Kitz Forum
Computers & Hardware => Networking => Topic started by: Weaver on November 28, 2021, 06:42:19 AM
-
Who does or who does not have IPv6 nowadays? Do you not understand it and would you like to ?
-
I've had it enabled for some time via my ISP IDNet. It passes all the normal IPv6 test sites, and connects with IPv6 whenever it can (e.g. the Google ads on this site). As far as I'm concerned it's 'fit and forget'.
-
Which is as it should be, exactly as it’s designed.
-
Had it with sky for ages and now with Zen. Works just fine.
-
Had (have) it with Andrews and Arnold, but since this is now only our backup to the main LTE connection I can't really use IPv6 in the home network any more.
-
I know I could use IPv6, since I'm with AAISP too, but ipv6-test.com says not supported. I presume that's either something to do with my ZyXEL VMG8924-B10A router settings or something in my PC's network settings - unfortunately I wouldn't know either way... :shrug2:
-
Have it, familiar-ish with it but not going to claim to fully understand it. :)
-
I had it with A&A, but don’t have it now since FTTP came along. Can’t say I miss it though.
-
One of the things that always strikes me when IPv6 is discussed superficially, is that people seem to assume you will use your ISP provided addressing throughout your internal network. So I'm not sure how that would even work in my case, with two different providers. Everything gets two addresses, one from each? If so then how does a host know which address to use since all its traffic is going to the same router, but may then be forwarded to either of the two Internet routers? I just never got that far when I was configuring and modelling IPv6 for my own interest.
-
One of the things that always strikes me when IPv6 is discussed superficially, is that people seem to assume you will use your ISP provided addressing throughout your internal network. So I'm not sure how that would even work in my case, with two different providers. Everything gets two addresses, one from each? If so then how does a host know which address to use since all its traffic is going to the same router, but may then be forwarded to either of the two Internet routers? I just never got that far when I was configuring and modelling IPv6 for my own interest.
One way is a form of NAT called NPt, where you choose which IP range you want to use then the router does a 1:1 NAT translation between them when necessary.
Its not got the drawbacks of IPv4 NAT because each client is still directly addressible due to the IP addresses being a 1:1 map.
-
I would be using just one router in that kind of situation but I haven’t worked out the details. I would really one PI space in that situation, no? I imagine it’s a pig to organise.
[Moderator edited to fix a typo.]
-
Thanks, sorry for a bit of thread drift. However I think this backs up my feeling that most discussions of IPv6 don't really cover more than very trivial deployments.
As a newby to IPv6 but not to networking it certainly seems to me that Prefix Replacement would be the way to go, not just to accommodate multiple Internet connections but also to avoid having to renumber internally if you change provider. I think when I mentioned that before I was sort of shot down on the basis that I didn't really understand IPv6, which of course is true but it would have been more helpful to also be told the "correct" way of looking at it.
-
Had it for a while, initially with sky and now on AAISP. It resolved a headache on my Xbox (it uses IPv6 for multiplayer), and I appreciate having it.
I will make sure any ISP I move to with FTTP has native IPv6.
-
This topic: https://forums.thinkbroadband.com/zen/f/4699601-3-xboxes-on-same-network-playing-cod-vanguard.html?vc=1
Particularly the first and last posts.
-
Thanks, sorry for a bit of thread drift. However I think this backs up my feeling that most discussions of IPv6 don't really cover more than very trivial deployments.
As a newby to IPv6 but not to networking it certainly seems to me that Prefix Replacement would be the way to go, not just to accommodate multiple Internet connections but also to avoid having to renumber internally if you change provider. I think when I mentioned that before I was sort of shot down on the basis that I didn't really understand IPv6, which of course is true but it would have been more helpful to also be told the "correct" way of looking at it.
That's because for basic usage you don't NEED to set the LAN range, it will be automatically handled over SLAAC.
That's a crapshoot if you like to know which clients is which and monitor what is going on for security reasons, but for your basic end user its a "just works" solution. Then again so is IPv4, people just use whatever DHCP range their router comes with by default and never thinks about it.
Its when you start running servers that things get annoying, as you need to be able to open up unsolicited incoming traffic to a specific client and that can be a whole lot more annoying on IPv6 as I mentioned before in how the Xbox gets a different IP every time its rebooted with seemingly NO way to fix it.
-
I think there should be an "ISP best practices" RFC which lays down the law, very politely, about not being an insane ISP with IPv6. No dynamic IP prefix assignments for example, no excuses. And which once again sets out recommendations for the size of prefixes. I think /48 for home users is a bit mad (that’s you Andrews and Arnold). In the example of AA, there should be a default of a /64 or a /56. How many domestic users will ever start using multiple sites or developing some equivalent need. All small businesses get a /48, that seems reasonable to me. I have said this before (https://forum.kitz.co.uk/index.php/topic,21724.msg375957.html#msg375957).
-
From what I read /48 is supposed to be the industry standard for how its done, because there's no reason NOT to use that many and it makes managing the system easier if everyone is doing it the same way regardless of business or residential.
