Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: ddarvish on October 23, 2012, 02:36:47 PM

Title: IPv6 assigned addresses
Post by: ddarvish on October 23, 2012, 02:36:47 PM
 Sorry for being a super duper noob. I have gotten as far as setting up my tunnel with my linksys e4200 router and all computers are getting ipv6 addresses and are able to browse site like http://ipv6.google.com or http://[2607:f8b0:4007:801::1011]  and have the site work.. in addition i have ran the test ipv6 and passed with results below


Test with IPv4 DNS record       
ok (0.270s) using ipv4
Test with IPv6 DNS record       
ok (0.228s) using ipv6
Test with Dual Stack DNS record       
ok (0.220s) using ipv6
Test for Dual Stack DNS and large packet       
ok (0.139s) using ipv6
Test IPv4 without DNS       
ok (0.075s) using ipv4
Test IPv6 without DNS       
ok (0.065s) using ipv6
Test IPv6 large packet       
ok (0.177s) using ipv6
Test if your ISP's DNS server uses IPv6       
ok (0.288s) using ipv6



I have several question. first i would like to know if the ip addresses that the computers are getting are static and unique to that system. is there any chance the ip address could change? i ask because id like to create a dns record ipv6.davisdarvish.com to point to a specific computer in my network and cant have the ipv6 address chaning.. also would it be trivial to setup such domain to be used in AD DS?
Title: Re: IPv6 assigned addresses
Post by: cholzhauer on October 23, 2012, 04:42:51 PM
That depends how you're assigning your IP addresses.  Since you didn't specify, I assume you're using SLAAC.  If that's the case, your address is relatively static (as it's based on the MAC address of your device)

With that being said, you should still assign a static address to the device and use that entry externally.

AD DNS works perfectly fine with this (I use this internally) and will add multiple IPv6 addresses.  If this is an enterprise deployment, you may want to disable privacy extensions as well.
Title: Re: IPv6 assigned addresses
Post by: ddarvish on October 23, 2012, 06:09:56 PM
thanks for your rapid reply. So i am using the native firmware of the linksys router to handle the tunnel connection to HE. Attached is a picture of the setup for the ipv6 tunnel on the router. in windows i just have the ipv6  checked in my network adapter settings and have everything else set to automatic...  is that the same as having it use its mac id as part of the ipv6 address? is there a better way /more efficent / proper way of doing it?


i am a super noob and dont understand any of this ipv6 stuff so please be patient with me and refer me to resources that explain stuff to dumbasses like me.. at the end of the day i would like to make sure that i have enough ipv6 addresses to handle say 1000 devices and want the globally rout-able. also it took me 1 week to get ADDS up and running just using a local domain (electronet.local) .. any tutorial or tips on doing this for my domain name davisdarvish.com such that i can resolve computer1.electronet.davisdarvish.com and computer2.electronet.davisdarvish.com etc... 

Title: Re: IPv6 assigned addresses
Post by: kasperd on October 24, 2012, 05:51:27 AM
Quote from: ddarvish on October 23, 2012, 06:09:56 PMthanks for your rapid reply. So i am using the native firmware of the linksys router to handle the tunnel connection to HE. Attached is a picture of the setup for the ipv6 tunnel on the router.
As far as I can tell from your configuration, you are using SLAAC. But SLAAC can be used to assign different kinds of IPv6 addresses to devices, and a device can have multiple simultaneously.

So it is entirely possible that you have some devices with a static address, some devices with a dynamic address, and some that have both.

Addresses based on MAC addresses are easy to recognize as they have ff:fe right in the middle of the host portion. There is another nibble, which is always 2, 6, A, or E in such IPv6 addresses. For example the link local address in your screenshot is fe80::5a6d:8fff:fe77:105f and is based on a MAC address as can be seen by the nibbles, I have highlighted. I have a test page on http://netiter.dk/test-ipv6, which will show you what your MAC address is, if your IPv6 address is based on a MAC address.

Addresses of that type will be static. If the address is not based on a MAC address, you cannot tell from the address alone, if it is static or dynamic.

Quote from: ddarvish on October 23, 2012, 06:09:56 PMin windows i just have the ipv6  checked in my network adapter settings and have everything else set to automatic...  is that the same as having it use its mac id as part of the ipv6 address?
As far as I know Windows does not base IPv6 addresses on MAC addresses by default. I don't know if the addresses it uses are static or dynamic. If you want to make sure it is static, assign one manually.

As far as I know it is agreed practice that host portion from the range ::1 to ::ffff are used for manually assigned addresses. For example if you want to setup a webserver, you could assign 2001:470:d:3ce::80 to it. BTW you appear to be using a buggy firmware on your router, as if I traceroute that IPv6 address your router appears to be replying using the source address ::24.205.92.39. I am not sure why the tunnel server accepts that address though.

traceroute to 2001:470:d:3ce::80 (2001:470:d:3ce::80), 30 hops max, 80 byte packets
7  2001:470:0:21b::2  37.314 ms  37.400 ms  37.428 ms
8  2001:470:0:21e::1  51.499 ms  51.560 ms  51.555 ms
9  2001:470:0:128::1  121.199 ms  114.218 ms  114.264 ms
10  2001:470:0:10e::1  185.260 ms  185.326 ms  185.336 ms
11  2002:42dc:122a::1  186.409 ms  184.558 ms  187.094 ms
12  ::24.205.92.39  204.176 ms  204.252 ms  204.224 ms
Title: Re: IPv6 assigned addresses
Post by: ddarvish on November 25, 2012, 07:12:29 PM
Quote from: kasperd on October 24, 2012, 05:51:27 AM
Quote from: ddarvish on October 23, 2012, 06:09:56 PMthanks for your rapid reply. So i am using the native firmware of the linksys router to handle the tunnel connection to HE. Attached is a picture of the setup for the ipv6 tunnel on the router.
As far as I can tell from your configuration, you are using SLAAC. But SLAAC can be used to assign different kinds of IPv6 addresses to devices, and a device can have multiple simultaneously.

So it is entirely possible that you have some devices with a static address, some devices with a dynamic address, and some that have both.

Addresses based on MAC addresses are easy to recognize as they have ff:fe right in the middle of the host portion. There is another nibble, which is always 2, 6, A, or E in such IPv6 addresses. For example the link local address in your screenshot is fe80::5a6d:8fff:fe77:105f and is based on a MAC address as can be seen by the nibbles, I have highlighted. I have a test page on http://netiter.dk/test-ipv6, which will show you what your MAC address is, if your IPv6 address is based on a MAC address.

Addresses of that type will be static. If the address is not based on a MAC address, you cannot tell from the address alone, if it is static or dynamic.

Quote from: ddarvish on October 23, 2012, 06:09:56 PMin windows i just have the ipv6  checked in my network adapter settings and have everything else set to automatic...  is that the same as having it use its mac id as part of the ipv6 address?
As far as I know Windows does not base IPv6 addresses on MAC addresses by default. I don't know if the addresses it uses are static or dynamic. If you want to make sure it is static, assign one manually.

As far as I know it is agreed practice that host portion from the range ::1 to ::ffff are used for manually assigned addresses. For example if you want to setup a webserver, you could assign 2001:470:d:3ce::80 to it. BTW you appear to be using a buggy firmware on your router, as if I traceroute that IPv6 address your router appears to be replying using the source address ::24.205.92.39. I am not sure why the tunnel server accepts that address though.

traceroute to 2001:470:d:3ce::80 (2001:470:d:3ce::80), 30 hops max, 80 byte packets
7  2001:470:0:21b::2  37.314 ms  37.400 ms  37.428 ms
8  2001:470:0:21e::1  51.499 ms  51.560 ms  51.555 ms
9  2001:470:0:128::1  121.199 ms  114.218 ms  114.264 ms
10  2001:470:0:10e::1  185.260 ms  185.326 ms  185.336 ms
11  2002:42dc:122a::1  186.409 ms  184.558 ms  187.094 ms
12  ::24.205.92.39  204.176 ms  204.252 ms  204.224 ms



not sure what you mean by it being buggy. i did make some changes since then so maybe i resolved whatever issue you think maybe be of problem. i also set as static ips the ones that SLAAC assigned to them originally. is that kosher? i am still not cool with the whole cidr notation etc or really subnets. in a \64 does that mean i have an additional 64bits for ip's? how many ip addresses does that translate to?
Title: Re: IPv6 assigned addresses
Post by: kasperd on November 26, 2012, 02:31:15 AM
Quote from: ddarvish on November 25, 2012, 07:12:29 PMnot sure what you mean by it being buggy.
It's supposed to be using an IPv6 address as source address for the ICMP replies. It is probably not going to cause you major problems. Even if those ICMP replies would be rejected by some networks, I think it is only traceroute commands that would trigger them in the first place. (It would be a problem if it caused too-big messages to get lost and break PMTU discovery, but since it is on a hop going from a tunnel to a native link, the MTU should be increasing at that point and never need a too-big message.)

