[opensuse] IPv6 Router Configuration
Hi Folks, I finally started to fiddle with my router's IPv6 configuration. My ISP (Cox cable modem) advertises v6 compatibility, so things should work if all my stars line up, right? The router is a ZyXEL USG 20W, but I'm not using the Wifi radio portion. I click the /system/IPv6 "Enable IPv6" check box and it then enables v6 configuration options. Under /Network/Interface/Ethernet I now get options to configure the logical interfaces. (the USG 20W allows individual RJ45 Ethernet ports to be assigned to logical interfaces. I've got switches connected to the various ports to segment the lan appropriately.) IPv6 is disabled for all interfaces at this point. So I click on wan1 to edit it's config and am presented with these interesting options, among others: Yes/No: Enable SLACC V6 Address/Prefix Length (optional) Gateway (optional) Metric: 0-15 Address from DHCPv6 Delegation (add entries) DHCPv6: Server/Client/Relay Yes/No: Enable Router Advertisement Yes/No: Advertised Hosts get Network Config from DHCP6 Yes/No: Advertised Hosts get Other Config from DHCP6 MTU: 1480 default Router Preference: Low/Medium/High Advertised Prefix Table: Add IPv6 address/prefix length Advertised Prefix from DHCPv6 Prefix Delegation (add entries) Egress bandwidth: for load balancing Ingress bandwidth: for load balancing LAN1, LAN2, and DMZ have similar configuration screens. Certainly not plug-and-play! I'm sure that many of the config choices have reasonable defaults, but above that I haven't the foggiest notion how to configure this, and also how to test the configs for proper security. I'm sure I could figure it all out, but at this point in time, why bother? Maybe sometime if I've got a long weekend when no one else is using the network I'll fiddle with it again. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
Hi Folks,
I finally started to fiddle with my router's IPv6 configuration. My ISP (Cox cable modem) advertises v6 compatibility, so things should work if all my stars line up, right?
That plus a few magical incantations, the odd sacrifice (goat or virgin) at your local altar and you should be fine.
Yes/No: Enable SLACC
Almost certainly SLAAC, but never mind the typo. Say yes.
Address from DHCPv6 Delegation (add entries)
Not sure how to interpret that.
DHCPv6: Server/Client/Relay
Relay I suspect.
Yes/No: Enable Router Advertisement
Yes.
Yes/No: Advertised Hosts get Network Config from DHCP6
Yes.
Yes/No: Advertised Hosts get Other Config from DHCP6
Maybe.
I'm sure that many of the config choices have reasonable defaults, but above that I haven't the foggiest notion how to configure this,
Start with the defaults.
and also how to test the configs for proper security. I'm sure I could figure it all out, but at this point in time, why bother?
Because it's fun. Same reason I taught myself morse code almost 40 years ago for my radio amateur's license. Because it's fun. -- Per Jessen, Zürich (14.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 03:22 PM, Per Jessen wrote:
DHCPv6: Server/Client/Relay Relay I suspect.
Actually no. He'd likely need DHCP-PD on the WAN side to get the prefix from the ISP, but if you're running SLAAC on the LAN side there's no need for DHCPv6 unless you want to hand out some server addresses. Even the DNS server address is handled by RDNSS as part of the router advertisements.
and also how to test the configs for proper security. I'm sure I could figure it all out, but at this point in time, why bother? Because it's fun. Same reason I taught myself morse code almost 40 years ago for my radio amateur's license. Because it's fun.
Actually, configuring the firewall is pretty much the same as for IPv4 and there are IPv6 port scan sites. Here are a couple: http://www.ipv6scanner.com/cgi-bin/main.py http://www6.ipv6.chappell-family.com/cgi-bin6/ipscan-js.cgi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 02:40 PM, James Knott wrote:
On 09/17/2016 03:22 PM, Per Jessen wrote:
DHCPv6: Server/Client/Relay Relay I suspect.
Actually no. He'd likely need DHCP-PD on the WAN side to get the prefix from the ISP, but if you're running SLAAC on the LAN side there's no need for DHCPv6 unless you want to hand out some server addresses. Even the DNS server address is handled by RDNSS as part of the router advertisements.
Actually, I do use DNS now to hand out some server addresses, including a local network printer. Is DHCP-PD a part of DHCPv6? Would I disable SLAAC if DHCPv6 is running?
and also how to test the configs for proper security. I'm sure I could figure it all out, but at this point in time, why bother? Because it's fun. Same reason I taught myself morse code almost 40 years ago for my radio amateur's license. Because it's fun. Actually, configuring the firewall is pretty much the same as for IPv4 and there are IPv6 port scan sites. Here are a couple:
http://www.ipv6scanner.com/cgi-bin/main.py http://www6.ipv6.chappell-family.com/cgi-bin6/ipscan-js.cgi
Thanks James, that's good info. I was wondering how I could confirm firewall configs without access to an outside v6 host. As Per suggests, this is fun. Except that I'll have the Fetching Mrs Wolfgang screeching at me if I broke the Internet again... Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 06:04 PM, Lew Wolfgang wrote:
Actually, I do use DNS now to hand out some server addresses, including a local network printer. Is DHCP-PD a part of DHCPv6? Would I disable SLAAC if DHCPv6 is running?
