IPv4 v IPv6

classic Classic list List threaded Threaded
67 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

IPv4 v IPv6

mick crane
hello,
I know nothing about IPv6.
Can somebody point to a good explanation ?
Without knowing anything about it I'm wondering if I should request an
IPv6 range from my ISP to use locally.
A network card have IPv4 and IPv6 addresses that are different, not the
same address in different notation ?
Then with firewalling do you need to specify both IPv4 and IPv6 ranges ?

mick

--
Key ID    4BFEBB31

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

tomas@tuxteam.de
On Mon, Jun 17, 2019 at 10:05:11AM +0100, mick crane wrote:
> hello,
> I know nothing about IPv6.
> Can somebody point to a good explanation ?

I'd recommend skimming the relevant Wikipedia [1] page.

Cheers

[1] https://en.wikipedia.org/wiki/IPv6

-- t

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Jonathan Dowland
In reply to this post by mick crane
On Mon, Jun 17, 2019 at 10:05:11AM +0100, mick crane wrote:
>Without knowing anything about it I'm wondering if I should request an
>IPv6 range from my ISP to use locally.

You don't need a global IPv6 address allocation in order to have local
IPv6 addresses. Much like 127.0.0.0/8 (etc.) for IPv4 there are reserved
ranges.

If you want to have globally-accessible IPv6 addresses for machine(s)
in your home, then you would need to request a range from your ISP (if
they aren't already assigning you one). But I would start with learning
a bit more about it first, and experimenting in the local range if that
helps.

>A network card have IPv4 and IPv6 addresses that are different, not
>the same address in different notation ?

That's right.

>Then with firewalling do you need to specify both IPv4 and IPv6 ranges ?

Yes, generally, anywhere you may have specified an IPv4 address or range
you would need to rethink or add IPv6 equivalents.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Aidan Gauland-5
In reply to this post by tomas@tuxteam.de
On 17/06/19 9:09 PM, [hidden email] wrote:
> On Mon, Jun 17, 2019 at 10:05:11AM +0100, mick crane wrote:
>> hello,
>> I know nothing about IPv6.
>> Can somebody point to a good explanation ?
> I'd recommend skimming the relevant Wikipedia [1] page.
>
> Cheers
>
> [1] https://en.wikipedia.org/wiki/IPv6
I don't entirely agree that's a good introduction for someone without
any background knowledge in TCP/IP, but certainly a good resource when
one has some of the basics already.

To answer OP's questions,
> Without knowing anything about it I'm wondering if I should request an
> IPv6 range from my ISP to use locally.
Given that you do not already have a reason to do so, I would say not.
> A network card have IPv4 and IPv6 addresses that are different, not
> the same address in different notation?
A network card (also called an interface) can have both, and they are
not the same address.  IPv4 and IPv6 are two different network stacks,
with different addressing, routing, etc.
> Then with firewalling do you need to specify both IPv4 and IPv6 ranges?
Yes, for the same reason as above.

Sadly, most of the world is still on IPv4, so until IPv6 is deployed
across the majority of the Internet, then if you're not a large entity,
there's not much reason to use IPv6 other than playing around.

Here's a gentler introduction to IPv6 that might also help:
http://www.steves-internet-guide.com/ipv6-guide/

Regards,
Aidan Gauland

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Gene Heskett-4
In reply to this post by Jonathan Dowland
On Monday 17 June 2019 05:59:52 am Jonathan Dowland wrote:

> On Mon, Jun 17, 2019 at 10:05:11AM +0100, mick crane wrote:
> >Without knowing anything about it I'm wondering if I should request
> > an IPv6 range from my ISP to use locally.
>
> You don't need a global IPv6 address allocation in order to have local
> IPv6 addresses. Much like 127.0.0.0/8 (etc.) for IPv4 there are
> reserved ranges.
>
> If you want to have globally-accessible IPv6 addresses for machine(s)
> in your home, then you would need to request a range from your ISP (if
> they aren't already assigning you one). But I would start with
> learning a bit more about it first, and experimenting in the local
> range if that helps.
>
> >A network card have IPv4 and IPv6 addresses that are different, not
> >the same address in different notation ?
>
> That's right.
>
> >Then with firewalling do you need to specify both IPv4 and IPv6
> > ranges ?
>
> Yes, generally, anywhere you may have specified an IPv4 address or
> range you would need to rethink or add IPv6 equivalents.

