Hi there, Something of a nutshell series here, I'm probably not explaining a lot but would like to point out a few of the largest handles on this IPv6 thing people keep complaining talking about.
Getting IPv6 If you just want to have a quick peek on what this IPv6 thing is, it is now very easy to for anyone here on the current 2.1 snapshots. In 2.1 we now also support 6to4 for the WAN interface which creates a automatic for a piece of the IPv6 internet based on your public IPv4 address. This is by far the easiest and fastest and your LAN clients should have IPv6 in minutes. Select "6to4" for the IPv6 configuration type on your WAN interface. On your LAN interface you select "track interface" for the IPv6 configuration type, select your WAN here, and a prefix number. Your LAN client should get a IPv6 internet address in just 30 seconds or so depending on the speed of many things. A few handles on IPv6 The 128 bits are best divided in 2, in reality you have the left 64 bits which basically denotes your network ID. Then you have the right 64 bits which are available for the local segment. The reason for 64 bits here is autoconfiguration, your 48 bit mac address fits in there, and a lot of things will use it that way. We call the left 64 bits the "prefix". Why is my subnet always 64 bits Normally subnets are always /64, this is basically the same thing the IPv4 /24 used to be. Where we used to grow that /24 to a /23 or /22 in IPv4 land, that is not neccesary anymore since it's always big enough. On rare occasion you will find smaller subnets, sometimes to explicitly to break autoconfiguration, but ignore these cases for now. The IPv6 number is bigger, but you rarely ever care about the right part. If this is a server, you will likely address it statically, and this assign it a number. If this is a client, it either autoconfigures or uses DHCPv6 , you wouldn't care anyhow, as long as cuteoverload.com loads. The Link Local Address At some point you will find a intruiging IPv6 addres on your interfaces, it always begins with fe80::. This is the link local address, this is used for all communications on the local segment. For example, when you request a DHCPv6 address you talk to the DHCPv6 server over the link local addres. This applies to a number of auto configuration principles like router advertisements and DNS. There is no gateway in my DHCP settings The gateway is now a router advertisement away. In IPv6 the router announces the gateway itself, you will not find any gateway field in the DHCPv6 options as the client will pick up the router from the Router Advertisement messages that your router will send out. This is slightly different from IPv4 where this was always provided by DHCP or you had to know the settings in advance. This has not changed much, you pick up the default route either from the RA messages instead of DHCP, or you can configure it manually just like before. Don't be confused if your gateway is shown as the Link Local address, this is normal, the global address in static configuration works just fine too. Don't worry though, the 2 DHCP servers on the same segment, or 2 routers advertising themselves as being the default is exactly the same grief as before. You haven't missed a thing :-) Why does my IPv6 address change when my IPv4 address changes? As the lead said, with 6to4 it based the IPv6 address on your IPv4 address, if that changes the LAN addressing for IPv6 will also have to change otherwise the traffic would never be able to get back to the right address to make it work. This is he biggest drawback with IPv6 deployment that ties into the IPv4 addressing. ATT Uverse deploys with 6rd, which is slightly different, but the same issue applies that a different IPv4 WAN address will cause a new IPv6 "prefix" for your LAN. The right 64 bits of your computer won't change, but the left 64 bits will. If you IPv4 WAN has a static address, the 6to4 or 6rd prefix will never change, thus you would never have this issue, but read on. I don't want my IPv6 "prefix" to change So if you don't want the left 64 bits to change when your IPv4 WAN reconfigures itself (which you will notice anyhow) there are a few options. If your ISP already started with IPv6 you might find they deployed native IPv6 using DHCP Prefix Delegation. The big difference with the previous mentioned types is that they are all automatically configured IPv6 over IPv4 tunnels. DHCP-PD is the exception, just like static addressing this configures the IPv6 addressing entirely seperate from the IPv4 network settings. DHCP with prefix delegation automatically configures your network, but if the ISP is sensible they will assign you the same IPv6 prefix for as long as you have the device. Over the years the internet has slowly become a always on device. And without the lack of pressure to use all IPv4 addresses you can assign the same prefix to each customer. The alternative static IPv6 prefix There is always the alternative of a statically configured IPv6 tunnel, this means your prefix will never change based on your IPv4 or IPv6 configuration. You can sign up with the Hurricane Electric free tunnelbroker service to get yourself a /48 prefix network assigned, for those with quick math, that is the possiblity to assign 65535 unique IPv6 /64 networks. Did I mention it is free? http://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker Remember when you used to pay for a static IPv4 address? Those days (can) be gone. What does IPv6 mean for my websites I could start a large rant on why I think it is good to dual stack your websites but there have been a ton of people that did it before. My personal opinion is probably well known by now. The website from my employer which is in the fashion retailing already has IPv6. I believe that catering to both networks is the best strategy right now. If the client has either native v4 or native v6 they will reach my websites without any hurdles of either Carrier Grade Nat (Crummy Gross Nat) or with the help of NAT64/DNS64 (wish it worked for everything). Happy Camping! Seth
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
