[olug] IPv6

Shawn L. Djernes shawn at djernes.org
Thu Jul 4 07:27:26 UTC 2013

> Anyone have a handle on IPv6, is anyone using it?  I'm finding lots of information about IPv6 on the Internet, but not a lot about what to expect trying to actually use it.  So I thought I'd ask you.
I have been working with tunnels from Hurricane Electric for years and several of my coloed Virts have native IPv6. I would say I got a good handle on it. 

> 1)    I have found a page that says IPv6 IPs will predictably follow this format: bits 1-48 are assigned by my ISP, bits 49-64 are for me to set up distinct networks (subnets), and 65-128 are for device assignments on my networks.  Is that how it really works?
This is depending on the subnet you are given. Hurricane Electric default gives you a /64 but you can request a /48. Now for examples of what those look like. 

       2001:470:1f01:80::/64 is a 64-bit network 
       2001:470:b837::/48. Is a 48-bit network 

An IPv6 address is 128-bits long and is separated into 8 chunks of 4 hex characters by ":". A grouping that would have a leading 0 as in the "470" the 0 can be omitted. 

Example 2001:470:1f01:80::1/64

In the above example we used "::" shorthand. This says that all blocks are 0 until the last which is 1. This is typically used to set fixed short addresses for servers and routers. 

> 1a)    So any device that needs to get to the Internet will need an IPv6 address that starts with the 48 bits assigned by the ISP, right?

Yeah you need to start there but you need to add 16-bits to make it usable. Typically I will spell something or use part of my public IPv4 subnet. 

> 1b)    If the first 48 bits of all Internet-accessing device IPs are set by the ISP, it sounds like it will be a gigantic pain in the hinder when I change ISPs: changing ISPs will mean changing 128-bit IPs.
If you are big enough organization you may want to talk with ARIN about getting your own block. 

Lets skip the address ownership stuff for now and get to the automagical stuff

Once you have got your /64 space for a network segment figured out you setup radvd (router advertisement daemon) with all the important details. Depending on your total requirements you may need DHCP on IPv6. 

With this done any device on that network segment that can talk via broadcast will get a 128-bit address made up of the 64-prefix and it's MAC address. Some machines the have not had their settings fixed (Win 7, Win Vista, newer Ubuntu) will get these odd "privacy" addresses. 

> 2)    NAT ceases to be an issue for normal routing, right?  My computer's IP as seen by other people on my LAN will be the same as my computer's IP as seen from across the Internet.  I will still need to go through a router to actually get to the Internet, there just won't be any NAT happening.

See odd privacy address thing above. Otherwise yes. 

> 2a)    This means that I need to explicitly add rules to my firewall to provide the protections inherent under NAT: incoming traffic to my networks is allowed only if ESTABLISHED / RELATED or if I have a port open to that device.  Come to think of it I've already got those rules under IPv4 so maybe I won't need to do anything conceptually different.

Depending on your firewall. If you are using iptables you will need to setup and configure ip6tables. 

> 2b)    What does this do to networks with multiple gateways?  I've got a friend's network set up to use an alternate connection to a different ISP in case the primary one goes down.  This isn't a problem under IPv4 thanks to the magic of NAT, but without NAT, how could I pull that off?

iPv6 will be tied to the interface it is coming from so should not break anything. 

> 3)    At present, in IPv4, I get a dynamic IP from my ISP.  Under IPv6, will those first 48 bits be static?

Who's your ISP that is giving you a /48 and you have a single dynamic IPv4. 

I need to know more about how your getting IPv6 from what ISP before I can help with the rest. 

> 3a)    Any privacy concerns with that?  Connecting via a non-fixed address is "safer" if you're doing anything where anonymity is in your best interests.
> 4)    To set up dhcpd on my Linux box, I'm going to need to know the first 48 bits, and factor that into my dhcpd config files, right? (Either that or else write some sort of script that parses my router's IPv6 address to get those first 48 bits.)
> 5)    If I understand correctly, the first 16 bits of an IP address will specify the ISP.  That allows for only 65536 ISPs, minus whatever IP ranges are used for other purposes (your fec0's and the like).  Isn't that, uh, begging to run out?  There are thousands of ISPs in the United States already.  Or will only a few of those 65536 be given out to the US and those thousands of ISPs will share the first 16 bits?
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list