But that opens yet another container of worms. If I arbitrarily assign
ipv6 local addresses, and later, ipv6 shows up at my side of the router,
what if I have an address clash with someone on a satellite circuit in
Ulan Bator.  How is that resolved, by unroutable address blocks such as
192.168.xx.xx is now?

What I've read so far has not addressed this serious security concern. Or
even mentioned it.  If in the future all addressing is by dhcpd6, how do
the other machines on my local net, advertise their presence to the
other machines on my local net. So I can still ssh -Y vna.coyote.den for
instance, if I can ever make ssh work to a win-10-home edition box.  
Thats a rarely used hookup at best. Presently the hosts file duplicated
on all machines fill's this requirement.

These are the questions I'll need to address if and when ipv6 shows up on
my side of the router.  And the wiki pages I've read, haven't discussed
it.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Dan Ritter-4
Gene Heskett wrote:
> But that opens yet another container of worms. If I arbitrarily assign
> ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> what if I have an address clash with someone on a satellite circuit in
> Ulan Bator.  How is that resolved, by unroutable address blocks such as
> 192.168.xx.xx is now?

Sort of.

IPv6 has a concept of "scope" that says: this address space is
purely local. This address space is global. This address space
is for a link.

If you fire up 'ip -6 address' on a stock Debian machine with
IPv6 enabled (which is the default these days), you will see
something like this:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen
1000
        inet6 2001:570:1c07:ff7:d63d:7eff:fe93:e318/64 scope
global
       valid_lft forever preferred_lft forever
    inet6 fe80::a2d3:c1ff:ce24:b122/64 scope link
       valid_lft forever preferred_lft forever

Your loopback interface has one address with scope host: it's only on
this machine.  The eth0 has two addresses: one is scope global,
and can be used for routing to your machine from the outside
world, and one is scope link, and should only be used to talk to
your local network. IPv6 routers should never forward those
packets.

If you don't get an address block from your ISP, you won't have
a scope global address.

> What I've read so far has not addressed this serious security concern. Or
> even mentioned it.  If in the future all addressing is by dhcpd6, how do
> the other machines on my local net, advertise their presence to the
> other machines on my local net. So I can still ssh -Y vna.coyote.den for
> instance, if I can ever make ssh work to a win-10-home edition box.  
> Thats a rarely used hookup at best. Presently the hosts file duplicated
> on all machines fill's this requirement.

Most IPv6 boxes don't use dhcpd6; they use SLAAC: stateless
automatic address configuration. But you're asking about local
naming, and that's done the same way on IPv4 and 6: zeroconf,
aka Rendezvous, Bonjour or Avahi.

Try (installing avahi-utils if needed)_  avahi-browse-domains -a

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Reco
In reply to this post by Gene Heskett-4
        Hi.

On Mon, Jun 17, 2019 at 10:38:27AM -0400, Gene Heskett wrote:
> But that opens yet another container of worms. If I arbitrarily assign
> ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> what if I have an address clash with someone on a satellite circuit in
> Ulan Bator.  How is that resolved, by unroutable address blocks such as
> 192.168.xx.xx is now?

More or less yes. It's called ULA (Unique Local Address) in IPv6 lingua.
If you're using anything from fd00:/8 - you're safe.


> What I've read so far has not addressed this serious security concern.
> Or even mentioned it.

I fail to see any security issue here. Availability - sure.


> If in the future all addressing is by dhcpd6,

Nobody does that, unless you're Amazon. It's either static, or RA.


> how do the other machines on my local net, advertise their presence to the
> other machines on my local net.

IPv4 way of doing it is called ARP.
IPv6 way of doing it is called ICMPv6 types 135 and 136.

Both are limited to a single network segment (in a L2 sense of the word)
by design, so the outside world is not aware of this.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Curt Howland
In reply to this post by mick crane
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Monday 17 June 2019, Gene Heskett <[hidden email]> was heard
to say:

> How is that resolved, by unroutable address blocks such
> as 192.168.xx.xx is now?