Don't forget there are 2 sides to the router and they have completely different configurations. The WAN side has to obtain the prefix from the ISP and DHCPv6-PD is often used to do that. On the LAN side, you can use DHCPv6 to hand out host addresses, but generally SLAAC is used. With SLAAC, the device address is created by combining the prefix with either a 64 bit number based on the MAC or a random number. Often both are used. The random number address provides some measure of privacy, as it can't be traced to a specific device. The MAC based address is used if you want to have a DNS AAAA record pointing to that device. On my computer, in addition to the IPv6 link local address, I have a MAC based address and 4 random number addresses. One is current and the others are previous addresses that, while deprecated, are still valid for any existing connection. All new outgoing connections use the current random address. Here are a couple more links: https://en.wikipedia.org/wiki/IPv6 https://en.wikipedia.org/wiki/Prefix_delegation If you really want to get into the nuts 'n bolts of IPv6, a good reference is IPv6 Essentials: http://shop.oreilly.com/product/0636920023432.do -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 03:18 PM, James Knott wrote:
Actually, I do use DNS now to hand out some server addresses, including a local network printer. Is DHCP-PD a part of DHCPv6? Would I disable SLAAC if DHCPv6 is running? Don't forget there are 2 sides to the router and they have completely different configurations. The WAN side has to obtain the prefix from
On 09/17/2016 06:04 PM, Lew Wolfgang wrote: the ISP and DHCPv6-PD is often used to do that. On the LAN side, you can use DHCPv6 to hand out host addresses, but generally SLAAC is used. With SLAAC, the device address is created by combining the prefix with either a 64 bit number based on the MAC or a random number. Often both are used. The random number address provides some measure of privacy, as it can't be traced to a specific device. The MAC based address is used if you want to have a DNS AAAA record pointing to that device.
Is "PD" built into a DHCPv6 server? I don't see any reference to it in the router documentation. I do see some settings to manually enter a prefix length. BTW, the firmware in this router is dated Jan 13, 2015, so it's not too old. I'll check to see if there's a more recent update. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 07:17 PM, Lew Wolfgang wrote:
Is "PD" built into a DHCPv6 server? I don't see any reference to it in the router documentation. I do see some settings to manually enter a prefix length. BTW, the firmware in this router is dated Jan 13, 2015, so it's not too old. I'll check to see if there's a more recent update.
I can't speak about your router however, as I understand it, the client requests a prefix from the ISP's DHCPv6 server. In pfSense, on the interface/WAN tab, I have selected DHCPv6 for IPv6 configuration. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 06:30 PM, James Knott wrote:
On 09/17/2016 07:17 PM, Lew Wolfgang wrote:
Is "PD" built into a DHCPv6 server? I don't see any reference to it in the router documentation. I do see some settings to manually enter a prefix length. BTW, the firmware in this router is dated Jan 13, 2015, so it's not too old. I'll check to see if there's a more recent update. I can't speak about your router however, as I understand it, the client requests a prefix from the ISP's DHCPv6 server. In pfSense, on the interface/WAN tab, I have selected DHCPv6 for IPv6 configuration.
With the Fetching Mrs Wolfgang at a friends house playing mahjong, I thought I'd muck around with v6 a bit. I've got the wan interface on the router to obtain a v6 address by enabling dhcpv6. It gets a 2600:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx/128 address. Billions and Billions of v6 addresses and they're giving me only one? But I can't get any v6 action on the lan interfaces. Could this be because I've got only one addy on the wan side? Do I need to set up nat-v6? :-) Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/18/2016 08:08 PM, Lew Wolfgang wrote:
I've got the wan interface on the router to obtain a v6 address by enabling dhcpv6. It gets a 2600:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx/128 address. Billions and Billions of v6 addresses and they're giving me only one?
How many do you need for the WAN interface? ;-) Actually, a /128 is just an interface address.
But I can't get any v6 action on the lan interfaces. Could this be because I've got only one addy on the wan side? Do I need to set up nat-v6? :-)
I don't know how Cox hands out IPv6 prefixes, but a common method is DHCPv6-PD. You have to see if that router supports it or whatever Cox is using. And no, there's no reason to use NAT. NAT is a hack to get around the IPv4 address shortage. It also breaks some things. You should have at least a /64 prefix. Some ISPs are providing a /56 or /48, which have 256 or 65536 /64s. Each /64 has 18.4 billion, billion addresses. Cox has a support forum. There's likely someone there in a better position to help. Here are a couple of Cox links: http://forums.cox.com/default.aspx http://www.cox.com/residential/support/tv/article.cox?articleId=0bced860-966... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/18/2016 05:34 PM, James Knott wrote:
On 09/18/2016 08:08 PM, Lew Wolfgang wrote:
I've got the wan interface on the router to obtain a v6 address by enabling dhcpv6. It gets a 2600:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx/128 address. Billions and Billions of v6 addresses and they're giving me only one? How many do you need for the WAN interface? ;-)
Actually, a /128 is just an interface address.
