Sorry for being a super duper noob. I have gotten as far as setting up my tunnel with my linksys e4200 router and all computers are getting ipv6 addresses and are able to browse site like http://ipv6.google.com or http://[2607:f8b0:4007:801::1011] and have the site work.. in addition i have ran the test ipv6 and passed with results below
Test with IPv4 DNS record
ok (0.270s) using ipv4
Test with IPv6 DNS record
ok (0.228s) using ipv6
Test with Dual Stack DNS record
ok (0.220s) using ipv6
Test for Dual Stack DNS and large packet
ok (0.139s) using ipv6
Test IPv4 without DNS
ok (0.075s) using ipv4
Test IPv6 without DNS
ok (0.065s) using ipv6
Test IPv6 large packet
ok (0.177s) using ipv6
Test if your ISP's DNS server uses IPv6
ok (0.288s) using ipv6
I have several question. first i would like to know if the ip addresses that the computers are getting are static and unique to that system. is there any chance the ip address could change? i ask because id like to create a dns record ipv6.davisdarvish.com to point to a specific computer in my network and cant have the ipv6 address chaning.. also would it be trivial to setup such domain to be used in AD DS?
That depends how you're assigning your IP addresses. Since you didn't specify, I assume you're using SLAAC. If that's the case, your address is relatively static (as it's based on the MAC address of your device)
With that being said, you should still assign a static address to the device and use that entry externally.
AD DNS works perfectly fine with this (I use this internally) and will add multiple IPv6 addresses. If this is an enterprise deployment, you may want to disable privacy extensions as well.
thanks for your rapid reply. So i am using the native firmware of the linksys router to handle the tunnel connection to HE. Attached is a picture of the setup for the ipv6 tunnel on the router. in windows i just have the ipv6 checked in my network adapter settings and have everything else set to automatic... is that the same as having it use its mac id as part of the ipv6 address? is there a better way /more efficent / proper way of doing it?
i am a super noob and dont understand any of this ipv6 stuff so please be patient with me and refer me to resources that explain stuff to dumbasses like me.. at the end of the day i would like to make sure that i have enough ipv6 addresses to handle say 1000 devices and want the globally rout-able. also it took me 1 week to get ADDS up and running just using a local domain (electronet.local) .. any tutorial or tips on doing this for my domain name davisdarvish.com such that i can resolve computer1.electronet.davisdarvish.com and computer2.electronet.davisdarvish.com etc...
Quote from: ddarvish on October 23, 2012, 06:09:56 PMthanks for your rapid reply. So i am using the native firmware of the linksys router to handle the tunnel connection to HE. Attached is a picture of the setup for the ipv6 tunnel on the router.
As far as I can tell from your configuration, you are using SLAAC. But SLAAC can be used to assign different kinds of IPv6 addresses to devices, and a device can have multiple simultaneously.
So it is entirely possible that you have some devices with a static address, some devices with a dynamic address, and some that have both.
Addresses based on MAC addresses are easy to recognize as they have ff:fe right in the middle of the host portion. There is another nibble, which is always 2, 6, A, or E in such IPv6 addresses. For example the link local address in your screenshot is fe80::5
a6d:8f
ff:fe77:105f and is based on a MAC address as can be seen by the nibbles, I have highlighted. I have a test page on http://netiter.dk/test-ipv6, which will show you what your MAC address is, if your IPv6 address is based on a MAC address.
Addresses of that type will be static. If the address is not based on a MAC address, you cannot tell from the address alone, if it is static or dynamic.
Quote from: ddarvish on October 23, 2012, 06:09:56 PMin windows i just have the ipv6 checked in my network adapter settings and have everything else set to automatic... is that the same as having it use its mac id as part of the ipv6 address?
As far as I know Windows does not base IPv6 addresses on MAC addresses by default. I don't know if the addresses it uses are static or dynamic. If you want to make sure it is static, assign one manually.
