Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

I don’t get the argument made by our dear dinosaur friends () that IPv6 addresses are difficult to remember. Well, random ones certainly are, but no one ever tries to remember them, so it’s not important. For example, 2001:8b0::2020 isn’t hard to remember. That’s one of AA’s DNS servers. My Firebrick’s LAN-facing interface is at 2001:8b0:xyz::1 - see, no problem. And in any case, I have DNS names for absolutely everything wherever I can, but iOS for example has privacy concerns that have driven them to use random addresses on my LAN, and I can’t arrange for DNS to follow suit. One of the other LAN-local L2 name resolution protocols (I forget what Apple has used) would be some comfort but then the result isn’t globally visible. So I am embarrassed to have to say that I can currently only set up domain names for say my iPads’ IPv4 addresses. Oh dear!

What do other people do about IPv6 name resolution for non-server machines in practice?

[Ixel]

Private IPv6 addresses are easy to remember, public ones however aren't so easy.

My allocation for example is 2a0e:fd45:xxxx::/48 (where xxxx is just the masked out bit of nonsensical letters and numbers). IPv4 addresses are up to 12 numerical characters, excluding the dots, whereas the mentioned allocation is at least 12 hexadecimal characters (excluding the colons). I think it's already obvious why public IPv6 addresses might be harder to remember unless you're lucky enough to get something like 2a0e:fdfd:4345 or something easier to remember compared to a somewhat patternless allocation.

If I was to become an LIR member with RIPE however then I could request a /32, justification not required, and have more choice from the third segment (which I believe is considered an ISP level allocation, especially given how much a /32 can be split).

[Alex Atkin UK]

You have to remember Weaver, you're from a development background, you've trained your brain around remembering freaky hexadecimal values. :p

My memory has always been a weakness, I was in my 20s when I setup my first LAN so remembering 192.168.1 is second nature.  I rarely remember what my other clients are set as other than my gaming PC is 1 and my normal desktop is 2, server is 253 and router is 254.

There's also the complexity of which privacy scheme are you using on IPv6 and if you aren't, then your range depends on your ISP.

But most importantly, there's the fact IPv6 routing has inexplicably broken on my LAN right now and I have no clue why.  Spent a few hours yesterday trying to figure it out, I can ping from the server to the router, can ping the other way, but nothing will load.  A traceroute outright fails, pfSense is not sending the traffic onwards, something is borked.

[craigski]

One of the other LAN-local L2 name resolution protocols (I forget what Apple has used)

mDNS/Bonjour?

[XGS_Is_On]

What do other people do about IPv6 name resolution for non-server machines in practice?

Boring as it is I do nothing for them. If they aren't going to take inbound connections no point in name resolution. I don't actually track what servers use for IPv6 either as I use v4 for them for right now internally. Servers and other infrastructure do get nailed down addressing during setup. Servers have fixed MAC addresses so plenty of ways to handle it when the time comes. Clients using dynamic/randomised MAC addresses aren't going to be taking inbound connections so no need to worry about addressing them directly.

[Alex Atkin UK]

Boring as it is I do nothing for them. If they aren't going to take inbound connections no point in name resolution. I don't actually track what servers use for IPv6 either as I use v4 for them for right now internally. Servers and other infrastructure do get nailed down addressing during setup. Servers have fixed MAC addresses so plenty of ways to handle it when the time comes. Clients using dynamic/randomised MAC addresses aren't going to be taking inbound connections so no need to worry about addressing them directly.

Like I've said before, the exception to this rule seems to be Xbox which randomise their ID every reboot, highly frustrating.

For some bizarre reason they also expose manually entering an IPv4 address, but not IPv6.  In fact while trying to get IPv6 working again the Xbox was the worst client, it doesn't even show its getting an IP address though I know DHCPv6 IS working, its just actual traffic that isn't passing.

[XGS_Is_On]

Only have gaming PCs and PS5 so abstaining further from this.

[Alex Atkin UK]

So I removed and put back the IPv6 addess on the main LAN of pfSense and somehow its magically working again, even though that subnet is not actually used.

Weirder is clients on the V6 VLAN cannot ping the IP address of pfSense for that VLAN but can ping the main LAN IPv6 address.  I don't even have any rules on the main LAN allowing ICMP over V6 but do on the VLAN.

Oh well, its routing again at least.

[Chrysalis]

How do you enforce your VLAN tag? is it client side or switch side?

[Alex Atkin UK]

How do you enforce your VLAN tag? is it client side or switch side?

