o1bigtenor via Dng <[email protected]> wrote: > Not only do I want to echo mr Joel but for mr Simon. > This gives great information - - - all together AND in a fashion that > I think I may even be understanding this.
Thanks, that makes it worthwhile having written it. As you might have guessed, I’m in the IPv6 is good camp. Frustratingly my ISP ran IPv6 trials several years ago but has since gone quiet - even though their parent company (a larger ISP) rolled out IPv6 by default several years ago ! > Please would you fashion perhaps 2 or three more messages for > intermediate and maybe even extend this into more of the > 'advanced' networking country. I’m not sure there’s all that much I can add. One of the problems of not using it often enough is that I’ve forgotten a lot of what I learned when I worked through the tunnelbroker certification - which BTW will (if it’s still part of the deal) will get you what must be one of the geekiest tee shirts ever created ! One thing I didn’t cover is addressing, and how they are represented. https://en.wikipedia.org/wiki/IPv6_address gives a fairly decent overview - apart from perpetuating the myth that EUI-64 addresses are still common - they were deprecated a while ago. Then I can perhaps outline what you need to do to set up your own router supporting IPv6. On the ISP end you need the appropriate interface and software. So this may be PPPoE, or direct Ethernet with one of a number of configuration protocols, or ... So the first thing to do is sort out whatever combination of bits will get you connected. One of the problems is that there are a number of different components, that can be used in different combinations - so you’ll need to find out exactly what your ISP uses/supports. This is all from memory, so can’t rule out errors :-( In my case, it was a case of using a DSL modem and running PPPoE over an ethernet link. With PPP, LCP (Link Control Protocol) will negotiate the session with the far end PPP service, then the PPP package will configure the protocols you tell it to - IPCP (IP Config Protocol) for IPv4, IPv6CP for IPv6. Checking my notes, I then had to run a DHCPv6 client to get an IPv6 delegation - in this case asking for a /56 prefix. I manually/statically configured all this with scripts for expedience (we got static IPv6 allocations) - it’s possible to automate steps using features in some of the software, which has generally advanced since I last did this. So now we should have a working IPv6 link to the ISP and an IPv6 prefix. The link may just have a link-local address (starting fe80:) or it may also have a GUA (Globally Unique Address) as well - depends on the ISP setup and your own setup. So my script then added a GUA address to the PPP interface, a route to the internet via that link, and a different GUA to the internal interface. At this point, you should have a system that can route packets between an internal device and the internet. You will want to configure an IPv6 firewall. I used Shorewall for this - it’s an amazing package. It’s still usable, but it’s time is now limited as it’s deeply entangled with iptables which is now deprecated and replaced with nftables. I imagine that at some point the iptables compatibility shim will go away and that will stop Shorewall. You now need to configure devices on that internal network. You can do it statically - but that’s a p.i.t.a. So configure and start an RA daemon. Again, as this was a trial and we had static allocations, I just put the prefix in the config file and had my script bring up radvd. This is perhaps one of the steps that would be harder to automate since you need to pick a /64 prefix out of your (hopefully) larger delegation. And you also have the ability to run multiple internal networks with different prefixes. Once you startup the RA daemon, you should see clients auto-configure and be able to use your new IPv6 service. > I am not needing ipv6 at present but likely this spring fiber optics > are happening (finally some decent speed options) and they are > in the process of moving to ipv6 likely within a year or so. I would > prefer to know at least some more before I 'need' it. Good news then - the more ISPs do IPv6 the better. The main thing to remember is that IPv4 vs IPv6 is orthogonal to the rest of the stack - the physical layer underneath (fibre, ethernet, xDSL, cable, dial-up, damp string, carrier pigeon, ...) and the session layers higher up (DNS, HTTP, SMTP, ...). Things are not completely disconnected as things need to support the differences - e.g. handling 128 bit long addresses, doing AAAA lookups as well as A, and so on. But (and not speaking as someone who’s had to deal with that), I think a lot of that is handled by the standard libraries. Simon _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
