Hi all,
Still on- and off- again introducing IPv6 to my home network. Still flailing at it, so hoping someone will be able to point me to my mistakes
I have an ISP who delegates me a /56.
I use OpenWRT at my firewall, which receives the delegation and shares it with to my core switch over a Transit VLAN.
I use a ISX7250 as my core switch, with several VLANs configured. All inter-VLAN routing happens here as I have a couple 10G hosts (and from time to time actually make use of the bandwidth and the OpenWRT host is on a 1G connection)
OpenWRT is also my DHCPv4 server, and I have all the VEs on the 7250 relaying DHCPv4 requests to it successfully.
I chose OpenWRT because at no point do I need to hardcode my ISP-provided IPv6 prefix into any of my configuration. Firewall rules can be set up with just the Interface ID section of the IPv6 address, for example.
I'm struggling to get SLAAC to work through the ICX however. According to the Layer 3 configuration guide for 08.0.95, once I enable IPv6 on an interface, the ICX should autoconfigure a Link-Local address and if there are router advertisements on that link, it should get itself a GUA, however when I enabled IPv6 on my Transit VLAN interface, it did neither.
Since I have multiple VLANs being tagged on most interfaces, I followed it's advice to manually set the Link-Local address anyway, but still receive no GUA.
When I run show
So... can anyone tell me where I'm going wrong?
Edit 1: Just realised that OpenWRT shows my LAN interface as having a /64 GUA in the web interface, but
Edit 2: The end goal is assigning 1 /64 per VLAN on the ICX, ideally without having to manually list the full prefix in the config and just have it work it out from RAs/DHCPv6, but for the moment I'm just focused on getting between the ICX and OpenWRT working.
OpenWRT info
ICX 7250 Info
Still on- and off- again introducing IPv6 to my home network. Still flailing at it, so hoping someone will be able to point me to my mistakes
I have an ISP who delegates me a /56.
I use OpenWRT at my firewall, which receives the delegation and shares it with to my core switch over a Transit VLAN.
I use a ISX7250 as my core switch, with several VLANs configured. All inter-VLAN routing happens here as I have a couple 10G hosts (and from time to time actually make use of the bandwidth and the OpenWRT host is on a 1G connection)
OpenWRT is also my DHCPv4 server, and I have all the VEs on the 7250 relaying DHCPv4 requests to it successfully.
I chose OpenWRT because at no point do I need to hardcode my ISP-provided IPv6 prefix into any of my configuration. Firewall rules can be set up with just the Interface ID section of the IPv6 address, for example.
I'm struggling to get SLAAC to work through the ICX however. According to the Layer 3 configuration guide for 08.0.95, once I enable IPv6 on an interface, the ICX should autoconfigure a Link-Local address and if there are router advertisements on that link, it should get itself a GUA, however when I enabled IPv6 on my Transit VLAN interface, it did neither.
Since I have multiple VLANs being tagged on most interfaces, I followed it's advice to manually set the Link-Local address anyway, but still receive no GUA.
When I run show
ipv6 neighbour, I do see my OpenWRT LAN interface's Link-Local address, but not it's GUA. I can ping the LL but not the GUA.So... can anyone tell me where I'm going wrong?
Edit 1: Just realised that OpenWRT shows my LAN interface as having a /64 GUA in the web interface, but
ip a shows it as a /60. Address itself is the same characters, but could that be the problem?Edit 2: The end goal is assigning 1 /64 per VLAN on the ICX, ideally without having to manually list the full prefix in the config and just have it work it out from RAs/DHCPv6, but for the moment I'm just focused on getting between the ICX and OpenWRT working.
OpenWRT info
Bash:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
link/ether bc:24:11:25:f0:17 brd ff:ff:ff:ff:ff:ff
inet 100.66.9.76/21 brd 100.66.15.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2db8:0db8:0db8:0db8:be24:11ff:fe25:f017/64 scope global dynamic noprefixroute
valid_lft 2591850sec preferred_lft 604650sec
inet6 2db8:0db8:0db8:0db8::1000/128 scope global dynamic noprefixroute
valid_lft 557sec preferred_lft 557sec
inet6 fe80::be24:11ff:fe25:f017/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
link/ether bc:24:11:e7:e1:b5 brd ff:ff:ff:ff:ff:ff
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether bc:24:11:e7:e1:b5 brd ff:ff:ff:ff:ff:ff
inet 10.42.255.254/30 brd 10.42.255.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2db8:0db8:0db8:0db8::1/60 scope global dynamic noprefixroute
valid_lft 557sec preferred_lft 557sec
inet6 fd14:7480:e680::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fee7:e1b5/64 scope link
valid_lft forever preferred_lft forever
Code:
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'ICX 7250 Info
Code:
Current configuration:
!
ver 08.0.95hT213
!
stack unit 1
module 1 icx7250-24p-poe-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
!
