2
Votes

Add support ULA + NPT IPv6 to use "IP Group"/"IP Address", "Access Control" and more

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
2
Votes

Add support ULA + NPT IPv6 to use "IP Group"/"IP Address", "Access Control" and more

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Add support ULA + NPT IPv6 to use "IP Group"/"IP Address", "Access Control" and more
Add support ULA + NPT IPv6 to use "IP Group"/"IP Address", "Access Control" and more
2023-04-27 03:52:53 - last edited 2023-04-27 03:54:13
Tags: ##IPv6 #ULA #NPT #v6LB #v6ACL
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.0 Build 20220106 Rel.56391

Hello, I would like to request to add support for more IPv6 features for TP-Link ER605 v2. It would be important to be able to control for "IP Group"/"IP Address", "Virtual Servers", "Load Balancing", "Static Route", "Policy Routing" and "Access Control" (Firewall ACLs) as it exists for IPv4 addresses.
 
Currently, my environment is set up with private IPv4 address and uplinks from two ISPs with NAT configured for local network. My ER605 is "Load Balancing + Failover" features enabled, when one of the uplinks is unavailable, the other WAN interface will continue routing traffic to the Internet automatically.

 

I don't have the budget for fancy links with SLA and BGP support. So I think my own RIPE-NCC IPv6 subnet will not work.

 

On the other hand, having two independent links is more than enough.

 

However, when I get an IPv6 prefix (prefixlen 64) from my ISP, I need to have one IP address facing the Internet (so I can forward packets to my ISP) and a second one facing my LAN. In IPv6, both must be routable.

 

What do I do when I only get a single /64 prefix from my two ISPs?

 

After researching I found the possibility to use Unique Local Addresses (ULA) known as the "Private Networks for IPv6". Network Prefix Translation (NPT) - RFC6296 - which might be called "NAT for IPv6".

 

So I need to assign an internal IPv6 ULA to my LAN, and then enable NPt on each WAN interface, providing my internal ULA and each provider's IPv6 prefix to NPt.

NPT has worked quite well for me on Linux + IPTABLES SNPT/DNPT environment. My intention was only to provide independence between my internal IPv6 addressing scheme and that of my ISP so that if I switch ISPs only the ISP prefixes need to change, not my entire network configuration.

#1
Options
2 Reply
Re:Add support ULA + NPT IPv6 to use "IP Group"/"IP Address", "Access Control" and more
2023-04-28 03:04:12

  @Danton 

 

Hi, as I know, controller v5.8 has supported some features for IPv6 as you said.

 

 

ER605 has released 2.1.2 which is fully adapted to controller v5.8.

Just striving to develop myself while helping others.
#2
Options
Re:Add support ULA + NPT IPv6 to use "IP Group"/"IP Address", "Access Control" and more
2023-04-28 04:14:34

 Thank you @Virgo for your reply, but  unfortunately I'm a MacOS user and the controller software that you suggested me is only available for Linux OS and MS Windows systems. Am I right?

 

https://www.tp-link.com/br/support/download/omada-software-controller/

 

Taking advantage of this post, why this feature could not be available directly in the ER605 firmware?

#3
Options