Title
Are both of them ula addresses? (both of them starting with 2). If they are not the same then the ISP is providing an internal unique address for isp internal configurations.
If so, are they having the same network? ( The first 48 bits) if not, then is probably a miss configuration but probably in their side. But with no practical effects. You could ignore it.
If yes again, then it is a miss configuration and it shouldn’t happen, but this time it could be in your side, check that the dhcpv6 daemon doesn’t try to give an ipv6 address To your Wan port
This is fairly normal to receive 2 ipv6 addresses, depending on your provider. In my case, I receive a /128 address (single global address), and a /48 address (delegated global prefix). In addition, there is the link local address that will be fe80:… Delegated prefixes allow your internal devices to be assigned a global address within that subnet and access ipv6 resources directly. Feel free to ask more.
One is probably link local the other is global, that’s pretty normal. https://en.wikipedia.org/wiki/IPv6_address#Address_Scopes
one my openwrt router WAN IPv6 shows 2 IPs. IPv4 does get linklocal though
If your ISP is doing to right IPv6 should be setup for SLAAC, in which case they would give you an entire /64. I don’t use OpenWRT, but I assume it’s showing you the IPv6 /64 from IPv6-PD used for SLAAC, and the /128 the router is using to communicate with the ISP If it’s SLAAC your client devices should be getting two IPv6 addresses as well. One is for privacy, that’s the one websites will see when you connect but can’t be hit, and the other is the one you would use to reach your computer from another device.
Edit: Refer to @[email protected]’s child comment for a better explanation with some corrections / clarifications.
Perhaps I can improve this a little.
SLAAC is for stateless assignment of an address without dhcp. It’s what android uses exclusively for example. Delegated prefixes (/64) can be assigned by SLAAC or DHCPv6, and openwrt works with either. OP’s provider may not even use SLAAC, or at least make it secondary since SLAAC and DHCPv6 don’t always play nicely.
In the case of privacy extensions, this is up to the clients. Some clients might even not use them. Global temporary addresses are an attempt to stop fingerprinting. They’re largely ineffective these days however. Importantly, that temporary global address is still globally accessible (remember, there is no NAT), although most OS’s will ignore incoming connections. Otherwise, correctly, clients should have a couple of ipv6 global addresses.
Thanks for clarifying! It’s been a while since I’ve worked with IPv6 directly, fortunately it “just works” in my current home environment and since I’m no longer doing colocation for my self hosted stuff it’s on the back burner.
Hope I didn’t step on toes. The gist of what you said is on the money.
I love that ipv6 is becoming more mainstream and well implemented. That said, some providers in my home country still don’t support or use ipv6.
No toes were harmed! Well, aside from that confidently incorrect user elsewhere on the post.
Are both subnets public?
one is 128 and other is 64
Ah - yeah the /128 is what the ISP used to route traffic to your router. I believe that’s IPv6 PD (prefix delegation) - the router uses DHCPv6, gets given that /128 it’ll use for the ISP, then the ISP delegates the /64 (or other sizes) to the router.
deleted by creator
Cgnat is for ipv4, has nothing to do with ipv6. Suggest reading up on ipv6.
deleted by creator
There is misunderstanding here, perhaps about what the OP asked. I’ve interpreted the question to be why there are two different ipv6 addresses. I suspect you’ve interpreted it to be why is there a ipv4 and ipv6 addresses. At least I hope so.
I gather that insulting internet randos is what you do for a living.
How can I tell if IPv6 is CGNATed ?
IPv6 should never be behind NAT which is a hack to extend the address space of Ipv4.
CGNAT is a nasty hack to work around the shortage of IPv4 addresses. It’s not used with IPv6.
It all is if you’re getting both. You’re sharing IPs with many different devices at the same time. That’s how it works.
Read up on it.
