Adding to Lonnie's notes... Right now (current SVN builds) configuring
static or auto-configured ULA's for the internal interfaces is somewhat
complicated. True it is probably a one-time-thing but I have been working
to simplify the process such that it can be truly automatic and can be done
without requiring any knowledge of IPv6.
That said... Lonnie and I are very interested in thoughts and suggestions
on IPv6 configuration. Its new and we are just getting our heads around it
ourselves now. If anyone is familiar with IPv6 please weigh in on your
experience configuring it (particularly ULA's) and suggestions.
David
On Sun, Jun 4, 2017 at 7:22 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com>
wrote:
> Greetings,
>
> Native IPv6 on dual stack IPv4/IPv6 is becoming common offerings for ISPs
> today, while my COX Business Internet was one of the last to do so, I have
> had "Static IPv4 / DHCPv6" working for a few weeks.
>
> This note is a request for comments on how integrators and power users
> deploy IPv6 service to their customers, or would like to be able to.
>
> First, David Kerr and myself have been working on polishing more IPv6
> features in AstLinux, some made possible with the kernel bump to Linux 3.16.
>
> I created and David prompted edits to this WiKi documentation (please
> read) ...
>
> IPv6 ULA / NPTv6 Configuration
> https://doc.astlinux-project.org/userdoc:tt_ipv6_ula_nptv6_config
>
> Acronym reference:
> --
> Global Unicast Addresses (GUA)
> Unique Local Addresses (ULA)
> Network Prefix Translation (NPTv6)
> --
>
> The curent SVN checkout of AstLinux allows a user to specify an interface
> to advertise both GUA and ULA prefixes, GUA only or ULA only prefixes, or
> no routable IPv6.
>
> Personally, I have configured only one interface with both GUA and ULA
> prefixes and all the other interfaces are either ULA or no routable IPv6.
> Downstream I have several AstLinux boxes all configured with ULA addresses
> and prefixes. OpenVPN Server has a ULA network. So far I'm quite happy
> with this approach.
>
> Every ULA in my network can reach the internet via NPTv6 using the new
> "net-prefix-translation" plugin. If/when DHCPv6 offers a different GUA
> prefix, the edge firewall rules update instantly and the ULA's continue to
> work like nothing happened.
>
> GUA or ULA ? The hidden secret is the priority a client uses to connect
> to a server, (RFC 6724), I did some testing and a common order by network
> stacks is, (top to bottom)
> --
> IPv6 GUA
> IPv4
> IPv6 ULA
> --
> So a ULA gives IPv6 connectivity when an AAAA record is resolved, but sill
> prefers IPv4. iOS mostly works this way.
> (some newer browsers try to find the shortest paths and pick IPv4/IPv6
> that way)
>
> My CentOS development VM previously had a GUA and IPv4, so wget preferred
> IPv6. But, IPv6 is not always better, for an Asterisk download it takes
> 10x longer to download a source tarball using IPv6 vs. IPv4, (not new, been
> that way for years). My CentOS development VM now has a ULA and IPv4 so
> wget prefers IPv4, but will use IPv6 if a AAAA DNS record is returned.
>
> Another thought, the FireHOL blocklists have proven to be a valuable tool,
> but the IPv6 blocklists are not near as developed as IPv4 lists are.
>
> Inbound EXT->LAN firewall forward rules can be static with ULA's.
>
> So, if you have a IPv4-only customer and they want to add IPv6
> connectivity, minimizing GUA subnets and providing ULA subnets wherever
> they want IPv6 connectivity may be a good approach. The latest development
> AstLinux can do that.
>
> Please pass on your insights.
>
> Lonnie
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
