I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8. My question is, can we utilize IPv6 with our IPv4 address embedded in it? The reason I want to be able to easily utilize message authentication with IPSEC AH.
73, N1YRK
How do you mean by embedded it in? NAT64?
FWIW, tunnelbroker will give you up to a /48 of ipv6 on a gre tunnel if that helps you?
On Sat, Jul 28, 2018 at 5:40 PM Robert Keyes robertwkeyes@gmail.com wrote:
I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8. My question is, can we utilize IPv6 with our IPv4 address embedded in it? The reason I want to be able to easily utilize message authentication with IPSEC AH.
73, N1YRK
Don't forget to block your household devices from using IPV6 to talk to Netflix etc. You'll get the "wrong market" or "don't use a VPN" errors if you neglect this.
Message me offline and I'll send you the subnets to block.
I've found that IPv6 on my network gets issued to everything (woohoo - I want that) but then some things you cannot control such as your smart TV will use V6 by default. Watch out.
Mark G7LTT/NI2O
On Sat, Jul 28, 2018 at 1:46 PM, Alistair Mackenzie magicsata@gmail.com wrote:
How do you mean by embedded it in? NAT64?
FWIW, tunnelbroker will give you up to a /48 of ipv6 on a gre tunnel if that helps you?
On Sat, Jul 28, 2018 at 5:40 PM Robert Keyes robertwkeyes@gmail.com wrote:
I've read the FAQ, and see there is no equivalent IPv6 for our lovely
44/8.
My question is, can we utilize IPv6 with our IPv4 address embedded in it? The reason I want to be able to easily utilize message authentication with IPSEC AH.
73, N1YRK
Hi Mark,
Netflix, Facebook, Instagram and a number of other services all working correctly (local content etc.) over IPv6 here. Perhaps your provider IPv6 space is incorrectly IP geolocated against another country?
Talking to the very friendly Netflix engineers at a recent network operators seminar, they recommended end-to-end native IPv6 for performance.
Vy 73 de Darren G7LWT / AK4DB
On 28 July 2018 at 19:11, Mark Phillips g7ltt@g7ltt.com wrote:
Don't forget to block your household devices from using IPV6 to talk to Netflix etc. You'll get the "wrong market" or "don't use a VPN" errors if you neglect this.
Message me offline and I'll send you the subnets to block.
I've found that IPv6 on my network gets issued to everything (woohoo - I want that) but then some things you cannot control such as your smart TV will use V6 by default. Watch out.
Mark G7LTT/NI2O
On Sat, Jul 28, 2018 at 1:46 PM, Alistair Mackenzie magicsata@gmail.com wrote:
How do you mean by embedded it in? NAT64?
FWIW, tunnelbroker will give you up to a /48 of ipv6 on a gre tunnel if that helps you?
On Sat, Jul 28, 2018 at 5:40 PM Robert Keyes robertwkeyes@gmail.com wrote:
I've read the FAQ, and see there is no equivalent IPv6 for our lovely
44/8.
My question is, can we utilize IPv6 with our IPv4 address embedded in
it?
The reason I want to be able to easily utilize message authentication with IPSEC
AH.
73, N1YRK
I have my numbers via Tunnelbroker. Whodaheck knows how they are mapped?
When I was on Comcast it was all find and lovely. Comcast offers native IPv6 on thier network. As I'm moving house this weekend I'm seriously thinking that I might move back to them if only for the IPv6. Downside is that I have a 1gbs symetrical feed from Verizon.
Mark
On Sat, Jul 28, 2018 at 2:22 PM, Storer, Darren darren.storer@gmail.com wrote:
Hi Mark,
Netflix, Facebook, Instagram and a number of other services all working correctly (local content etc.) over IPv6 here. Perhaps your provider IPv6 space is incorrectly IP geolocated against another country?
Talking to the very friendly Netflix engineers at a recent network operators seminar, they recommended end-to-end native IPv6 for performance.
Vy 73 de Darren G7LWT / AK4DB
On 28 July 2018 at 19:11, Mark Phillips g7ltt@g7ltt.com wrote:
Don't forget to block your household devices from using IPV6 to talk to Netflix etc. You'll get the "wrong market" or "don't use a VPN" errors if you neglect this.
Message me offline and I'll send you the subnets to block.
I've found that IPv6 on my network gets issued to everything (woohoo - I want that) but then some things you cannot control such as your smart TV will use V6 by default. Watch out.
Mark G7LTT/NI2O
On Sat, Jul 28, 2018 at 1:46 PM, Alistair Mackenzie <magicsata@gmail.com
wrote:
How do you mean by embedded it in? NAT64?
FWIW, tunnelbroker will give you up to a /48 of ipv6 on a gre tunnel if that helps you?
On Sat, Jul 28, 2018 at 5:40 PM Robert Keyes robertwkeyes@gmail.com wrote:
I've read the FAQ, and see there is no equivalent IPv6 for our lovely
44/8.