The only way I get even the /128 addy is by running dhcpv6. Maybe the problem is that the router doesn't support the "PD" thingie?
But I can't get any v6 action on the lan interfaces. Could this be because I've got only one addy on the wan side? Do I need to set up nat-v6? :-) I don't know how Cox hands out IPv6 prefixes, but a common method is DHCPv6-PD. You have to see if that router supports it or whatever Cox is using.
It may be the router then. Can the PD thing be done manually? The router's config screen allows setting the "IPv6 Address/Prefix length" when enabling Router Advertisement. How can you learn the address without dhcpv6-pd compatibility? Is it in the /128 address?
And no, there's no reason to use NAT. NAT is a hack to get around the IPv4 address shortage. It also breaks some things. You should have at least a /64 prefix. Some ISPs are providing a /56 or /48, which have 256 or 65536 /64s. Each /64 has 18.4 billion, billion addresses.
You missed my smiley!
Cox has a support forum. There's likely someone there in a better position to help. Here are a couple of Cox links:
http://forums.cox.com/default.aspx http://www.cox.com/residential/support/tv/article.cox?articleId=0bced860-966...
Yes, I saw those before posting, but I need do dig deeper. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/18/2016 09:26 PM, Lew Wolfgang wrote:
The only way I get even the /128 addy is by running dhcpv6. Maybe the problem is that the router doesn't support the "PD" thingie?
I can't answer that, as I don't have that router. However, I came across this: https://www.dslreports.com/forum/r27390272-IPv6-Make-IPv6-work-with-ZyWALL-U...
But I can't get any v6 action on the lan interfaces. Could this be because I've got only one addy on the wan side? Do I need to set up nat-v6? :-) I don't know how Cox hands out IPv6 prefixes, but a common method is DHCPv6-PD. You have to see if that router supports it or whatever Cox is using.
It may be the router then. Can the PD thing be done manually? The router's config screen allows setting the "IPv6 Address/Prefix length" when enabling Router Advertisement. How can you learn the address without dhcpv6-pd compatibility? Is it in the /128 address? With DHCPv6-PD, the router asks for a prefix. Otherwise, it just gets a single address. I don't know of a manual way of doing it.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/18/2016 06:36 PM, James Knott wrote:
On 09/18/2016 09:26 PM, Lew Wolfgang wrote:
The only way I get even the /128 addy is by running dhcpv6. Maybe the problem is that the router doesn't support the "PD" thingie? I can't answer that, as I don't have that router. However, I came across this: https://www.dslreports.com/forum/r27390272-IPv6-Make-IPv6-work-with-ZyWALL-U...
This is a very helpful link, thanks James. While it doesn't seem to work completely yet, it's a lot closer. Note that it doesn't work for "ipv6huh" either. This: "In the Address from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type ::1111:0:0:0:1/128 in the Suffix Address field." and this: "In the Advertised Prefix from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type :1111/64 in the Suffix Address field." were the keys to getting my SuSE box on the LAN to grab its inet6 addrs. But there was a typo: :1111/64 should have been ::1111/64, apparently. But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with. Note that I could never have figured this out without external assistance. Why the magic "::1111" addresses? What left field did these come out of? Once the dust settles with this router and everything is working I'll address the other Asus Wifi router on one of my logical LANs. Let's see if that's easier to configure for v6. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
While it doesn't seem to work completely yet, it's a lot closer. Note that it doesn't work for "ipv6huh" either.
This:
"In the Address from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type ::1111:0:0:0:1/128 in the Suffix Address field."
and this:
"In the Advertised Prefix from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type :1111/64 in the Suffix Address field."
were the keys to getting my SuSE box on the LAN to grab its inet6 addrs.
But there was a typo: :1111/64 should have been ::1111/64, apparently.
But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with.
Note that I could never have figured this out without external assistance. Why the magic "::1111" addresses? What left field did these come out of?
It's just an address, the '::' essentially means 'left-padded with zeros'. -- Per Jessen, Zürich (14.9°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/19/2016 10:18 AM, Per Jessen wrote:
Note that I could never have figured this out without external
assistance. Why the magic "::1111" addresses? What left field did these come out of? It's just an address, the '::' essentially means 'left-padded with zeros'.
Right, but where did the "1111" come from? Would "2222" work? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
On 09/19/2016 10:18 AM, Per Jessen wrote:
Note that I could never have figured this out without external
assistance. Why the magic "::1111" addresses? What left field did these come out of? It's just an address, the '::' essentially means 'left-padded with zeros'.
Right, but where did the "1111" come from? Would "2222" work?
Yes, that's how I read it. In the same way that '192.168.1.1' is as good as '192.168.100.2'. -- Per Jessen, Zürich (11.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
19.09.2016 20:12, Lew Wolfgang пишет:
On 09/18/2016 06:36 PM, James Knott wrote:
On 09/18/2016 09:26 PM, Lew Wolfgang wrote:
The only way I get even the /128 addy is by running dhcpv6. Maybe the problem is that the router doesn't support the "PD" thingie? I can't answer that, as I don't have that router. However, I came across this: https://www.dslreports.com/forum/r27390272-IPv6-Make-IPv6-work-with-ZyWALL-U...
