For quite some time my ISP have had issues with IPv6 when using own router. At my ISP it’s possible to use own router without bridge-mode – all you have to do i ad VLAN 101 to the interface you use. In my case it’s eth0, hence the interface will be known as eth0.101.
First thing to make sure of, is that you have enabled some basic firewall rules. Since most IPv6 is public IP and not NAT as you may being used to with your IPv4 setup, there will be direct access to the devices on your network without firewall. Here are some basic rules.
WAN inbound traffic forwarded to LAN:
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}WAN inbound traffic to the router:
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}With the rules added we can go on with the actual IPv6 address adding to the correct interface. As you may remember, in my case i need to add it to interface eth0 vlan 101 – aka eth0.101. In the Edgerouter CLI configuration VLAN 101 is defined as a virtual interface (vif) on eth0.
Lets start by looking at the part that will make you get the actual IPv6 network onto your interface. PD (prefix-delegation) is the internal service that will get the IPv6 subnet from your ISP. The interesting part here, at first, is the prefix-length. You will need to get this number from your ISP, as this is the size of the network.
The part of switch0 is the part that defines IPv6 should be available at your internal switch interface which will “relay” it to your devices.
dhcpv6-pd {
pd 0 {
interface switch0 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length 56
}
rapid-commit enable
}We will also need to make sure that the firewall rules which we made first, are applied to the WAN interface (eth0.101). Here is the full config of this interface:
ethernet eth0 {
description Internet
duplex auto
speed auto
vif 101 {
address dhcp
description Hiper
dhcpv6-pd {
pd 0 {
interface switch0 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length 56
}
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
}
}Now, we have accomplished the Edgerouter has an IPv6 adress. If done correctly it will look like this:
ubnt:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/u Internet
eth0.101 185.xxx.xxx.xxx/22 u/u Hiper
2a05:f6c1:x:xxx::/128
ubnt:~$ ping6 google.com
PING google.com(arn09s22-in-x0e.1e100.net (2a00:1450:400f:801::200e)) 56 data bytes
64 bytes from arn09s22-in-x0e.1e100.net (2a00:1450:400f:801::200e): icmp_seq=1 ttl=58 time=12.5 ms
64 bytes from arn09s22-in-x0e.1e100.net (2a00:1450:400f:801::200e): icmp_seq=2 ttl=58 time=11.7 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 11.704/12.150/12.597/0.459 ms
One last step is missing. To advertise in your network that IPv6 is available. This is done in the switch0 configuration segment:
switch switch0 {
address 10.10.1.1/24
description Local
ipv6 {
router-advert {
managed-flag false
prefix ::/64 {
}
}
}
..... interfaces omitted .....
}In this segment it’s advertising /64 segments to devices requesting it. After a few seconds/minutes your computer/telephone should receive an IPv6 address.