Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
10
Helpful
5
Replies

SLAAC from my Provider on to my network

gastonq05
Level 1
Level 1

‎10-09-2018 08:44 AM - edited ‎03-08-2019 04:20 PM

Hello guys sorry to bother you, I'm new on this, and a have a question. I', completely new in routing-networking and IPv6

 

LACNIC assigned me a /64 IPv6 class to publish vía BGP, so I asked to my provider to enable BGP IPv6 capabilities to their routers so I can publish it. The problem is that now all the servers in our side of the network are receiving IPV6 addresses not from our range but from the providers range because of SLAAC. The thing is,  Is a good practice for me to ask them to disable SLAAC to avoid auto configuration ? or should I block the RA on my FW ?

 

Thank you

 

Regards

 

 

Labels:
0 Helpful
5 Replies 5

Harold Ritter
Cisco Employee
Cisco Employee

‎10-09-2018 10:09 AM

Could you please elaborate on your topology. For you servers to receive router advertisement from your service provider, your local LAN would need to be bridged to the WAN interface.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

gastonq05
Level 1
Level 1
In response to Harold Ritter

‎10-09-2018 11:27 AM

Thank you for your answer, exactly the topology is

 

[Internet Provider]----[Router Provider]----[OUR-SW-L2]----[OUR-LAN]

 

We don't have for the moment any router or central FW filtering the internet connection.

 

Regards.

 

 

 

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to gastonq05

‎10-09-2018 11:38 AM

I see you do not have your own router. Is your provider publishing the prefix you received from LACNIC via BGP? If so, they should configure this prefix on the LAN interface of the router they provided you, so your hosts receive this prefix via the router advertisement instead of the one the router currently advertise.

 

The other option is to have you own router and configure it to advertise your own prefix assigned by LACNIC.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Reza Sharifi
Hall of Fame
Hall of Fame

‎10-09-2018 12:38 PM

Hi,

With the current design, your network is open to any attack from the Internet as you don't have any protection.

Harold has a good suggestion in regards to purchasing your own router. I would go one step further and instead of a router purchase a firewall. This way, you can advertise your own prefix and also deploy policies on your network to protect yourself from unwanted guests.  Just make sure the firewall has the capacity you need, support routing and also IPv6 capable.

HTH

gastonq05
Level 1
Level 1
In response to Reza Sharifi

‎10-09-2018 01:25 PM

The IPv6s that we are receiving are from our provider is not part of the range assigned to us.

 

I have a router BGP but is not installed yet because right now, we are receiving an /22 IPv4 from our provider (their IP range ). We need BGP because LACNIC assigned to us 2 pools of IPs (v4 and v6).  That's another weird thing from my newbie perspective, our provider will publish our /22 in the same connection that they're giving us their /22, is that a good practice ?

 

Thank you guys for everything

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card