This is a very helpful link, thanks James.
While it doesn't seem to work completely yet, it's a lot closer. Note that it doesn't work for "ipv6huh" either.
What's "ipv6huh"?
This:
"In the Address from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type ::1111:0:0:0:1/128 in the Suffix Address field."
and this:
"In the Advertised Prefix from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type :1111/64 in the Suffix Address field."
were the keys to getting my SuSE box on the LAN to grab its inet6 addrs.
But there was a typo: :1111/64 should have been ::1111/64, apparently.
But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with.
Note that I could never have figured this out without external assistance. Why the magic "::1111" addresses? What left field did these come out of?
It is arbitrary. You get /48 prefix and can now split it into 65536 /64 prefixes. You can chose arbitrary 16 bits to extend /48 prefix to make it /64. You can theoretically also provide different prefixes to each LAN and WLAN port you have to isolate them. Of course you need to verify that prefix you get from PD is actually /48 and adjust accordingly.
Once the dust settles with this router and everything is working I'll address the other Asus Wifi router on one of my logical LANs. Let's see if that's easier to configure for v6.
Regards, Lew
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/19/2016 10:23 AM, Andrei Borzenkov wrote:
19.09.2016 20:12, Lew Wolfgang пишет:
On 09/18/2016 06:36 PM, James Knott wrote:
On 09/18/2016 09:26 PM, Lew Wolfgang wrote:
The only way I get even the /128 addy is by running dhcpv6. Maybe the problem is that the router doesn't support the "PD" thingie? I can't answer that, as I don't have that router. However, I came across this: https://www.dslreports.com/forum/r27390272-IPv6-Make-IPv6-work-with-ZyWALL-U...
This is a very helpful link, thanks James.
While it doesn't seem to work completely yet, it's a lot closer. Note that it doesn't work for "ipv6huh" either.
What's "ipv6huh"?
That's the handle of the poster who I quoted in the link.
This:
"In the Address from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type ::1111:0:0:0:1/128 in the Suffix Address field."
and this:
"In the Advertised Prefix from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type :1111/64 in the Suffix Address field."
were the keys to getting my SuSE box on the LAN to grab its inet6 addrs.
But there was a typo: :1111/64 should have been ::1111/64, apparently.
But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with.
Note that I could never have figured this out without external assistance. Why the magic "::1111" addresses? What left field did these come out of?
It is arbitrary. You get /48 prefix and can now split it into 65536 /64 prefixes. You can chose arbitrary 16 bits to extend /48 prefix to make it /64. You can theoretically also provide different prefixes to each LAN and WLAN port you have to isolate them.
Of course you need to verify that prefix you get from PD is actually /48 and adjust accordingly.
But how would I verify the PD value? I looked again at the posting and now I think I see where he gets the "1111" from. I'll have to confirm tonight, maybe I did that part wrong. Very confusing.... Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/19/2016 01:35 PM, Lew Wolfgang wrote:
Of course you need to verify that prefix you get from PD is actually /48 and adjust accordingly.
But how would I verify the PD value? You could ask Cox. It depends on how of block they're handing out.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/19/2016 01:51 PM, James Knott wrote:
On 09/19/2016 01:35 PM, Lew Wolfgang wrote:
Of course you need to verify that prefix you get from PD is actually /48 and adjust accordingly. But how would I verify the PD value? You could ask Cox. It depends on how of block they're handing out.
That should be how big of block. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
19.09.2016 20:35, Lew Wolfgang пишет:
Note that I could never have figured this out without external assistance. Why the magic "::1111" addresses? What left field did these come out of?
It is arbitrary. You get /48 prefix and can now split it into 65536 /64 prefixes. You can chose arbitrary 16 bits to extend /48 prefix to make it /64. You can theoretically also provide different prefixes to each LAN and WLAN port you have to isolate them.
Of course you need to verify that prefix you get from PD is actually /48 and adjust accordingly.
But how would I verify the PD value?
I presume you see it in router management interface, at least this is how I interpret "You cannot see the prefix your ISP gave you in the Value field until you click OK and then come back to this screen again". -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/19/2016 01:12 PM, Lew Wolfgang wrote:
This is a very helpful link, thanks James.
While it doesn't seem to work completely yet, it's a lot closer. Note that it doesn't work for "ipv6huh" either.
This:
"In the Address from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type ::1111:0:0:0:1/128 in the Suffix Address field."
and this:
"In the Advertised Prefix from DHCPv6 Prefix Delegation table, click Add and select the DHCPv6 request object from the drop-down list, type :1111/64 in the Suffix Address field."
were the keys to getting my SuSE box on the LAN to grab its inet6 addrs.
But there was a typo: :1111/64 should have been ::1111/64, apparently.
But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with.
Note that I could never have figured this out without external assistance. Why the magic "::1111" addresses? What left field did these come out of?
I also have no idea what that ::1111 is for. However, :: represents a string of zeros. You can use it once in the address. For example, a link local address typically starts with fe80:: followed by the 64 bits created from the MAC address. However, looking at the config screens, I'd say you need: 1) Enable SLAAC 2) DHCPv6 Client 3) Request Address 4) Request prefix delegation 5) Enable router advertisement
Once the dust settles with this router and everything is working I'll address the other Asus Wifi router on one of my logical LANs. Let's see if that's easier to configure for v6.
