Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: simple DHCPv6 config with /56-Prefix (Walter H.)
----------------------------------------------------------------------
Message: 1
Date: Thu, 25 Aug 2022 19:04:28 +0200
From: "Walter H." <walte...@mathemainzel.info>
To: dhcp-users@lists.isc.org
Subject: Re: simple DHCPv6 config with /56-Prefix
Message-ID: <93ec8c7c-b459-76d0-824a-4e248686b...@mathemainzel.info>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 22.08.2022 20:34, Simon wrote:
> Adam Nielsen <a.niel...@shikadi.net> wrote:
>
>>> This is not true in the IPv6 world. All it needs is for a router to
>>> advertise that both prefixes are on-link and the hosts can
>>> communicate directly. This is one area where IPv6 is fundamentally
>>> different (better) than IPv4. For completeness, a router can
>>> advertise that a prefix is not on-link - meaning that communications
>>> between hosts in the same prefix must communicate via the gateway.
>>> This can be the case in some non-broadcast networks, or networks
>>> where device-device direct communications is blocked (e.g. for
>>> privacy/security in public WiFi).
>> Very interesting, I didn't know that, thanks for the explanation!
> There?s quite a bit different in IPv6 - it?s not just ?extra address bits?.
> The opportunity was taken to fix some of the limitations found with IPv4 -
> such as the assumption that devices have a single address, and there?s only
> one subnet on each network, and all hosts in a subnet have direct
> communication. Unfortunately, as many people don?t realise that those
> problems exist, it?s seen as making it overly complicated.
>
> I can recommend the free training available at
> https://ipv6.he.net/certification/ IMO Hurricane Electric have provided a
> great resource (including free IPv6 access via a tunnel over IPv4
> https://tunnelbroker.net/). If you complete the certification program, you
> get what my local LUG members decreed to be the geekiest tee shirt ever made
> :-) Even if you don?t finish it, it worth the effort for the early stages
> where it introduces various aspects in a staged manner.
yes, that IPv6 is different in more than just 3 bits from IPv4 is logic; but
back to me origin intention ...
my router has the following IPv4??? 172.16.0.1 with the subnetmask?? 255.255.0.0
and I configured the dhcp to hand out addresses within this part:??
172.16.127.1 ... 172.16.127.254
and of course the DHCP clients got the correct IP, subnetmask and default
gateway
now the question:?? Why do IPv6 clients have a prefix length of 128?
why can't I simple tell the DHCPv6 tell to hand out
/2001:db8:0:17f::1 ... //2001:db8:0:17f:ffff:ffff:ffff:ffff and that the
clients have the same
prefix length as the server itself?/
/I just want a little bit less chaos in the way that I structure the
adresses but not the segments it should be one large network;/
/e.g. with IPv4 I would give the mail servers IP addresses from this
part 172.16.253.1 ... 172.16.253.254/
/the proxy server a IP address from this part 172.16.128.1 ...
172.16.128.254/
/but all have the same subnet mask 255.255.0.0 and the same default
gateway 172.16.0.1/
/and this I would have in IPv6 too/
/the router should have /
/2001:db8:0:100::1/56/
/the mail servers addresses from 2001:db8:0:1e0::1 ...
//2001:db8:0:1e0:ffff:ffff:ffff:ffff/
/the proxy server an address from / /2001:db8:0:180::1 ...
//2001:db8:0:180:ffff:ffff:ffff:ffff/
and would have the /56 as prefix length as one big network;
no splitting in /57, /58, ... or /64 ...
on the firewall e.g. I would block outbound ports 25, 465 or 587 to
2001:db8:0:180::/64
because the proxy mustn't send mails; but it would be allowed for ports 80 or
443
on the other side I would allow outbound ports 25, 465 or 587 only to
2001:db8:0:1e0::/64
because the mail servers are the only that should send mails;
and the DHCP clients I would give a different profile;
but the DHCPv6 clients don't get /56 as prefixlength, they get /128, why?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20220825/ca992e13/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3550 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20220825/ca992e13/attachment-0001.bin>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 166, Issue 11
*******************************************
