Tata Sky Broadband: Static IPV6 - Unable to Configure

@panks21 that's right pfsense is doing the firewall/routing for the home network. These guys have only given the first 4 quartets and I need to cook up the other half, probably. Thing is I could assign a random network values into the last 4 quartets but it may clash with some other TSBB v6 user's config. That's the reason I want them to be specific and give me a complete unassigned IP.
 
That's not true.. It will never clash..
The last quartet is unique for you as this /64 is subnetted from a bigger /48 pool.
Lets say your /64 is 1234:5678:abcd:chip::/64
In this 'chip' quartet is unique for you and no other subscriber will get it...

The bigger /48 pool in this case is 1234:5678:abcd::/48
 
@panks21 thanks, hope the last quartet is unique. I am a noob to v6 and one of the reasons I got this IP and pfsense is to experiment and brush up my ancient networking fundas
 
@panks21 sure bro. I am furiously reading up on v6 fundas now. v4 and v6 operate on the same principles but this one is a bit different primarily because of the hexadecimal 128 bit long address which can cause confusion in a v6 noob. Also, pfSense is not all that straightforward in configuration so a 2 step process is required i.e. get familiar with v6 and then with v6 on pfSense. My Asus AC3200 router is pretty idiot proof that way.
 
panks21 said:
In this 'chip' quartet is unique for you and no other subscriber will get it...
Click to expand...
So, so I had a long chat with TSBB Tech Support. After a lot of going around in circles, he finally said the same thing you did. The 'chip' quartet is exclusive and they will be exclusive to my connection. Now I need to see how to create a v6 address and DHCP pool. In the Nokia ONT they use DHCPv6 on LAN with track interface set to the WAN connection. I'll give it a try but if I simply can't get it to work I'll just stick to v4.
 

That is how it happens.. And while advertising your prefix, the ISP summarizes it. Here is an example of IPv6 BGP route lookup on the internet. Even if I specify the whole address in the command, it returns with a summary route only which is /48
You can also check yours.. here --> Twelve99 Looking Glass
just make up one IP from your PD pool and replace the address in the URL

Code: 
Router: tky-b1 / Tokyo (Equinix TY2)
Command: show route protocol bgp 2401:4900:1f30:9ad:f554:f49c:e5ab:4e61 table inet6.0 detail

2401:4900:1f30::/48 (8 entries, 1 announced)

*BGP    Preference: 170/-151
        Source: 2.255.248.138
        Protocol next hop: ::ffff:2.255.253.13
        State: <Active Int Ext>
        Local AS:  1299 Peer AS:  1299
        Age: 2w0d 23:48:45     Metric2: 10035
        AS path: 9498 24560 I  (Originator)
        Originator ID: 2.255.253.13 (las-b22)
Communities:
1299:430
(RPKI state Valid)
1299:1000 1299:35000 1299:35400 9498:1 9498:24560 34111:9498 34911:9498 40505:9498

        Localpref: 150
        Router ID: 2.255.248.138
 
@panks21 after breaking my head on how to assign an ipv6 IP to the WAN I got to know the only way to do it was to get it via DHCP as I had done before and posted on this thread. It requests the value via the v4 connection just as in the Nokia ONT.

So switched to DHCPv6 on the WAN with a /64 PD value, then set LAN to track interface exactly how they do in the Nokia modem, set up DHCPv6 server separately on the router and hey presto I got an ipv6 IP on the LAN but with the same reserved "chip" quartet/subnet and the last 4 quartets being possibly generated via DUID. It doesnt pass any v6 tests as I think i may have to start adding and/or changing firewall and other rules on the router to accomodate this new addressing method.

Now v6 Address on LAN = 2402:e280:3e11:CHIP:: DUID, now all devices on LAN including have a v6 address with the chip subnet value which as you confirmed is now reserved for my connection. So it solves the mystery of how to configure "static" IPv6 on pfSense.
 
Last edited:
This is great.. I guess you need to add icmpv6 rules but I am not sure..
If possible, please add another VLAN to the pfsense on the LAN side and try IPv6 on the second VLAN.... If you succeed with that, please share, then I will clean up dust from the qotom machine I have.. and power it up..