Yes, IPv6 does have such allocations. The first 64bits is network
block, then the last 64bits are your local machine.

fc00:: is the non-routed network. RFC1918 equiv.

fe80:: is the link-local address which is not routed at all, it is
used solely between your device and the router. Personally, I would
have combined these two, but when IPv6 was being built they didn't
ask me.

Your device will always have an address built of its MAC address, with
FF FE in the middle of it, for every network block including link
local, like this:

# ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.85.86  netmask 255.255.255.0  broadcast
192.168.85.255
        inet6 fe80::beae:c5ff:fe66:ec70  prefixlen 64  scopeid
0x20<link>
        inet6 2691:178d:8d80:efd:f92f:91cf:1240:640d  prefixlen 64  
scopeid 0x0<global>
        inet6 2691:178d:8d80:efd:beae:c5ff:fe66:ec70  prefixlen 64  
scopeid 0x0<global>
        ether bc:ae:c5:66:ec:70  txqueuelen 1000  (Ethernet)

These show the three entries which should always exist. The first is
the link-local address built from the MAC. Second, the allocated
network from my ISP, with a randomized local address for security
purposes.

The third entry is the global network address and the local MAC based
address. Someone realized broadcasting your MAC address is not
particularly secure, so the randomized interface address has become
the norm. This third address is what you would put in your hosts
file.

> how do the other machines on my local net, advertise their presence
> to the other machines on my local net. So I can still ssh -Y
> vna.coyote.den for instance, if I can ever make ssh work to a
> win-10-home edition box.    

You do so by either making a static fc00:: entry, or by knowing your
global network you can then just splice on the MAC local address
since the MAC local doesn't change.

Unfortunately, because DHCP6 is really dynamic, and my ISP changes the
network blocks every once in a while, having the global network
entries and MAC local addresses in the hosts file has been a complete
waste of time.

Having fc00::MAC as a non-routed local RFC1918 default would have been
sooooo much easier, but no, IPv6 was not designed by network
engineers. It was designed by old AT&T phone engineers who were
pissed they were being put out of a job by competition, and wanted to
curse the world with increased complexity where none was needed.






- --
You may my glories and my state dispose,
But not my griefs; still am I king of those.
 --- William Shakespeare, "Richard II"

-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTaYVhJsIalt8scIDa2T1fo1pHhqQUCXQe0IAAKCRC2T1fo1pHh
qTDaAP4oUASTwq45ouAVaxl8umH3f+r+JcAbLLdyXVaWLQZZzgD+KmHUpq5fwv8I
yuOUUo0U5HgRfAiT7cBs1oLDLeqsooE=
=ilf7
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Gene Heskett-4
In reply to this post by Dan Ritter-4
On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:

> Gene Heskett wrote:
> > But that opens yet another container of worms. If I arbitrarily
> > assign ipv6 local addresses, and later, ipv6 shows up at my side of
> > the router, what if I have an address clash with someone on a
> > satellite circuit in Ulan Bator.  How is that resolved, by
> > unroutable address blocks such as 192.168.xx.xx is now?
>
> Sort of.
>
> IPv6 has a concept of "scope" that says: this address space is
> purely local. This address space is global. This address space
> is for a link.
>
> If you fire up 'ip -6 address' on a stock Debian machine with
> IPv6 enabled (which is the default these days), you will see
> something like this:
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
>
> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen
> 1000
>         inet6 2001:570:1c07:ff7:d63d:7eff:fe93:e318/64 scope
> global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::a2d3:c1ff:ce24:b122/64 scope link
>        valid_lft forever preferred_lft forever
>
> Your loopback interface has one address with scope host: it's only on
> this machine.  The eth0 has two addresses: one is scope global,
> and can be used for routing to your machine from the outside
> world, and one is scope link, and should only be used to talk to
> your local network. IPv6 routers should never forward those
> packets.
>
> If you don't get an address block from your ISP, you won't have
> a scope global address.
>
> > What I've read so far has not addressed this serious security
> > concern. Or even mentioned it.  If in the future all addressing is
> > by dhcpd6, how do the other machines on my local net, advertise
> > their presence to the other machines on my local net. So I can still
> > ssh -Y vna.coyote.den for instance, if I can ever make ssh work to a
> > win-10-home edition box. Thats a rarely used hookup at best.
> > Presently the hosts file duplicated on all machines fill's this
> > requirement.
>
> Most IPv6 boxes don't use dhcpd6; they use SLAAC: stateless
> automatic address configuration. But you're asking about local
> naming, and that's done the same way on IPv4 and 6: zeroconf,
> aka Rendezvous, Bonjour or Avahi.
>
> Try (installing avahi-utils if needed)_  avahi-browse-domains -a
>
> -dsr-