I only see that address, if I use a 6to4 address on my system for traceroute. If I use another IPv6 address, I can only traceroute as far as the tunnel server. Which means either your router treats 6to4 addresses differently, or the packets are filtered on the path back due to the invalid source address. Since the packets going back do take different routes, that is in fact very likely. When I am using 6to4, then the tunnel server is the only IPv6 hop on that path. It's tunnel all the way since it goes directly from 6in4 tunnel to 6to4 tunnel.

This is not something you need to worry much about. I just thought you should be aware that it is happening. You are not the only one with a router behaving like that. See http://www.tunnelbroker.net/forums/index.php?topic=2715.msg15891#msg15891

Quote from: ddarvish on November 25, 2012, 07:12:29 PMi did make some changes since then so maybe i resolved whatever issue you think maybe be of problem.
It is still the same. This is what traceroute looks using 6to4 7  10gigabitethernet2-2.core1.par2.he.net (2001:470:0:21b::2)  64.796 ms  40.033 ms  40.402 ms
8  10gigabitethernet6-2.core1.lon1.he.net (2001:470:0:21e::1)  40.392 ms  43.453 ms  43.006 ms
9  10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:128::1)  110.693 ms  115.680 ms  111.615 ms
10  10gigabitethernet5-3.core1.lax1.he.net (2001:470:0:10e::1)  185.955 ms  185.528 ms  192.738 ms
11  2002:42dc:122a::1 (2002:42dc:122a::1)  186.113 ms  189.006 ms  192.083 ms
12  97-90-152-129.static.mtpk.ca.charter.com (::97.90.152.129)  194.796 ms  201.444 ms  211.821 ms
13  97-90-152-129.static.mtpk.ca.charter.com (::97.90.152.129)  2098.576 ms !H  2098.527 ms !H  2096.333 ms !H
and this is what it looks like otherwise 4  10gigabitethernet2-2.core1.par2.he.net (2001:470:0:21b::2)  69.843 ms  70.496 ms  70.431 ms
5  10gigabitethernet6-2.core1.lon1.he.net (2001:470:0:21e::1)  74.511 ms  74.794 ms  74.790 ms
6  10gigabitethernet7-4.core1.nyc4.he.net (2001:470:0:128::1)  145.252 ms  132.408 ms  135.378 ms
7  10gigabitethernet5-3.core1.lax1.he.net (2001:470:0:10e::1)  189.262 ms  192.643 ms  181.738 ms
8  tserv1.lax1.he.net (2001:470:0:9d::2)  190.938 ms  188.156 ms  193.730 ms
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *


Quote from: ddarvish on November 25, 2012, 07:12:29 PMi also set as static ips the ones that SLAAC assigned to them originally. is that kosher?
It's unlikely to cause any problems.

If the SLAAC address is based on a MAC address, assigning the same IPv6 address statically shouldn't cause any problems. There are two ways it could break. Either because you get a new IPv6 prefix (by switching to a different tunnel server or to native IPv6) or because you swap out the Ethernet interface without updating the IPv6 address and then reuse the old Ethernet interface on a different computer on the same network segment. As long as you don't make any of those two changes to the network, you should be fine.

If the SLAAC address is randomly generated, then there is a minor risk that another host will generate the same address. In that case whoever gets the address first will keep it, and whoever comes next will need to find another address. But if the host where it was statically assigned came second, then it may not generate another address. With more than 60 bits of entropy in the randomly assigned addresses, this is a very unlikely scenario.

Quote from: ddarvish on November 25, 2012, 07:12:29 PMi am still not cool with the whole cidr notation etc or really subnets. in a \64 does that mean i have an additional 64bits for ip's? how many ip addresses does that translate to?
It is /64 and it indicates how many of the bits are assigned to the network part of the address. The remaining bits are used to address within that network.

For example you may have been assigned a prefix called 2001:db8:cfdf::/48. That means the network part is 48 bits. Since there are 128 bits in total that leaves 80 bits to address within your network. You can subdivide that /48 into /64 blocks. For example you could create networks 2001:db8:cfdf:1::/64 and 2001:db8:cfdf:2::/64 for different segments on your network.

SLAAC is designed to work with /64 segments. The intention was that everything gets subdivided until you have /64 for each segment. A /64 split the address exactly in half with 64 bits for addressing the network segment and 64 bits for addressing hosts on that segment.

A tunnel from HE by default gives you two /64 prefixes. One is intended for the link between your router and the tunnel server. Only two addresses are supposed to be used on that segment. The other /64 is intended to be routed through your router and be used on your LAN. This is sufficient to cover the needs of most users.