[Bradford] IPv6

[Devo Too]

On 08/05/2019 20:41, Devo Too via Bradford wrote:
> On 08/05/2019 20:09, David Spencer via Bradford wrote:
>> On Tue, 7 May 2019, 18:07 Devo Too via Bradford, 
>> <bradford at mailman.lug.org.uk <mailto:bradford at mailman.lug.org.uk>> wrote:
>>
>>     Hi Folks,
>>
>>     I'm moving slowly into 21st century IT. Am I correct in thinking this
>>     'fe80::207:cbff:fe04:3b5' is the IPv6 address of a server, with 
>> the /64
>>     giving the subnet?
>>
>>        inet6 fe80::207:cbff:fe04:3b5/64 scope link
>>              valid_lft forever preferred_lft forever
>>
>>     It's from the eth0 output of the command 'ip -6 addr show'
>>
>>     Thanks,
>>
>>     Mike
>>
>>     --     Bradford mailing list
>>     Bradford at mailman.lug.org.uk <mailto:Bradford at mailman.lug.org.uk>
>>     https://mailman.lug.org.uk/mailman/listinfo/bradford
>>
>>
>> Hi Mike,
>>
>> It's the *link local* address of the *interface* on the server. Link 
>> local addresses are bugger all use, they're mostly used to bootstrap 
>> real addresses.
>>
>> In more detail -- anything that starts 'fe80' is a 'link local' 
>> address, not a proper ipv6 address. It's the ipv6 equivalent of those 
>> awful 169.254 ipv4 addresses you get in lonely un-networked printers 
>> or windows boxes. In the world of ipv6 every interface that's up will 
>> have a unique fe80 address based on the mac address. But to do 
>> anything useful you'll need an upstream connection of some sort, which 
>> will end up giving the interface one or more additional proper global 
>> routeable addresses. Proper global routeable addresses start with 2 :)
>>
>> There are multiple ways of getting a proper globally routeable 
>> address, the easiest and most common is to have your interface get it 
>> from the upstream router.
>>
>> This needs
>>   (1) the router to have an ipv6 address, and
>>   (2) the router to have Router Advertisements enabled, and
>>   (3) the interface to be plugged in and to have stateless 
>> autoconfiguration (SLAAC) enabled.
>>
>> About 1, BT and Sky dish out ipv6 ranges ("prefixes") to customer 
>> routers, so long as the router is up to the job. If your ISP doesn't 
>> do ipv6 you will have to work round them by setting up a free tunnel, 
>> or vpn, or wait for them to get with the programme (Virgin) or give up 
>> and dump the tossers (Talktalk).
>>
>> About 2, this is almost certainly enabled by default if the router is 
>> ipv6 aware.
>>
>> About 3, this is enabled on pretty much every Linux distro. SLAAC 
>> works a bit like DHCP but better (dhcpv6 is a thing too, but is quite 
>> different to dhcp, and is mostly poo and not used). You can see it 
>> happening (or not happening) in 'dmesg' when interfaces come up.
>>
>> "/64" tells the network stack how much of the address is in the local 
>> subnet, and therefore what's on the lan or the wan when you talk to 
>> another address. This works just like ipv4 subnetting, but the 
>> notation is used more ubiquitously so that you'll never need to see 
>> the equivalent of the ipv4 .255.255 netmask bollocks. Commonly your 
>> ISP actually gives you a /56 prefix, and so you will theoretically 
>> have 256 /64 networks of 18,446,744,073,709,551,616 hosts each to play 
>> with, but your typical domestic router will just use the first /64 
>> network in the range and ignore the rest. Nobody ever subdivides a /64 
>> network.
>>
>> There are other setups (tunnels, ULA addresses) but you don't want to 
>> get into all that unless there's some reason why you can't have a bog 
>> standard ISP-and-router setup.
>>
>> Lots of good writeups out there describe things like link-local 
>> addresses and slaac and router advertisements in more detail, but of 
>> course you can't look them up until you know the right terminology, so 
>> hopefully I've just provided that :) ... Wikipedia is generally ok on 
>> these topics.
>>
>> Cheers
>> -D.
> 
> Thanks David. After trying for some time to find answers which made 
> sense to me, without implying I didn't find any, just that I couldn't 
> make sense of any, I entered that link local address into the name 
> servers on Bytemark to point to my new piece of very cheap old iron on 
> Oneprovider, who don't offer any kind of DNS service so I'm on my own 
> here. Anyway, I was trying to create an account with eff.org so I could 
> get LetsEncrypt certs. It worked!
> 
> But it seems you're telling me anyone trying to connect to any of the 
> sites, once configured, using IPv6 may or may not be able to connect.
> 
> They gave me an IPv4 address at handover but I've had to go digging, 
> without success, for an IPv6. By the sounds of it, Oneprovider probably 
> only dish them out to their "cloud" clients or those who have had the 
> old iron since it was new iron so already had it when they started to be 
> flogged off very cheaply.
> 
> Looks like more reading on screen to be done. Not doing my eyes any good 
> at all! First, though, I'll look up the dmesg command to see if it can 
> give me anything more explicit than a link local address.
> 
> Cheers,
> 
> Mike

Hi All,

David, here's the essence of a reply to a ticket I raised on the issue:

> we can provide an IPv6 range, however it is not yet fully supported and thus can only be assigned via DHCPv6 delegation software. Please note that you will not be able to update any rDNS. If you can work with that, please let us know and we will assign you a range.

If I say "yes please" to a range, what do I do with it? Do you fancy 
explaining to all of us on Tuesday evening?

For anyone else who's interested, this outfit is offering a full server, 
albeit in Amsterdam, for what works out in UK£ @ £7 per month. I'm 
thinking of taking on another to act as vpn server, dns server and any 
other services which may be needed. It should be easy enough to sort one 
of them out as two or three VMs to isolate the functions.

Cheers,

Mike