10-09-2018 08:44 AM - edited 03-08-2019 04:20 PM
Hello guys sorry to bother you, I'm new on this, and a have a question. I', completely new in routing-networking and IPv6
LACNIC assigned me a /64 IPv6 class to publish vía BGP, so I asked to my provider to enable BGP IPv6 capabilities to their routers so I can publish it. The problem is that now all the servers in our side of the network are receiving IPV6 addresses not from our range but from the providers range because of SLAAC. The thing is, Is a good practice for me to ask them to disable SLAAC to avoid auto configuration ? or should I block the RA on my FW ?
Thank you
Regards
10-09-2018 10:09 AM
Could you please elaborate on your topology. For you servers to receive router advertisement from your service provider, your local LAN would need to be bridged to the WAN interface.
Regards,
10-09-2018 11:27 AM
Thank you for your answer, exactly the topology is
[Internet Provider]----[Router Provider]----[OUR-SW-L2]----[OUR-LAN]
We don't have for the moment any router or central FW filtering the internet connection.
Regards.
10-09-2018 11:38 AM
I see you do not have your own router. Is your provider publishing the prefix you received from LACNIC via BGP? If so, they should configure this prefix on the LAN interface of the router they provided you, so your hosts receive this prefix via the router advertisement instead of the one the router currently advertise.
The other option is to have you own router and configure it to advertise your own prefix assigned by LACNIC.
Regards,
10-09-2018 12:38 PM
Hi,
With the current design, your network is open to any attack from the Internet as you don't have any protection.
Harold has a good suggestion in regards to purchasing your own router. I would go one step further and instead of a router purchase a firewall. This way, you can advertise your own prefix and also deploy policies on your network to protect yourself from unwanted guests. Just make sure the firewall has the capacity you need, support routing and also IPv6 capable.
HTH
10-09-2018 01:25 PM
The IPv6s that we are receiving are from our provider is not part of the range assigned to us.
I have a router BGP but is not installed yet because right now, we are receiving an /22 IPv4 from our provider (their IP range ). We need BGP because LACNIC assigned to us 2 pools of IPs (v4 and v6). That's another weird thing from my newbie perspective, our provider will publish our /22 in the same connection that they're giving us their /22, is that a good practice ?
Thank you guys for everything
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide