On 19/07/19 19:01, Phil Karn wrote:
On 7/19/19 01:04, Tony Langdon wrote:
IPv6 was discussed in detail a year or two ago in here. The consensus was that a 44net like block was unnecessary and may even cause issues. Instead it was proposed that hams use parts of their (in many cases) existing IPv6 allocation, and the subnets reserved for ham radio use go into database that can be used to generate firewall rules.
Yes, that's exactly my thinking too.
I think you were a part of those discussions, so that would stand to reason.
As hams are supposed to be leaders in technology, I would like to see IPv6 adopted as much as possible. Like the wider world, there's no reason we can't run dual stack alongside our 44.x IPv4 addresses.
Yup. What you said.
I think you'd have to use static addressing or DHCPv6 to assign addresses if you split a /64 but don't quote me on that. ;)
Probably. I'm a fan of stateless autoconfiguration mainly because It Just Works, but DHCPv6 isn't that hard either.
I like SLAAC for the same reason. :)
I haven't looked, but I don't see any fundamental reason why stateless autoconfiguration can't be used with smaller host fields (particularly one only 48 bits wide).
I could be wrong, but I thought the whole SLAAC standard was based around having a 64 bit subnet to play with.
Side question: do you know a good public VPN provider who supports IPv6? I'd like to recommend one to those who are stuck behind CGNs or can't otherwise use HE's tunnel broker.
No, I tend to be a self service kinda guy when it comes to VPNs. But for hobbyists (at least in Australia), it might be worth joining APANA and using the SA region's VPN service. When I got my VPN (for carrying extra IPv4 addresses), they did offer IPv6 as well, but I declined, because I already had native IPv6 feeds and multihoming isn't something I wanted to get into. I know they have native IPv6 available their end, and it should be a /56.
Could also see what we could do with ZeroTier. I've been using that to create private virtual LANs, but haven't tried bridging it to a real LAN yet (it can be done and is documented).
As do I, and same thing. It just works, it's only if I look up what address I'm connecting to that I can tell if I'm running IPv4 or IPv6.
Right. And having both IPv4 and IPv6 has saved my bacon more than once. E.g., if I do something remotely that accidentally breaks an IPv4 interface address, firewall rule or routing entry, I can often get back in with IPv6 and fix the problem. Or vice versa.
Yep, been there, done that! :D
The requirement that every interface support multiple IPv6 addresses can also come in very handy here. It's one of the reasons I still use my HE tunnels alongside native Spectrum IPv6 addresses.
Good point. I used to do that with a SiXXS tunnel that I had on my VPS, so I could rack up my brownie point. That tunnel stayed up until SiXXS closed down, even though the VPS got native IPv6 shortly afterwards.
From memory, I had to do a little policy routing to ensure that the
traffic went out the correct route for the packet's source address, so I didn't fall foul of any egress filtering that might be in use upstream.
Australia still lags behind at the ISP customer level, but there are ISPs (like mine!) who offer IPv6 and have it enabled by default. Pity they don't enable it by default on the routers they provide. Easily done fr us tech people though. If IPv6 is on ovver, I will enable it on both my equipment and those of others I help out.
I have long built all my own routers from scratch with Linux, so I don't closely track commercially available home routers. But I'm pleased to see that the newer ones among friends and family members do support IPv6 -- but only if it's enabled. Often the only real problem is getting the firewall rules set properly since by default many disable inbound sessions to provide the same sort of false security as IPv4 NAT...
Yes, that is standard with home routers. Mine disables IPv4 inbound by default, but I can either open ports or remove the filter entirely for specific IPs. Unfortunately, I don't think I can do a whole block, other than downstream /64s that are part of my /56. So far that hasn't been an issue for me. I have dropped the filter for a number of my hosts (all Linux). My Windows host just has any ports I want open. I could probably open that up too (it does have its own firewall), but I don't like exposing Windows unnecessarily. ;)