IPv6 DHCP-PD Support

There hasn't been a lot of talk in the roadmap discussion about the implementation of IPv6 DHCP-PD support on the XG platform.  Can we expect to see that at some point in the near future?

  • So it’s been three and a half years since the original post - DHCP-PD still does not seem to be supported or am I missing something? Is it on the roadmap?

  • In reply to shred:

    Hi Shred,

    you have missed nothing and there does not appear to be any improvement in v18 which seems strange?

    Ian

  • In reply to rfcat_vk:

    Is there any new information on this when we can expect it?

  • In reply to rfcat_vk:

    No IPv6 improvements in v18 GA compared with v17.5.9.

    Sophos need to give IPv6 on the XG some love - it's been neglected for too long.

  • In reply to ChrisKnight:

    For comparison - ideas.sophos.com has DKIM signing one vote ahead of IPv6 DHCP-PD, and DKIM signing is in v18.

    Here's hoping IPv6 DHCP-PD is in v18.1.

  • In reply to ChrisKnight:

    Hi Chris, 

    there are improvements in V18 IPv6, while not what we were all hoping for they are steps forward.

    SSL/TLS works in IPv6, WEB exceptions now works. There are other bits I cannot remember of the top of my head.

    Ian

  • In reply to TronyTigno:

    Hi,

    IPv6 in home environment.

    1/. Enable Iv6 on your external interface.

    2/. You can while waiting for PD to be added use any IPv6 address range you like because the current XG (V18 GA)  requires a NAT, no option. I expect a LAN to LAN IPv6 rule will also require a NAT, I haven't tried yet.

    3/. examine the externalIPv6 address assigned to your external interface and from there you should be able to work out what /56 has been assigned to you. My Austraian ISP has a reasonably stable IPv6 assignment and I use the /64 from the /56 internally.

    4/. setup your firewall rules and do not forget the NAT otherwise no internet access.

    5/. the limitation at this stage is FQDN groups which I haven't tried in the V18 GA yet.


    ian

  • In reply to rfcat_vk:

    Hello rfcat_vk,

    what must the rules for NAT look like?

  • In reply to Christos Vassiliou:

    Hi Christos,

    are you using V178 or V18? If v17 then you click MASQ in your firewall rule, if using v18 then you need to create a linked NAT rule and change to MASQ and don't forget to see both rules.

    Ian

  • In reply to rfcat_vk:

    Hi Ian,

     

    Thanks for that info.

    My tolerance for bovine excrement is clearly lower than yours - I've generally given up in disgust at not getting it working at lower layers before getting to that point.

    No improved functionality at the PPPoE interface level, 6in4 still has the same problem I reported back on 16.5, and the NAT requirement (NAT is not a security boundary!) make me shake my head.

    When I have a spare weekend I'll re-architect my WAN side of the network, get a public /29 subnet from my ISP, lift the IPv6 config from my old Cisco 877 and put it on a spare 887 I have, then put the 887 in between my ISP and my XG Firewall, then see how the IPv6 experience goes.

  • In reply to ChrisKnight:

    Hi Chris,

    one of the extra items that I missed is you can now have an external IPv6 interface without IP4 but this using DHCP, not PPPoE.

    I have my IPv6 working after a major restructure of my network to improve the IPv6 security/control of access for clientless devices. I gave up on VLANs and IPv6 for the moment.

    Ian

    Update.

    My understanding is that Telstra uses RA to deploy the addresses, though not sure.