dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1479

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

astroroxy

Premium Member

[ipv6] IPv6 Default gw and subnet

Hello,

My current network is as follows,

A few ipv4 subnets direct IP addresses to the internet cat6.-->
Layer 3 switch
The switch is also the default gateway for the network
Example from ISP (Fake IP)
CIDR 173.254.215.100/28
Subnet 255.255.255.240
Gateway 173.254.215.101
Primary IP 173.254.215.102
Last Usable IP 173.254.215.116

The primary IP is used as a interface on my l3 switch which then has a default route 173.254.215.101(ISP gateway)
On my hosts I set the default gateway as the IP of the l3 switch.
This way all the data stays on the switch and not bouncing to my ISPs router.

Now for IPv6 I am all confused.
I was assigned a /56
My ISP said I should assign each host a /64(I am wondering why)
I then attempted to assign the switch a /64 ending in 2607:fcd0:0100:1112::1 and use the gateway IP from my host
2607:fcd0:0100:1111::1
The switch complained that it is not a directly connected router.
I then put it on the same subnet as the gateway so 2607:fcd0:0100:1111::2

This works and I am able to add the gateway to the switch and access it from the internet.

I then attempted to add hosts:
Ubuntu Example config
iface eth0 inet6 static
pre-up /sbin/modprobe -q ipv6 ; /bin/true
address 2607:fcd0:0100:1113::1
netmask 64
gateway 2607:fcd0:100:1111::2(Switch IP)

This does not work, or after a few reboots it works and then stops,
for some reason it lost its route and ubuntu is no longer able to ping.

How would you do this?

Thanks

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

1 edit

1 recommendation

Napsterbater

MVM

Re: [ipv6] IPv6 Default gw and subnet

You have a odd setup.
said by astroroxy:

The primary IP is used as a interface on my l3 switch which then has a default route 173.254.215.101(ISP gateway)
On my hosts I set the default gateway as the IP of the l3 switch.
This way all the data stays on the switch and not bouncing to my ISPs router.

This makes no sense, do you have other subnets/connections being routed on that router? otherwise this is pointless as no traffic goes to the default gateway unless its not on the local subnet.

Just like IPv4 the gateway must be in the same subnet as the host and that subnet is limited to the same layer 2 broadcast domain.

Since you are using /64's your host can be 2607:fcd0:0100:1111:1::1/64 and your switch/default gateway can be 2607:fcd0:0100:1111:2::1/64.

Did they give you a "WAN" subnet or IP address?

For example:

On my "WAN" I have a /64 (2871:4070:7:afc::/64) in which only two address are used.

2871:4070:7:afc::1/64 is their router.
and
2871:4070:7:afc::2/64 is my "WAN" port on my router.

Now I have a second /64 (for a single "LAN" network if needed) and a /48 ( for many networks, 65,536 /64's) and they are routed to the 2871:4070:7:afc::2/64 address, then my router at that address can distribute and breakup the subnets however I want.

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

1 recommendation

astroroxy

Premium Member

Yea, sorry, forgot to mention I have a few different ipv4 subnets, and I use the switch as the gateway.
For each subnet I use the first available ip as the interface ip on the switch so the hosts on the subnet can use it as a gateway.

Do you have any idea why they recommend I break down the /56?
The heck with it, this is just my testing block so I will post the real IP info.

Here is the exact info my ISP gave me.

"Please find your newly assigned IPv6 details below for your cabinet. The
typical formation that we use after a client assignment is to break these up
into /64's per server. Since you have a cab with us and no servers listed, I
figured I would relay our best practices onto you. Please let us know should you
need anything further on this request.

IPv6 CIDR 2607:fcd0:100:5c00::/56
Network Bits 56
Minimum IP 2607:fcd0:100:5c00::
Gateway 2607:fcd0:100:5c00::1
Primary IP 2607:fcd0:100:5c00::2

Last Usable IP 2607:fcd0:100:5cff:ffff:ffff:ffff:fffe
Maximum IP 2607:fcd0:100:5cff:ffff:ffff:ffff:ffff

Number of Usable IPs 4722366482869645213695"

Basically I am not sure how to subnet properly and use my switch as the gateway( I get charged for bw).
They do the routing, I just receive the cat6.
With my ipv4 subnets, I just assigned the first ip to the switch and had the hosts use it as the gateway. This was fine because there was just 4 subnets, and many hosts, but only 4 gateways.

