Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3 4

Author Topic: IPv6 users  (Read 11534 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
IPv6 users
« on: January 09, 2016, 11:53:21 PM »

Would any IPv6 users say hello?
Logged

currytop

  • Reg Member
  • ***
  • Posts: 114
Re: IPv6 users
« Reply #1 on: January 10, 2016, 07:05:01 PM »

Hello!  ;D

Not sure I can help with your quest but do use IPv6. Like you my ISP is A&A and my residential router supports IPv6. However most devices here use IPv4 behind NAT.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #2 on: January 10, 2016, 09:44:05 PM »

We also have CrazyTeeka another A & A user, I believe.

Any tunnelled IPv6 users?
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #3 on: January 10, 2016, 09:47:33 PM »

Am I the only one who doesn't understand DHCPv6 snd how its usage gets selected during an RA?

I am after all pretty thick. I wonder if there is something out there that explains it at my drug-addled (NHS) brain's kind of level?
Logged

currytop

  • Reg Member
  • ***
  • Posts: 114
Re: IPv6 users
« Reply #4 on: January 10, 2016, 11:25:34 PM »

Now who's thick? I don't even know what a 'RA' is. Too many acronyms.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #5 on: January 10, 2016, 11:42:57 PM »

 P ??? ;D
You're making me feel better.

"Router Advertisement".
Logged

currytop

  • Reg Member
  • ***
  • Posts: 114
Re: IPv6 users
« Reply #6 on: January 10, 2016, 11:58:02 PM »

P ??? ;D
You're making me feel better.

"Router Advertisement".

Ah of course - I don't think it works quite like that. If a host is configured to get an IP lease via DHCP it issues a DHCP broadcast, usually restricted to a subnet. A DHCP relay is required to traverse across subnets. If received a DHCP server traverses it's configuration table and assembles a DHCP reply based on whether an existing lease can be honoured, a new unused address obtained from its table, or a fixed mapping entry is available. This is combined with the name of the local domain, the address of an available gateway, and the address of at least one nameserver. There are quite a few other facilities that have been added on to DHCP over the years that may or may not be used but that's the gist of it. There are a few fallback decisions that can be made depending on configuration. There's much more available than typically seen on a residential router with a built-in DHCP server.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #7 on: January 11, 2016, 12:17:55 AM »

What I meant was that, iirc, in a an RA, there are broadcast flags called M and O which tell clients whether or not to use DHCPv6 and be governed by DHCP's IPv6 address assignments, rather than using the standalone procedures for making up an IPv6 address themselves.

I was talking about how the use of DHCPv6 is selected or not, not about how DHCP itself works. Does that make sense? Are we on the same page, or have I misunderstood?
Logged

currytop

  • Reg Member
  • ***
  • Posts: 114
Re: IPv6 users
« Reply #8 on: January 11, 2016, 12:29:25 AM »

Yes now I understand. Much of what I wrote was probably biased more towards IPv4. In an IPv6 environment hosts can as you say make up their own addresses. I haven't looked at how IPv6 hosts can receive network information before allocation of an 'official' address. Presumably as part of a reserved broadcast domain.

In my own case IPv4 hosts use DHCP, but IPv6 hosts are statically allocated.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #9 on: January 11, 2016, 12:38:58 AM »

IPv6 boxes can of course just make up their own addresses without any outside assistance. Obviously if they want a global address they need the subnet prefix, so they need to hear an RA for that.

Otherwise they can use FE80::/10 local addresses to get them going communicating inside the LAN. And whatever address type they use, local or global, they can spin the low-order bits for themselves. A host can either choose random bits for its low-order 64 subnet bits, or it can derive a unique address based on its MAC address extended to be 64-bits wide by padding it out.

You probably knew all that already, apol.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #10 on: January 11, 2016, 12:47:44 AM »

The bit I haven't really understood yet is exactly how hosts are ordered to obey DHCPv6 or are allowed to go their own way. The random addresses I use can be a nightmare for logging and admin purposes. How do you assign rights to them by firewalling?

(My firewall, the Firebrick, can handle MAC addresses in rules, I think, but that isn't a very clean way of doing things as whenever you swap kit out your firewall rules break. Of course in reality this makes no difference to how your boxes go about simply evading your firewall rules by choosing the wrong IPv6 address. If you assign an IP address by a mapping from a MAC address then at least there's only one place to have to mention the MAC address and only one place to have to change things in a swapout, and a firewall rules based on the IP remain valid across a swapout.)
Logged

currytop

  • Reg Member
  • ***
  • Posts: 114
Re: IPv6 users
« Reply #11 on: January 11, 2016, 11:35:19 AM »

I don't think you can 'order' a host to obey DHCPv6 or not. Surely that is something you configure on the host at the same time you determine whether a host is going to use IPv4 or IPv6? I assume you only want to use firewall rules for administration convenience not security. It's very, very easy to spoof both MAC addresses or to change IP address to sidestep such a rule. Doubtless super smart managed switches may support some sort of authentication in order to access services, but I doubt a residential situation warrants the expense, power consumption or noise of such kit.
Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1098
Re: IPv6 users
« Reply #12 on: April 04, 2016, 01:08:06 PM »

The bit I haven't really understood yet is exactly how hosts are ordered to obey DHCPv6 or are allowed to go their own way. The random addresses I use can be a nightmare for logging and admin purposes. How do you assign rights to them by firewalling?

It appears that Windows and some other OSs may by default disregard the RA settings for address assignment, and instead assign themselves "temporary" addresses.  This is explained as a security measure, so you don't expose your devices MAC addresses (although that doesn't explain why in Windows it also pre-empts manual static configuration, and stateful DHCP assignment).   However this might be what you're up against if you're seeing random addresses on your hosts.

http://www.sevenforums.com/tutorials/304071-ipv6-temporary-address-enable-disable.html
https://technet.microsoft.com/en-us/library/cc740203(v=ws.10).aspx

I need to do more because my test rig is over simplistic consisting of just the router and it's inbuilt DHCP capability, so doesn't represent a more typical example where the DHCP server would probably not be the default router, and quite likely not a router at all.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 10294
  • Retd s/w dev; A&A; 3x7km lines; Firebrick; IPv6
Re: IPv6 users
« Reply #13 on: April 04, 2016, 10:14:27 PM »

My favourite IPv6 bible is a Microsoft tome, so this may well have strongly influenced my world-view
Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1098
Re: IPv6 users
« Reply #14 on: April 06, 2016, 09:30:03 AM »

Looking a bit more I can see the rationale for those temporary addresses, but clearly it would mess up firewall rules as you say.   As a slight side issue do you use DNS internally?    I was just thinking about how often we access stuff by IP address, and typing full v6 addresses is a pain in the backside, let alone remembering them.   It seems to me that in a full v6 environment DNS would be mandatory for everything (but then the temporary addresses stop you using DNS if I understand correctly).
Logged
Pages: [1] 2 3 4
 

anything