Its something along the lines of the smaller the block, the more complicated the routing tables are and the harder it is to say "this IP belongs to this customer". A /48 block is just easier to manage and gives plenty of scope for how you decide to subnet it.
-
At least the Xbox works with IPv6 ;) me and that dude on tbb couldnt get it to work over IPV4. For me for some reason the teredo tunnel was failing, I expect related to the fragmentation bugs in PF.
I just thought of a way to solve your IPv6 problem? maybe I suggested it before and its already been shot down.
But give the Xbox its own VLAN and only allow one ip on the DHCP6 allocation on that VLAN. Would have to set the expiry very low as well to avoid a out of ip's situation.
-
@Alex RFC3177 was obsoleted by RFC6177 a long time ago. There were a large number of complaints about the wastefulness of giving out /48s routinely to home users.
-
But give the Xbox its own VLAN and only allow one ip on the DHCP6 allocation on that VLAN. Would have to set the expiry very low as well to avoid a out of ip's situation.
I had considered that, as a last resort.
@Alex RFC3177 was obsoleted by RFC6177 a long time ago. There were a large number of complaints about the wastefulness of giving out /48s routinely to home users.
How are they "wasted" if its impossible for us ever to use them all? Both Zen and AAISP seem to still follow it.
It also highlights another problem with IPv6, they still keep fiddling. If they're going to keep changing their mind then documentation gets further confusing.
-
It was thought on IPv4 launch it was impossible to use them all. Don't make the same mistakes twice. ;).
-
About wastefulness, it was reported speech and I should have put quotation marks around it.
I don’t agree at all about the impossible to run out thing. In practice we don’t have 2128 subnets, we only have either 232 or 235 if my calculations are correct. Assuming that the prefix given to an ISP is either a /32 or a /29 (although eg BT has something a lot shorter, iirc, but they’re unusual), that means we might only have 2p-32 (in the worst case) users per ISP where p is the per-site allocated prefix length, so only 64k users each given a /48 by an ISP who has a /32 for themselves. Basically we’re burning through our 2128 in gulps of 264 or even worse 2128-(64+(64-48)) which is a mind boggling level of "wastefulness". It was a very good idea in my view having /64 as the size of the subnet portion of the address. We could have had 32 bits per subnet but the use of 64 bits means that we can derive IPv6 addresses from MAC48 or MAC64 addresses and that is a killer argument in my view. It’s impossible to scan even 232 addresses never mind 264 and that was a very important consideration. But given that in a single bound we’ve used up 64 out of 128 bits then we just have to be a little bit careful with the remaining 64 bits. If we ever were to get into trouble we could eat into the ‘right hand’ 64 bits and get a mind boggling number of new, smaller subnets but the process of doing that would be very messy, those networks wouldn’t enjoy the privileges that current subnets do, and we would probably have found that the idea that a subnet is 64 bits had become absolutely hard coded meaning lots and lots of bugs that could not be fixed!
Your point about not fiddling with IPv6 is a good one. But IPv6 has been released very early because the need for it is so very desperate and time was needed to discover certain things based on operational experience, experience that had not been had yet, so it was inevitable that certain things would have come out wrong and would need to be changed. Changing them rather than ignoring problems is imho the right way.
My own view is that RFC 6177 is the right way to go and ISPs should give users a choice for prefix size and have a sane number categories of users such as home user, soho/power home user, small business, growing business, large business, and set sensible a default according to each category a customer falls into. Say /64 for home user, /56 for soho power home user, /56 for small business, /48 for growing business and /48 for large business. It might be worth allocating a second prefix, which is always a /48, when you allocate the initial one in the case of businesses. That way if the business starts to grow then they can either renumber and entirely move into the second prefix or can use the second prefix in addition to the first, although that would be messier for routing and possibly firewalling.
-
I mean I'm not against a smaller subnet in principle as obviously its WAY more than a home user needs. Its the changing goalposts and confusion with all the documentation making assumptions that bothers me.
The big problem with IPv6 is the sheer number of options for how things can be done and how they make it so difficult to get your head around how to transition.
There should never be a situation where a client can have a mind of its own about what IP address it uses, that just seems a security nightmare. The fact I may have to stick the Xbox in its own subnet just to make sure it only has an option of ONE IP address seems absolutely bat p00 crazy. As the network administrator I should have complete control over what a client is being assigned, period. I'd think you of all people would appreciate that as you're the most paranoid person on here about client isolation and monitoring.
The point is when I see traffic moving to/from a client that I'm not expecting, I want to investigate that. If I can't immediately tell for certain which client it is, that's not good.
-
Is there a technical reason why the smallest allocations we see are /64? For the ordinary home user maybe with smart devices, even if every single LED in a light strip had it's own IP I can't see anyone using a fraction if the IPs available to them!
-
https://etherealmind.com/allocating-64-wasteful-ipv6-not/
-
As the network administrator I should have complete control over what a client is being assigned, period. I'd think you of all people would appreciate that as you're the most paranoid person on here about client isolation and monitoring.