Now if I am supposed to assign a /64 to each host, that means I must define each one on my switch for every host, correct? I feel like I am missing something.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

1 recommendation

Napsterbater

MVM

Hummm... Im wonder if those gateway and primary IP are in a /64, its strange how they present the info, but that would be my guess.

If it was me, I would set your switch up with 2607:fcd0:100:5c00::2/64

And setup /64's on each of you other interfaces/networks.

Treat the 2607:fcd0:100:5c00::/64 (note not the /56) kinda like your IPv4 173.254.215.100/28 network, any host in that subnet could use 2607:fcd0:100:5c00::/64 address and use ::2 as a the gateway.

Make sense?

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

1 recommendation

astroroxy

Premium Member

Thank for the reply,

As you can tell I am not too familiar with ipv6.

I have the switch setup exactly as you described, that works no problem.

So are you saying not to use a /64 per host?
Right now I use a vps control panel(Personal use) I can give individual ipv6 addresses or a subnet.
For the gateway I can assign a default gw for all devices, or first/last ip of assigned ip address.

So to confirm if I assign a host a subnet like 2607:fcd0:0100:5c01::1/64
the gateway can not be 2607:fcd0:100:5c00::2/64

Thanks

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

1 recommendation

Napsterbater

MVM

said by astroroxy:

So are you saying not to use a /64 per host?

Sorta, nothing says you have to just depends on exactly what you are doing. But I dont get why you ISP said that like its how you have to set it up. If you want you could setup multiple subnets on the same layer 2 domain and "assign" that whole subnet to a host, but the switch will need 1 IP in each of those subnet so it can act as the gateway.

For me personally I treat an IPv6 /64 like a IPv4 /24, its not the only way to do things but I find it easier and allows SLAAC to work if you want it.

Your /56 gives you 256 /64's total. But also you could break those /64's down to smaller subnets as a /64 gives you 18,446,744,073,709,551,616 address in that subnet, and a single /64 can break down into many many many many different smaller subnets. this site »www.gestioip.net/cgi-bin ··· ator.cgi has helped me a lot with subnets, IPv4 and IPv6.
said by astroroxy:

So to confirm if I assign a host a subnet like 2607:fcd0:0100:5c01::1/64
the gateway can not be 2607:fcd0:100:5c00::2/64

Think of it like this way, you cant use 192.168.1.1(255.255.255.0) as the gateway for a host with 192.168.2.2(255.255.255.0) same idea.
quesix
join:2005-12-19
Cary, IL
ARRIS SB6141
Cisco 2851
Asus RT-AC66

1 recommendation

quesix to astroroxy

Member

to astroroxy
IPv6 does not use NAT but you still want firewalling...

:::0::1/64 WAN gateway
:::0::2/64 switch public side (no firewalling)
:::0::3/64 NAT IPv6 firewall (IPv4 NAT device)
:::1::/64 LAN1 (IPv4 192.168.1.0/24)
:::2::/64 LAN2 (IPv4 192.168.2.0/24)
etc...up to
:::ff::/64 LAN255 (IPv4 192.168.255.0/24)

so example device on 192.168.3.45 would use 192.168.3.1 gateway which is your switch vlan4 would also have :::3:MACA:ADDR:ESSS:LAAC/64 with gateway of :::3::1/128 or Link local address on same interface as 192.168.3.1 (IPv4 NAT router/device/firewall inside interface #3)

switch would then use one of the other ::/64s like :::ff::/64 to communicate with your firewall (IPv4 NAT router/firewall) and :::0::1/128 as gateway to ISP router would be on that device with :::0::3/64 address on public facing side (assuming :::0::2/64 is switch, and switch is routing the private subnets to a single port on IPv4 NAT router/firewall), you will need a ROUTE in ISP router to the ::/56 via :::0::3/128 address to use the additional ::/64s thru your firewall (current IPv4 NAT device) currently it may be routed to 2607:fcd0:100:5c00::2. so you could just swap Switch and IPv6 firewall WAN IPs.

to simplify this we would need more info about your IPv4 private side setup, and capabilities of that hardware/software...suffice to say above posters are correct that relaying IPv4 traffic off switch doesn't accomplish anything with setup as given and isn't really proper unless you use the switch behind your IPv4 NAT device and a separate IPv4 private block between switch and IPv4 NAT device where traffic is combined for internet traversal, which on IPv6 side is the 2nd+ subnets, since 1st is used on public side.