The Xbox is on that VLAN untagged via the switch config, my server and desktop (both Linux) has it tagged.  This way I just turn it on and off in the network manager when testing things.

The rest of the network isn't on that VLAN at all, except the WiFi which has a separate SSID for the dual-stack network, again in case I want to test it on different clients.

Frustrating the Xbox now says IPv6 is working but moans uPNP is not available and the NAT is strict - so what the heck is the point of IPv6 there if its using IPv4 for gaming traffic?  I thought the whole point was Microsoft was using Teredo for Xbox Live so it would work seamlessly when moving to IPv6.

[Ixel]

I wonder what the Xbox would do if there was no IPv4 support on the network?

[Alex Atkin UK]

I tried that before, it said no Internet connection.

So much for Microsoft being IPv6 pioneers.

[Weaver]

That Microsoft lecture at UKNOF that I linked to some while back showed just how much kit does IPv6 and yet still has some stupid dependency on something IPv4, and the devs never spotted this (er because they don’t do code reviews!!!) because they didn’t test in an IPv6-only environment. (I have an IPv6-only Raspberry Pi hosted by Mythic Beasts. Specifically meant for shaking such bugs out.)

@craigski - thank you mDNS it is; I see Microsoft is using it now too, instead of LLMNR. Yay, sanity!

@XGS_Is_on I too do nothing, but it’s because of the annoying random privacy addresses that Apple always use that I would like to use either link-local name resolution over mDNS, or better something like that linked to real DNS so it’s globally visible. I would really like to be able to just IPv6-ping some named box on my LAN to see if it’s alive, and currently I can do that with IPv4, and even do so from outside the LAN as I have a firewall hole (by src IPv4 addr) for my own iPad, so if I’m in hospital I can still reach in and see what’s up with the various boxes in the network.

I wonder if I can sweet-talk RevK into implementing mDNS support and mDNS-to-DNS conversion? This so that single-label domain names could be published in the DNS and resolved on the LAN by mDNS, and also FQDNs such as "<mdns-host>.lan.weaver.com" could be published likewise based on the defined DNS suffix "lan.weaver.com".

My point about the ease of memorising addresses is that IPv6 addresses that you do remember very often are not any longer than IPv4 ones. I have 10 hex characters in my /48 prefix.

The process of giving out /32s to ISPs and similar users somehow irrationally worries me, even though I know that we’re never going to have more than 2³² ISPs, we’re back to allocating out of 2³² again. Mind you, you could make some smaller ISPs keep all their customers in a /40 say and each end-user only gets a single /64, no more. I can’t understand the logic of giving out /48s to true ‘home’ users; /56 will be more than enough and a /60 should be fine for real ‘home’ users, with SOHO users perhaps being treated more generously, but even then, I’m not convinced.

[Alex Atkin UK]

My point about the ease of memorising addresses is that IPv6 addresses that you do remember very often are not any longer than IPv4 ones. I have 10 hex characters in my /48 prefix.

Fair enough, I suppose once you've memorised the address then its fine, as I just tack on the same digit at the end as IPv4.  That also ties in nicely to your next point.

I can’t understand the logic of giving out /48s to true ‘home’ users; /56 will be more than enough and a /60 should be fine for real ‘home’ users, with SOHO users perhaps being treated more generously, but even then, I’m not convinced.

The logic I presume is, treat home users and businesses the same, its easier to manage.  With such a vast number of addresses, if there is zero risk of running out, why not?

[Ixel]

The process of giving out /32s to ISPs and similar users somehow irrationally worries me, even though I know that we’re never going to have more than 2³² ISPs, we’re back to allocating out of 2³² again. Mind you, you could make some smaller ISPs keep all their customers in a /40 say and each end-user only gets a single /64, no more. I can’t understand the logic of giving out /48s to true ‘home’ users; /56 will be more than enough and a /60 should be fine for real ‘home’ users, with SOHO users perhaps being treated more generously, but even then, I’m not convinced.

Fun fact... at least with RIPE I've discovered that an LIR can actually request up to a /29 IPv6 without justification (not just a /32 like I thought). Just request it and they will allocate it apparently. Even if an LIR only requests a /32, which is also the minimum that RIPE will allocate an LIR, a /29 is apparently reserved for the LIR anyway. Presumably subsequent requests for a /32 would then be contiguous for example. It's even more than I thought an LIR could request without justification, from RIPE at least. Hopefully that won't make you worry more .

The minimum allocation size is a /32. However, you can request up to a /29 without providing any additional justification.

The only two requirements are that you be an LIR member of RIPE and you plan to make sub-allocations within two years (in other words, pretty much begin using it for something).