As far as I know it is agreed practice that host portion from the range ::1 to ::ffff are used for manually assigned addresses. For example if you want to setup a webserver, you could assign 2001:470:d:3ce::80 to it. BTW you appear to be using a buggy firmware on your router, as if I traceroute that IPv6 address your router appears to be replying using the source address ::24.205.92.39. I am not sure why the tunnel server accepts that address though.
traceroute to 2001:470:d:3ce::80 (2001:470:d:3ce::80), 30 hops max, 80 byte packets
7 2001:470:0:21b::2 37.314 ms 37.400 ms 37.428 ms
8 2001:470:0:21e::1 51.499 ms 51.560 ms 51.555 ms
9 2001:470:0:128::1 121.199 ms 114.218 ms 114.264 ms
10 2001:470:0:10e::1 185.260 ms 185.326 ms 185.336 ms
11 2002:42dc:122a::1 186.409 ms 184.558 ms 187.094 ms
12 ::24.205.92.39 204.176 ms 204.252 ms 204.224 ms
Quote from: kasperd on October 24, 2012, 05:51:27 AM
Quote from: ddarvish on October 23, 2012, 06:09:56 PMthanks for your rapid reply. So i am using the native firmware of the linksys router to handle the tunnel connection to HE. Attached is a picture of the setup for the ipv6 tunnel on the router.
As far as I can tell from your configuration, you are using SLAAC. But SLAAC can be used to assign different kinds of IPv6 addresses to devices, and a device can have multiple simultaneously.
So it is entirely possible that you have some devices with a static address, some devices with a dynamic address, and some that have both.
Addresses based on MAC addresses are easy to recognize as they have ff:fe right in the middle of the host portion. There is another nibble, which is always 2, 6, A, or E in such IPv6 addresses. For example the link local address in your screenshot is fe80::5a6d:8fff:fe77:105f and is based on a MAC address as can be seen by the nibbles, I have highlighted. I have a test page on http://netiter.dk/test-ipv6, which will show you what your MAC address is, if your IPv6 address is based on a MAC address.
Addresses of that type will be static. If the address is not based on a MAC address, you cannot tell from the address alone, if it is static or dynamic.
Quote from: ddarvish on October 23, 2012, 06:09:56 PMin windows i just have the ipv6 checked in my network adapter settings and have everything else set to automatic... is that the same as having it use its mac id as part of the ipv6 address?
As far as I know Windows does not base IPv6 addresses on MAC addresses by default. I don't know if the addresses it uses are static or dynamic. If you want to make sure it is static, assign one manually.
As far as I know it is agreed practice that host portion from the range ::1 to ::ffff are used for manually assigned addresses. For example if you want to setup a webserver, you could assign 2001:470:d:3ce::80 to it. BTW you appear to be using a buggy firmware on your router, as if I traceroute that IPv6 address your router appears to be replying using the source address ::24.205.92.39. I am not sure why the tunnel server accepts that address though.
traceroute to 2001:470:d:3ce::80 (2001:470:d:3ce::80), 30 hops max, 80 byte packets
7 2001:470:0:21b::2 37.314 ms 37.400 ms 37.428 ms
8 2001:470:0:21e::1 51.499 ms 51.560 ms 51.555 ms
9 2001:470:0:128::1 121.199 ms 114.218 ms 114.264 ms
10 2001:470:0:10e::1 185.260 ms 185.326 ms 185.336 ms
11 2002:42dc:122a::1 186.409 ms 184.558 ms 187.094 ms
12 ::24.205.92.39 204.176 ms 204.252 ms 204.224 ms
not sure what you mean by it being buggy. i did make some changes since then so maybe i resolved whatever issue you think maybe be of problem. i also set as static ips the ones that SLAAC assigned to them originally. is that kosher? i am still not cool with the whole cidr notation etc or really subnets. in a \64 does that mean i have an additional 64bits for ip's? how many ip addresses does that translate to?
Quote from: ddarvish on November 25, 2012, 07:12:29 PMnot sure what you mean by it being buggy.
It's supposed to be using an IPv6 address as source address for the ICMP replies. It is probably not going to cause you major problems. Even if those ICMP replies would be rejected by some networks, I think it is only traceroute commands that would trigger them in the first place. (It would be a problem if it caused too-big messages to get lost and break PMTU discovery, but since it is on a hop going from a tunnel to a native link, the MTU should be increasing at that point and never need a too-big message.)
I only see that address, if I use a 6to4 address on my system for traceroute. If I use another IPv6 address, I can only traceroute as far as the tunnel server. Which means either your router treats 6to4 addresses differently, or the packets are filtered on the path back due to the invalid source address. Since the packets going back do take different routes, that is in fact very likely. When I am using 6to4, then the tunnel server is the only IPv6 hop on that path. It's tunnel all the way since it goes directly from 6in4 tunnel to 6to4 tunnel.
