Question
IPv6 CPE Enhancements - IPv6CP + DHCPv6-PD
These are mutually exclusive but both exceptionally important features, required for ISPs to dynamically allocate IPv6 addresses. Required in most situations to deploy the FortiGate as an IPv6 CPE with PPP. Supported by pfSense, Mikrotik, Cisco in IOS, as well as Juniper in ScreenOS and JunOS. Also supported by a large number of CPE vendor hardware (Apple, D-link, Linksys, Netgear, Draytek, Fritz, Huawei as examples I' ve seen in production and lost projects to personally). (Optional Step 1). Once the PPP session is established, the CPE uses IPv6CP to allocate an IP address to the interface. This gives the CPE a routable IPv6 address in much the same way as IPCP does for IPv4. I noticed 5.2 added support for DHCPv6 Client here, so Fortinet clearly understands the importance of this functionality. Most of the deployments I' ve seen in New Zealand aren' t actually doing this, relying on link-local addressing - but we' re just weird and it is used globally. Step 2 - DHCPv6 requests a subnet via DHCPv6-PD which the ISP or upstream router delegates (Typically a /48, /56, /60 or /64) which may be allocated to clients. These subnets are divided and the CPE allocates /64 networks to internal interfaces sequentially. One address from the final 64 bits is allocated to the interface with the remaining allocated to clients via either SLAAC or DHCPv6 Server. In CSCO' s implementation you can choose which networks are allocated where (First 48-64 bits remain as a wildcard, next 0-16 bits remain consistent. (Optional Step 3) - Downstream DHCPv6 enabled routers, including downstream FortiGates or VDOMs, may request a subnet from the CPE, allowing downstream routers to also access with IPv6 internet. Usually requires a /48 from your ISP, the first /56 being reserved for local networks and additional /56 networks being allocated sequentially as requested. Several features are required to make this solution complete: - IPv6CP in addition to DHCPv6 Client on PPP interfaces - DHCPv6 Client Prefix Delegation Request - Should be able to handle any ISP delegation, reducing functionality for smaller subnets. Comcast in the USA gives you either a /60 or /64 as an example. - New interface IPv6 Address Mode " Delegated" when this is enabled on the WAN. - $Prefix::1/64 setting for wildcard subnets on interfaces - Should allow multiple instances, each bound to a specific WAN interface to optionally allow for multiple upstream ISPs - $Prefix::/64 option on DHCPv6 server - $Prefix support on IPv6 Firewall Address Objects - $Prefix on FortiAnalyzer, FortiCloud and FortiView to merge internal hosts.