My question is, can we utilize IPv6 with our IPv4 address embedded in
it?
The reason I want to be able to easily utilize message authentication with IPSEC
AH.
73, N1YRK
Yes there are two ways I can think of to do this, as long as you're allocated a /64 from your IPv6 provider it is simple to map as follows:
*Most basic (1:1 mapping IPv4 to IPv6)*
*Provider:* 2001:19f0:5c01:10f4::/64 *Mapping:* 44.50.1.1 -> 2001:19f0:5c01:10f4:44:50:1:1/128
That wastes quite a lot of IPv6 space, but it's easy to do.
*More advanced (Mapping IPv4 to IPv6 subnet)*
Another way is directly converting the hex of the IPv4 address:
*Provider:* 2001:19f0:5c01:10f4::/64 *Mapping:* 44.50.1.1 -> 2001:19f0:5c01:10f4:2C32:0101::/96
Definitions: 2C = 44 32 = 50 01 = 01 01 = 01
Doing this gives you a /96 per IPv4 address, so up to 4,294,967,296 IPv6 hosts per IPv4 address.
All of this requires native IPv6 connectivity, either through something like Tunnelbroker or from your hosting provider. I'm doing this mapping on my Vultr VM where I am BGP announcing my AMPR /24 to begin with. The ranges are not "portable" but I'm not sure I see the requirement to take an IPv6 range with me when I move from one ISP to another since everything in IPv6 space should be done with DNS and not hard coded IPs.
Hope that helps,
Shawn (KC0AKY)
Shawn Garringer (sgarringer@gmail.com)
On Sat, Jul 28, 2018 at 11:37 AM, Robert Keyes robertwkeyes@gmail.com wrote:
I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8. My question is, can we utilize IPv6 with our IPv4 address embedded in it? The reason I want to be able to easily utilize message authentication with IPSEC AH.
73, N1YRK
On Sat, Jul 28, 2018 at 11:37 AM, Robert Keyes robertwkeyes@gmail.com wrote:
I've read the FAQ, and see there is no equivalent IPv6 for our lovely 44/8. My question is, can we utilize IPv6 with our IPv4 address embedded in it? The reason I want to be able to easily utilize message authentication with IPSEC AH.
We're doing 4 to 6 mapping using 44-net IPs to route IPv6 through FlexNet just fine on EastNet. I drafted a white page on it and also have a list of hosts on https://uronode.n1uro.com (also dual stacked). You can find my whitepaper at: https://uronode.n1uro.com/linux/ipv6.html
I have a /48 subnet from HE.net and give each node that wants one a single IPv6 IP so it can also be dual stacked. Since they also opened up all ports for me, sharing my /48 this way allows for their mail systems to fully function as well. I use my RPi as a mini IPv6 amprgate in a sense to do the routing, and we've been doing IPv6 for just under a year now. While there's no official IPv6 amprnet so to speak of, Brian at least allows for AAAA records in the ampr.org DNS.
As for proof it works these 2 site examples have NO wired internet whatsoever and as you see it's fine: n1uro@asus:~$ traceroute6 k2put.ampr.org traceroute to k2put.ampr.org (2001:470:8a1e::20), 30 hops max, 80 byte packets 1 gw-ipv6.n1uro.com (2001:470:8a1e::1) 38.617 ms 51.747 ms 55.424 ms 2 k2put.ampr.org (2001:470:8a1e::20) 1727.098 ms 1835.171 ms 4692.584 ms n1uro@asus:~$ traceroute6 wb2snn.ampr.org traceroute to wb2snn.ampr.org (2001:470:8a1e::17), 30 hops max, 80 byte packets 1 gw-ipv6.n1uro.com (2001:470:8a1e::1) 39.018 ms 49.048 ms 55.707 ms 2 wb2snn.ampr.org (2001:470:8a1e::17) 1615.153 ms 1734.683 ms 1890.518 ms n1uro@asus:~$
Don't let the times fool you, it's actually quite fast in responding. n1uro@asus:~$ telnet -6 wb2snn.ampr.org node Trying 2001:470:8a1e::17... Connected to wb2snn.ampr.org. Escape character is '^]'. (wb2snn.ampr.org:uronode) login: n1uro *** Password required! If you don't have a password please email wb2snn@wb2snn.ampr.org for a password you wish to use. Password: [URONode v2.9] Welcome n1uro to the wb2snn.ampr.org packet shell. This is copy of URONode is located in Sayreville, Middlesex County, New Jersey [FN20tl]. This node is part of the EastNet Packet Network. Type "?" for commands or H <command> for more detailed help on a command. Visit our website at https://eastnetpacket.org All are welcome, Enjoy the Node... 73 de WB2SNN
n1uro@wb2snn.ampr.org:/uronode6:
We're not using IPSEC however. It's just straight mappings... but it works fine.
-
Alistair Mackenzie -
Brian -
Mark Phillips -
Robert Keyes -
Shawn Garringer -
Storer, Darren