p.s the :::## prefixes are just short hand instead of typing 2607:fcd0:100:5c##
quesix

1 recommendation

quesix to astroroxy

Member

to astroroxy
on re-read... sounds like maybe you do not have private IPv4 addressing/NAT in which case ( i'm leaving last post as it may be helpful to other ppl doing that type setup):

public IPv4 blocks

.1/28 -> .2 switch -> .3+ Hosts
.1/27 -> .2 switch -> .3+ Hosts
.1/26 -> .2 switch -> .3+ Hosts
.1/29 -> .2 switch -> .3+ Hosts

all on same Vlan/CAT6 uplink with .1 address at remote end/no access

2607:fcd0:100:5c00::1/64 switch gateway 2607:fcd0:100:5c00::2/64 switch primary

2607:fcd0:100:5c01::1/64 switch secondary IP on same interface
2607:fcd0:100:5c02::1/64 switch secondary IP on same interface
2607:fcd0:100:5c03::1/64 switch secondary IP on same interface
2607:fcd0:100:5c04::1/64 switch secondary IP on same interface

hosts' IPv6 STATIC Addresses -> IPv6 gateway
(you will NOT be able to use SLAAC/auto assigned addresses in this setup)

2607:fcd0:100:5c01::3/64 -> 2607:fcd0:100:5c01::1
2607:fcd0:100:5c01::4/64 -> 2607:fcd0:100:5c01::1
2607:fcd0:100:5c02::3/64 -> 2607:fcd0:100:5c02::1
2607:fcd0:100:5c04::7/64 -> 2607:fcd0:100:5c04::1

traffic between the 4 ::/64s would route via switch not to port

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

1 edit

1 recommendation

Napsterbater to quesix

MVM

to quesix
Never mind, I think I see how they are doing it (ass backwards if you ask me), esp for people with a cabinet/router, so my above information won't work for the rest of the /64's.

But what you will have to do is each host will get its own /64. (again this is a stupid setup IMO)

Basically (basing this off your IPv4 range and guessing how its setup)

Really your switch could go without a IPv6 if you want unless you just want it to have one.

(Plus sign means that address and any/everyone above it in the subnet i.e upto :ffff:ffff:ffff:ffff)

IPv4 Host 173.254.215.102 gets Host IP 2607:fcd0:100:5c00::2+ GW IP (Subnet)::1
IPv4 Host 173.254.215.103 gets Host IP 2607:fcd0:100:5c00:1::2+ GW IP (Subnet)::1
IPv4 Host 173.254.215.104 gets Host IP 2607:fcd0:100:5c00:2::2+ GW IP (Subnet)::1
IPv4 Host 173.254.215.105 gets Host IP 2607:fcd0:100:5c00:3::2+ GW IP (Subnet)::1

Now with this setup you cannot use your switch as the gateway to route for the other subnets.

Another option that may work is giving the switch a ::2 for each subnet on its "WAN" interface. then give each host a ::3 in its own subnet and use ::2 as the gateway on the host, in theory this should work like you have for IPv4 and keep subnet to subnet traffic off of your WAN link/connection.
Napsterbater

1 recommendation

Napsterbater to quesix

MVM

to quesix
said by quesix:

on re-read... sounds like maybe you do not have private IPv4 addressing/NAT in which case ( i'm leaving last post as it may be helpful to other ppl doing that type setup):

public IPv4 blocks

.1/28 -> .2 switch -> .3+ Hosts
.1/27 -> .2 switch -> .3+ Hosts
.1/26 -> .2 switch -> .3+ Hosts
.1/29 -> .2 switch -> .3+ Hosts

all on same Vlan/CAT6 uplink with .1 address at remote end/no access

2607:fcd0:100:5c00::1/64 switch gateway 2607:fcd0:100:5c00::2/64 switch primary

2607:fcd0:100:5c01::1/64 switch secondary IP on same interface
2607:fcd0:100:5c02::1/64 switch secondary IP on same interface
2607:fcd0:100:5c03::1/64 switch secondary IP on same interface
2607:fcd0:100:5c04::1/64 switch secondary IP on same interface

hosts' IPv6 STATIC Addresses -> IPv6 gateway
(you will NOT be able to use SLAAC/auto assigned addresses in this setup)