BTW, TSBB's summarization towards internet is /40 which is great.. I checked your prefix just now

Code: 
Router: tky-b1 / Tokyo (Equinix TY2)
Command: show route protocol bgp 2402:e280:3e11:1234:1223:1222:1221:1220 table inet6.0 detail

2402:e280:3e00::/40 (8 entries, 1 announced)

*BGP    Preference: 170/-81
        Source: 2.255.248.138
        Protocol next hop: ::ffff:2.255.253.13
        State: <Active Int Ext>
        Local AS:  1299 Peer AS:  1299
        Age: 2w1d 19:35:23     Metric: 0     Metric2: 10035
        AS path: 6453 4755 134674 134674 134674 134674 134674 I  (Originator)
        Originator ID: 2.255.253.13 (las-b22)
Communities:
1299:431
(RPKI state Unknown)
1299:4000 1299:25000 1299:25400 6453:6000 6453:6100 6453:6101

        Localpref: 80
        Router ID: 2.255.248.138
 
@panks21 the only VLAN I have made is for the TSBB WAN connection i.e. the VLAN value (set to a value of 3003 which is not default. Default is 4051 on normal Nokia routers and 4052 for VOIP. I am just trying to mirror as closely as possible the WAN VLAN value. Good thing is with the track interface on the LAN DHCP6 and RA server is able to pick up the v6 subnet (chip) value and /64 automatically. I set the DHCPv6 range on LAN as :: 1000 to :: 2000 to mirror settings on the Nokia ONT router's DHCPv6 settings.

So I guess this is the only way the "Static" IP works on TSBB IPv6. The mistake most make is they treat this as a static IPv4 config where the value is given in full as are the subnet mask and gateway. Obviously v6 on TSBB doesn't quite work in that manner. One does not need to jump thru these hoops if one continues to use the Nokia in its default mode as a router not a dumb bridge modem/ONT. It is only when you configure your own wifi router that you need to configure these settings or it doesn't work. I have not tried this on my Asus AC router but then after the time I spent on getting my pfSense to work I want to let it chug along for a while to ascertain its suitability for me and my home network.

If you ever get back to pfSense (it's can be a fun but tedious job) let me know how it works for you. Will be happy to help whereever possible. Cheers!
 
I will not move to PFSense as I need more than one /64 on the LAN side because I am running 3 VLANs at my home...
unless Airtel gives me bigger than /64 pool.. It will not work for me..
the other ISP - ACT, has no plans to implement IPv6 as they have aged hardware running as Broadband Gateway...
 
@panks21 are you on v6 with Airtel? Coz I have not got it here in Pune, at least on my side of town just yet. This is a direct connection no LCO BTW.
Switching on v6 on Airtel WAN just stops the connection cold in its tracks. Even the v4 connection fails.
 
I paid for static IP. However when they rolled out IPv6, I tried to run PPPoE again to test it out. It worked on Juniper SRX and Edgerouter when I had a single VLAN on the LAN side. As soon as I added another VLAN it breaks because the router tries to subnet the /64 into /80 which none of the devices understand.

I removed PPPoE and configured static IP again till the time they increase the PD pool size which I am sure not happening soon. So in a nutshell, no IPv6 as of now

If you have older ONT, it will not work on Airtel unless you are in bridge mode and use your own router.
 
@panks21 I have the ubiquitous Nokia 2425 ONT for both TSBB and Airtel with both set to bridge mode.

The difference is Airtel keeps 1 v4 connection switched on for whatever reason maybe to monitor the router and push updates and the 2nd difference is with Airtel bridge mode works only on LAN port 4. Wish I could get true root access.

With TSBB, it works only on port 1 even if all ports are set to bridge mode. Also, VOIP is activated via WAN and VOIP application settings (this is not present in the Airtel router's config page). Both entries have to be entered correctly or it doesn't work.
 
@panks21 so I FINALLY got PfSense to work with v6 on TSBB as it should. The hitch was RA set to Assisted. I changed it to "Unmanaged" to enable the machines pick up a gateway from the ISP and it works! Now Windows connection properties shows v6 connectivity as "Internet" and I connect to ipv6 dot google.com. Typing in "what's my ip" into Google gives me my v6 address. Yee haah! 😀 Sorry I am unable to post a screenshot here.
 

Top