Greetings, Native IPv6 on dual stack IPv4/IPv6 is becoming common offerings for ISPs today, while my COX Business Internet was one of the last to do so, I have had "Static IPv4 / DHCPv6" working for a few weeks.
This note is a request for comments on how integrators and power users deploy IPv6 service to their customers, or would like to be able to. First, David Kerr and myself have been working on polishing more IPv6 features in AstLinux, some made possible with the kernel bump to Linux 3.16. I created and David prompted edits to this WiKi documentation (please read) ... IPv6 ULA / NPTv6 Configuration https://doc.astlinux-project.org/userdoc:tt_ipv6_ula_nptv6_config Acronym reference: -- Global Unicast Addresses (GUA) Unique Local Addresses (ULA) Network Prefix Translation (NPTv6) -- The curent SVN checkout of AstLinux allows a user to specify an interface to advertise both GUA and ULA prefixes, GUA only or ULA only prefixes, or no routable IPv6. Personally, I have configured only one interface with both GUA and ULA prefixes and all the other interfaces are either ULA or no routable IPv6. Downstream I have several AstLinux boxes all configured with ULA addresses and prefixes. OpenVPN Server has a ULA network. So far I'm quite happy with this approach. Every ULA in my network can reach the internet via NPTv6 using the new "net-prefix-translation" plugin. If/when DHCPv6 offers a different GUA prefix, the edge firewall rules update instantly and the ULA's continue to work like nothing happened. GUA or ULA ? The hidden secret is the priority a client uses to connect to a server, (RFC 6724), I did some testing and a common order by network stacks is, (top to bottom) -- IPv6 GUA IPv4 IPv6 ULA -- So a ULA gives IPv6 connectivity when an AAAA record is resolved, but sill prefers IPv4. iOS mostly works this way. (some newer browsers try to find the shortest paths and pick IPv4/IPv6 that way) My CentOS development VM previously had a GUA and IPv4, so wget preferred IPv6. But, IPv6 is not always better, for an Asterisk download it takes 10x longer to download a source tarball using IPv6 vs. IPv4, (not new, been that way for years). My CentOS development VM now has a ULA and IPv4 so wget prefers IPv4, but will use IPv6 if a AAAA DNS record is returned. Another thought, the FireHOL blocklists have proven to be a valuable tool, but the IPv6 blocklists are not near as developed as IPv4 lists are. Inbound EXT->LAN firewall forward rules can be static with ULA's. So, if you have a IPv4-only customer and they want to add IPv6 connectivity, minimizing GUA subnets and providing ULA subnets wherever they want IPv6 connectivity may be a good approach. The latest development AstLinux can do that. Please pass on your insights. Lonnie ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