Again, you might contact Cox for assistance, as they should know at least some of the details. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Sep 19, 2016 at 8:12 PM, Lew Wolfgang <wolfgang@sweet-haven.com> wrote:
But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with.
Did you enable autoconfiguration (SLAAC) on router WAN side? In IPv6 this is the only way to get default route. DHCPv6 is *not* used for this. So even if you get address from DHCPv6 you must have SLAAC running to obtain default gateway. And of course on LAN side you must enable router advertisements so clients can pick your router as default gateway too. Check your routing table on client and router. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/20/2016 01:28 AM, Andrei Borzenkov wrote:
On Mon, Sep 19, 2016 at 8:12 PM, Lew Wolfgang <wolfgang@sweet-haven.com> wrote:
But ping6 from the LAN and v6 test web sites don't yet see a v6 connection. This could be other issues with the firewall ACL's that I'll continue to fiddle with.
Did you enable autoconfiguration (SLAAC) on router WAN side? In IPv6 this is the only way to get default route. DHCPv6 is *not* used for this. So even if you get address from DHCPv6 you must have SLAAC running to obtain default gateway.
And of course on LAN side you must enable router advertisements so clients can pick your router as default gateway too.
Check your routing table on client and router.
Hi Andrei, Thanks, good suggestions. I have a feeling that I'm going to have to understand all this as well as I understand v4. The web page that James referenced is good, but I don't understand the "why" they are doing things and I think there's something funky going on with that ::111:/64 thing. Filling out router configuration screens without understanding "what" you're doing may be fun, but as the author said, it didn't work for him either! I'll continue to work on this as I have time, I can do it only on evenings and weekends. If/when I get to an IPv6 happy place with this router I'll be sure to document everything. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
As Per suggests, this is fun. Except that I'll have the Fetching Mrs Wolfgang screeching at me if I broke the Internet again...
Lew, it's all about timing, you just have to pick your moment. Or arrange for your neighbour to invite the Fetching Mrs Wolfgang over for coffee. -- Per Jessen, Zürich (14.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/18/2016 02:30 AM, Per Jessen wrote:
Lew Wolfgang wrote:
As Per suggests, this is fun. Except that I'll have the Fetching Mrs Wolfgang screeching at me if I broke the Internet again... Lew, it's all about timing, you just have to pick your moment. Or arrange for your neighbour to invite the Fetching Mrs Wolfgang over for coffee.
Okay, I've spent lots of time on getting IPv6 working at Wolfgang Manor, maybe as much as a week. While I've learned a lot, it looks like it just won't work in my situation. For the record, here's my environment: Zyxel Zywall USG 20w router with the Wifi turned off, connected to a Cox Communications with a Motorola SB6141 DOCSIS 3.0 modem. The router has two LAN segments, one for directly connected computers, the other for IOT devices and an ASUS Wifi router. This configuration allows easy separation of dangerously insecure devices (IP cameras, scales, refrigerators, light bulbs, and hacking neighbors) from important systems using the firewall. After flailing about, literally for days, I managed to get IPv6 working on one LAN interface. It passed the various web-based IPv6 tests with flying colors. I was smugly proud of myself! Alas, the second interface never worked. More flailing about revealed that I'm being given a /64 prefix delegation. /64 is by convention the smallest subnet you can have in IPv6, or so I've been told. So I'll need maybe a /60 delegation from Cox to have more than one LAN segment. The saga ended with a phone call to a Cox level 2 technician who said, basically, that's too bad. He suggested that their business class service might be able to offer more. Their home service apparently assumes you'll have a single computer connected to the cable modem, and who would ever need more than one subnet! So I'm out of here for now. IPv4 natting will work for the indefinite future and we'll be safe from IOT and wifi hacking neighbors. If any of you v6 experts have suggestions I'd be glad to revisit. I'd even consider purchasing a different router. Another possibility might be suggestions on how to break a /64 delegation into multiple subnets. Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/14/2016 11:54 AM, Lew Wolfgang wrote:
The saga ended with a phone call to a Cox level 2 technician who said, basically, that's too bad. He suggested that their business class service might be able to offer more. Their home service apparently assumes you'll have a single computer connected to the cable modem, and who would ever need more than one subnet!
My ISP is currently providing a /64, but they plan on providing /56 soon. They also recently started providing IPv6 on their cell phone network. One thing you might try is a 6in4 tunnel from Hurricane Electric, he.net. It's unbelievable how stingy some ISPs are. The IPv6 address space is so huge that every single person on earth could have over 4000 /48s and that's with only 1/8th the address space being allocated to global unicast addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/14/2016 11:54 AM, Lew Wolfgang wrote:
The saga ended with a phone call to a Cox level 2 technician who said, basically, that's too bad. He suggested that their business class service might be able to offer more. Their home service apparently assumes you'll have a single computer connected to the cable modem, and who would ever need more than one subnet!
