# Does this mean my ISP now supports IPv6?



## mickey (Sep 8, 2016)

I am using PPPoE to connect to the internet. Just recently my ISP switched me over to another DSL access point, and to my surprise the peer now wants to negotiate IPV6CP via PPP. It seems that via IPV6CP I now receive IPv6 addresses for my end and the ISP's end of the connection. Both addresses however start with fe80, so I assume these are link-local addresses only?

So where does this leave me now? Does this actually mean that my ISP now fully supports IPv6, and if so, what would be the required steps to make my FreeBSD 10.3 router/firewall fully aware of it? Forgive me, if I'm maybe not seeing the obvious here, but my understanding of IPv6 so far has been rather shallow. Any hints and pointers in the right direction are highly appreciated.


----------



## SirDice (Sep 9, 2016)

mickey said:


> Both addresses however start with fe80, so I assume these are link-local addresses only?


Those are indeed link-local.



> Does this actually mean that my ISP now fully supports IPv6


Probably not. You need to receive a global IPv6 address from them. Typically you'll receive a whole /64 or /48 network to use.

If you want to experiment with IPv6 you can sign up for a free IPv6 tunnel-broker. I'm currently using one from he.net as my ISP still has no plans to support IPv6 natively. My previous ISP did have full, native, IPv6 support. With them I just received the IPv6 address(es) the same way I got their IPv4 address.


----------



## Murph (Sep 9, 2016)

FE80::/10 is strictly link-local only.  I.e. it can only ever be used to exchange packets with another system on the same link (either Ethernet segment / bridged domain, or the far end of a PPP, or equivalent).  It can, of course, be used as a next-hop in a routing table, so they could potentially route public addresses to you and you could potentially route to the net over a PPP which only has link-local addresses, in much the same way that an IPv4 link with RFC1918 addresses can still forward public-addressed packets.

They should be assigning you at least a public /64 to use.  Exactly how that is managed is a per-ISP thing, so you may need to chat to them about it if there's no obvious auto-config of a public address coming down the line.  On a higher end / business / premium connection, they should be giving you at least a /56 or /48.  If they have the fairly crap support that is sadly far too typical these days, I'd probably have a good hunt through their docs, forums, lists, etc; before calling support.

FreeBSD 10.3 should handle it just fine, in theory, but can't say much more than that without knowing your ISP's setup.  I've had servers with IPv6 mostly happily enabled since back in the 7.x days, so it's fairly mature now in 10.x.


----------



## mickey (Sep 9, 2016)

SirDice said:


> Those are indeed link-local.





Murph said:


> FE80::/10 is strictly link-local only.  I.e. it can only ever be used to exchange packets with another system on the same link (either Ethernet segment / bridged domain, or the far end of a PPP, or equivalent).  It can, of course, be used as a next-hop in a routing table, so they could potentially route public addresses to you and you could potentially route to the net over a PPP which only has link-local addresses, in much the same way that an IPv4 link with RFC1918 addresses can still forward public-addressed packets.


That confirms what I was thinking. And I presume those link-local addresses can also be used to send router advertisement (RA) messages down the line? Using `tcpdump` on my tun0 interface, it appears there are periodic transmissions of RA messages coming in on the link-local address.


SirDice said:


> Probably not. You need to receive a global IPv6 address from them. Typically you'll receive a whole /64 or /48 network to use.





Murph said:


> They should be assigning you at least a public /64 to use.  Exactly how that is managed is a per-ISP thing, so you may need to chat to them about it if there's no obvious auto-config of a public address coming down the line.
> 
> FreeBSD 10.3 should handle it just fine, in theory, but can't say much more than that without knowing your ISP's setup.  I've had servers with IPv6 mostly happily enabled since back in the 7.x days, so it's fairly mature now in 10.x.


Yesterday I did some more reading to get a little deeper understanding of IPv6 in general. The thing that is giving me some problems to fully understand is that from what I've read so far, a machine is supposed to be either:

A host (single interface only, probably runs rtsold to auto-configure it's address, routers, etc)
A router (multi interface, probably runs rtadvd to announce itself on the network, probably configured statically rather than dynamically)
But it appears that my machine (and for that matter most other typical home network routers) are neither exactly 1) nor 2), as the address/prefix is not known in advance for statically configuring anything, but rather received dynamically from the ISP. It would rather appear that the typical residential gateway type of router has to be a mixture of both. Is this assumption correct?

Seeing that there are RA messages coming down the link, I did some more fiddling yesterday. If this machine is ever supposed to route IPv6 traffic, it appears I will need this in my /etc/rc.conf:

```
ipv6_gateway_enable="YES"
```
Also to get my tun0 interface into a state where it is actually able to accept those RA messages coming down the link, it would seem that this is the correct way to do it:

```
ipv6_cpe_wanif="tun0"
```
And in order to have my other interfaces (ethernet/wlan) automatically configured with a link-local address I also added this:

```
ipv6_activate_all_interfaces="YES"
```
I understand I could alternatively add `ifconfig_<IF>_ipv6="..."` lines for each interface, but I'm not really sure what to put there.

This got me so far that I could manually run `rtsol -D tun0` which seems to have added another IPv6 address (starting with a 2, so I assume it's a global one) to my tun0 interface. It also seemed to have added an IPv6 default route pointing to the peer's link-local address. Not sure if this is correct though. If I remember it correctly, it said something about the prefix length being 64.

I have tried a DNS query to my local bind99 name server, and it appeared to be sending out IPv6 packets over the link, but never got any answer. So for the moment I'm a bit stuck here, as I am not quite sure where to take it from here. How do my other interfaces and/or machines on my local network/wireless network get valid IPv6 addresses? Do I need to run `rtadvd` on my ethernet/wlan0 interfaces in order to accomplish that, or would I rather install a local DHCP6 server, or both? What happens if the link to the ISP is dropped? Do I get a different prefix next time it connects, which would mean all machines in my LAN would need to be renumbered? I feel I have still plenty of way to go here...



SirDice said:


> If you want to experiment with IPv6 you can sign up for a free IPv6 tunnel-broker. I'm currently using one from he.net as my ISP still has no plans to support IPv6 natively.


I would rather not want to go down this tunneling road. As I understand it, some or all of these transition techniques also come with security implications?



Murph said:


> On a higher end / business / premium connection, they should be giving you at least a /56 or /48.  If they have the fairly crap support that is sadly far too typical these days, I'd probably have a good hunt through their docs, forums, lists, etc; before calling support.


It's just the typical residential type of internet service. It is pretty obvious that they are trying hard to push their customers to use their web based support instead of calling them and asking questions. A search on their website for IPv6 related stuff turned up mostly empty. And I would rather want to wait with calling their support until at least I know what the exact question would be and I do fully understand it.


----------

