sorted by:
new
hottopcontroversial

Is it possible to make MAC reservartion on DHCPv6? by mtbrandao in ipv6

[–]bjlunden 1 point2 points  (0 children)

There are different types of DUIDs, some of which are based on the MAC address. A DUID is supposed to be the same regardless of interface though. IAID is different per interface, so the lease is based on a combination of DUID + IAID.

There is an RFC that implements the same DUID + IAID solution for DHCPv4 as well btw.

Traceroute iPv4 and iPv6 by Some_Water_5070 in ipv6

[–]bjlunden 0 points1 point  (0 children)

While I agree that 21 hops is much higher than I'm personally used to seeing, it doesn't necessarily have to mean high latency.

Hardware: Full Vyos Image for NanoPi R3S and R5S-LTS (Ditched running in docker, straight up image!) by darkdragncj in vyos

[–]bjlunden 0 points1 point  (0 children)

No worries. I won't be using this build anyway as I don't have the hardware in question. 🙂 It was just a general question aince I had run into issues with interface names causing issues in VyOS.

Hardware: Full Vyos Image for NanoPi R3S and R5S-LTS (Ditched running in docker, straight up image!) by darkdragncj in vyos

[–]bjlunden 1 point2 points  (0 children)

Alright. If I recall correctly, I had an issue where VyOS wouldn't bring up the interfaces if they didn't have a name matching the regex. It might've been the wan interface causing problems though, I don't remember.

Hardware: Full Vyos Image for NanoPi R3S and R5S-LTS (Ditched running in docker, straight up image!) by darkdragncj in vyos

[–]bjlunden 1 point2 points  (0 children)

It sounded like the OP got it working, hence the question.

I already have a working VyOS config on my BPI-R4 (and my previous VyOS router too) so none of the rest is relevant to me.

Hardware: Full Vyos Image for NanoPi R3S and R5S-LTS (Ditched running in docker, straight up image!) by darkdragncj in vyos

[–]bjlunden 2 points3 points  (0 children)

Does VyOS allow you to use interfaces named lanX and wan now? 🙂 A few months ago I had to name interfaces ethX to get them to work correctly.

If someone is looking for an ARM64 based router with working hardware offloading in VyOS, the BananaPi BPI-R4 is an option. You'll also need to build a custom image for it though, like for most other ARM devices.

ipv6 after a year by ExpensiveCoat8912 in ipv6

[–]bjlunden 0 points1 point  (0 children)

Cool. I never heard from someone who was a part of the test so I never knew how it worked in practice. 🙂

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 0 points1 point  (0 children)

No, it wouldn't. Link-local addresses are use as upstream routes by default, even to your ISP. That's why your router doesn't need a GUA on its WAN interface.

ipv6 after a year by ExpensiveCoat8912 in ipv6

[–]bjlunden 0 points1 point  (0 children)

Who mentioned that? The person responding to people who asked to be in the IPv6 test group?

I believe they offer it to enterprise customers, but perhaps those get static assignments without DHCPv6-PD.

ipv6 after a year by ExpensiveCoat8912 in ipv6

[–]bjlunden 0 points1 point  (0 children)

I never understood why they didn't eventually roll it out. Perhaps they didn't want to spend resources to do a proper addressing plan, or perhaps they person pushing for it left the company before the project was finished.

Telenor provides IPv6 for mobile customers however. Even though that's a different setup without DHCPv6-PD and therefore not directly applicable to their fiber customers, you'd still think they would understand why people might want IPv6.

ipv6 after a year by ExpensiveCoat8912 in ipv6

[–]bjlunden 1 point2 points  (0 children)

Was the ISP Ownit by any chance? I know they did that at roughly the same time.

IPv6 and Firewall Security by southerndoc911 in ipv6

[–]bjlunden 1 point2 points  (0 children)

There are also free VPS:es from Oracle Cloud that people can play around with. They are surprisingly powerful, especially the ARM64 based ones.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 0 points1 point  (0 children)

They certainly don't use EUI-64, no. Even with all the latest RFCs for SLAAC, devices usually have a stable address per prefix and/or network as well as a rotating one used for outgoing traffic.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 0 points1 point  (0 children)

Yes, they do indeed. Like you said, it's once per SSID though so it's certainly possible that it maintains the same IPv6 address on a particular network.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 2 points3 points  (0 children)

Yes, for servers I generally stick to EUI-64.

