IPv6 through 6rd for internet WAN

@Kenneth AndréKrøgenes - here's the link to the youtube video that I made that answers your question :) - www.youtube.com/watch

@DavidOkeyode Thank you for a very informative walkthorugh for 6RD.

I have calcuIated my ISPs IPv6 network to be 2a01:79c:d5a7:735c::/60 and I am working on getting my ISP's default IPv6 gateway address.

I do however notice you have cut out a very crucial part of your video. In your test environment you demonstrate setting up your ipv6 interface on the border router and simply comment that you set it up in the same way on the Customer Edge router.

My question is then: Have I understood you correcly that the delegated prefix for the internal network is supposed to be set up on the LAN-interface on the CE router? To complicate the matter even further, I have 4 VLANs on the CE router and because the Sophos XG forces you to configure IPv6 on the LAN-interface associated with the VLAN interface, I've added the original calculated prefix on LAN and then added some more for the VLAN I'd like for IPv6 traffic to flow. Does this make sense?

Looking forward to more advanced movies on the XG. If you'd like to make a short tutorial to setup IPv6 locally and on multiple VLANs I'd love to see them :)

Kenneth AndréKrøgenes No problems. Basically, your LAN network will come from the delegated prefix. This can then be broken down to form multiple subnets. I'll make a clearer video on this once I get the chance :)

After some further testing I've come to the conclution that the Sophos XG really does not support 6RD for WAN the way the ISP delivers it. The details in my first post is everything I need according to the ISP. The way you've demonstrated the tunneling option would work if this was the way the ISPs border router was set up, but this is not the case and I think it's mainly a matter of getting the developers of the XG to add this option in the IPv6 WAN-settings.

A quick google search on '6rd wan' and you'll see how other routers handle these connections.

The XG does support 6RD from my testing (and I have done a lot of testing). You might have misunderstood my explanation in the video. Again this comes back to the issue not being with the XG but with people's understanding of IPv6 and its operations. I'll advise going through the RFC here. I have gone through it. It is very informative and also to invest in a training on IPv6 (pluralsight has a good one) - tools.ietf.org/.../rfc5969

To help you with this though. You do indeed have the information that you need from your ISP. You don't need your ISP's default gateway. Their border router is your IPv6 default gateway.

BUT as your ISP's IPv6 prefix is /30, your calculation of your own delegated prefix and the BR's delegated prefix won't be as straightforward as converting the IPv4 to hex (remember that every IPv6 address characters = 4bit)

Therefore your ISP's prefix is interpreted as follows

[2a01]:79c[00XX]::

[2a01] = 16bits

79c[00] = 79c is 12 bits; then the next 2 bits.

The remaining XX bit in the 2nd 'hextet" is not part of your ISP's prefix. Does this make sense?

# So to calculate your ISP's delegated prefix

Your ISP's IPv4 BR address: 213.167.115.92
Your ISP's IPv6 Prefix: 2a01:79c::
Your ISP's IPv6 Prefix Length: 30

Because your ISP unfortunately has the 30 prefix rather than the 32 prefix, you'll have more work to do :)

1. Convert your ISP's IPv4 address to Binary (not hex this time. Again remember that there are 2 vacant bits in the 2nd hextet that you have to fill and computers deal in binary)

213.167.115.92

213 = 11010101
167 = 10100111
115 = 01110011
92 = 01011100

2. Fill in the binary values in the IPv6 prefix starting from the last two bits 

2a01:79c[0011]:[0101 0110 1001 1101]:[1100 1101 0111 00XX]:

Blue = ISP's IPv6 prefix

Red = ISP's IPv4 address in binary

Green - 2 bits left in the 4th hextet

3. Convert back to Hex in 4 bit blocks

2a01:79c[0011]:[0101 0110 1001 1101]:[1100 1101 0111 00XX]: /62

2a01:79c3:569d:cd7::/62

62 is the prefix as there are 2 bits let unfilled in the last 

4. So then your XG configuration

Network --> IP Tunnels --> Add

Tunnel Name: Whatever

Tunnel Type: 6RD

6RD Prefix: 2a01:79c::/30

Zone: WAN

Local Endpoint: Your External IPv4 address that connects to the ISP's BR

5. Then when you're prompted to "Add Static Unicast Route for IP Tunnel"

Destination IP = :: 