2607:fcd0:100:5c01::3/64 -> 2607:fcd0:100:5c01::1
2607:fcd0:100:5c01::4/64 -> 2607:fcd0:100:5c01::1
2607:fcd0:100:5c02::3/64 -> 2607:fcd0:100:5c02::1
2607:fcd0:100:5c04::7/64 -> 2607:fcd0:100:5c04::1

traffic between the 4 ::/64s would route via switch not to port

This wouldn't work, as (if im reading that info from the ISP correctly) they have the ::1 addresses for all of the /64's on their equipment.
quesix
join:2005-12-19
Cary, IL
ARRIS SB6141
Cisco 2851
Asus RT-AC66

1 recommendation

quesix to astroroxy

Member

to astroroxy
I would hope they are routing 2607:fcd0:100:5c00::/56 to 2607:fcd0:100:5c00::2/128 which is listed as primary (i'm assuming ISP did that not poster)...they said "usually" they assign ::/64 per server...but that is fine too.. just swap ::1 GWs for ::2's on customer switch secondaries and for gateways.

you could even add 5th network with private IPv4 and public IPv6 say 2607:fcd0:100:5c10::1/64 (192.168.10.1/24), and if switch can do NAT translate to any of the 4 .2's, which WOULD support SLAAC for say a laptop/temp device.

using SLAAC on original vlan would get 2607:fcd0:100:5c00::/64 addresses which route via ISP which would count against his bandwidth if he trys to use additional ::/64s but not if only using that one, which we know works from test results. traffic on same ::/64 doesn't "route" but goes direct anyway and would NOT use bandwidth. using static setup above would be another layer to eliminate fear traffic will show up on ISP port. (which is case of traffic between 4 IPv4 blocks does if used .1 address as gateway)

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

1 recommendation

astroroxy

Premium Member

IPv6 is so much more confusing, or its so simple I am over thinking it.

Basically my goal is to assign my hosts IPv6 addresses and keep it from bouncing off my ISPs router.
With IPv4 I did it like this
192.168.1.0/24 .1 ISP GW .2 Switch .3-.254 Hosts with switch as default gw
192.168.2.0/24 .1 ISP GW .2 Switch .3-.254 Hosts with switch as default gw
192.168.3.0/24 .1 ISP GW .2 Switch .3-.254 Hosts with switch as default gw
This way all the traffic between subnets stayed on the switch without going through the ISP router.
There is no nat,dhcp. etc

I am attempting to do something similar with IPv6

I could get a router if needed, but it would add some latency which I am trying to keep to a bare minimum.
said by quesix:

on re-read... sounds like maybe you do not have private IPv4 addressing/NAT in which case ( i'm leaving last post as it may be helpful to other ppl doing that type setup):

public IPv4 blocks

.1/28 -> .2 switch -> .3+ Hosts
.1/27 -> .2 switch -> .3+ Hosts
.1/26 -> .2 switch -> .3+ Hosts
.1/29 -> .2 switch -> .3+ Hosts

all on same Vlan/CAT6 uplink with .1 address at remote end/no access

This is my current setup for the most part
said by quesix:

2607:fcd0:100:5c00::1/64 switch gateway 2607:fcd0:100:5c00::2/64 switch primary

2607:fcd0:100:5c01::1/64 switch secondary IP on same interface
2607:fcd0:100:5c02::1/64 switch secondary IP on same interface
2607:fcd0:100:5c03::1/64 switch secondary IP on same interface
2607:fcd0:100:5c04::1/64 switch secondary IP on same interface

hosts' IPv6 STATIC Addresses -> IPv6 gateway
(you will NOT be able to use SLAAC/auto assigned addresses in this setup)

2607:fcd0:100:5c01::3/64 -> 2607:fcd0:100:5c01::1
2607:fcd0:100:5c01::4/64 -> 2607:fcd0:100:5c01::1
2607:fcd0:100:5c02::3/64 -> 2607:fcd0:100:5c02::1
2607:fcd0:100:5c04::7/64 -> 2607:fcd0:100:5c04::1

traffic between the 4 ::/64s would route via switch not to port

With this I would have to add the ip to the switch for every host then right?
Is this the only way? Kinda a PITA.

