Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 52358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 DHCP-PD Support

ToddMiller

There hasn't been a lot of talk in the roadmap discussion about the implementation of IPv6 DHCP-PD support on the XG platform.  Can we expect to see that at some point in the near future?



This thread was automatically locked due to age.
  • 0 in reply to ChrisKnight

    Hi Chris, 

    there are improvements in V18 IPv6, while not what we were all hoping for they are steps forward.

    SSL/TLS works in IPv6, WEB exceptions now works. There are other bits I cannot remember of the top of my head.

    Ian

  • 0 in reply to TronyTigno

    Hi,

    IPv6 in home environment.

    1/. Enable Iv6 on your external interface.

    2/. You can while waiting for PD to be added use any IPv6 address range you like because the current XG (V18 GA)  requires a NAT, no option. I expect a LAN to LAN IPv6 rule will also require a NAT, I haven't tried yet.

    3/. examine the externalIPv6 address assigned to your external interface and from there you should be able to work out what /56 has been assigned to you. My Austraian ISP has a reasonably stable IPv6 assignment and I use the /64 from the /56 internally.

    4/. setup your firewall rules and do not forget the NAT otherwise no internet access.

    5/. the limitation at this stage is FQDN groups which I haven't tried in the V18 GA yet.


    ian

  • 0 in reply to rfcat_vk

    Hello rfcat_vk,

    what must the rules for NAT look like?

  • 0 in reply to Christos Vassiliou

    Hi Christos,

    are you using V178 or V18? If v17 then you click MASQ in your firewall rule, if using v18 then you need to create a linked NAT rule and change to MASQ and don't forget to see both rules.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

     

    Thanks for that info.

    My tolerance for bovine excrement is clearly lower than yours - I've generally given up in disgust at not getting it working at lower layers before getting to that point.

    No improved functionality at the PPPoE interface level, 6in4 still has the same problem I reported back on 16.5, and the NAT requirement (NAT is not a security boundary!) make me shake my head.

    When I have a spare weekend I'll re-architect my WAN side of the network, get a public /29 subnet from my ISP, lift the IPv6 config from my old Cisco 877 and put it on a spare 887 I have, then put the 887 in between my ISP and my XG Firewall, then see how the IPv6 experience goes.

  • 0 in reply to ChrisKnight

    Hi Chris,

    one of the extra items that I missed is you can now have an external IPv6 interface without IP4 but this using DHCP, not PPPoE.

    I have my IPv6 working after a major restructure of my network to improve the IPv6 security/control of access for clientless devices. I gave up on VLANs and IPv6 for the moment.

    Ian

    Update.

    My understanding is that Telstra uses RA to deploy the addresses, though not sure.

  • 0

    Any news?
    I've got a lot of projects waiting for this!! 

  • 0 in reply to Mr.Roboto

    Hi,

    Unsubstantiated rumour says v18.5 which has been further, delayed until 2021.

    Ian

  • 0 in reply to rfcat_vk

    I'll believe it when I see it at this point.

  • 0 in reply to sachingurung

    It is a shame to see that a network product in 2020 does not support IPv6. we have the order book full of IPv6 migrations. We have to migrate these customers from Sophos to competing products, it's a shame that it depends on such a small thing.

    As an avowed Sophos partner, I am really disappointed and such a feature does not have to be selected, that would be like having to choose whether a car needs a license plate or doors.