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Gene Heskett-4
In reply to this post by Dan Ritter-4
On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:

> Gene Heskett wrote:
> > But that opens yet another container of worms. If I arbitrarily
> > assign ipv6 local addresses, and later, ipv6 shows up at my side of
> > the router, what if I have an address clash with someone on a
> > satellite circuit in Ulan Bator.  How is that resolved, by
> > unroutable address blocks such as 192.168.xx.xx is now?
>
> Sort of.
>
> IPv6 has a concept of "scope" that says: this address space is
> purely local. This address space is global. This address space
> is for a link.
>
> If you fire up 'ip -6 address' on a stock Debian machine with
> IPv6 enabled (which is the default these days), you will see
> something like this:
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
>
> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen
> 1000
>         inet6 2001:570:1c07:ff7:d63d:7eff:fe93:e318/64 scope
> global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::a2d3:c1ff:ce24:b122/64 scope link
>        valid_lft forever preferred_lft forever
>
> Your loopback interface has one address with scope host: it's only on
> this machine.  The eth0 has two addresses: one is scope global,
> and can be used for routing to your machine from the outside
> world, and one is scope link, and should only be used to talk to
> your local network. IPv6 routers should never forward those
> packets.

That's if ipv6 is even propagated thru my router, running a semi-current
dd-wrt. I've not seen a thing about ipv6 in its configuration.
 
>
> If you don't get an address block from your ISP, you won't have
> a scope global address.

I have for eth0, two scope global addresses in a new stretch install of
an r-pi-3b, one from avahi and one from e/n/i.d/eth0, but the instant it
goes global, it sends from the avahi address 169.etc. Since thats out of
my local/24 domain, it of course doesn't work for global access as my
router doesn't pass it.  As this is a hosts file local network, how can
I turn off the avahi stuff forever?  It's screwing me up.

> > What I've read so far has not addressed this serious security
> > concern. Or even mentioned it.  If in the future all addressing is
> > by dhcpd6, how do the other machines on my local net, advertise
> > their presence to the other machines on my local net. So I can still
> > ssh -Y vna.coyote.den for instance, if I can ever make ssh work to a
> > win-10-home edition box. Thats a rarely used hookup at best.
> > Presently the hosts file duplicated on all machines fill's this
> > requirement.
>
> Most IPv6 boxes don't use dhcpd6; they use SLAAC: stateless
> automatic address configuration. But you're asking about local
> naming, and that's done the same way on IPv4 and 6: zeroconf,
> aka Rendezvous, Bonjour or Avahi.

I'd rather nuke avahi. Not the first time its been a problem child but
usually I've been able find the right knife to neuter it. Not this
time...

> Try (installing avahi-utils if needed)_  avahi-browse-domains -a
>
> -dsr-

Thats the entire point, with a hosts file based local net, its a
hindrance that has become a showstopper. And short of commenting every
line in /e/i.d/avahi-* out, I don't know how to stop that PITA from
screw that machine up. Apparently systemctl disable avahi-daemon is NOT
sufficient. systemctl, spit. If it can't do what its told to do, what
good is it?

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Dan Ritter-4
Gene Heskett wrote:
> On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:
>
> I have for eth0, two scope global addresses in a new stretch install of
> an r-pi-3b, one from avahi and one from e/n/i.d/eth0, but the instant it
> goes global, it sends from the avahi address 169.etc. Since thats out of
> my local/24 domain, it of course doesn't work for global access as my
> router doesn't pass it.  As this is a hosts file local network, how can
> I turn off the avahi stuff forever?  It's screwing me up.

sudo apt remove avahi*

or

edit /etc/avahi/avahi-daemon.conf and comment out both
use-ipv4=yes                                                                        
use-ipv6=yes

> Thats the entire point, with a hosts file based local net, its a
> hindrance that has become a showstopper. And short of commenting every
> line in /e/i.d/avahi-* out, I don't know how to stop that PITA from
> screw that machine up. Apparently systemctl disable avahi-daemon is NOT
> sufficient. systemctl, spit. If it can't do what its told to do, what
> good is it?

