IPv6 at home

[mikeblas]

Anyone running IPV6 on their home network?

Comcast is now Xfinity seemed to switch me over last week. I couldn't get online without enabling IPv6 DHCP on my SonicWall. Since then, I've got pretty iffy connectivity; some websites I know are up don't load, for example, and it seems like ICMP requests are filtered (ping and traceroute don't work on sites when they used to).

I've been trying to figure out if I should switch my Windows domain to IPv6 and struggle through all the interop to accommodate IPv4 appliances, or if I should keep IPv4 internally and let my SonicWall NAT out to IPv6.

Any advice? Know of any good web references?

 

[kydsid]

I enabled native ipv6 as soon as i got xfinity. Been flawless since day one. Dont know if its the router or what. At the least it helped resolve ongoing restricted nat issues with xbox live.

 

[mikeblas]

Do you have non-IPv6 devices on your network? Televisions, amplifiers, TiVos, ... ?

 

[kydsid]

Yes ive got a mix of both on the network on both wired and wireless.

Modem is an arris sb6183 and router is an asus rt87 if that helps. And in my area ipv6 is native if that matters.

 

[Nicklebon]

Dual stack where you can. Also if IPv6 is to work correctly you cannot block icmp and for the love of all that is good remove NAT from your vocabulary where IPv6 is concerned.

 

[Ehren8879]

OP, read up some on operating a dual stack network.

There's no reason you should have had to enable DHCPv6 to resolve a connectivity issue.

IPv4 and 6 are essentially mutually exclusive.

If I were you I'd disable v6 completely and troubleshoot any problems that return with you v4 connectivity.

Once you disband v6 you might have to reboot clients to get them to drop their v6 addresses. On Windows boxes I've experienced not even an ipconfig release/renew clearing v6 assignments.

Just fyi

 

[Ehren8879]

It's possible to have working v6 and broken v4 which will manifest as only some sites working (IPv6 enabled one's).

Another good term to read up on is Happy Eyeballs

 

[jimh425]

I have Xfinity for internet, but I don't use their modem or cable tv. I have a Motorola with a pfSense firewall. IPv6 is definitely off on the firewall and ipconfig or ifconfig doesn't show any IPv6 being active.

 

[mikeblas]

OP, read up some on operating a dual stack network.

There's no reason you should have had to enable DHCPv6 to resolve a connectivity issue.

I wasn't getting an IPv4 lease. When I switched on DHCPv6, I got a lease immediately. Entirely possible that was coincidental with a physical layer problem, but that's what happened. What would happen to an IPv4-only host on an IPv6-only network?

IPv4 and 6 are essentially mutually exclusive.

Every Windows host I've seen since 2005 or so has had both IPv4 and IPv6 enabled.

Once you disband v6 you might have to reboot clients to get them to drop their v6 addresses. On Windows boxes I've experienced not even an ipconfig release/renew clearing v6 assignments.

None of my Windows machines are using IPv6, as my DHCP server is not configured to hand out IPv6 addresses. It's just the WAN side of my firewall that's IPv6 enabled.

I have Xfinity for internet, but I don't use their modem or cable tv. I have a Motorola with a pfSense firewall. IPv6 is definitely off on the firewall and ipconfig or ifconfig doesn't show any IPv6 being active.

IPv6 varies regionally as Comcast is now Xfinity rolls it out. They've got a website that shows (or was showing, until they suddenly stopped updating it) what progress they've made.

 

[Ehren8879]

Comcast has completed their IPv6 deployment. there may be CMTS' here and there that have is disabled for bug reasons, but it's fully deployed.

Every Windows host I've seen since 2005 or so has had both IPv4 and IPv6 enabled.

True, but IPv4 and IPv6 are ships in the night. Without an IPv6 WAN delegation a modern windows network will still utilize IPv6 via link-local addressing for LAN communication.

I'm not trying to sound like an ass, but I do suggest reading up on dual-stack principals and managing a coexisting IPv4/IPv6 network.

 

[mikeblas]

but I do suggest reading up on dual-stack principals and managing a coexisting IPv4/IPv6 network.