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 22 by port
tagged ethe 1/1/1 to 1/1/23 ethe 1/2/1 to 1/2/8
router-interface ve 22
!
vlan 50 by port
tagged ethe 1/1/1 to 1/1/23 ethe 1/2/1 to 1/2/8
router-interface ve 50
!
vlan 60 by port
tagged ethe 1/1/1 to 1/1/23 ethe 1/2/1 to 1/2/8
router-interface ve 60
!
vlan 70 by port
tagged ethe 1/1/1 to 1/1/23 ethe 1/2/1 to 1/2/8
router-interface ve 70
!
vlan 80 by port
tagged ethe 1/1/1 to 1/1/23 ethe 1/2/1 to 1/2/8
router-interface ve 80
!
vlan 107 by port
tagged ethe 1/1/1 to 1/1/6 ethe 1/1/8 to 1/1/23 ethe 1/2/1 to 1/2/8
untagged ethe 1/1/7
router-interface ve 107
!
vlan 255 by port
tagged ethe 1/2/8
router-interface ve 255
!
!
!
!
!
!
!
!
!
!
!
!
!
!
optical-monitor
optical-monitor non-ruckus-optic-enable
aaa authentication web-server default local
aaa authentication login default local
enable aaa console
ip dhcp-client disable
ip route 0.0.0.0/0 10.42.255.254
!
ipv6 unicast-routing
logging host 192.168.42.222 udp-port 6514
no telnet server
username super password .....
!
!
snmp-server community ..... ro
snmp-server community ..... ro
!
!
!
manager disable
!
!
manager port-list 987
!
!
!
!
!
!
!
!
!
interface ethernet 1/1/1
no inline power
!
interface ethernet 1/1/2
no inline power
!
interface ethernet 1/1/3
no inline power
!
interface ethernet 1/1/4
no inline power
!
interface ethernet 1/1/6
no inline power
!
interface ethernet 1/1/7
no inline power
!
interface ethernet 1/1/8
no inline power
!
interface ethernet 1/1/10
no inline power
!
interface ethernet 1/1/11
no inline power
!
interface ethernet 1/1/13
no inline power
!
interface ethernet 1/1/14
no inline power
!
interface ethernet 1/1/15
no inline power
!
interface ethernet 1/1/16
no inline power
!
interface ethernet 1/1/17
no inline power
!
interface ethernet 1/1/18
no inline power
!
interface ethernet 1/1/19
no inline power
!
interface ethernet 1/1/20
no inline power
!
interface ethernet 1/1/21
no inline power
!
interface ethernet 1/1/22
no inline power
!
interface ethernet 1/1/23
no inline power
!
interface ethernet 1/1/24
no inline power
!
interface ethernet 1/2/1
speed-duplex 10G-full
!
interface ethernet 1/2/2
speed-duplex 10G-full
!
interface ethernet 1/2/3
speed-duplex 10G-full
!
interface ethernet 1/2/4
speed-duplex 10G-full
!
interface ethernet 1/2/5
speed-duplex 10G-full
!
interface ethernet 1/2/6
speed-duplex 10G-full
!
interface ethernet 1/2/7
speed-duplex 10G-full
!
interface ethernet 1/2/8
no optical-monitor
speed-duplex 10G-full
!
interface ve 1
ip address 192.168.42.151 255.255.255.0
ip helper-address 1 10.42.255.254
!
interface ve 22
ip address 10.42.22.1 255.255.255.0
!
interface ve 50
ip address 10.42.50.1 255.255.255.0
ip helper-address 1 10.42.255.254
ipv6 address fe80::be24:11ff:50:1 link-local
ipv6 enable
ipv6 dhcp-relay destination fe80::be24:11ff:fee7:e1b5 outgoing-interface ve 255
ipv6 dhcp-relay include-options interface-id remote-id
!
interface ve 60
ip address 10.42.60.1 255.255.255.0
ip helper-address 1 10.42.255.254
!
interface ve 70
ip address 10.42.70.1 255.255.255.0
ip helper-address 1 10.42.255.254
!
interface ve 80
ip address 10.42.80.1 255.255.255.0
ip helper-address 1 10.42.255.254
!
interface ve 107
ip address 10.42.107.250 255.255.255.0
ip helper-address 1 10.42.255.254
!
interface ve 255
ip address 10.42.255.253 255.255.255.252
ipv6 address fe80::be24:11ff:fee7:2552 link-local
ipv6 enable
!
ipv6 neighbor inspection vlan 255
!
!
!
!
!
!
!
!
!
ip ssh idle-time 0
!
!
!
!
!
end
Last edited: