I appreciate that IPv6 is necessary but couldn’t it also have been necessary and “able to be understood by more than 2.5 people on the planet” at the same time?
For many, it's turned out to be easier than it looked. I've given TCP/IP courses at novice level (just enough for system administators to design and configure simple networks) and have noticed that once you get past how the shorthand notation works, those with a firm understanding of binary numbers have little trouble picking it up. People who don't understand why 256 doesn't go in an IPv4 address, or why 255.255.0.255 is not a valid network mask, also have a hard time learning IPv6.
@Whreq Jnnyobre Get it wrong and you end up with multiple VLANs trying to use the same IP range and it all gets very ... upset.
Unlike IPv4 where what's behind your firewall is yours to command, getting a globally routable subnet that you need to break up into smaller chunks for your different VLANs is something of a departure, and breaking those nets apart is far from a simple affair.
Having used networks with public v4 for every host instead of rtc1918 addresses and NAT, I don't think this really is an IPv6 specific thing. But v6 comes with prefix delegations that can help.
The part that I don't understand is why any proxying would be needed. That sounds like using the same /64 on multiple vlans?
@Whreq Jnnyobre I'm not using the same /64, no. I have a /56 and a /48 which I split apart into /64s. The risk is that it ENDS UP being the same /64 if you configure the router wrong.
And then some stuff is handed down from the parent interface, some comes via DHCPv6 (how does that work? Nobody knows), and some via SLAAC (dark magic, don't ask).
Do individual VLANs want to be master interfaces for RA? Probably not. Seems to work if you hand it off upstairs. Don't forget to let the clients know that DHCPv6 tells them where the DNS servers are as well.
And so on, and so on, and so on, for page after page of v6 config options.
Compared to "This is my IP address, this is the netmask, yeah, we're doing DHCP and you start at this address and end at this one, here's the router, here's a tickybox to turn NAT on and off, done"
@Whreq Jnnyobre Oh, and the prefix delegations ... you're sort of expected to know that this shit randomly breaks if you don't hand down a /64 because obviously most vendors just assumed that and your router absolutely lets you put a different number in there but your lightbulbs will CRY.
@Whreq Jnnyobre oh, and there’s DHCP which isn’t SLAAC which is also DHCP. Yes. You need both. Probably. Nobody knows. Two DHCP servers. They play nice. Anyway, so here’s your globally reputable address.
Oh yeah, you still need the v6 equivalent of your private /24. It’s called “link local”. Just assign that one and carry on using NAT? Nobody knows how to turn NAT on for v6. Yes you do have to keep the private subnet. Why? Don’t ask awkward questions. Look, you’re getting lots of IP addresses. It’s fun! Don’t ask stupid questions.
Do you really *need* DHCPv6 though, if you don't use PD? I honestly have never provided DHCPv6 for a client subnet, only between routers. (Except when I used OpenWRT which enables it by default. I don't see a point in disabling it.)
As for needing a private address space - I disagree that it would be needed, at least for regular networks. It can come in handy if you can't depend on a stable prefix from your ISP and use raw IP addresses instead of (m)DNS, but I don't think I've come across any network that had it (except my own servers which use a unique local prefix for inter-container communications).
Turning on NAT for IPv6? Most routers don't support that. Linux can do it with nftables, in which case it's done the same way as IPv4 NAT.
I wasn't paying attention and read unique local (fc80::/7) where you said link local (fe80::/10). I now understand how someone could find questions about that to be awkward, because indeed I guess many people who use IPv6 daily would not be able to answer those 😀
Link local isn't the equivalent of your private /24, though (unless you mean multicast 224.0.0.0/24 perhaps, which shares some properties but doesn't usually show up in ifconfig etc? 😀). It is not routable and can't be used with NAT. You can mostly ignore its existence but turning it off (is that even possible?) would break things because it's used internally for other IPv6 stuff, not in the least neighbor discovery, DHCP, and SLAAC.
I guess if you could turn it off, and would assign a static configuration that includes neighbors, maybe things could keep working? Yeah, you're right, I don't think I'd be brave enough to try. 😁
True, that SLAAC needs /64 or larger is a thing one just has to know. It's weird that almost all configuration software will allow smaller subnets without any warnings.
Whreq Jnnyobre
in reply to Sarah Brown • • •I want to get to know the other 1.5 people!
