Addressing
> Architecture), RFC4193 (ULAs), RFC7136 (Significance of IPv6 Interface
> Identifiers).
>
> E.g. the latter states:
> >    For all unicast addresses, except those that start with the binary
> >    value 000, Interface IDs are required to be 64 bits long. If
> >    derived from an IEEE MAC-layer address, they must be constructed
> >    in Modified EUI-64 format.
>
> Other RFCs often refer above and adhere to it, even if their proposed
> algorithm could be adopted to deal with shorter interface ids (e.g.
> RFC7217).
>
> This pretty much makes 64bit interface ids a de-facto standard.
> Using prefix lengths larger than 64 would thus be likely to result in
> inability to calculate such 64bit interface identifiers.
>
> Independent of your chosen DHCPv6 sever, you should probably consider to
> use a different prefix length.
>
> If you would want to be able to semantically use some portions of the
> interface id to identify a logical subnet from your DHCPv6 assigned
> addresses, you may be able to use a /64 and adjust dnsmasq's dhcp-range
> accordingly. Depending on your router's configuration options, you may
> still be able to use a /68 for routing decisions (like vlan isolation).
>
> However, note that when advertising a /64 prefix, clients using
> NDP/SLAAC to join your network (like Androids only ever do) would use
> the full 64bit for self-assigning their interface id (but using a /68
> may stop them from joining your network, when they only support SLAAC's
> default /64 prefix).
>
> Again, you may be better off avoiding issues by using a maximum prefix
> length of 64.
>
> Kind regards,
>      Buck
>

That sounds like a good explanation so now all I need to do is figure 
out how to get dhcpcd to allocate the /64 prefix I was expecting, and 
that is not for this list.

Thanks, I will post again if that makes no difference.

Robert




More information about the Dnsmasq-discuss mailing list