Sounds like a great idea! What I've come here asking for are good references for that subject.

 

[FloatingSpots]

There is a new firmware in trials for the SB6183 for users with IPv6 issues.
Not sure if it was rolled out to all users yet.

Reference thread:
http://www.dslreports.com/forum/r29569626-IPv6-SB6183-IPv6-problems

 

[Ehren8879]

Sounds like a great idea! What I've come here asking for are good references for that subject.

I will go through my browser favorites I've held onto from our IPv6 deployment and post them.

 

[mikeblas]

There is a new firmware in trials for the SB6183 for users with IPv6 issues.

I'm running a SB6121. Thanks, tho.

Notably, the "configuration" page the "Modem's IP Mode" is "IPV6 Only".

 

[Ehren8879]

I'm running a SB6121. Thanks, tho.

Notably, the "configuration" page the "Modem's IP Mode" is "IPV6 Only".

That just means Comcast manages your cable modem via IPv6. They ran out of RFC 1918 space a while ago which was one of the motivators behind their IPv6 rollout.

I still owe you some v6 info and will try to compile that tomorrow. Sorry for the delay.

 

[Nicklebon]

OP go through HE's IPv6 certification guides. Its been a few years but I recall them basic but useful. From what I've seen you post in this thread I think you need to start with the very basics and go from there.

https://ipv6.he.net/certification/

 

[mikeblas]

Here's my plan:

1. Pick a RFC4193 prefix, and generate some unique local addresses.
2. Assign those ULAs as static IPV6 addresses to each of my two domain controllers and the LAN side of my SonicWall.
3. Enable IPV6 on SonicWall. (This seems to be the biggest question mark, really.)
4. Enable IPV6 on each DHCP servers. Have it hand out the SonicWall as the default gateway.
5. Add AAAA records to DNS servers for each domain controller.
6. Figure out how to add forwarding to IPV6 outside DNS servers on my internal DNS servers.
7. Reboot laptop as test; does it catch an IPV6 address?
8. Start testing: visit ipv6 test site externally, ping and traceroute internally, ping and traceroute externally. nslookup results in IPv6 address?

 

[Ehren8879]

ULA's aren't globally routable, so they would only be good for a non-internet facing LAN or IPv6 lab.

ULAs are "like" private IPv4 addresses, but are NOT meant for NAT. The idea is you can use ULAs for something like management networks. If company A and company B both register their ULA space then if those business ever combine they won't have to deal with IP renumbering. Renumbering happens often with RFC1918 space when two large networks merge.

And renumbering is a PITA!

 

[mikeblas]

ULA's aren't globally routable, so they would only be good for a non-internet facing LAN or IPv6 lab.

Isn't a non-internet facing LAN exactly what I have? If I don't use ULAs, how will I establish static IPv6 addresses for my DNS and DHCP servers?

OP go through HE's IPv6 certification guides. Its been a few years but I recall them basic but useful.

Thanks! I answered five questions, but the next step is to demonstrate IPV6 connectivity. I'm not sure setting up a tunnel (or switching around my network to hang my laptop directly off my modem) is the right way to get certified.

 

[Nicklebon]

Let me start by saying I do not have Comcast. With that said I was under the impression that comcast was delivering /48 or /56 networks to the the residential customer CPE. The customer should then use prefix delegation to distribute IPv6 internally. Is this incorrect?

OP understand way the HE tunnel broker service works is that HE will assign you a /56 or possibly /48 block. They will terminate an SIT tunnel on their side and route that previously assigned block to your tunnel termination device. From that point on you will run dual stack everywhere you can internally and distribute the IPs as you wish keeping in mind that the smallest block you should use is a /48.

 

[Ehren8879]

Let me start by saying I do not have Comcast. With that said I was under the impression that comcast was delivering /48 or /56 networks to the the residential customer CPE. The customer should then use prefix delegation to distribute IPv6 internally. Is this incorrect?

OP understand way the HE tunnel broker service works is that HE will assign you a /56 or possibly /48 block. They will terminate an SIT tunnel on their side and route that previously assigned block to your tunnel termination device. From that point on you will run dual stack everywhere you can internally and distribute the IPs as you wish keeping in mind that the smallest block you should use is a /48.

