• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Simple Routing Questions

Started by phxazcraig, February 12, 2011, 01:00:48 PM

Previous topic - Next topic

phxazcraig

I'm familiar (quite familiar) with routing and subnetting IPv4.   For some reason, I'm not quite able to get my head around IPv6, though I'm assuming it is exactly the same in concept.

Here's the situation.  I have a small home network, but one that is probably more complex than most, simply because I do computer consulting and have a lot of test servers and subnets.    I have multiple internal subnets on IPv4.   I'd like at least some of them to be dual-stack and route to the internet via my HE tunnel.

The HE tunnel runs on a single-NIC (virtualized) SLES 10 linux server.  It uses RADVD to publish addressing and routing on its subnet, and that is all working fine for Windows, NetWare and Linux clients.   It sits behind a home router that is IPv4 only.

Let's say I have just one additional internal subnet, available across a different server/router with multiple NIC's in it.

Do I need to have a /48 address allocation from HE to allow me to subnet internal hosts, or is there an (easy - for starters) way to internally subnet my network, and still have all IPv6 subnets access the Internet?  In the IPv4 world this is simple, because of NAT.   Not sure quite what to do with IPv6, though the /48 option seems straightforward enough.

Another question, completely different.  I'm having problems figuring out how to push IPv6 DNS addresses to my clients.   At first I thought to try DHCPv6, but that seems to be deprecated.  That led me to think that the equivalent was some sort of RDNSS line in my RADVD.CONF file, but I keep getting syntax errors trying to set that up.   Am I even on the right path here?   This is one of the simple-sounding questions that really has me wondering why I'm not finding simple-sounding answers out there!   I've used DHCP v4 options extensively, to give out default route, DNS, VOIP (Mitel, mostly) phone info, SLP DA, SLP Scope, etc, etc.  I just am not seeing where to do the equivalent with IPv6.


cholzhauer

yes, you need a /48.  you need to assign a /64 to every subnet you have (192.168.1.0, 192.168.2.0, ect)

as for dns, some implementations of radvd dont support it yet...or you just may need to upgrade.  check to see that you have the latest version available.  dhvpv6 is is depricated because all new versions of dhcp support both versions 4 and 6.  this means you can still use dhcp to assign dns servers if you wish

phxazcraig

OK, so go back to my Hurricane Electric tunnel config and request a /48 allocation, then change the prefix on my tunnel router, and ... cross fingers.

Thanks.

So used to .252, .240, etc subnet masks, it's still odd to think of a /48 with multiple /64's inside.

Not sure on the DHCP end.  I'm using Suse SLES 10.3 for that, as of last night.  (Migrated it from a NetWare server, which seemed unlikely to support IPv6).

On the DHCP DNS options, I simply add in some IPv6 addresses in addition to IPv4 addresses?

So far, things are working out well.  Wish Cox business cable would get going on their IPv6 in Phoenix.



cholzhauer

Quote
On the DHCP DNS options, I simply add in some IPv6 addresses in addition to IPv4 addresses

Depends on your implementation.  On the ones I've used, the daemon either works in v6 or v4 mode, not both. (I think)

jrocha

You can subnet a /64 out farther, but its generally recommended to have /64 as your longest prefix. SLAAC won't work for anything longer than /64.

For options such as DNS and NTP, you have three possible options (aside from static assignment), none of which are very mature at the moment. Stateful DHCPv6, handing out all the information from DHCP like DHCPv4 does, stateless DHCP + SLAAC, where DHCPv6 only passes out the DNS, etc information and doesn't keep track of anything else and basic information is gained via SLAAC, or RDNSS, where the RA contains the extra configuration information. Unfortunately, the first option is the most mature at the moment, I believe. RDNSS is the easiest, as it doesn't require DHCP at all, but support for it is very hit or miss at the moment.

phxazcraig

Quote from: cholzhauer on February 12, 2011, 02:29:48 PM
yes, you need a /48.  you need to assign a /64 to every subnet you have (192.168.1.0, 192.168.2.0, ect)

Just an FYI, in case there are other beginners looking at this thread and getting confused like I was.

I started with a /64 tunnel, but then added a /48.   I was quite confused for a day as to what changes to make, because I had both /64 and /48 addresses.  (Would be nice to be able to delete the now-unused /64, just to make things cleaner).  The example configuration still showed only the first /64 config.   When I converted my network commands to use the /48, I could ping from my tunnel host, but not from anywhere else in my network.  I had simply copied the /48 address over the previously-working /64 entries, and used /48 instead of /64.   

I was confused, until I finally thought through things in the same way as I would with IPv4.   Once I compared using a /48 to a 10.x.x.x/8 IPv4 network, things made sense to me.   

My analogy:
IPv4 - let's say you have a 10.x.x.x network.   It has a /8 (255.0.0.0) mask, so you have:
nnnn.hhhh.hhhh.hhhh, where n's = network bits and h's=host bits.   If you use a .8 mask on all your addressing, you can only have one huge network segment with a lot of hosts on it.   To have other segments, you need to subnet, such as with a /16 mask:
nnnn.nnnn.hhhh.hhhh - now you can have about 16,000 hosts per subnet, but you can set up 256 different subnets:
10.1.hhhh.hhhh, 10.2.hhhh.hhhh, .... 10.256.hhhh.hhhh

So far, so good.   My mistake when I got my /48 address was to tell the tunnel host to use the /48 prefix on the tunnel addressing.  This would be equivalent to putting 10.0.0.1/8 on a router interface and wondering why all the /16 subnets behind it didn't work.


All I needed to do was to use /64 prefixes everywhere, and not /48, or my routing would not work.

My /48 networking is:
nnnn:nnnn:nnnn:hhhh:hhhh:hhhh:hhhh:hhhh - now I need to 'subnet' with /64 so I can assign my own subnets.

nnnn:nnnn:nnnn:<put in my own nnnn here>:hhhh:hhhh:hhhh:hhhh

So on the tunnel endpoints, I used:
nnnn:nnnn:nnnn:0::1/64 and nnnn:nnnn:nnnn:0::2/64   (Here is where I first mistakenly used /48 and didn't put in that :0:)

On my eth0 interface, I used:
nnnn:nnnn:nnnn:1:hhhh:hhhh:hhhh:hhhh

My tunnel server is not my internet router, but it does have another ethernet adaptor, so I gave it an IPv6 address in another subnet:
nnnn:nnnn:nnnn:2:hhhh:hhhh:hhhh:hhhh

My RADVD.CONF file advertises the nnnn:nnnn:nnnn:1::/64 prefix for eth0