This is not something you need to worry much about. I just thought you should be aware that it is happening. You are not the only one with a router behaving like that. See http://www.tunnelbroker.net/forums/index.php?topic=2715.msg15891#msg15891
Quote from: ddarvish on November 25, 2012, 07:12:29 PMi did make some changes since then so maybe i resolved whatever issue you think maybe be of problem.
It is still the same. This is what traceroute looks using 6to4
7 10gigabitethernet2-2.core1.par2.he.net (2001:470:0:21b::2) 64.796 ms 40.033 ms 40.402 ms
8 10gigabitethernet6-2.core1.lon1.he.net (2001:470:0:21e::1) 40.392 ms 43.453 ms 43.006 ms
9 10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:128::1) 110.693 ms 115.680 ms 111.615 ms
10 10gigabitethernet5-3.core1.lax1.he.net (2001:470:0:10e::1) 185.955 ms 185.528 ms 192.738 ms
11 2002:42dc:122a::1 (2002:42dc:122a::1) 186.113 ms 189.006 ms 192.083 ms
12 97-90-152-129.static.mtpk.ca.charter.com (::97.90.152.129) 194.796 ms 201.444 ms 211.821 ms
13 97-90-152-129.static.mtpk.ca.charter.com (::97.90.152.129) 2098.576 ms !H 2098.527 ms !H 2096.333 ms !H
and this is what it looks like otherwise
4 10gigabitethernet2-2.core1.par2.he.net (2001:470:0:21b::2) 69.843 ms 70.496 ms 70.431 ms
5 10gigabitethernet6-2.core1.lon1.he.net (2001:470:0:21e::1) 74.511 ms 74.794 ms 74.790 ms
6 10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:128::1) 145.252 ms 132.408 ms 135.378 ms
7 10gigabitethernet5-3.core1.lax1.he.net (2001:470:0:10e::1) 189.262 ms 192.643 ms 181.738 ms
8 tserv1.lax1.he.net (2001:470:0:9d::2) 190.938 ms 188.156 ms 193.730 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
Quote from: ddarvish on November 25, 2012, 07:12:29 PMi also set as static ips the ones that SLAAC assigned to them originally. is that kosher?
It's unlikely to cause any problems.
If the SLAAC address is based on a MAC address, assigning the same IPv6 address statically shouldn't cause any problems. There are two ways it could break. Either because you get a new IPv6 prefix (by switching to a different tunnel server or to native IPv6) or because you swap out the Ethernet interface without updating the IPv6 address and then reuse the old Ethernet interface on a different computer on the same network segment. As long as you don't make any of those two changes to the network, you should be fine.
If the SLAAC address is randomly generated, then there is a minor risk that another host will generate the same address. In that case whoever gets the address first will keep it, and whoever comes next will need to find another address. But if the host where it was statically assigned came second, then it may not generate another address. With more than 60 bits of entropy in the randomly assigned addresses, this is a very unlikely scenario.
Quote from: ddarvish on November 25, 2012, 07:12:29 PMi am still not cool with the whole cidr notation etc or really subnets. in a \64 does that mean i have an additional 64bits for ip's? how many ip addresses does that translate to?
It is /64 and it indicates how many of the bits are assigned to the network part of the address. The remaining bits are used to address within that network.
For example you may have been assigned a prefix called 2001:db8:cfdf::/48. That means the network part is 48 bits. Since there are 128 bits in total that leaves 80 bits to address within your network. You can subdivide that /48 into /64 blocks. For example you could create networks 2001:db8:cfdf:1::/64 and 2001:db8:cfdf:2::/64 for different segments on your network.
SLAAC is designed to work with /64 segments. The intention was that everything gets subdivided until you have /64 for each segment. A /64 split the address exactly in half with 64 bits for addressing the network segment and 64 bits for addressing hosts on that segment.
A tunnel from HE by default gives you two /64 prefixes. One is intended for the link between your router and the tunnel server. Only two addresses are supposed to be used on that segment. The other /64 is intended to be routed through your router and be used on your LAN. This is sufficient to cover the needs of most users.