IPv6 Roll Out

Leno said:
you normally allocate static v6 prefixes otherwise your local clients will have no connectivity until their autoconfig / RA expires
Click to expand...
? You get a delegated prefix for your LAN, from Afrihost via DHCP6 on the WAN. The prefix might change from time to time. Happy to be corrected @AfriNatic
 
Gimli said:
? You get a delegated prefix for your LAN, from Afrihost via DHCP6 on the WAN. The prefix might change from time to time. Happy to be corrected @AfriNatic
Click to expand...

This is not industry practice (changing the prefix) I hope they are not doing this

Your pc's etc will have a certain time that it will still try use the old prefix and they will loose connectivity

Its like changing your home ip range and expecting all the dhcp leases to change straight away with it
 
Gimli said:
Mmmm bummer. Users will want to run a few subnets, why only a /64?
Click to expand...

If you willing to give up stateless config you can split the prefix up and run your own DHCPv6 etc
This is how we do it on Hetzner where they wont allocate more than a /64
 
Leno said:
If you willing to give up stateless config you can split the prefix up and run your own DHCPv6 etc
This is how we do it on Hetzner where they wont allocate more than a /64
Click to expand...
Remember me to never be a customer of theirs. It's not as if they need to conserve addresses, and besides it is not best practice according to IETF guidelines
 
Gimli said:
Remember me to never be a customer of theirs. It's not as if they need to conserve addresses, and besides it is not best practice according to IETF guidelines
Click to expand...
Do you mean the guidelines on splitting a /64 or guidelines that say an ISP must allocate more? , I haven't come across a consumer ISP giving out more than a /64

Remember they have to still report to Afrinic that they are allocating their ip's not in a wasteful manner even if it is ipv6

Edit: correction, looks like the reporting requirements are not as strict for v6 with Afrinic
 
Last edited:
The IETF guideline for ISPs for allocating prefixes to their customers. And I get a /56 from @websquad. Only endpoint devices e.g. A mobile phone should get a /64. Home users should get a /56 at least
 
This document for further info

IPv6 Address Assignment to End-Sites

The Regional Internet Registries (RIRs) policies have different views regarding the recommendation of the prefix to be assigned to end-sites. However, all them allow up to a /48 without further justification and clearly state that the exact choice of how much address space should be assigned to...
tools.ietf.org
 
AfriNatic said:
For those wondering on how does IPv6 work when it comes to ports you can use this handy tool.


It scans for common open ports and you can see if you configure your firewall correctly.

By default the D-Link, Huawei WS5200 and the Huawei WS7100 we supply will have the firewall on. This means none of the allocated IPv6 ips on you devices will have open ports. The firwall will also block ping requests.

The Huawei WS5200 and WS7100 has pretty basic Firewall settings. It's either ON or OFF. ON meaning blocks everything coming in on IPv6. OFF meaning which ever ip is allocated if there is services running with open ports they will be exposed. This is only an issue if you running service that has open ports and are not secured.

The D-Link has quite a nice firewall setting. It allows you to open specific ports to specific IPv6 IP address or the whole prefix allocated to you or a specific range of IPv6 addresses.

A simple rule to open a specific port you intend to use for the whole prefix allocated to you will look like this. This will open up port 26895 to allow remote traffic to come in. In my case it' a torrent client. It will allow it to the whole /62 allocated to you.


View attachment 1071975


When using https://www64.chappell-family.co.uk/cgi-bin6/ipscanfastjs.cgi with the firewalls turned on like they are by default @blunt ports will be blocked and the test should show this.

View attachment 1071977


You need to specify rule to intentionally block incoming traffic but you can if you want to.

When the firewall is turned off it would expose any open ports to the internet if there is a running service listing on that port. For example.

View attachment 1071979
Click to expand...
Every time I run this, my router crashes :-(
 
A really stupid question. Do devices need to support ipv6 to be able to work once switched over? I have no idea how ipv6 actually works. What happens if I have an IoT device like those cheap ESP chips on my network?

*Question aimed at anyone that can answer.
 
Toastmaster said:
A really stupid question. Do devices need to support ipv6 to be able to work once switched over? I have no idea how ipv6 actually works. What happens if I have an IoT device like those cheap ESP chips on my network?

*Question aimed at anyone that can answer.
Click to expand...

For IPv6 only yet.

Most network including the way we roll out is Dual stack IPv4 and IPv6. IPv6 is preferred and will work on all your devices that supports it and when you access IPv6 on the internet. Not everything is ready for Ipv6 so a dual stack setup allows IPv4 fall back for when the network or device does not support IPv6.


For example in my D-link. If I removed IPv4 here everything that does not support IPv6 will just be dead.

Screenshot_2021-05-20 DIR-825.png
 
AfriNatic said:
Still busy with that. Trust me you will be the first to hear when it's live.

On another note we have started pushing IPv6 connections to be enabled via a Huawei OTA update and TR-069 for D-Link. Making good progress on that.
Click to expand...
What router you have there guy? Dlink?
 
Hi @AfriNatic am I mistaken or have you changed the name of this thread from ipv6 trial to ipv6 rollout? If so would you please explain what you are doing for the rollout. Thanks
 
Gimli said:
Hi @AfriNatic am I mistaken or have you changed the name of this thread from ipv6 trial to ipv6 rollout? If so would you please explain what you are doing for the rollout. Thanks
Click to expand...

We have pushed an OTA update to the Huawei WS5200 to enable IPv6. We are doing a sizable amount of fibre lines via nTR-069 for the D-link.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X