Skip to main content

Prefix Delegation

I'd recommend reading about Prefix Delegation to get a better understanding of it but the gist is that using DHCPv6 it is possible to request a whole block of IPv6 addresses that can be handed out to every device on my network instead of only getting one and having to share it using a hack like masquerading.

Install A Client

There are a few different DHCPv6 clients you can use that support Prefix Delegation but I decided to go with wide-dhcpv6-client. I also tried dhcpcd but found the configuration syntax to be a little uglier.

# apt install wide-dhcpv6-client

The config below is doing a few different things that I'll list but you can read about all the possible dhcp6c.conf configuration.

  • Lines 2-6 use eth0 to request a "normal address" with ia-na and a delegrated prefix range with ia-pd
  • Lines 8-10 are required and correspond to the "normal addresss" I asked for, but there is no special configuration
  • Lines 12 and 13 are the start of the prefix delegation block and I am specifying I want a prefix that gives me a subnet of /60. I know Comcast will give me a /60 which is 295,147,905,179,352,825,856 (two hundred ninety five quintillion, one hundred forty seven quadrillion, nine hundred five trillion, one hundred seventy nine billion, three hundred fifty two million, eight hundred twenty five thousand, eight hundred fifty six) so that should be more than enough.
  • Lines 15-19 and the other similar blocks just take a slice of the prefix I was delegated and apply it to an internface.
# /etc/wide-dhcpv6/dhcp6c.conf 
+ 
+ interface eth0 {
+ #  send rapid-commit;
+   send ia-na 0;
+   send ia-pd 1;
+ };
+ 
+ id-assoc na 0 {
+ 
+ };
+  
+ id-assoc pd 1 {
+   prefix ::/60 infinity;
+   
+   prefix-interface eth1 {
+     sla-id 0;
+     sla-len 4;
+     ifid 1;
+   };
+ 
+   prefix-interface eth1.8 {
+     sla-id 1;
+     sla-len 4;
+     ifid 1;
+   };
+ 
+   prefix-interface eth1.9 {
+     sla-id 2;
+     sla-len 4;
+     ifid 1;
+   };
+ };

After enabling and starting the client I have publically addressable IPv6 addresses applied to my interfaces.

# systemctl enable --now wide-dhcpv6-client
# ip -6 addr
1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:6020:ae3:1022:a4d3:f031:fb7e:e629/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::2b0:c9ff:fe79:cd77/64 scope link
       valid_lft forever preferred_lft forever
2: eth1@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2601:1833:a3a:102::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::d45a:67ff:fec6:6688/64 scope link
       valid_lft forever preferred_lft forever
3: eth1.8@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2601:1833:a3a:103::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::d45a:67ff:fec6:6688/64 scope link
...
Back to top