dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
44
share rss forum feed

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
reply to amwdrizz

Re: [IPv6] Comcast IPv6 Address Assignment/Delegation

so a question then. If I went IPV6 I can use a router then? and instead of the router assigning IPs instead Comcast does the DHCP even for LAN clients?

More I am curious how does this effect SAMBA shares and does it still keep the public internet from seeing them.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by Kearnstd:

so a question then. If I went IPV6 I can use a router then? and instead of the router assigning IPs instead Comcast does the DHCP even for LAN clients?

More I am curious how does this effect SAMBA shares and does it still keep the public internet from seeing them.

Maybe I can help clear this up.

Comcast will assign a /128 for their on-link network. Comcast will then assign you a routed block (/64 for now, could be /60 or /56 in the future). The routed block will be routed to your on-link network address.

For your personal network, you could implement the same firewall policy as NAT has (SPI firewall, blocking incoming traffic unless there is an associated state entry). I know D-Link support this a pre-set configuration option. I haven't had experience with other consumer routers as of late.

The different with v4 is you eliminate overloading (the broken part of NAT), as everything is assigned a global unique address.

amwdrizz

join:2013-01-16
Winchendon, MA

1 recommendation

reply to Kearnstd

said by Kearnstd:

so a question then. If I went IPV6 I can use a router then? and instead of the router assigning IPs instead Comcast does the DHCP even for LAN clients?

More I am curious how does this effect SAMBA shares and does it still keep the public internet from seeing them.

You will still use a 'router' on your end. Instead of handling NAT it will act as a router should. It will route the connections from your LAN devices to the /128 on the WAN side. You will still need (And this will be handled by most routers) DHCP & DHCPv6/Radvd for both IPv4 and IPv6 addressing. You will also still use a DNS forwarder (again handled by the router).

The key thing here, is that the router will not offer any perceived concept of security through NAT on IPv6 Connections. NAT was a kludge fix in the first place in my opinion. But you will be able to set a global firewall policy on the router for IPv6 that will in essence provide a base level of security for IPv6. It is not a replacement for end device security and firewalls.

And with IPv6 there will be no need for Port forwarding (when you have sufficient IPv6 addresses for each device) as the router will route all incoming connections to the correct end device.


PGHammer

join:2003-06-09
Accokeek, MD

2 recommendations

reply to whfsdude

Please - even a /56 is far more than a Metro Ethernet customer can swallow. The real issue is whether or not Comcast (or any ISP, for that matter) will be able to narrow down a small-enough block for anything short of a carrier-grade router to be able to manage comfortably. Tunnel brokers (not just the more typical ones, such as HE, but even Comcast itself) drop a /64 on any customer as a floor, which is a metric ton worth of overkill. I'd run out of bandwidth WELL before running out of IP addresses - even a Metro Ethernet (business) customer will be in the same pickle (bandwidth will go poof way before IP addresses will). Pretty much except for older routers and equipment that is still IPv6-hostile, the IP dragon is practically dead; it just is not aware yet.