Thanks
quesix
join:2005-12-19
Cary, IL
ARRIS SB6141
Cisco 2851
Asus RT-AC66

1 edit

1 recommendation

quesix to astroroxy

Member

to astroroxy
just one for each ::/64.. so 5 to mirror IPv4 config + gateway access. or yes one per server if you plan use to use ::/64 each. should be simple copy paste anyway..I could add 200 ::/64s in like 15 minutes with simple excel auto-fill trick (assuming you switch supports that many secondary ips).

p.s. given the use of single Vlan on current setup i'm assuming.. resulting in static IPv6 config requirement to prevent local traffic hitting ISP port between ::/64s....using separate ::/64s per server would be pointless...i'd would just mirror IPv4 config (and it keeps things simple).

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

1 recommendation

astroroxy

Premium Member

Thanks,

My switch uses a variant of ios, but unfortunately its all web based so no config file. I would have to add each one individually.

My ipv4 network has different subnets to support more devices.
Should I just put all my devices on a single /64?
Any idea why my ISP suggested that?

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO

1 recommendation

Napsterbater

MVM

said by astroroxy:

My ipv4 network has different subnets to support more devices.
Should I just put all my devices on a single /64?

Why not just make a single bigger IPv4 subnet? (Assuming your NATing already) /22 (I.e. 10.0.0.0 - 10.0.3.255) is 1022 host, surly that's enough.

And then yes you could make one /64

astroroxy
Premium Member
join:2013-07-26
Newport Beach, CA

1 recommendation

astroroxy

Premium Member

No NAT.
My ISP ran out of subnets bigger then /26 for a little bit, and I was too lazy to bother with ARIN
Thanks for the help, I wonder why my ISP made that suggestion.

Now just to get ubuntu to play nice and figure out the proper interface config.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA

1 recommendation

Napsterbater

MVM

Ah ok..

Yeah I think they need to rethink how they provide subnets bigger then a /64.
Almondo
Premium Member
join:2015-01-19
Titusville, FL

1 edit

Almondo to astroroxy

Premium Member

to astroroxy
sorry I wasted my time
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

1 edit

1 recommendation

cramer

Premium Member

I don't know where you learned about IPv6. The "best practice" is a /64 per LAN -- that's 2^64 hosts per LAN. This is the requirement for SLAAC (prefix length === 64); you are otherwise free to use any size LAN subnet that you wish. (ignore the BS espoused in RFC5375, circa 2008)

2607:fcd0:100:5c00::/56 is 256 /64's (5c00-5cff) Pick one for the LAN and go. One cannot assign 2607:fcd0:100:5c00::/56 to one interface (eth0) and 2607:fcd0:100:5c01::/64 to another (eth1) -- no sane router will allow that overlap. (IPv4 calls that proxy-arp)
Almondo
Premium Member
join:2015-01-19
Titusville, FL

1 edit

Almondo

Premium Member

.
quesix
join:2005-12-19
Cary, IL
ARRIS SB6141
Cisco 2851
Asus RT-AC66

1 recommendation

quesix to astroroxy

Member

to astroroxy
Isn't it just a simple ::/56 routed to second ::/128 in first ::/64 of the ::/56 BY THE PROVIDER?
Which to me is a perfectly logical way to route mutliple ::/64s

It's just static version of what DHCP-PD does, with static WAN address in same block (::/60, ::/56, or ::/48)
and allows first ::/64 to be used for simple SLAAC setup with one LAN/VLAN

It's perfectly valid, same as IPv4 /22 routed via /32 in /30 subnet which happens to be first /30 in the /22,
where the 3 /24s, 63 /30s, are available for use behind customer switch/router/firewall
Almondo
Premium Member
join:2015-01-19
Titusville, FL

1 recommendation

Almondo to cramer

Premium Member

to cramer
For small address space minded people "The "best practice" is a /64 per LAN". For people who have truly embraced the implications of IPv6 and done away with all the IPv4 address scarcity nonsense, it is not and a /64 is routinely allocated to a point-to-point link and/or any serious host. Thus far you have presented no basis to ignore RFC5375 and your BS assertion to do so based on the year it was published is a bit amateurish. Most RFCs are a lot older than that, do you ignore them too? People who ignore standards often break things and whine a lot about things being broken. In serious data centers you will find people who have a whole cage full of many racks of physical machines each of which are assigned a /64 per physical host. Depending on switch topology and the aggregate capacity of the interconnect, it may have some blocks broken to /60s or /56s but the most common minimal assignment is a /48. The nice thing about the whole paradigm shift is that if you can think clearly and escape the IPv4 mindset box, IPv6 is very nice and it makes managing a huge virtual infrastructure much easier due to the host level localization that is implied on the /64 boundary. While you certainly CAN use smaller blocks, doing so was not the intent of the visionaries. But hey, hand em out one at a time if you want to and use /126es for serial links while you are at it if you want to.

