IPv6 Roll Out

[blunt]

Well the idea it to block remote inbound connections to the v6s... but not to stop all v6 traffic of course. this is just a Dlink DIR825

Can still browse via ipv6 with this rule in place

 

[websquadza]

Can still browse via ipv6 with this rule in place

Been looking into the (limited) documentation on the dlink’s v6 firewall. I think the established / related connection tracking is implicit and the firewall rules there seem to be more geared towards allowing/blocking specific traffic to hosts in your /64 subnet. It seems to block invalid (unsolicited) inbound traffic implicitly. So, for example, hosting a web server on a specific IP in your /64 allocation shouldn’t automatically expose it to the internet. You would need to forward traffic explicitly in this firewall menu.

 

[Packet-Kollector]

Not necessarily.. I’m not sure of exactly what AH’s OBC/IPC implementation looks like and also what legacy systems need to remain supported (IE dialup, ISDN, DSL etc). It is possible that implementing v6 would require significant changes to this topology, hence the current lack of support.

We’re lucky and set up our interconnection with Openserve more recently and have only needed to support IPC/OBC in its current form- and with this, v6 is native (we actually have two topologies in parallel, both supporting native dual stack).

Big thanks for your knowledge, and how you shared it here. Appreciated!

 

[blunt]

Been looking into the (limited) documentation on the dlink’s v6 firewall. I think the established / related connection tracking is implicit and the firewall rules there seem to be more geared towards allowing/blocking specific traffic to hosts in your /64 subnet. It seems to block invalid (unsolicited) inbound traffic implicitly. So, for example, hosting a web server on a specific IP in your /64 allocation shouldn’t automatically expose it to the internet. You would need to forward traffic explicitly in this firewall menu.

Thanks

 

[LordPhoenix_ZA]

We are experiencing an outage currently on the IPv6. Working on a fix.

IPv6 working again? Turned mine off when I read this at the time.

 

[AfriNatic]

IPv6 working again? Turned mine off when I read this at the time.

Yes.

We found the bug in the DHCPv6 server and fixed it. Should be sorted now.

 

[vavyn]

IPv6 on TTConnect down? It's stuck at connecting for the past hour or so.

 

[AfriNatic]

IPv6 on TTConnect down? It's stuck at connecting for the past hour or so.

If you plug your PC directly into the ONT do you get a IPv6 lease?

 

[The_Librarian]

Count me in. I'm on Axxess fixed LTE (telkom).

 

[AfriNatic]

Count me in. I'm on Axxess fixed LTE (telkom).

Right now we only have on boarded on our fibre network that we control DHCP for. Other networks like Openserve and possibly MTN soon.

 

[Nikkel]

Right now we only have on boarded on our fibre network that we control DHCP for. Other networks like Openserve and possibly MTN soon.

Progress with VumaReach...?

 

[AfriNatic]

Progress with VumaReach...?

Still waiting on Vuma. We are really keen to get it going asap so once it's live we will start enabling for clients.

 

[The_Librarian]

Right now we only have on boarded on our fibre network that we control DHCP for. Other networks like Openserve and possibly MTN soon.

Cool.

I'm looking at installing an Ubuntu server on my side with an LTE dongle.

 

[blunt]

@AfriNatic I notice traceroutes to CloudFlare over v6 routes via JHB, do they not have 6 in CT?

 

[AfriNatic]

@AfriNatic I notice traceroutes to CloudFlare over v6 routes via JHB, do they not have 6 in CT?

Can you confirm you are using the default ipv6 DNS servers?

 

[blunt]

Can you confirm you are using the default ipv6 DNS servers?

it's using
- 2c0f:f4c0::c
- 2c0f:f4c0::d

traceroute to iol.co.za (2606:4700:10::6816:1d71), 30 hops max, 80 byte packets


 1  dlinkrouter.Dlink (2c0f:f4c0:2201:xxxx:c6e9:xxxx:xxxx:xxxx)  0.767 ms  1.443 ms  1.528 ms
 2  2c0f:f4c0:2200::1 (2c0f:f4c0:2200::1)  5.521 ms  4.773 ms  5.236 ms
 3  2c0f:f4c0:2000:3::d (2c0f:f4c0:2000:3::d)  5.150 ms  5.067 ms  4.989 ms
 4  2c0f:f4c0:2000:3::11 (2c0f:f4c0:2000:3::11)  7.962 ms  8.117 ms  8.038 ms
 5  2c0f:f708::d8 (2c0f:f708::d8)  24.982 ms 2c0f:f708::18 (2c0f:f708::18)  24.593 ms  24.821 ms
 6  cloudflare.ixp.joburg (2001:43f8:6d0::198)  24.759 ms  25.528 ms  25.455 ms
 7  2400:cb00:45:1024::c5ea:f11d (2400:cb00:45:1024::c5ea:f11d)  25.153 ms 2400:cb00:45:1024::c5ea:f114 (2400:cb00:45:1024::c5ea:f114)  24.486 ms 2400:cb00:45:1024::c5ea:f123 (2400:cb00:45:1024::c5ea:f123)  24.625 ms