The smallest block should be a /64, of which a /48 contains 65,536 /64's

With IPv6, don't think of it as your ISP giving you IP addresses, think of it as them giving you subnets from which you can create multiple networks within your LAN

 

[Ehren8879]

Here's the most relevant link I could find in my favorites. Most others were ISP deployment related (I work for an ISP...).

https://getipv6.info/display/IPv6/IPv6+Info+Home


As Nicklebon said. HE's tunnel broker certification is worth looking into to get a grasp of playing with v6 space.

 

[mikeblas]

With IPv6, don't think of it as your ISP giving you IP addresses, think of it as them giving you subnets from which you can create multiple networks within your LAN

Oh, interesting. But what if the DHCP assigned IPv6 from my ISP changes? DOesn't that mean that the prefix changes? If so, how do my internal DHCP servers learn that fact, and start handing out addresses with the new prefixes?

Here's the most relevant link I could find in my favorites.

Thanks. That's 503 right now, but I'll peck at it ...

 

[Nicklebon]

Oh, interesting. But what if the DHCP assigned IPv6 from my ISP changes? DOesn't that mean that the prefix changes? If so, how do my internal DHCP servers learn that fact, and start handing out addresses with the new prefixes?

Thanks. That's 503 right now, but I'll peck at it ...

Generally speaking residential consumers will not use DHCP. Instead your router will advertise its prefix and your IPv6 equipment will autoconfigure their own address based on that advertised prefix.

 

[Ehren8879]

But it's a great question when you operate a separate DHCPv6 server on your LAN.

There may a method where you pass the delegated prefix to your DHCP servers, but I'm not aware of it. And if you're operating multiple /64's on your network, simply passing a new prefix to your DHCP servers may not be enough.

Mikeblas, my guess would be you may want to explore a static IPv6 prefix with your ISP (when you go live).

I honestly haven't come across any questions regarding enterprise IPv6 delegation and deployment from my customers, because honestly, none of them seem willing to adopt IPv6 yet. Every time I get a request for static IPv4 space I also advertise IPv6 space, but I get no takers. Mind you the vast majority of our business customers are small to medium business, but still.

 

[rsq]

I use IPv6 extensively at home to learn. My ISP does not deliver IPv6. I am using a tunnel broker to link to the IPv6 internet ( https://www.sixxs.net/ )

You can register for a /64 subnet there. The tunnel is maintained by my firewall computer.

There is no NAT. All machines are directly routable from the public internet. Because of this, I run a firewall on all machines, on top of the edge firewall.

DHCPv6 is not strictly needed in my scenario, but it really helps. I hand out the IP6 addresses via MAC adress reservations. This offers the benefits of fixed ip addresses with the ease of updating settings (like chaning a DNS ip. Just change it in the DHCP settings and wait for all the clients to renew, set renew to 10 minutes).

Top tip for beginning ip6 users:
You need DNS. No human can remember the addresses.

I would definitely not attempt any ipv6 with one of those plasticy POS routers you can buy. Dedicated PC with software firewall (pfsense or similar).

 

[Red Squirrel]

NPT (Network prefix translation) might end up being the solution to the renumbering issue, though I'm not sure if it's officially part of the standard. Lot of people will buck at that idea because it's basically a form of NAT, but being able to have your own local IP space that you control is critical as even with a local DNS server, there are places where IPs need to be inputed manually, such as the actual DNS records, firewall rules, DHCP settings (like the IP of the local DNS server), etc. For big biz it wont be a big issue as they can just buy a static IP or even buy an actual IP range, and do BGP but home users like me who have servers and other network stuff, and small business it will be an issue. It's also a good idea to run your own local DHCP server as you don't want to rely on the ISP one. You don't want your network to start having problems because the internet is down. A LAN should be it's own "island", that just happens to have access to the internet, not actually be part of it. Unless it's a public facing data centre hosting internet services, then that's a bit different.

This article talks about renumbering and makes some pretty good points and offers some possible solutions:

http://www.theregister.co.uk/2012/03/31/ipv6_sucks_for_smes/