Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

I use DNS where I can, for example the router's inward facing IPv6 is statically defined and so can easily be given a matching domain name. But the lack of control over IPv6 address assignments frustrarates this completely. Microsoft's approach linking domain names to LLMNR seems so much superior, it's a shame it isn't more widespread.

[aesmith]

But applicable only within one subnet?   In that context, although more labour intensive, could you manually create DNS records mapping names to link local addresses, while still using the temporary addresses for Internet traffic. 

[Weaver]

It rather depends on what you want to use domain names for. I would like to use domain names in firewall rules in certain cases as friendlier alternatives to literal addresses, but that's doubly impossible at the moment.

The point is, sometimes you care about one or all of the addresses an interface owns.

[Weaver]

You have a far, far friendlier setup when you have a Windows server box taking charge of stringing it all together into a clean sensible well-integrated whole.

[aesmith]

For firewall rules surely you need fixed global addresses?  Which means stateless DHCP, stateful DHCP with reservations,  or manual assignment (and disabling the temporary addresses behaviour on the hosts).   

Considering this further, if the reason for temporary addresses is to avoid disclosing the device's MAC address, then would that be equally answered by stateful DHCP?    If the point is to completely conceal your internal addressing scheme then I can't help thinking that NAT is better - firewall rules could reference fixed inside addresses, then dynamic NAT onto Internet routed outside addresses.  Is there any technical reason why you can't NAT IPv6?

[aesmith]

I seem to have a wee bit of a DHCP issue, which has set my tests back a little.  My router has a fairly simple set of options ... IPv6 DHCP server On or Off,  Stateless or Stateful (with range of i/f addresses), and RA On or Off.   Sounds OK, but it doesn't actually seem to work.   Set to Stateful my Windows PC has only a link local address, but has picked up default gateway and default route.   Change the server type to Stateless and Windows now adds a global address and a temporary address.   No ipv6 DNS servers are issued, in either case, in fact I can't see how these are set on the router in any case.

Testing with a (simulated) Cisco router as DHCP client I can see DHCP requests from the client, but no response.   On the other hand if I set the router to autoconfig, and manually add DNS then it works end to end as a v6 only client.

[burakkucat]

I get confused, very easily, with discussions related to IPv6 and so this is just a simple question asking for clarification . . . When you are experimenting, testing or configuring in an IPv6 environment, do you have everything IPv4 "turned off"?

[Weaver]

I have effectively 'turned everything IPv4 off' by accident, on occasion  when I have set a box's IPv4 address to something rfc 1918

[aesmith]

I get confused, very easily, with discussions related to IPv6 and so this is just a simple question asking for clarification . . . When you are experimenting, testing or configuring in an IPv6 environment, do you have everything IPv4 "turned off"?

For my tests with GNS3 I only set IPv6 addressing.  My desktop PC is dual stack, but I'm using A&A's gateway IPv6 name servers so it effectively uses ipv6 for anything Internet.   Router is dual stack.   I'm not really on a campaign to eliminate IPv4 from the home, for a start the phone doesn't support IPv6, it's more a learning exercise.

(Should say, DHCPv6 is now working on my (physical) router.  Set to Stateful it's dishing out proper global addresses with the correct prefix and my chosen range of Interface IDs.   Windows 7 now displays only the Global and Link Local address, no more Temporary addresses.

[burakkucat]

Thank you (both).

I've still got a lot of learning to do . . .

[Weaver]

It is possible to get rid of all IPv4, and if a user uses A & A's NAT64 servers she can still access the IPv4 Internet. However I still have some kit that doesn't speak IPv6, such as the Siemens N300 VoIP box, an Epson Printer and probably some other kit that I have failed to recall.

[aesmith]

I've done a little reading around on IPv6 addressing design, and I think I'm starting to conclude that the idea of dispensing with NAT is over simplistic.   The issue being the relationship between your addressing and your ISP(s).  Clearly it's quite straightforward for a small organisation with only one Internet connection, and who is prepared to re-number his network if he changes provider.   Add a second Internet connection and it's no longer straightforward, I suspect even if it's the same ISP. 

I'm not completely convinced that PI is the answer, I'm currently digging around to find the full story but it doesn't appear trivial to get an allocation out of RIPE.   Even if it was easy, if everyone uses PI addressing that's going to have a huge impact on the size of routing tables.

Or am I missing something?

[Weaver]

I agree with you, and I'm not sure enough thought has gone into addressing design and renumbering implications in IPv6. Idea: Better software in routers and firewalls might help, where addresses could be treated as relative to some base represented by some symbolic value.

[aesmith]

I think when it comes down to it, NAT in it's IPv6 form is going to be the answer.   

[renluop]

PI? Please aid the technically challenged among you!