[olug] IPv6
Shawn L. Djernes
shawn at djernes.org
Fri Jul 5 18:28:34 UTC 2013
> Well, I don't actually have IPv6 at this point (as far as I know). This is about me learning about IPv6 in general, because I get the feeling I'm going to need to know sooner than later. The grand hope is that I'll form a reasonably good concept of where I need to end up, and then I'll figure out how to get there. You've been very helpful, thank you!
If you want to start working with IPv6 now you can get a 6in4 tunnel from Hurricane Electric's tunnelbroker.net. It's totally free and they give you a /64 which is big enough for most home/small businesses with network segment.
> So if I have a very basic DSL or cable modem connection, it sounds like I should expect a /64 IPv6 (if indeed they offer IPv6 at all). But then that will give me up to 2^64 devices that all have publicly accessible IP addresses, all static if I so choose. And that's just with ratty ol' bottom rung DSL or cable modem -- none of this 2^n-3 addresses jazz any more!
Depending on the ISP, some are using what is called 6RD which as I understand it is based on your IPv4 address to get the first /64. Charter and Comcast do this for residential customer.
> For me anyway, the biggest conceptual difference between IPv4 and IPv6 is the public/private divide. In IPv4 you have IPs in the private range (like 192.168.0.1) that can be routed to the WAN through a router performing NAT. In IPv6, ALL addresses are in the public range*, you still need a router to get to the WAN but it doesn't perform NAT, and the router also controls which devices on your LAN can be accessed from the WAN.
Yes you will have a router / firewall device. It's job is a bit different for IPv4 and IPv6.
For your IPv4 it does firewall, address translation, and probably DHCP.
For your IPv6 it does firewall(more important since all addresses are routable), router advertisement(radvd), and if needed in your setup DHCP6.
> *: Technically, IPv6 also offers ranges of addresses that are local-only, but they cannot be routed to the WAN. If you have an office printer that you want to be reachable by computers on your LAN but should never be accessible to the Internet, you can give it a local-only address. Right?
>
Yes IPv6 has what are called the Link Local addresses. FE80::/10. Technically your network devices can communicate with each other on these addresses. These addresses are shared with each machine via broadcast.
>
The problem with these addresses is you can't put them in DNS. DNS is how you remember what address things have on IPv6. Forward DNS in IPv6 looks a lot like IPv4.
hostname aaaa 2001:470:1f01:8::1
However PTR records are dramatically different animal.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.0.0.1.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa PTR hostname.domain.com.
Now the solution to not putting your printer online for all to use. Ether use the devices internal Ip restriction that only allow your subnet to connect or use your firewall to handle the problem correctly.
More information about the OLUG
mailing list