My ISP is currently providing a /64, but they plan on providing /56 soon. They also recently started providing IPv6 on their cell phone network.
One thing you might try is a 6in4 tunnel from Hurricane Electric, he.net.
It's unbelievable how stingy some ISPs are. The IPv6 address space is so huge that every single person on earth could have over 4000 /48s and that's with only 1/8th the address space being allocated to global unicast addresses.
A /64 is more than plenty for a single private household. I know there is a gazillion available addresses, but remember what happened last time we handed out networks left, right and centre because we had a gazillion ... Only dishing out a /64 is entirely reasonable IMHO. I know of ISPs that even dish out smaller nets, for hosting for instance. -- Per Jessen, Zürich (11.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Oct 19, 2016 at 12:23 PM, Per Jessen <per@computer.org> wrote:
Only dishing out a /64 is entirely reasonable IMHO.
SLAAC requires /64 bit prefix so you cannot use it in such case. This requires additional infrastructure and settings in case autoconfiguration is desired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
On Wed, Oct 19, 2016 at 12:23 PM, Per Jessen <per@computer.org> wrote:
Only dishing out a /64 is entirely reasonable IMHO.
SLAAC requires /64 bit prefix so you cannot use it in such case. This requires additional infrastructure and settings in case autoconfiguration is desired.
I'm not sure I get your point, Andrei? -- Per Jessen, Zürich (10.0°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 09:12 AM, Per Jessen wrote:
Andrei Borzenkov wrote:
On Wed, Oct 19, 2016 at 12:23 PM, Per Jessen <per@computer.org> wrote:
Only dishing out a /64 is entirely reasonable IMHO. SLAAC requires /64 bit prefix so you cannot use it in such case. This requires additional infrastructure and settings in case autoconfiguration is desired. I'm not sure I get your point, Andrei?
With other than /64 prefix, SLAAC doesn't work. This means everything has to be manually configured or perhaps DHCPv6 might work. However, IPv6 is built with the understanding that the local network is always /64 and as a result somethings, SLAAC is just one of them, won't work properly with other than /64. In some ways, IPv6 is similar to Novell's IPX. With IPX, addresses were 64 bits, 16 for the network and 48 (actually the MAC address) for the device. Everything expected that structure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Oct 19, 2016 at 4:12 PM, Per Jessen <per@computer.org> wrote:
Andrei Borzenkov wrote:
On Wed, Oct 19, 2016 at 12:23 PM, Per Jessen <per@computer.org> wrote:
Only dishing out a /64 is entirely reasonable IMHO.
SLAAC requires /64 bit prefix so you cannot use it in such case. This requires additional infrastructure and settings in case autoconfiguration is desired.
I'm not sure I get your point, Andrei?
Trimmed wrong part. I actually replied to I know of ISPs that even dish out smaller nets, for hosting for instance. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
On Wed, Oct 19, 2016 at 4:12 PM, Per Jessen <per@computer.org> wrote:
Andrei Borzenkov wrote:
On Wed, Oct 19, 2016 at 12:23 PM, Per Jessen <per@computer.org> wrote:
Only dishing out a /64 is entirely reasonable IMHO. SLAAC requires /64 bit prefix so you cannot use it in such case. This requires additional infrastructure and settings in case autoconfiguration is desired. I'm not sure I get your point, Andrei?
Trimmed wrong part. I actually replied to
I know of ISPs that even dish out smaller nets, for hosting for instance.
Ah, got it. Yes, definitely SLAAC would be ruled out. TBH, I don't really understanding the reasoning for handing out less than a /64, I just wanted to mention that I've seen it done. I'm also not sure if it's possible to register whois information (RIPE objects) for less than a /64, but maybe. /Per -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 09:28 AM, Per Jessen wrote:
I know of ISPs that even dish out smaller nets, for hosting for instance.
Ah, got it. Yes, definitely SLAAC would be ruled out. TBH, I don't really understanding the reasoning for handing out less than a /64, I just wanted to mention that I've seen it done. I'm also not sure if it's possible to register whois information (RIPE objects) for less than a /64, but maybe.
I've done a lot of work setting up Internet connections to hosts in data centres. There are 2 ways servers can get an internet connection. One, they get their own connection from a carrier or they may share a subnet that's available in the data centre. With IPv4, they'd typically get a /30. With IPv6, they could get a /64 from the carrier. However, I don't think there would be a problem with a /126 or /127, which is supported in IPv6, to get a single address over a point to point link. However, with all the IPv6 addresses available, a /64 for a single host is not an issue. It just rubs some people the wrong way. ;-) Back when I was using a 6in4 tunnel, I was using client software that could be configured for a /56 prefix or a single address. I used the /56 on my home network and single address on my notebook computer, when away from home. IPv6 /127 https://tools.ietf.org/html/rfc6164 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 05:23 AM, Per Jessen wrote:
A /64 is more than plenty for a single private household. I know there is a gazillion available addresses, but remember what happened last time we handed out networks left, right and centre because we had a gazillion ... Only dishing out a /64 is entirely reasonable IMHO. I know of ISPs that even dish out smaller nets, for hosting for instance.