Indeed.

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Greg Wooledge
On Mon, Jun 17, 2019 at 01:00:53PM -0400, Dan Ritter wrote:
> sudo apt remove avahi*

The * needs to be quoted (backslash is one form of quoting) so the
shell won't expand it.

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Gene Heskett-4
In reply to this post by Curt Howland
On Monday 17 June 2019 11:39:12 am Curt Howland wrote:

> On Monday 17 June 2019, Gene Heskett <[hidden email]> was heard
>
> to say:
> > How is that resolved, by unroutable address blocks such
> > as 192.168.xx.xx is now?
>
> Yes, IPv6 does have such allocations. The first 64bits is network
> block, then the last 64bits are your local machine.
>
> fc00:: is the non-routed network. RFC1918 equiv.
>
> fe80:: is the link-local address which is not routed at all, it is
> used solely between your device and the router. Personally, I would
> have combined these two, but when IPv6 was being built they didn't
> ask me.

Me neither, but then I've had it amply proved that my oar, in terms of
steering this ship of state, isn't even the equ of a broken toothpick.
Sigh...

> Your device will always have an address built of its MAC address, with
> FF FE in the middle of it, for every network block including link
> local, like this:
>
> # ifconfig
> enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         inet 192.168.85.86  netmask 255.255.255.0  broadcast
> 192.168.85.255
>         inet6 fe80::beae:c5ff:fe66:ec70  prefixlen 64  scopeid
> 0x20<link>
>         inet6 2691:178d:8d80:efd:f92f:91cf:1240:640d  prefixlen 64
> scopeid 0x0<global>
>         inet6 2691:178d:8d80:efd:beae:c5ff:fe66:ec70  prefixlen 64
> scopeid 0x0<global>
>         ether bc:ae:c5:66:ec:70  txqueuelen 1000  (Ethernet)
>
> These show the three entries which should always exist. The first is
> the link-local address built from the MAC. Second, the allocated
> network from my ISP, with a randomized local address for security
> purposes.
>
> The third entry is the global network address and the local MAC based
> address. Someone realized broadcasting your MAC address is not
> particularly secure, so the randomized interface address has become
> the norm. This third address is what you would put in your hosts
> file.
>
> > how do the other machines on my local net, advertise their presence
> > to the other machines on my local net. So I can still ssh -Y
> > vna.coyote.den for instance, if I can ever make ssh work to a
> > win-10-home edition box.  
>
> You do so by either making a static fc00:: entry, or by knowing your
> global network you can then just splice on the MAC local address
> since the MAC local doesn't change.
>
> Unfortunately, because DHCP6 is really dynamic, and my ISP changes the
> network blocks every once in a while, having the global network
> entries and MAC local addresses in the hosts file has been a complete
> waste of time.
>
I am lucky, my ISP uses the connecting MAC to translate to a fixed ipv4,
that has not changed in 6 years. So my web page address in my sig has
not changed in 6 years even if I swap the router as my standby unit has
the good ones MAC cloned into it.  So I get a registered STATIC domain
for almost zip compared to the cost and monkey business associated with
keeping a dynamic address uptodate globally.

> Having fc00::MAC as a non-routed local RFC1918 default would have been
> sooooo much easier, but no, IPv6 was not designed by network
> engineers. It was designed by old AT&T phone engineers who were
> pissed they were being put out of a job by competition, and wanted to
> curse the world with increased complexity where none was needed.

Chuckle, I subscribe to that theory myself.

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Gene Heskett-4
In reply to this post by Dan Ritter-4
On Monday 17 June 2019 01:00:53 pm Dan Ritter wrote:

> Gene Heskett wrote:
> > On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:
> >
> > I have for eth0, two scope global addresses in a new stretch install
> > of an r-pi-3b, one from avahi and one from e/n/i.d/eth0, but the
> > instant it goes global, it sends from the avahi address 169.etc.
> > Since thats out of my local/24 domain, it of course doesn't work for
> > global access as my router doesn't pass it.  As this is a hosts file
> > local network, how can I turn off the avahi stuff forever?  It's
> > screwing me up.
>
> sudo apt remove avahi*
>
> or
>
> edit /etc/avahi/avahi-daemon.conf and comment out both
> use-ipv4=yes
> use-ipv6=yes
>
didn't help, eth0 still has 2 global addresses:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
    link/ether b8:27:eb:d3:47:2d brd ff:ff:ff:ff:ff:ff
    inet 192.168.71.12/24 brd 192.168.71.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 169.254.163.253/16 brd 169.254.255.255 scope global eth0
       valid_lft forever preferred_lft forever

?????????????????  is it cached someplace on a r-pi-3b?

> > Thats the entire point, with a hosts file based local net, its a
> > hindrance that has become a showstopper. And short of commenting
> > every line in /e/i.d/avahi-* out, I don't know how to stop that PITA
> > from screw that machine up. Apparently systemctl disable
> > avahi-daemon is NOT sufficient. systemctl, spit. If it can't do what
> > its told to do, what good is it?
>
> Indeed.
>
> -dsr-


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Dan Ritter-4
Gene Heskett wrote:

> On Monday 17 June 2019 01:00:53 pm Dan Ritter wrote:
>
> > Gene Heskett wrote:
> > > On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:
> > >
> > > I have for eth0, two scope global addresses in a new stretch install
> > > of an r-pi-3b, one from avahi and one from e/n/i.d/eth0, but the
> > > instant it goes global, it sends from the avahi address 169.etc.
> > > Since thats out of my local/24 domain, it of course doesn't work for
> > > global access as my router doesn't pass it.  As this is a hosts file
> > > local network, how can I turn off the avahi stuff forever?  It's
> > > screwing me up.
> >
> > sudo apt remove avahi*
> >
> > or
> >
> > edit /etc/avahi/avahi-daemon.conf and comment out both
> > use-ipv4=yes
> > use-ipv6=yes
> >
> didn't help, eth0 still has 2 global addresses:
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
>     link/ether b8:27:eb:d3:47:2d brd ff:ff:ff:ff:ff:ff
>     inet 192.168.71.12/24 brd 192.168.71.255 scope global eth0
>        valid_lft forever preferred_lft forever
>     inet 169.254.163.253/16 brd 169.254.255.255 scope global eth0
>        valid_lft forever preferred_lft forever
>
> ?????????????????  is it cached someplace on a r-pi-3b?

You'll need to reconfigure the interface afterwards. A reboot
will certainly work, if nothing less drastic.

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Gene Heskett-4
In reply to this post by Dan Ritter-4
On Monday 17 June 2019 01:00:53 pm Dan Ritter wrote:

> Gene Heskett wrote:
> > On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:
> >
> > I have for eth0, two scope global addresses in a new stretch install
> > of an r-pi-3b, one from avahi and one from e/n/i.d/eth0, but the
> > instant it goes global, it sends from the avahi address 169.etc.
> > Since thats out of my local/24 domain, it of course doesn't work for
> > global access as my router doesn't pass it.  As this is a hosts file
> > local network, how can I turn off the avahi stuff forever?  It's
> > screwing me up.
>
> sudo apt remove avahi*
>
Even removing it didn't help, pings to yahoo.com are issued from the
169.254 etc address.  So its got to be cached someplace. Damn, according
to syslog, its dhcpcd doing it. But I'm guessing at the log times
because the clock is AFU since ntp can't reach its pool servers anymore
than my pings can get to yahoo.

But I just disabled dhcpcd and now the local address is unreachable.  So
I'll have to go see wtf happened from its own keyboard. Laterz.

