Project

General

Profile

Actions

Bug #8435

open

DHCPv6 unusable in certain circumstances (US AT&T Fiber, etc.)

Added by Justin Coffman almost 6 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
04/05/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

pfSense's implementation of DHCPv6 prefix delegation is unusable in edge ISP configurations. AT&T Fiber in the United States, for example, commits the entire /60 to the customer's on-premises gateway, even if the gateway is (as) bypassed (as it can be). The pfSense appliance behind the gateway can only request delegation for one /64 at a time, even if multiple /64s are to be delegated. In other words, if I have four LAN subnets, I would need to request four separate /64s from the gateway, rather than a single /62 to then be doled out by the pfSense firewall.

Unfortunately, pfSense only allows for a single delegated prefix over the WAN. If a /63, /62, /61, etc. is configured, it is ignored by the gateway. The problem is that setting a prefix length of /64 for DHCPv6 on WAN means that only a single LAN interface can be given that delegated prefix. There is no configuration structure within pfSense (that I have found) that allows one to individually request a /64 prefix for EACH so-configured LAN interface.

Actions

Also available in: Atom PDF