IPv6

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
It appears that Comcast (in my region) has now implemented IPV6 locally. With the recent increase in speed that Comcast is busy advertising, my cable modem changed from IPV4 only to IPV6 only. My router now seems to be getting both an IPV6 address and an IPV4 address from my cable modem. I've really resisted the change so far but I suppose I should learn more about IPV6 preferably before I am forced to do so by circumstances beyond my control.

I have lots and lots of questions before I outright switch my internal network to IPV6 only. What do I need to know at a practical level? Is there a good reference that I can read?

Are there any issues with Domain controllers and local DNS servers? Does NAT even exist, broadcast domains, WINS? Convenient ways to enter a specific IPV6 address for they seem to be to long and inconvenient to remember: There are certain addresses that invariably have to be manually typed in like DNS servers and I really don't want to have to memorize very long hex numbers.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
IPv4's address space is a fully compatible subset of IPv6. You don't REALLY have to change anything and it doesn't really matter what's happening internally on your LAN as long as NAT is happening properly anyway. IPv6 mostly means that there are different and different-looking sets of numbers for addresses, but DNS and DHCP are fundamentally the same service they always were.

This is what I point my students to.

I've noticed that my cable modem has been crashing a lot lately, but I've had an IPv6 address on my modem for quite a while. Maybe six or nine months?
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
I read briefly the wikipedia page about IPV6 and I don't get how it works. I don't understand the prefix notation and how it translates into actual addresses. The reserved prefix either. I'll have to digest its working somehow sometime in the future, but the 10 minutes I've spent so far on the subject doesn't enlight me at all.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,357
Location
Gold Coast Hinterland, Australia
Which aspects are troubling you?

IPv6 addressing works as per CIDR addressing with IPv4? And you have 3 addresses: your local address :):1), your LAN address and your WAN address. The first 32bits help you define what the address type is, and if a publicly routable address, gives you the route for the end node.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
I have no problem with the theory of IPv6 (It is really quite elegant) nor its need. So far, I only have a practical complaint: Manually needing to type in multiple really long hex addresses.

The only issue I have is typing given addresses accurately. The :: shortcut only works if there are significant number of zeros and I'm not getting that on the addresses being supplied. Currently, to make IPV6 work properly for every machine on the network in the active connection IPV6 properties I need to manually type the god-awful enormous hex address of the gateway, and the address of three DNS servers (one to the domain controller's DNS server and two external to the network) because the data is not being supplied by my router. It greatly annoys me.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,357
Location
Gold Coast Hinterland, Australia
I have no problem with the theory of IPv6 (It is really quite elegant) nor its need. So far, I only have a practical complaint: Manually needing to type in multiple really long hex addresses.

The only issue I have is typing given addresses accurately. The :: shortcut only works if there are significant number of zeros and I'm not getting that on the addresses being supplied. Currently, to make IPV6 work properly for every machine on the network in the active connection IPV6 properties I need to manually type the god-awful enormous hex address of the gateway, and the address of three DNS servers (one to the domain controller's DNS server and two external to the network) because the data is not being supplied by my router. It greatly annoys me.
Since you have Active Directory, any reason not to use DHCPv6 then, if your router isn't handling the autoconfiguration correctly? (Your WAN address will be derived from the MAC address, but the network prefix, DNS addresses and gateway should all be handled by DHCP).

http://technet.microsoft.com/hi-in/magazine/2007.03.cableguy(en-us).aspx
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
OK, I found out why not to use the Windows DHCP: It does not cross the broadcast boundary at the router to the Wireless clients.
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
No, that is probably why the Router's DHCP was used in the first place for it worked both in the wireless domain and the wired. Currently the Router is blocking all DHCP from the wired to the wireless (Both IP4 and IPV6).

P.S.

Wireless router is a Netgear N600 (WNDR 3700 v.1)
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
I didn't see the model number before. I have that router. Do you have wireless isolation turned on?
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
This is a consumer level wireless router not a CISCO beast with a programming language capable of such.

Perhaps it is time to upgrade the router ...
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
I didn't see the model number before. I have that router. Do you have wireless isolation turned on?

only on the guest network and that is there solely so I can connect my Kindle to the internet (has a mac address filter for that one device).
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
Correction the mac address filter is configured with all the Mac addresses that can connect to the router wirelessly.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
That sounds more like a poor firmware implementation than anything else. DHCP traffic should traverse a bridged network just fine and I doubt you're using a different subnets for wireless so that seems... misfeature-ish.
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
Ip6 is not an upgrade to ip4. They are separate and meant to live side by side. Ip6 stacks can only talk to other ip6 stacks, ip4 w/ip4. There are ways to get an ip4 only machine to talk to an ip6 only machine ( and vise versa), but it involves a proxy server (that supports both) providing translation. For the time being you'll see both (aka dual stack) on most devices.

ip6 has 3 common methods for addressing: neighbor discovery/icmp, dhcp6, and manually. Neighbor discovery provides an address and gateway, dhcp provides an ip, dns, and prefix delegation, and manual might be a pita. We use manual on our servers(we did manual with v4), but all workstations and mobile clients use dhcp+neighbor discovery to get the info they need.

Since ip6 works side by side with ip4, you can actually continue to use v4 for DNS;ip6 will be used to connect to ip6 hosts, v4 for v4.

Nat is intentionally missing in ip6. We may eventually see some solutions, but it is no longer necessary for address consolidation because ip6 provides more than enough addresses. It's expected that most devices will now have a routable ip6 address (even if they have a nat v4 address). Firewalling will be supplied on each host or on the network with traditional equip. One thing to note is that the only decent ip6 firewall I've seen for windows hosts is the Microsoft one that comes with your os. Rhel5 and below do not have a state full ip6 firewall. BSD has had a decent firewall for several years.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,729
Location
Horsens, Denmark
What is the argument for running ip6 in a non-routeable private network? Any reason I can't just support ip6 on my firewall and other connected devices forever?
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
There were initially some ranges reserved for non-routable v6 addresses (site local, fec0::) but that would inevitably lead to nat which breaks one of the basic tennants of ip (end to end routing), so site local v6 space was deprecated. If you want something private, just put it behind a firewall which enforces your desired network policies.

You can continue to use non routable ip4 addresses on devices, but its expected that your router will concurrently provide globally routable addresses to connected ip6 devices. Note, you can provide firewall functionality without resorting NAT. Isp's can delegate you a whole ip range via dhcp prefix delegation, your router will receive 1 wan address and a few million IP addresses to use on your internal network. We'll see how it pans out and what ISPs and soho router manufacturers can put together.

The only argument I've seen for nat/non routable addresses in v6 is that it allows one to move a site to another ISP without renumbering devices. This was also the intended use of nat in v4. This 1:1 nat in v6 will probably be eventually widely supported.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,729
Location
Horsens, Denmark
This is interesting, because I'm currently in the process of outgrowing the IP topology at work. Sites were only given a class C each, and that isn't enough thanks to BYOD and smartphones. Going to ip6 would make some sense, but if I get the addresses from my ISP, how does that work when I have multiple ISPs? Can I get my own allocation separate from them?
 

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
how does that work when I have multiple ISPs? Can I get my own allocation separate from them?

That's the whole point behind PI (provider independent) ip addresses. Arin, or another RIR, assigns you ip space. You can then use your ip space on any ISP you choose or even on several simultaneously. You can move your Internet connection to another ISP at any time without renumbering devices.

If you don't have your own ip space you start to get locked into one isp as you scale and the task of renumbering becomes prohibitive. Nat can make this much easier, but it breaks some protocols and is not suited to some business models (ISPs).
 
Top