• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Local network administrator's test

Started by bertofurth, February 22, 2025, 03:46:47 AM

Previous topic - Next topic

bertofurth

I have an idea for an IPv6 network administrator's test.

First the test taker has to specify a /64 prefix that they have control of. Next the test asks the student to configure a host with a static IPv6 address on that network with a specified randomly generated host portion (maybe the first 64 bits of the md5sum of their username so it's constant) The network administrator then has to make sure that they configure their firewall and so forth so that he.net can ping that IPv6 address.

Next, the student must configure a new AAAA record corresponding to the host that was just pinged and he.net will try to resolve that. (After all, they must control a domain if they've passed the other IPv6 tests right?)

Next, a tcp service (any service...telnet, ftp, web, etc) needs to be configured on a random high port number on the host. Even something like "nc" to create a simple service on linux, for example to create a service on tcp port 9999....

while (true) do nc -6 -l 9999; done


Configure the firewall so that he.net can establish a tcp connection (and then disconnect) to confirm that the port is reachable on the host.

Finally have the user reconfigure the firewall so that the host can NOT be pinged (i.e. block ICMPv6 or ICMPv6 echo) but the TCP service must still be reachable. This will prove that the student has basic IPv6 firewall configuration skills and they they haven't just disconnected the host from the network!

Maybe then ask some questions about their local IPv6 network setup such as whether their network only uses SLAAC for address configuration and/or DHCPv6. Ask some questions about the M flag and O flag in the IPv6 RA and how they affect how hosts get configured.

Anyway, just some food for thought. I had a lot of fun setting up the mail server and web service in the other tests and having he.net verify them.

Thanks he.net!