If I had astroxy's /56 and I had 4 machines, I would assign each one a /64 and to be a a nice address conserving guy I would start assigning from the lower end by the gateway.

The only thing on the gateway /64 would be the gateway itself.
Each host would occupy a /64
All 5 players in the game would have layer 2 reachability because they actually live within a /56 or if you want to play conservative a /60 net mask (which means you have to mess with things later as you go beyond 16 hosts. That is why I would use /56 for the mask from day one).

2607:fcd0:100:5c00::2/56 gateway (provider edge)
2607:fcd0:100:5c01::1/56 host 1 (and all VMs/vhosts it can eat)
2607:fcd0:100:5c02::1/56 host 2 ""
2607:fcd0:100:5c03::1/56 host 3 ""
2607:fcd0:100:5c04::1/56 host 4 ""

All 4 hosts would have a gateway of 2607:fcd0:100:5c00::2, the provider.

IPv6, think big now and skip all the headaches later.
Almondo

1 edit

1 recommendation

Almondo to astroroxy

Premium Member

to astroroxy
You are very close. Use /56 as the netmask and it will work as expected.
2607:fcd0:0100:1111::1/56 is the provider gateway
2607:fcd0:0100:1112::1/56 host 1
2607:fcd0:0100:1113::1/56 host 2
2607:fcd0:0100:1114::1/56 host 3
2607:fcd0:0100:1115::1/56 host 4

All hosts have 2607:fcd0:0100:1111::1 as the layer 3 gateway, and they can all see each other directly at layer 2.

Note the netmask and the reachability implications.

Then when you create your first 65000 virtual machines or virtual webhosts on host 1, just start using addresses at will 2607:fcd0:0100:1112::2 or 2607:fcd0:0100:1112:ffff:feed:dead:beef or whatever else in that host's /64 suites you. You now have over 18 quintillion IP addresses that logically belong to that one machine and you are using IPv6 exactly as it was intended. Don't feel bad or wasteful either. Let the abundance of IPv6 addresses soothe you and take away all of your old IPv4 addressing pain
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

1 recommendation

cramer to Almondo

Premium Member

to Almondo
said by Almondo:

For small address space minded people "The "best practice" is a /64 per LAN". For people who have truly embraced the implications of IPv6 and done away with all the IPv4 address scarcity nonsense...

Translation: idiots dooming those who come after them to the same dumbass mistakes that were made by their forefathers with IPv4. (in this case, this guys colo space will likely be recycled a few times before that bites anyone.) It depends on what his individual machines are doing... does he have 2^64 VMs, web sites, or whatever on each host? I seriously doubt he has even 2^8 service instances per host.

For all your "who cares how old the RFC is" crap, IPv6 is still a new and evolving technology, despite being over a decade old. And FYI, the currently accepted practice is to use ::/127's for point-to-point links. (for a number of reasons, address conservation not being one of them.) Things in the IPv6 world change; what was the new sliced bread yesterday could be tomorrow's turd.
Almondo
Premium Member
join:2015-01-19
Titusville, FL

2 recommendations

Almondo

Premium Member

Where is the RFC supporting any your positions?
Or do you just make up whatever you want?

Currently accepted by who? You? I call general bullshit failure and point at HE.NET as an really big example that leaves your leg soaking wet.

How exactly is it going to bite someone? At the rate most current providers and large networks are consuming their initial allocations it will be several decades if not a century or more before most need additional allocations.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

1 recommendation

cramer

Premium Member

said by Almondo:

Currently accepted by who?

A great many network operators around the globe. But by all means, keep your nose buried in RFCs and ignore the way the real world works. (The was what the IPng WG did when the originally designed IPv6 and that create something so great it's spawned thousands of RFCs redefining itself every few years.)

journeysquid
join:2014-08-01

1 recommendation

journeysquid

Member

said by cramer:

said by Almondo:

Currently accepted by who?

