IPv6 alias masks/masks for routed aliases

Hiroki Sato hrs at FreeBSD.org
Thu May 19 10:20:43 UTC 2011 

Charles Sprickman <spork at bway.net> wrote
  in <alpine.OSX.2.00.1105180359130.1983 at hotlap.nat.fasttrackmonkey.com>:

sp> On Tue, 17 May 2011, Hiroki Sato wrote:
sp>
sp> > Charles Sprickman <spork at bway.net> wrote
sp> >  in
sp> >  <alpine.OSX.2.00.1105170300090.1983 at hotlap.nat.fasttrackmonkey.com>:
sp> >
sp> > sp> First, the easy one.  For IPv6 aliases, what is the proper subnet?
sp> >
sp> > Normally it is a /64.  See also Section 2.5.4 in RFC 4291.
sp>
sp> My understanding was that a /64 was a common subnet since it's the
sp> minimum size required for host autoconfiguration.  What I'm really
sp> looking for is the FreeBSD-specific recommendation for configuring
sp> aliases - I understand that I'll probably have a /64 on the LAN, but
sp> when setting a netmask on a single IPv6 alias are the rules different
sp> than they are for IPv4?  So if I've got a lan block that's a /64 and I
sp> configure an alias on a FreeBSD host, do I give the alias the lan
sp> subnet (/64) or a host subnet (/128)? For IPv4, I believe that it
sp> should always be the host subnet (/32).

 There is no FreeBSD-specific configuration.  The recommendation is
 /64 because various IPv6 specs assume /64 prefix length for a global
 unicast address on a host and FreeBSD implementation supports
 configuration of multiple /64 addresses on a single interface.  There
 is no reason to use /128 or ones longer than 64 while you can
 configure a GUA with such a longer prefix.

sp> The current setup looks like this on the ISP side:

 I am still not sure of the network topology.  Something like this?

 (ISP)
   |
   |10.[123456].0.0
 (router)
   |10.1.0.1/27
   |
 (hosts) 10.1.0.x/27
         10.2.0.2/28
         10.2.0.3/32
              :

 Hmm, I may misunderstand something.  If this diagram is correct, I am
 wondering why the router has 10.[123456].0.0 addresses on the WAN
 side, not on the FE0/1 side.  I feel like simply configuring
 10.[123456].0.1 on the LAN side instead and an address on the ISP
 side which can communicate ISP's router would work.

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110519/24850735/attachment.pgp

More information about the freebsd-net mailing list