Couldn’t agree more. Unfortunately this has never been true, because in IPv4 when a system has DHCPv4 in use, a host can still just allocate itself any address it wants, by static allocation, which could fail catastrophically, or alternatively by just checking to see if a desired IPv4 address is in use and then grabbing it if it’s free. More than unlikely of course.
[Moderator edited to insert [quote author=][/quote] tags, so as to attribute the quoted text to its author.]
-
Is there a technical reason why the smallest allocations we see are /64? For the ordinary home user maybe with smart devices, even if every single LED in a light strip had it's own IP I can't see anyone using a fraction if the IPs available to them!
As I understand it, its to keep routing tables sizes down.
-
I think there should be an "ISP best practices" RFC which lays down the law, very politely, about not being an insane ISP with IPv6. No dynamic IP prefix assignments for example, no excuses. And which once again sets out recommendations for the size of prefixes. I think /48 for home users is a bit mad (that’s you Andrews and Arnold). In the example of AA, there should be a default of a /64 or a /56. How many domestic users will ever start using multiple sites or developing some equivalent need. All small businesses get a /48, that seems reasonable to me. I have said this before (https://forum.kitz.co.uk/index.php/topic,21724.msg375957.html#msg375957).
This is RIPE's view on this:
https://www.ripe.net/publications/docs/ripe-690
It does say that a /56 for residential is OK, but puts forward lots of arguments against it. It also states "There are enough IPv6 addresses to delegate end-users a /48" - and they should know!
They also strongly recommend persistent (static) prefixes, it's shameful that the big UK ISPs ignored that - presumably encouraged by their marketing deptartments to differentiate consumer and business services.
-
RIPE certainly know what they’re about, it’s just that it is not yet clear to ignorant fools such as myself. Take my own /48 which is 2001:8b0:xxx::/48 and for example the LAN-facing IP address of my Firebrick FB2900 is 2001:8b0:xxx:0::1 where 2001:8b0:xxx:0::/64 is my whole main LAN.
I just looked it up in RIPE’s website and AA’s allocation is a 2001:8b0::/32 so that only leaves them 216 /48s which is not very many customers. If AA just go and get a second /32, it would be rather nice if they can get one adjacent to their existing one so that prefix aggregation is possible, thus helping to prevent routing table bloat madness.
So does RIPE hold so many adjacent prefixes above 2001:8b0::/32, just in case AA come back later asking for additional allocations, oh and preferably adjacent to our existing one? Say for example RIPE sits on the range up to 2001:8b7::/29, something like that?
It’s a general problem that comes up in resource allocators, so I suppose.
-
As I understand it, its to keep routing tables sizes down.
Glad you said it as I thought that is what I had remembered reading too but I couldn't find confirmation so avoided saying so.
-
RIPE certainly know what they’re about, it’s just that it is not yet clear to ignorant fools such as myself. Take my own /48 which is 2001:8b0:xxx::/48 and for example the LAN-facing IP address of my Firebrick FB2900 is 2001:8b0:xxx:0::1 where 2001:8b0:xxx:0::/64 is my whole main LAN.
I just looked it up in RIPE’s website and AA’s allocation is a 2001:8b0::/32 so that only leaves them 216 /48s which is not very many customers. If AA just go and get a second /32, it would be rather nice if they can get one adjacent to their existing one so that prefix aggregation is possible, thus helping to prevent routing table bloat madness.
So does RIPE hold so many adjacent prefixes above 2001:8b0::/32, just in case AA come back later asking for additional allocations, oh and preferably adjacent to our existing one? Say for example RIPE sits on the range up to 2001:8b7::/29, something like that?
It’s a general problem that comes up in resource allocators, so I suppose.
Ok forget my reply I was given a /48 also. Seems extremely generous from aaisp, but I have it as 2 /64s on my router as they allow you to add 2 /64 prefixes. I got one on main LAN and one for guest LAN.
-
So where did we get to with the who-has-IPv6 count?
Also, a question: Does anyone know of a readable guide to DHCPv6 for utter thickos such as myself?
-
So where did we get to with the who-has-IPv6 count?
Also, a question: Does anyone know of a readable guide to DHCPv6 for utter thickos such as myself?
If only.
I've had it working on Zen for years now, though only started using it again recently when I setup the IPv6 VLAN.
I did discover another annoyance, seems the MIB I was using to monitor traffic on my switch must be at the IPv4 level as its not reporting IPv6 traffic in the totals. I noticed this as due to pfSense throwing a wobbly all IPv4 stopped working and my machine seemed to switch over to IPv6 for my NFS mounts. Though to be fair, its just my ignorance on what each MIB is meant to be for, I just picked what looked right because SNMP seems to be written in an alien language.
-
Hetzner I think are in a critical situation, they massively raised prices of ipv4 allocation a few months back and have now just announced ipv6 only servers. They really need broadband providers to roll it out, as do some other datacentres in europe I know off in europe.