Date: Wed, 1 Jul 2015 16:24:37 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: kpneal@pobox.com Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: rc settings for ipv6 in 9.3? Message-ID: <CAN6yY1uVpo0krCiS5dGfnU7WgtQ9sFiiDE9y_Tg1JK0d3=K%2B=A@mail.gmail.com> In-Reply-To: <20150701151709.GB40789@neutralgood.org> References: <20150701002949.GA79350@neutralgood.org> <CAN6yY1uRY_6Q6TjcywwObb0aah3N7t7GFSnT8NtZ0YfLr3udnA@mail.gmail.com> <20150701151709.GB40789@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 1, 2015 at 8:17 AM, <kpneal@pobox.com> wrote: > On Tue, Jun 30, 2015 at 09:40:46PM -0700, Kevin Oberman wrote: > > On Tue, Jun 30, 2015 at 5:29 PM, <[1]kpneal@pobox.com> wrote: > > > > I just got a /56 block of ipv6 addresses today and I'm trying to > > figure > > out how to use it. > > Before I go rebooting my server I wanted to ask if the information > > in the > > handbook "[2]https://www.freebsd.org/doc/handbook/network-ipv6.htm= l > " > > is correct > > for 9.3-p14. > > I have a static address for my server and I've been given the stat= ic > > address of the router. So I should just be able to set (in my > > rc.conf) > > ifconfig_bce0_ipv6 and ipv6_defaultrouter, correct? > > Or do I really need these two lines from the handbook?: > > ifconfig_bce0_ipv6=3D"inet6 accept_rtadv" > > rtsold_enable=3D"YES" > > Also, can someone translate this statement from my provider for me= : > > "Note: [provider] is routing 2607:f758:2280::/56 to > > 2607:f758:2280::4/64" > > BTW, is the term "netmask" ever used in IPv6? I thought "prefixlen= " > > was > > the term and "netmask" was for v4 only? > > Thanks for any help! > > -- > > Kevin P. Neal=C3=82 =C3=82 =C3=82 =C3=82 =C3=82 =C3=82 =C3= =82 =C3=82 =C3=82 =C3=82 =C3=82 =C3=82 =C3=82 =C3=82 =C3=82 =C3=82 > > [3]http://www.pobox.com/~kpn/ > > > > No, If your system has a static address (and a server should have > one), > > you don't need SLAAC or Router Solicitation. You just need to set th= e > > address: > > =C3=82 ifconfig_bce0_ipv6=3D"inet6 2607:f758:2280::n/64" and > > ipv6_defaultrouter=3D"Router address". > > Excellent. Thanks! > > > I am unable to translate the statement from the provider with > > certainty. I am guessing that the /64 2607:f758:2280::/64=C3=82 is = used by > > their router with 2607:f758:2280::4 as the address on their > > router(s).=C3=82 The remainder of the /56 is yours but I could not = swear > to > > that. > > You will probably want more than one /64 for different purposes. Oth= er > > than externally accessible servers, you should put systems in a > > different /64 and spread them at random around that space if they ar= e > > statically addressed. (I don't recommend for or against statically > > addressing, though.) > > Wouldn't each /64 need a router, then? I've got most of the /56 to myself= , > but there's only one router address. So how can it work to use different > /64 subnets? > > Sorry, this is my first time playing with IPv6. I do appreciate your help= . > -- > Kevin P. Neal http://www.pobox.com/~kpn/ > > "A pig's gotta fly." - Crimson Pig > Each interface on an IPv6 capable router will get one or more IPv6 addresses. IPv6 mandates that any interface on a host or router may have many addresses. You will need an IPv6 capable router to do this. So you put a different /64 on(for several reasons, you really should stick to using /64s until/unless you have multiple routers. Prefixes longer than /64 have a lot of problems, though they theoretically can work. In practice, they don't. Also, you will need to adjust any firewalls to allow NDP (Neighbor Discovery Protocol) which replaces ARP for IPv6. This is usually the default, but not always.In general, IPv6 will just work aslong as your system can find the gateway/router and the gateway/router can find your system. Since your addresses are public, you do need a stateful firewall. With IPv4 and NAT, you get one automatically as NAT won't work without one. IPv6 does not have such a requirement. Almost all IPv6 capable CPE routers include a stateful firewall, but a few don't and ISPs generally don't provide this capability unless they also provide the customer edge hardware. If you really want to learn about IPv6, you might want to look at "IPv6 for IPv4 Experts" available in PDF from The Internet Society at http://www.internetsociety.org/deploy360/resources/ebook-ipv6-for-ipv4-expe= rts-available-in-english-and-russian/. It's really a book at around 700 pages. (It came out after I retired and I'll have to admit that I have only skimmed it, but it looked good and it's free!) -- Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1uVpo0krCiS5dGfnU7WgtQ9sFiiDE9y_Tg1JK0d3=K%2B=A>