Prefix = 0

Gateway = 2a01:79c3:569d:cd7::/62 (Your ISP BR's delegated prefix that you calculated earlier)

Interface: Your 6RD tunnel name

6. Using the method above, calculate your internal IPv6 delegated prefix (instead of your ISP's public IP, it will be using your public IP)

Or you can use the route -A inet6 command in the backend to see it (the XG calculates it automatically)

That is what you will use for your internal network with some subnetting of course. For example, the last 2 vacant bits in the last subnet can be used by you for different subnets (this makes it a /64) or you can even extend the bits further to the right

The XG does support 6RD from my testing (and I have done a lot of testing). You might have misunderstood my explanation in the video. Again this comes back to the issue not being with the XG but with people's understanding of IPv6 and its operations. I'll advise going through the RFC here. I have gone through it. It is very informative and also to invest in a training on IPv6 (pluralsight has a good one) - tools.ietf.org/.../rfc5969

To help you with this though. You do indeed have the information that you need from your ISP. You don't need your ISP's default gateway. Their border router is your IPv6 default gateway.

BUT as your ISP's IPv6 prefix is /30, your calculation of your own delegated prefix and the BR's delegated prefix won't be as straightforward as converting the IPv4 to hex (remember that every IPv6 address characters = 4bit)

Therefore your ISP's prefix is interpreted as follows

[2a01]:79c[00XX]::

[2a01] = 16bits

79c[00] = 79c is 12 bits; then the next 2 bits.

The remaining XX bit in the 2nd 'hextet" is not part of your ISP's prefix. Does this make sense?

# So to calculate your ISP's delegated prefix

Your ISP's IPv4 BR address: 213.167.115.92
Your ISP's IPv6 Prefix: 2a01:79c::
Your ISP's IPv6 Prefix Length: 30

Because your ISP unfortunately has the 30 prefix rather than the 32 prefix, you'll have more work to do :)

1. Convert your ISP's IPv4 address to Binary (not hex this time. Again remember that there are 2 vacant bits in the 2nd hextet that you have to fill and computers deal in binary)

213.167.115.92

213 = 11010101
167 = 10100111
115 = 01110011
92 = 01011100

2. Fill in the binary values in the IPv6 prefix starting from the last two bits 

2a01:79c[0011]:[0101 0110 1001 1101]:[1100 1101 0111 00XX]:

Blue = ISP's IPv6 prefix

Red = ISP's IPv4 address in binary

Green - 2 bits left in the 4th hextet

3. Convert back to Hex in 4 bit blocks

2a01:79c[0011]:[0101 0110 1001 1101]:[1100 1101 0111 00XX]: /62

2a01:79c3:569d:cd7::/62

62 is the prefix as there are 2 bits let unfilled in the last 

4. So then your XG configuration

Network --> IP Tunnels --> Add

Tunnel Name: Whatever

Tunnel Type: 6RD

6RD Prefix: 2a01:79c::/30

Zone: WAN

Local Endpoint: Your External IPv4 address that connects to the ISP's BR

5. Then when you're prompted to "Add Static Unicast Route for IP Tunnel"

Destination IP = :: 

Prefix = 0

Gateway = 2a01:79c3:569d:cd7::/62 (Your ISP BR's delegated prefix that you calculated earlier)

Interface: Your 6RD tunnel name

6. Using the method above, calculate your internal IPv6 delegated prefix (instead of your ISP's public IP, it will be using your public IP)

Or you can use the route -A inet6 command in the backend to see it (the XG calculates it automatically)

That is what you will use for your internal network with some subnetting of course. For example, the last 2 vacant bits in the last subnet can be used by you for different subnets (this makes it a /64) or you can even extend the bits further to the right