On 10.04.24 23:51, Robert Sharp wrote:
I have set up dnsmasq to provide dhcpv6 addresses for my network using a /64 prefix delegated to the LAN interface (enp3s0) using dhcpcd. Everything works fine, so I am now trying to extend ipv6 to a vlan I have set up for my wifi clients. Again, dhcpcd has obtained and delegated another prefix to the vlan only this time its a /68 for some reason.
I can't comment on dnsmasq's implementation details, but in general, you won't have much joy using a /68 prefix. While it is true that IPv6 routing decisions are based on arbitrary prefix lengths of 0 to 128, quite a few RFCs require the interface id to be 64 bit wide - to name just a few: RFC3972 (CGAs), RFC4291 (Addressing Architecture), RFC4193 (ULAs), RFC7136 (Significance of IPv6 Interface Identifiers). E.g. the latter states: > For all unicast addresses, except those that start with the binary > value 000, Interface IDs are required to be 64 bits long. If > derived from an IEEE MAC-layer address, they must be constructed > in Modified EUI-64 format. Other RFCs often refer above and adhere to it, even if their proposed algorithm could be adopted to deal with shorter interface ids (e.g. RFC7217). This pretty much makes 64bit interface ids a de-facto standard. Using prefix lengths larger than 64 would thus be likely to result in inability to calculate such 64bit interface identifiers. Independent of your chosen DHCPv6 sever, you should probably consider to use a different prefix length. If you would want to be able to semantically use some portions of the interface id to identify a logical subnet from your DHCPv6 assigned addresses, you may be able to use a /64 and adjust dnsmasq's dhcp-range accordingly. Depending on your router's configuration options, you may still be able to use a /68 for routing decisions (like vlan isolation). However, note that when advertising a /64 prefix, clients using NDP/SLAAC to join your network (like Androids only ever do) would use the full 64bit for self-assigning their interface id (but using a /68 may stop them from joining your network, when they only support SLAAC's default /64 prefix). Again, you may be better off avoiding issues by using a maximum prefix length of 64. Kind regards, Buck _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