For many, it's turned out to be easier than it looked. I've given TCP/IP courses at novice level (just enough for system administators to design and configure simple networks) and have noticed that once you get past how the shorthand notation works, those with a firm understanding of binary numbers have little trouble picking it up. People who don't understand why 256 doesn't go in an IPv4 address, or why 255.255.0.255 is not a valid network mask, also have a hard time learning IPv6.
World Basement Classic
in reply to Whreq Jnnyobre • • •Sarah Brown
in reply to Whreq Jnnyobre • •Whreq Jnnyobre
in reply to Sarah Brown • • •That's not something that would typically be categorized under requirements for "understanding IPv6" I think 😀
I also don't really understand why you'd need that (or any RA proxying, unless that's an unusual term for PD) so now I'm curious!
Sarah Brown
in reply to Whreq Jnnyobre • •@Whreq Jnnyobre Get it wrong and you end up with multiple VLANs trying to use the same IP range and it all gets very ... upset.
Unlike IPv4 where what's behind your firewall is yours to command, getting a globally routable subnet that you need to break up into smaller chunks for your different VLANs is something of a departure, and breaking those nets apart is far from a simple affair.
Whreq Jnnyobre
in reply to Sarah Brown • • •Having used networks with public v4 for every host instead of rtc1918 addresses and NAT, I don't think this really is an IPv6 specific thing. But v6 comes with prefix delegations that can help.
The part that I don't understand is why any proxying would be needed. That sounds like using the same /64 on multiple vlans?
Sarah Brown
in reply to Whreq Jnnyobre • •@Whreq Jnnyobre I'm not using the same /64, no. I have a /56 and a /48 which I split apart into /64s. The risk is that it ENDS UP being the same /64 if you configure the router wrong.
And then some stuff is handed down from the parent interface, some comes via DHCPv6 (how does that work? Nobody knows), and some via SLAAC (dark magic, don't ask).
Do individual VLANs want to be master interfaces for RA? Probably not. Seems to work if you hand it off upstairs. Don't forget to let the clients know that DHCPv6 tells them where the DNS servers are as well.
And so on, and so on, and so on, for page after page of v6 config options.
Compared to "This is my IP address, this is the netmask, yeah, we're doing DHCP and you start at this address and end at this one, here's the router, here's a tickybox to turn NAT on and off, done"
Sarah Brown
in reply to Whreq Jnnyobre • •Sarah Brown
in reply to Sarah Brown • •@Whreq Jnnyobre oh, and there’s DHCP which isn’t SLAAC which is also DHCP. Yes. You need both. Probably. Nobody knows. Two DHCP servers. They play nice. Anyway, so here’s your globally reputable address.
Oh yeah, you still need the v6 equivalent of your private /24. It’s called “link local”. Just assign that one and carry on using NAT? Nobody knows how to turn NAT on for v6. Yes you do have to keep the private subnet. Why? Don’t ask awkward questions. Look, you’re getting lots of IP addresses. It’s fun! Don’t ask stupid questions.
Whreq Jnnyobre
in reply to Sarah Brown • • •Do you really *need* DHCPv6 though, if you don't use PD? I honestly have never provided DHCPv6 for a client subnet, only between routers. (Except when I used OpenWRT which enables it by default. I don't see a point in disabling it.)
As for needing a private address space - I disagree that it would be needed, at least for regular networks. It can come in handy if you can't depend on a stable prefix from your ISP and use raw IP addresses instead of (m)DNS, but I don't think I've come across any network that had it (except my own servers which use a unique local prefix for inter-container communications).
Turning on NAT for IPv6? Most routers don't support that. Linux can do it with nftables, in which case it's done the same way as IPv4 NAT.
Sarah Brown
in reply to Whreq Jnnyobre • •Whreq Jnnyobre
in reply to Sarah Brown • • •I wasn't paying attention and read unique local (fc80::/7) where you said link local (fe80::/10). I now understand how someone could find questions about that to be awkward, because indeed I guess many people who use IPv6 daily would not be able to answer those 😀
Link local isn't the equivalent of your private /24, though (unless you mean multicast 224.0.0.0/24 perhaps, which shares some properties but doesn't usually show up in ifconfig etc? 😀). It is not routable and can't be used with NAT. You can mostly ignore its existence but turning it off (is that even possible?) would break things because it's used internally for other IPv6 stuff, not in the least neighbor discovery, DHCP, and SLAAC.
I guess if you could turn it off, and would assign a static configuration that includes neighbors, maybe things could keep working? Yeah, you're right, I don't think I'd be brave enough to try. 😁
Whreq Jnnyobre
in reply to Sarah Brown • • •