 

[AfriNatic]

it's using
- 2c0f:f4c0::c
- 2c0f:f4c0::d

traceroute to iol.co.za (2606:4700:10::6816:1d71), 30 hops max, 80 byte packets


1  dlinkrouter.Dlink (2c0f:f4c0:2201:xxxx:c6e9:xxxx:xxxx:xxxx)  0.767 ms  1.443 ms  1.528 ms
2  2c0f:f4c0:2200::1 (2c0f:f4c0:2200::1)  5.521 ms  4.773 ms  5.236 ms
3  2c0f:f4c0:2000:3::d (2c0f:f4c0:2000:3::d)  5.150 ms  5.067 ms  4.989 ms
4  2c0f:f4c0:2000:3::11 (2c0f:f4c0:2000:3::11)  7.962 ms  8.117 ms  8.038 ms
5  2c0f:f708::d8 (2c0f:f708::d8)  24.982 ms 2c0f:f708::18 (2c0f:f708::18)  24.593 ms  24.821 ms
6  cloudflare.ixp.joburg (2001:43f8:6d0::198)  24.759 ms  25.528 ms  25.455 ms
7  2400:cb00:45:1024::c5ea:f11d (2400:cb00:45:1024::c5ea:f11d)  25.153 ms 2400:cb00:45:1024::c5ea:f114 (2400:cb00:45:1024::c5ea:f114)  24.486 ms 2400:cb00:45:1024::c5ea:f123 (2400:cb00:45:1024::c5ea:f123)  24.625 ms

Interesting.

Can you do a trace to the DNS servers as well as and IPv4 trace to 1.1.1.1

 

[blunt]

Interesting.

Can you do a trace to the DNS servers as well as and IPv4 trace to 1.1.1.1

seems to go to jhb for v6

traceroute to 2c0f:f4c0::c (2c0f:f4c0::c), 30 hops max, 80 byte packets
1  dlinkrouter.Dlink (2c0f:f4c0:2201:fcd8:c6e9:aff:fe31:eb85)  0.846 ms  1.386 ms  1.432 ms
2  2c0f:f4c0:2200::1 (2c0f:f4c0:2200::1)  5.005 ms  4.921 ms  4.849 ms
3  2c0f:f4c0:2000:3::d (2c0f:f4c0:2000:3::d)  4.619 ms  4.887 ms  4.807 ms
4  2c0f:f4c0:2000:3::11 (2c0f:f4c0:2000:3::11)  8.008 ms  7.935 ms  7.855 ms
5  2c0f:f708::d8 (2c0f:f708::d8)  24.395 ms 2c0f:f708::18 (2c0f:f708::18)  24.315 ms 2c0f:f708::d8 (2c0f:f708::d8)  24.242 ms
6  2c0f:f4c0:1000:3::40 (2c0f:f4c0:1000:3::40)  24.365 ms  27.572 ms  26.053 ms
7  2c0f:f4c0::c (2c0f:f4c0::c)  25.820 ms  21.862 ms  21.573 ms

traceroute to 2c0f:f4c0::d (2c0f:f4c0::d), 30 hops max, 80 byte packets
1  dlinkrouter.Dlink (2c0f:f4c0:2201:fcd8:c6e9:aff:fe31:eb85)  0.941 ms  0.979 ms  1.819 ms
2  2c0f:f4c0:2200::1 (2c0f:f4c0:2200::1)  5.623 ms  4.988 ms  5.204 ms
3  2c0f:f4c0:2000:3::d (2c0f:f4c0:2000:3::d)  5.120 ms  4.752 ms  4.970 ms
4  2c0f:f4c0:2000:3::11 (2c0f:f4c0:2000:3::11)  8.503 ms  8.267 ms  8.181 ms
5  2c0f:f708::18 (2c0f:f708::18)  24.599 ms 2c0f:f708::d8 (2c0f:f708::d8)  24.528 ms  24.447 ms
6  2c0f:f4c0:1000:3::40 (2c0f:f4c0:1000:3::40)  24.582 ms  27.850 ms  27.774 ms
7  2c0f:f4c0::d (2c0f:f4c0::d)  25.741 ms *  25.791 ms

