IPv6 Trial

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
1,869
Hold on, you're exposing LAN devices directly to the IPv6 WAN?

No NAT? No firewall?

Big big balls, I hope all your clients have every device on their LAN patched.

v6 works on prefix delegation, not bridging. This means your /64 is allocated for your LAN network and is routed from the WAN.. Which means even a basic router usually runs a firewall protecting the LAN prefix (most routers we’ve checked support this).

Security by NAT is not secure at all- it’s laughably easy to bypass/spoof. Not to mention messy protocols like UPNP and the headaches NAT can cause (VoIP, games and more). So apples for apples - the firewall protecting you on v4 will do a similarly good job with v6 (likely even better). That said, it’s never a bad idea to get a firewall that supports DPI and some sort of threat intelligence (whether you’re using v4 or v6) to check inside all the packets passing through your network.

Standard rules to protect v6 on consumer routers cover forwarding v6 traffic to your delegated prefix based on established and related connections. Basically, inbound communication on IPv6 from the world is only allowed if the connection is established from behind the firewall (the same way it works on v4), or the connection is related. For persistent outside access (like accessing your CCTV), your firewall will need to have forwarding rules set up in your firewall filter list (no longer port forwarding the way we’re used to).
 

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
1,869
So Afrihost is talking **** and I will be moving then :p

Not necessarily.. I’m not sure of exactly what AH’s OBC/IPC implementation looks like and also what legacy systems need to remain supported (IE dialup, ISDN, DSL etc). It is possible that implementing v6 would require significant changes to this topology, hence the current lack of support.

We’re lucky and set up our interconnection with Openserve more recently and have only needed to support IPC/OBC in its current form- and with this, v6 is native (we actually have two topologies in parallel, both supporting native dual stack).
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
Not necessarily.. I’m not sure of exactly what AH’s OBC/IPC implementation looks like and also what legacy systems need to remain supported (IE dialup, ISDN, DSL etc). It is possible that implementing v6 would require significant changes to this topology, hence the current lack of support.

We’re lucky and set up our interconnection with Openserve more recently and have only needed to support IPC/OBC in its current form- and with this, v6 is native (we actually have two topologies in parallel, both supporting native dual stack).

I like detailed, technical replies like this. Thank you for this post and the one above, you really know your stuff!
 

eosman

Active Member
Joined
May 24, 2011
Messages
86
Just checked and can confirm we saw you DHCP request and you have been granted a lease.

Is it still failing? What router are you using?
Just checked now. Still failing.
It’s a Netgear Orbi.

Enabled IPv6 DHCP. And LAN mode set to DHCP as well. I get an IP. My device has an IP but not ipv6 connectivity.
 

Gimli

Well-Known Member
Joined
Feb 8, 2005
Messages
369
Following this thread with interest. I'm so ready to trial ipv6 on my afrihost/openserve fibre
 

S.Claus

Expert Member
Joined
Nov 14, 2017
Messages
1,201
:)It is. We are engaging with Openserve to get this going.

Using an IPv4 to IPv6 tunnel is just not what we want to do now. It complicates things and increases the chances of things going wrong.

We have been seeing really good things with DHCPv6 and apart from the TP-Link Deco that has a firmware bug with DHCPv6 other devices are really working well.

We seeing quite a bit of streaming traffic from Youtube on IPv6 which is nice.
Let me know when Openserve is live I’ll enable my Afrihost account again
 

AfriNatic

Afrihost Rep
Staff member
Joined
Nov 18, 2016
Messages
3,244
Is IPv6 enabled for TTConnect client?

Certain vlans are not configured yet. You are on one that is not configured yet.

I will let you know once we have configured it and then you should be sorted.
 
Top