cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1192
Views
10
Helpful
5
Replies

SLAAC from my Provider on to my network

gastonq05
Level 1
Level 1

Hello guys sorry to bother you, I'm new on this, and a have a question. I', completely new in routing-networking and IPv6

 

LACNIC assigned me a /64 IPv6 class to publish vía BGP, so I asked to my provider to enable BGP IPv6 capabilities to their routers so I can publish it. The problem is that now all the servers in our side of the network are receiving IPV6 addresses not from our range but from the providers range because of SLAAC. The thing is,  Is a good practice for me to ask them to disable SLAAC to avoid auto configuration ? or should I block the RA on my FW ?

 

Thank you

 

Regards

 

 

5 Replies 5

Harold Ritter
Level 12
Level 12

Could you please elaborate on your topology. For you servers to receive router advertisement from your service provider, your local LAN would need to be bridged to the WAN interface.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thank you for your answer, exactly the topology is

 

[Internet Provider]----[Router Provider]----[OUR-SW-L2]----[OUR-LAN]

 

We don't have for the moment any router or central FW filtering the internet connection.

 

Regards.

 

 

 

I see you do not have your own router. Is your provider publishing the prefix you received from LACNIC via BGP? If so, they should configure this prefix on the LAN interface of the router they provided you, so your hosts receive this prefix via the router advertisement instead of the one the router currently advertise.

 

The other option is to have you own router and configure it to advertise your own prefix assigned by LACNIC.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

With the current design, your network is open to any attack from the Internet as you don't have any protection.

Harold has a good suggestion in regards to purchasing your own router. I would go one step further and instead of a router purchase a firewall. This way, you can advertise your own prefix and also deploy policies on your network to protect yourself from unwanted guests.  Just make sure the firewall has the capacity you need, support routing and also IPv6 capable.

HTH

The IPv6s that we are receiving are from our provider is not part of the range assigned to us.

 

I have a router BGP but is not installed yet because right now, we are receiving an /22 IPv4 from our provider (their IP range ). We need BGP because LACNIC assigned to us 2 pools of IPs (v4 and v6).  That's another weird thing from my newbie perspective, our provider will publish our /22 in the same connection that they're giving us their /22, is that a good practice ?

 

Thank you guys for everything

 

 

Review Cisco Networking for a $25 gift card