Am 12.04.20 um 19:25 schrieb Simon Kelley:
> I'd split your /56 into as many /64s as you need, and set up routing as
> required (either static or using some routing daemon). Run dnsmasq
> centrally, and use DHCpv6 relays to proxy DHCPv6 requests from the
> router on each /64 network back to the central dnsmasq instance.

Thanks!
I presume the DHCPv6 relay on the gateway nodes (Linux servers in my case) 
could also be dnsmasqs with "zero configuration" apart from the dhcp-relay 
option, and enable-ra to force the local subnet
to use DHCPv6, right? 

Cheers,
        Oliver

> 
> Simon.
> 
> 
> On 12/04/2020 18:20, Oliver Freyermuth wrote:
>> Am 12.04.20 um 19:01 schrieb Simon Kelley:
>>> The first question is, how static are your global addresses? Making a
>>> network which can survive renumbering is a lot more difficult than one
>>> with known and fixed addresses.
>>
>> Luckily, they are completely static :-). 
>>
>> Cheers,
>>      Oliver
>>
>>>
>>>
>>> Simon.
>>>
>>>
>>>
>>> On 12/04/2020 17:20, Oliver Freyermuth wrote:
>>>> Dear DNSmasqers,
>>>>
>>>> I have a setup in mind and wonder whether dnsmasq is the correct tool 
>>>> (since I have not found the necessary functionality in the documentation 
>>>> yet). 
>>>>
>>>> We have a /56 IPv6 network, and plan to use pure DHCPv6 (no stateless 
>>>> autoconfiguration) in several /64 networks. 
>>>> There are several subnets (currently NATed IPv4), such as — for example — 
>>>> a WireGuard VPN network, or a local isolated subnet. 
>>>> While with IPv4, the answer was the use of private addresses and NAT every 
>>>> time, potentially using a DHCP fowarder, for IPv6, the answer should be to 
>>>> use Global Unicast addresses everywhere (right?). 
>>>> How do I approach this correctly? 
>>>>
>>>> Three options come to mind to handle such subnets:
>>>> - Use ULAs and NAT (but that does not feel like IPv6...). 
>>>> - Delegate a prefix from the large network (where we'd use dnsmasq) to the 
>>>> "gateway" machine, which then would be a router. 
>>>>   However, I am not aware if dnsmasq can delegate prefixes? 
>>>> - Use ProxyNDP (via npdpd or Linux kernel functionality). But I'm not sure 
>>>> if that scales well to a larger number of machines? 
>>>> - Use static routes on the central machine which send the /64 subnet to 
>>>> the "gateways" and use dnsmasq on the gateways. 
>>>>   Am I missing something here, or should that "just work"?
>>>>
>>>> Is anybody aware of a best-practice guide here (please RTFM me)? Is 
>>>> dnsmasq the correct tool? 
>>>>
>>>> Cheers and thanks for any guidance,
>>>>    Oliver
>>>>
>>>> _______________________________________________
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss@lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to