Ok, June 8 we have IPv6 day coming… this will be a test day world wide.
But we need to prepare for the use of it anyway in the near future.
So far I am a complete know-no regarding this issue and I’ll bet I am not the only one!
I think we need to build a checklist / tuturial / Wiki on what to do to make our MT-ROS networks ready for the IPv6 future ahead.
Searching on “IPv6” in MT domain gives me loads of forum posts already but it seems most are related to guys already playing with it and having specific questions related. But I need basic, general advice on implementation. Just a start up guide. I am sure more specific questions will arise thereafter!
First some initial questions:
Does IPv6 package work on all routerboards?
Does it need any further package to come along?
After uploading and installation, what is next step?
Do I loose IPv4 compatibility after install of IPv6?
Where do I change settings in ROS? Only in “IP” menu and submenu items or also on other chapters?
Is it enough to only change my border gateway, and leave LAN IPv4?
If my LAN needs to be migrated, what does that mean for routers owned by my clients? What does it mean for their PC’s (and Mac’s, smartphone’s, I-pad’s etc)
In other words: How many lions and bears on the road to IPv6???
Well clearly you don’t have much experience with IPv6, For a start you shouldn’t use smaller than a /64 even for PtP links for sanity and computability.
DHCP is needed for A) stateful lists of computers on network, B) PD to give end users their v6 address for their lan - You can API it if the CPE is ROS but every other router is using DHCPv6-PD
I really don’t know about /64s everywhere. It does lead to some problems, and is incredibly wasteful. http://blog.ioshints.info/2011/05/ipv6-neighbor-discovery-exhaustion.html
Quick link to one reason /64s can end up being a very bad thing until TOR switch vendors catch up with features we’ve had for IPv4 forever. I’m not aware of any TOR that can do ND PPS rate limiting like they can do for ARP. Even then ND records tend to have long lifetimes, and the address space is just vast.
But this is probably getting off topic for the thread, it’s just all very interesting stuff and now is a great time to jump into IPv6. Rudy, just like this forum is a bad place to ask “hey, what is this wireless thing I keep hearing about” there are much better places to learn about IPv6 fundamentals. There are lots of primers around, just Google for them. HE (Hurricane Electric) also has a neat program to get you going with a tunnel to get your own IPv6 space into your network and start playing around - not to be used for customers, but great for labs to start out with.
Anything smaller than a /64 runs into more problems than it creates, If an attacker has access to layer 2 core then you have problems, at the access level you should be running it over PPP anyway which means the ND attack is for lan’s. Almost all large players are doing /64 for PtP links and infact the RFC’s recommend it.
As just one example there is a heck of a lot of metro-e going around for bigger links, you can’t run all access layers via PPP.
There’s also shared hosting environments, for example. Or even dedicated, rented services where someone hosts more than one server for you on a shared network between the servers. That someone now has to worry about their switching infrastructure if they also give you IPv6 connectivity.
And so on. Point being that the RFC saying no link should be smaller than a /64 might not be ideal for all use cases. At least until the vendors catch up and IPv6 features are comparable to what we have with IPv4 (nudge, nudge, Mikrotik).
There are some specific cases where shorter than /64 is needed but they are rare and the risks of going shorter are such that until someone has working and detailed experience of v6 they shouldn’t even be aware of it, It break’s alot and is also more of an issue when working with /127 links due to address lengths which forces use of DNS etc.
??? then what, how does dummy proceed to get IPv6 on the road?
?
etc.
This might look like silly stupid question but I’ll bet many of us have no idea on how to implement IPv6.
I am hoping a basic tutorial can be setup to print in a Wiki Manual
I looked at the tiktube video of Becarra that normis pointed at, but the sound is so weak I can’t hear what is being said, with all volume controls of this PC open! So its not a lot of use…
If you have MT as the CPE then you have it a bit easier than those that dont. It’s a little hard to point you in the right direction without knowing your network setup a bit better, if you just wanna play with it on your home connection then grab a tunnel from www.tunnelbroker.net and follow the guide in the wiki to use 6to4 to tunnel it, play around with setting it up on your lan and move on from there
Also do you have your own IP allocation from an RIR? If so it’s easy to get your own v6 allocation
With IPv6 your best to start at the edge where you hook upto your upstream provider and work back, do you have a bgp interconnect with them? Is it just static routes etc etc??
Well, I’m just have a static routed network I’m afraid. No time and manpower to go into more sophisticated routing etc. yet.
Anyway, I do own a full /24 network but also have 6 adsl lines with dynamic IP addresses.
At the edge of my network either masquerade-nat (adsl lines) takes place or client to public src-nat in the connections to symmetric (with my public /24 network)
Inside my network it is all static routes towards several AP networks from where the connected CPE’s src-nat to the clients LAN’s. (And often client has yet another wifi router that does do nat)
Would this make it simple? (OH, now you’re telling me it is too simple a setup anyway…! Can be, you’re probably right. But a man can only do so many things at a time… )
Hmmmm, Thats a tricky setup to do, There is no NAT in IPv6 so your DSL lines are useless. You could get a /48 from a tunnel broker and use that depending on where you are in the world and how close to HE’s PoP.
If I were you I would stick a 6to4 tunnel on your edge router and hand out /64’s from that, You can statical route them to the AP’s.
But first off I’ve grab a tunnel for your home connection and play around with that
??? 80% of internet users have dsl lines? You are telling they can’t use IPv6?
My adsl lines are nothing different from the ones any normal neighbour gets from same IP. Instead of several home devices I spread the capacity to several customers…
Yes but you are using them in such a way that you can’t with v6, There is no NAT which means you need whoever is supplying you with the DSL needs to route the v6 space to you. You can’t masq with v6 like you are doing with v4 right now
Let me think:
I have a home with 4 PC’s, all connected wired or wireless to adsl router provided by ISP. This wifi router has a NAT firewall so all local LAN adresses are translated to the PPoE (or dhcp assigned) address by the ISP.
This is what most people have.
Now, instead of 4 PC’s I have one router behind this adsl/wifi/router that collects traffic from several users and also keeps a routing table to route back to clients (for management purpose.)
Imho the adsl/router is now just connected to one device (my router) instead of 4 PC’s but all the rest is all the same? So I do not understand why my setup now would give a problem? If I am ´doomed´ for this, I won’t be the only one!
In your post you have stated you have 6 dsl lines which you split traffic out over and use NAT to hide the client IP’s behind the ISP given IP of the dsl line you are going out over.
If this is correct then you have a problem, There is no NAT in v6 and as such no way to load balance without a BGP interface across each of the DSL lines.
Perhaps a diagram would help explain your setup better?
)