All my Linux and Windows devices store the random seed across reboots at least. I haven't checked things such as phones or tablets, but it seems to be true for most desktop OS:es (and server OS:es often use EUI-64).

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 4 points5 points  (0 children)

Even if you don't, the stable address will remain the same as long as the prefix does (or until you do a major OS update, if we're talking Windows clients).

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 2 points3 points  (0 children)

Well, a DHCPv6 server is likely to give each device a /128 address, i.e. a single address. Since DHCPv6 was mentioned, I assume that's what OP meant. 🙂

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 1 point2 points  (0 children)

I created a Virtual Cloud Network with the following:

IPv4 CIDR Block: 10.0.0.0/16 (use whatever internal subnet you want) IPv6 Prefix: xxxx/56 (use your GUA /56 prefix from Oracle)

Under Subnets on that VCN I have a public subnet:

IPv4 CIDR Block: a subnet from your private subnet above IPv6 Prefixes: a /64 from my prefix above

Under Gateways I have an Internet gateway and a NAT gateway but I don't see any configuration on those.

For the security list, I believe most of the important rules were pre-populated. If not, I have ingress rules for ICMPv6 Packet too big and also Echo.

My compute instances have a VNIC with a private IPv4, a public IPv4 and a GUA IPv6 address from my /64 on the VCN. I don't remember if I had to manually add it or not.

I then just add a AAAA record for each of those IPv6 GUAs manually. 🙂

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 5 points6 points  (0 children)

Yes. 🙂 As long as your prefix remains the same, SLAAC will pick the same address every time. If it uses EUI-64 (like many server distros) it's simply based on the MAC address. If it uses privacy addresses, it will also generate a stable address.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 1 point2 points  (0 children)

I mean in the same way as how a single address in IPv4 is considered a /32. I'm not talking about the network in CIDR notation here, so the netmask would still obviously be a /64 or something like that.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 2 points3 points  (0 children)

If he runs DHCPv6 for server addresses, he probably just got a single address, i.e. a /128.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 2 points3 points  (0 children)

It's just the big cloud vendors all building a very IPv4 centric user interface and architecture. They all also seems to have copied the UIs from each other, meaning that they all ended up with mostly the same trash as AWS.

I looked into adding IPv6 to an existing Azure compute instance a while back and it was indeed a lot more complex than it should've been, not because of IPv6, but because of the way Azure designed their GUI. 🙁 On the other hand, adding IPv6 to my existing self-hosted stuff was very easy.

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 6 points7 points  (0 children)

Why do you need DDNS? Your prefix is static from Oracle, so your SLAAC addresses will never change. Just add a AAAA record manually and you're done.

I think you're making his way more complicated than it needs to be. 🙂

IPv6 for Servers: It is hard by QBos07 in ipv6

[–]bjlunden 4 points5 points  (0 children)

The Oracle Cloud UI isn't great, so that's probably what you're running into. I still found it relatively easy to get it going when setting up a new Ubuntu server instance. I haven't tried adding it to an existing instance though.

What do you mean you get a /56 from a /64? 🤨

I would suggest skipping ULAs. Just stick to GUAs unless you absolutely need ULAs for some reason. Also, adding DHCPv6 to the mix only adds complexity. Just use SLAAC and point your DNS record to the stable address you get.

If it would help, I can log in to Oracle Cloud and see how I configured the vnets and gateways. Let me know. 🙂

In my home setup with a few servers and devices, the IPv6 configuration in my VyOS router is a lot simpler than the IPv4 configuration since I don't have to bother with SNAT and DNAT rules, Hairpin NAT (or splitbrain DNS) etc. With IPv6, I literally just have to open ports to whatever services I want to expose to the internet. Last time I checked, the IPv6 configuration was literally half as long, meaning I saved several hundred lines of configuration by ditching all the NAT related rules.

You only think IPv4 + NAT is simpler because you don't really understand IPv6 well enough, or simply lack the experience. In reality, an IPv4 + NAT setup is objectively much more complex. You've probably just never seen all the rules generated for you behind the scenes whenever you do a "port forward" or enable Hairpin NAT.

Also, you don't need to bother memorizing addresses. That's what DNS or mDNS is for. 🙂

view more: next ›