v4 via ct to cloudflare dns

traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1  dlinkrouter.Dlink (192.168.0.2)  0.749 ms  0.650 ms  1.176 ms
2  169-1-254-1.ip.afrihost.co.za (169.1.254.1)  3.086 ms  3.021 ms  2.948 ms
3  169-1-21-147.ip.afrihost.co.za (169.1.21.147)  3.370 ms  3.434 ms  3.368 ms
4  169-1-21-131.ip.afrihost.co.za (169.1.21.131)  4.325 ms  4.254 ms  3.891 ms
5  cloudflare.ixp.capetown (196.60.70.198)  4.280 ms  4.055 ms  4.142 ms
6  one.one.one.one (1.1.1.1)  5.792 ms  3.417 ms  3.340 ms

 

[AfriNatic]

seems to go to jhb for v6

traceroute to 2c0f:f4c0::c (2c0f:f4c0::c), 30 hops max, 80 byte packets
1  dlinkrouter.Dlink (2c0f:f4c0:2201:fcd8:c6e9:aff:fe31:eb85)  0.846 ms  1.386 ms  1.432 ms
2  2c0f:f4c0:2200::1 (2c0f:f4c0:2200::1)  5.005 ms  4.921 ms  4.849 ms
3  2c0f:f4c0:2000:3::d (2c0f:f4c0:2000:3::d)  4.619 ms  4.887 ms  4.807 ms
4  2c0f:f4c0:2000:3::11 (2c0f:f4c0:2000:3::11)  8.008 ms  7.935 ms  7.855 ms
5  2c0f:f708::d8 (2c0f:f708::d8)  24.395 ms 2c0f:f708::18 (2c0f:f708::18)  24.315 ms 2c0f:f708::d8 (2c0f:f708::d8)  24.242 ms
6  2c0f:f4c0:1000:3::40 (2c0f:f4c0:1000:3::40)  24.365 ms  27.572 ms  26.053 ms
7  2c0f:f4c0::c (2c0f:f4c0::c)  25.820 ms  21.862 ms  21.573 ms

traceroute to 2c0f:f4c0::d (2c0f:f4c0::d), 30 hops max, 80 byte packets
1  dlinkrouter.Dlink (2c0f:f4c0:2201:fcd8:c6e9:aff:fe31:eb85)  0.941 ms  0.979 ms  1.819 ms
2  2c0f:f4c0:2200::1 (2c0f:f4c0:2200::1)  5.623 ms  4.988 ms  5.204 ms
3  2c0f:f4c0:2000:3::d (2c0f:f4c0:2000:3::d)  5.120 ms  4.752 ms  4.970 ms
4  2c0f:f4c0:2000:3::11 (2c0f:f4c0:2000:3::11)  8.503 ms  8.267 ms  8.181 ms
5  2c0f:f708::18 (2c0f:f708::18)  24.599 ms 2c0f:f708::d8 (2c0f:f708::d8)  24.528 ms  24.447 ms
6  2c0f:f4c0:1000:3::40 (2c0f:f4c0:1000:3::40)  24.582 ms  27.850 ms  27.774 ms
7  2c0f:f4c0::d (2c0f:f4c0::d)  25.741 ms *  25.791 ms

v4 via ct to cloudflare dns

traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1  dlinkrouter.Dlink (192.168.0.2)  0.749 ms  0.650 ms  1.176 ms
2  169-1-254-1.ip.afrihost.co.za (169.1.254.1)  3.086 ms  3.021 ms  2.948 ms
3  169-1-21-147.ip.afrihost.co.za (169.1.21.147)  3.370 ms  3.434 ms  3.368 ms
4  169-1-21-131.ip.afrihost.co.za (169.1.21.131)  4.325 ms  4.254 ms  3.891 ms
5  cloudflare.ixp.capetown (196.60.70.198)  4.280 ms  4.055 ms  4.142 ms
6  one.one.one.one (1.1.1.1)  5.792 ms  3.417 ms  3.340 ms

Morning,

Can you try using a CPT based DNS IPv6 server and see if cloudflare still prefers JHB?

Thanks for the info I'm passing this on to our network engineers.

 

[blunt]

Morning,

Can you try using a CPT based DNS IPv6 server and see if cloudflare still prefers JHB?

Thanks for the info I'm passing this on to our network engineers.

can do - but do you know of any?