I need to go get a new ground drive belt for my rider, some idiot,
probably me, put a 3/8" belt of it 3 or 4 years ago, and its supposed to
be a 1/2" belt, this one is narrow enough to slip between the guides
when I step on the clutch. No end to it I tell you, and excedrin has not
assigned a headache number it, yet. :)


> or
>
> edit /etc/avahi/avahi-daemon.conf and comment out both
> use-ipv4=yes
> use-ipv6=yes
>
> > Thats the entire point, with a hosts file based local net, its a
> > hindrance that has become a showstopper. And short of commenting
> > every line in /e/i.d/avahi-* out, I don't know how to stop that PITA
> > from screw that machine up. Apparently systemctl disable
> > avahi-daemon is NOT sufficient. systemctl, spit. If it can't do what
> > its told to do, what good is it?
>
> Indeed.
>
> -dsr-


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

John Hasler-3
In reply to this post by Dan Ritter-4
Gene Heskett wrote:
> But that opens yet another container of worms. If I arbitrarily assign
> ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> what if I have an address clash with someone on a satellite circuit in
> Ulan Bator.  How is that resolved, by unroutable address blocks such as
> 192.168.xx.xx is now?

In addition to the points made by others, the IPv6 address space is so
large that were you to assign a random IPv6 address to every computer in
existence (including all the embedded systems) the probability of a
collision would be negligible.
--
John Hasler
[hidden email]
Elmwood, WI USA

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Dan Ritter-4
John Hasler wrote:

> Gene Heskett wrote:
> > But that opens yet another container of worms. If I arbitrarily assign
> > ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> > what if I have an address clash with someone on a satellite circuit in
> > Ulan Bator.  How is that resolved, by unroutable address blocks such as
> > 192.168.xx.xx is now?
>
> In addition to the points made by others, the IPv6 address space is so
> large that were you to assign a random IPv6 address to every computer in
> existence (including all the embedded systems) the probability of a
> collision would be negligible.

... but only if you were really being random. Humans are
terrible at doing that unaided.

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

Robin Hammond
The size of such a routing table gives me nightmares ! Thank goodness you have to advertise networks of a reasonably sized prefix length!

On Mon, 17 Jun 2019 at 16:07, Dan Ritter <[hidden email]> wrote:
John Hasler wrote:
> Gene Heskett wrote:
> > But that opens yet another container of worms. If I arbitrarily assign
> > ipv6 local addresses, and later, ipv6 shows up at my side of the router,
> > what if I have an address clash with someone on a satellite circuit in
> > Ulan Bator.  How is that resolved, by unroutable address blocks such as
> > 192.168.xx.xx is now?
>
> In addition to the points made by others, the IPv6 address space is so
> large that were you to assign a random IPv6 address to every computer in
> existence (including all the embedded systems) the probability of a
> collision would be negligible.

... but only if you were really being random. Humans are
terrible at doing that unaided.

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: IPv4 v IPv6

andy smith-10
Hello,

On Mon, Jun 17, 2019 at 04:11:32PM -0400, Robin Hammond wrote:
> The size of such a routing table gives me nightmares ! Thank goodness you
> have to advertise networks of a reasonably sized prefix length!

I wouldn't worry too much about the number of v6 routes. In terms of
addressing and routing policy, this second go with v6 has afforded
some chances to correct mistaken assumptions made with v4 that later
became impossible to undo.

I would worry more about the number of v4 routes. As v4 runs out
globally (already has in some regions), there is increased pressure
to carve up allocations so that they can be traded. For example, if
you look at an arbitrary v4 auction site:

    https://auctions.ipv4.global/

(I picked this from a web search and have no information about it,
so it's not an endorsement)

You see that an ARIN /24 (256 addresses) currently goes for around
$5.6k. Let's say you have a /21 but you're only using the bottom
half. At the moment your route in the global routing table is a
single /21 route. But hey, people want to buy IPs, and you have 8
/24s in your /21. You're only using 4 of them (the bottom half as I
say). So you auction the top 4 off to 4 different buyers. Now the
global routing table needs one /22, for your bottom half, and then
four /24s, so it grew by 500%.

It is not yet quite that bad because a /24 is really still a bit too
small to route. Some providers may not accept the announcement. But
as the availability goes down and the prices go up, people are going
to want to route /24s routinely.

That is on top of the number of orgs who got an allocation that
proved to be too small so they went back for an extra one, thus
doubling the number of routes.

Meanwhile in IPv6 land, Regional Internet Registries tried really
hard to give out allocations so big that very few applicants should
ever need to come back for a second one (and thereby introduce
another global route).

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

1234