IPv4, as we know it was only intended to be a demonstration of concept. Vint Cerf's plan was to go with a much larger address space, but IPv4 just "escaped" as is. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
14.10.2016 18:54, Lew Wolfgang пишет:
If any of you v6 experts have suggestions I'd be glad to revisit. I'd even consider purchasing a different router. Another possibility might be suggestions on how to break a /64 delegation into multiple subnets.
If you do not need SLAAC, and your box allows it, it may be possible to split /64 and use DHCP to assign addresses. Keyword is "your box allows it". http://serverfault.com/questions/714890/ipv6-subnetting-a-64-what-will-break... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
Alas, the second interface never worked. More flailing about revealed that I'm being given a /64 prefix delegation. /64 is by convention the smallest subnet you can have in IPv6, or so I've been told. So I'll need maybe a /60 delegation from Cox to have more than one LAN segment.
Publicly and by convention yes, but you can split it up locally. Dishing out smaller subnets publicly would make the internet routing tables explode very quickly. Even with /64 it's bad enough.
The saga ended with a phone call to a Cox level 2 technician who said, basically, that's too bad. He suggested that their business class service might be able to offer more. Their home service apparently assumes you'll have a single computer connected to the cable modem, and who would ever need more than one subnet!
That has been a fairly safe assumption for the last ten years or more - last time I had a consumer class modem/router, it certainly only had a LAN and a WAN side. Maybe just ignore your IoT LAN for now - most of those device won't speak IPv6 anyway (I suspect). Or ignore your wired LAN side.
If any of you v6 experts have suggestions I'd be glad to revisit. I'd even consider purchasing a different router. Another possibility might be suggestions on how to break a /64 delegation into multiple subnets.
_If_ your router is up to it, it's not a big deal.
Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed.
Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique. -- Per Jessen, Zürich (10.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/14/2016 02:24 PM, Per Jessen wrote:
Publicly and by convention yes, but you can split it up locally. Dishing out smaller subnets publicly would make the internet routing tables explode very quickly. Even with /64 it's bad enough.
It's bad with IPv4 not being set up in a hierarchical manner and worsened with address blocks moving around as they're sold. IPv6 was set up so that routing is hierarchical, which reduces the routing table size.
That has been a fairly safe assumption for the last ten years or more - last time I had a consumer class modem/router, it certainly only had a LAN and a WAN side.
Many now have a guest LAN. The modem I have, in gateway mode, supports this.
Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique.
You have more than one segment in many businesses, especially when VLANs are used. I recently did some work at a business where admin and production were on separate switches (the owner had some funny ideas about networks). All the LAN jacks were colour coded as to which network they were on. I don't think they had IPv6 though. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/14/2016 02:24 PM, Per Jessen wrote:
Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique.
You have more than one segment in many businesses, especially when VLANs are used.
Of course. I was talking about private customers, sorry. It's been a while since I've worked with consumer equipment for access routers, but looking at the typical Zyxel router/switch in use here, they only have WAN and LAN. Some with VLANs though.
I recently did some work at a business where admin and production were on separate switches (the owner had some funny ideas about networks). All the LAN jacks were colour coded as to which network they were on. I don't think they had IPv6 though.
We also keep office, production and admin separate, although office&admin mostly share the physical setup. We use separate colours for some things too. -- Per Jessen, Zürich (11.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/14/2016 11:24 AM, Per Jessen wrote:
If any of you v6 experts have suggestions I'd be glad to revisit. I'd
even consider purchasing a different router. Another possibility might be suggestions on how to break a /64 delegation into multiple subnets. _If_ your router is up to it, it's not a big deal.
That's the problem with the Zyxel router, the documentation isn't as deep as I'd like.
Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed. Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique.
So Swisscom is deploying /64 prefixes? Also, I just got off of the phone with Cox Business Services. They don't support v6 at all! He said maybe in a few months. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
On 10/14/2016 11:24 AM, Per Jessen wrote:
If any of you v6 experts have suggestions I'd be glad to revisit. I'd
even consider purchasing a different router. Another possibility might be suggestions on how to break a /64 delegation into multiple subnets. _If_ your router is up to it, it's not a big deal.
That's the problem with the Zyxel router, the documentation isn't as deep as I'd like.
Last I had to use Zyxel, there was a very extensive command line interface too. I think you had access via the console only.
Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed. Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique.
So Swisscom is deploying /64 prefixes?
To my knowledge yes. I'll have to correct myself and add that it's not for _all_ new customers, maybe they're still in trial mode.
Also, I just got off of the phone with Cox Business Services. They don't support v6 at all! He said maybe in a few months.
Around here, you get the best support and most innovation from the smaller ISPs. When I first got IPv6 in 2009 or 2010, it was with a small ISP with only 8-10 people. -- Per Jessen, Zürich (11.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 02:34 AM, Per Jessen wrote:
Lew Wolfgang wrote:
On 10/14/2016 11:24 AM, Per Jessen wrote:
If any of you v6 experts have suggestions I'd be glad to revisit. I'd
even consider purchasing a different router. Another possibility might be suggestions on how to break a /64 delegation into multiple subnets. _If_ your router is up to it, it's not a big deal. That's the problem with the Zyxel router, the documentation isn't as deep as I'd like Last I had to use Zyxel, there was a very extensive command line interface too. I think you had access via the console only.
