> Le 28 avr. 2016 à 00:28, Chris Buechler <[email protected]> a écrit : > >> >> Sure, I'm not helped by the transit provider which does not actually route >> the /56 prefix to my link (savages!) but merely 'switch' it to me, expecting >> ARP/NDP from >> each of my connected devices, and me using one dedicated IP of the block as >> gateway. > > That's a mess, make them fix that. It's ugly at a minimum, and will > make many typical uses of IPv6 impossible. No competent ISP will > assign your /56 directly to their router in its entirety. > > >> Until I thought of the RA!! I have set RA on WAN to Router Only over my >> defined WAN IPv6 CARP > > You don't want RAs enabled on WAN. Your ISP's router is the one > sending RAs in that case (if anything is). You're advertising yourself > on that network as a router for other hosts, which is never what you > want on your WAN.
Thanks a lot Chris for your answer. The supplier is a provider of turn-key dedicated hardware + ESXi/vSphere infrastructure, all setup in their own private data centers. Takes the hardware provisioning and servicing out of our hands. We experiment with their offering as an alternative way of implementing our presence in data centers. In this context, where in the end we only have access to VMs that we define as we see fit, we decided to build two pfSense VMs, in HA setup, with vSphere rule for keeping them separated on distinct physical hosts. (For other needs than this one, we use hardware purchased from pfSense website by the way, nice boxes, thanks!!). True, their way to provide IP blocks (either IPv4 or IPv6) is a mess (assigned at their routers, and merely switched to us). We work with them to change that asap. I second your opinion on RA on WAN. Yet, I turn it off, I loose IPv6 connectivity, while turned on as described, I'm only left with the WAN IPv6 CARP not reachable, but trafic is fine toward inner equipment. That is completely unusual, bizarre, whatever, but until they properly route trafic to me, I'm happy with what I now currently have. :) The HA setup looks fine now, well-tuned and I could simulate the loss of one host and see the traffic persist nicely through the secondary pfSense. Very nice. Thanks again, -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