A great many network operators around the globe. But by all means, keep your nose buried in RFCs and ignore the way the real world works. (The was what the IPng WG did when the originally designed IPv6 and that create something so great it's spawned thousands of RFCs redefining itself every few years.)

Yet no discussion on NANOG on the matter. Maybe the North American folks are just out of the loop and everyone else is in?
cramer
Premium Member
join:2007-04-10
Raleigh, NC

1 recommendation

cramer

Premium Member

It's been discussed several times on NANOG. (I'm not going to bother searching for links. I have better things to do.)
Almondo
Premium Member
join:2015-01-19
Titusville, FL

1 recommendation

Almondo

Premium Member

So at the end of the day you still have nothing to support your position and you fail to answer the basic "how is it going to bite someone?" question.

How exactly has it redefined itself? As far as I know it has always been a 128 bit general address space overkill type of solution, which was the intent. When you look at how /32s are initial provider allocations occur it is obvious that it is well geared toward reduction of fragmentation while monumentally increasing addressable range.

You are great at bashing me, the standards bodies, the largest IPv6 network operator on the planet, and everyone else but I'm not seeing much in terms of enlightenment from you regarding the basis of your assertions.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

1 recommendation

cramer

Premium Member

said by Almondo:

How exactly has it redefined itself?

Follow the spider web of updates, additions, and obsoletes from RFC1883 et. al. to present. If you tried to use an original 1995 spec IPv6 stack on a modern IPv6 network, you'd already know they are very different. The same is not true of IPv4; very old stacks still function and can talk to most of the current internet. (we've been classless for a long time, those stacks make classful assumptions that make certain addresses unusable.)

The original design REQUIRED a full IPSec implementation in the stack. Just what the embedded community wants... the entirety of OpenSSL bolted into the kernel. Thankfully, that requirement has since been dropped. (IPSec is recommended, but not required.) Have you ever tried an ssh client on a Palm Treo? IPv6 on a device of that era... No. Just. No.

FOR EXAMPLE, the original design for SLAAC was with a ::/80 prefix; so your modern ::/64 lans will break those old stacks. DHCP was omitted (more like "forbidden", DHCP was highly disliked by the IPng committee), so without SLAAC, you're left with no address; so manual configuration it is. For. Everything. Oh, right, no DHCP so no domain name, no domain server addresses, no gateway, no network boot information, etc. (none of the hundreds of things DHCP makes possible -- most of us making use of very few.)

As far as I know it has always been a 128 bit general address space overkill type of solution, which was the intent.

Actually, during part of it's design, it was 64bit. It was doubled ("again") to 128bit to support bolting the MAC (48bit) on for SLAAC. (112 is not an even power of 2)

But yes, it's supposed to be a flat 128bit address. However, SLAAC (and other idiotic protocols) have incorrectly taught people to see it as 64+64. Apparently you and your kind are simply incapable of accepting that there is no host part and network part. Network/host only apply where there's a netmask. If I'm assigned a /60, you - out on the internet - don't know that; you don't know what I've done with that /60 -- I could have a single /64 LAN out of it, or a million /80's.

You are great at bashing me, the standards bodies, the largest IPv6 network operator on the planet, and everyone else but I'm not seeing much in terms of enlightenment from you regarding the basis of your assertions.

I beat on anyone and everyone that approach IPv6 with the absolute most horrible thinking imaginable. The address space is not "inexhaustible"; it can be mismanaged into the same mess that led us to IPv6 in the first place. (IPv4) "There's plenty of space for the maybe 1000 computers that will ever exist; here, have a /8." 2^32 was ginormous back then. Will 2^128 be as mindbogglingly huge in 30 years as it is today? (My money is getting piled on "hell no" as fast I get it.)

IPv6 is the most perfect example in the known universe of why design by committee is a horrible idea. IPng included a lot of people. All of them brought their own personal political agendas (and that of their employers) to the table. They didn't like DHCP, so it's out! They resurrected ICMP Router Discovery (1256, Sept. 91) -- that had been abandoned (not supported, explicitly turned off, etc.) as an insecure mess -- in such a manner that it cannot be removed: Router Advertisement (RA) (it was designed with bone cancer; how the f*** do we fix that? Replace all your switches with ones that implement "RA Guard".)

---

Oh, as for the ::/127... RFC 6164