Yes, I thought about that too a few days ago. (yes, even though I "gave up" on this I'm still thinking about it...) I just tried it and logged in via ssh. It says terminal type "xterm" not recognized, assuming VT100. (I always preferred Wyse 50 myself :-) Entering "?" shows a list of router-type commands, but not much help beyond that. I'll fiddle with it later, maybe I can find command line syntax documentation somewhere.
Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed. Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique. So Swisscom is deploying /64 prefixes? To my knowledge yes. I'll have to correct myself and add that it's not for _all_ new customers, maybe they're still in trial mode.
BTW, I'm not completely convinced that Cox is delegating only /64. I may not be requesting correctly.
Also, I just got off of the phone with Cox Business Services. They don't support v6 at all! He said maybe in a few months. Around here, you get the best support and most innovation from the smaller ISPs. When I first got IPv6 in 2009 or 2010, it was with a small ISP with only 8-10 people.
It's well known that the US sux compared to Europe WRT to ISP service and cost. We basically don't have competition for the home user. The "industry" says, "but of course you have choice". Right. We can choose between cable modem service from one company, and DSL service from the phone company. Oh, we could always run POTS modems if we wanted. What we need is for municipalities to provide/own the last mile physical plant infrastructure, then allow customers to select the ISP of their choice. All that being said, I'm lucky in that I've had good service from Cox over the years, albeit at a higher cost. I was able to get a basic Ethernet connection at home in 1996 through the @Home network. For me, that was a watershed moment in history! They ran fiber past all the houses, but this fed distribution points that delivered co-ax to clusters of about eight residences. So we were "close" to getting direct fiber. Sigh... Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 10:13 AM, Lew Wolfgang wrote:
All that being said, I'm lucky in that I've had good service from Cox over the years, albeit at a higher cost. I was able to get a basic Ethernet connection at home in 1996 through the @Home network. For me, that was a watershed moment in history! They ran fiber past all the houses, but this fed distribution points that delivered co-ax to clusters of about eight residences. So we were "close" to getting direct fiber. Sigh...
I'm in a similar situation with Rogers in Canada. They were also @home back then. Like you I have fibre to my area and coax into my home. Around here the cables are owned by Rogers or the phone company. Anyone else is simply a reseller. However, in some areas, there are other fibre providers and newer areas are fibre only. Copper simply wasn't run in. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Lew Wolfgang wrote:
Entering "?" shows a list of router-type commands, but not much help beyond that. I'll fiddle with it later, maybe I can find command line syntax documentation somewhere.
I'm sure I had a complete manual for my Zyxel, the OS even had a name, "zyxos" or something like that.
It's well known that the US sux compared to Europe WRT to ISP service and cost. We basically don't have competition for the home user. The "industry" says, "but of course you have choice". Right. We can choose between cable modem service from one company, and DSL service from the phone company. Oh, we could always run POTS modems if we wanted. What we need is for municipalities to provide/own the last mile physical plant infrastructure, then allow customers to select the ISP of their choice.
Different countries have handled the telecomms liberalisation in different ways. In Switzerland, Swisscom is the national telco with a service-public obligation. Starting more than 10 years ago, anyone who wants can start selling e.g. xDSL connections simply by renting them from Swisscom and having the traffic passed to their own networks for the uplink. For the last 4-5 years we have had municipal fibre networks too, but they also work this way. We also have UPC (formerly Cablecom) and a number of small regional cable operators, but they're private and can do whatever they want. -- Per Jessen, Zürich (10.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Oct 14, 2016 at 2:24 PM, Per Jessen <per@computer.org> wrote:
Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed.
Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique.
Multiple true LAN segments may be rare, but ... Almost all home wireless routers offer a main SSID and a guest SSID don't they? Where there is no visibility of the main SSID connected PCs from the guest SSID connected PCs. If IPv6 home deployments won't allow 2 classes of connected devices at a minimum, it will be a problem. My home router provides 4 SSIDs out of the box. Just have to enable them one at a time. That's IPv4. Uses NAT to isolate all 4 from the Internet and then you have a way to control visibility between the 4. I'd have to review the details if I cared. I don't think the visibility is controlled by subnetting, so I'm not saying it is handing out 4 different subnets. Greg -- Greg Freemyer Hillary says Trump is the only Republican she can beat, why should we vote for him? Evan McMullin is surging in the west of the Rockies Deny Hillary, vote Evan McMullin for President -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/10/16 21:40, Greg Freemyer wrote:
On Fri, Oct 14, 2016 at 2:24 PM, Per Jessen <per@computer.org> wrote:
Yes Per, it was fun. But also frustrating. Unless my environment is somehow unique I think that full deployment of v6 will be difficult indeed.
Swisscom is deploying IPv6 to all new customers. I think perhaps having two 2 LAN segments is a little unique.
Multiple true LAN segments may be rare, but ...
Almost all home wireless routers offer a main SSID and a guest SSID don't they?
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
If IPv6 home deployments won't allow 2 classes of connected devices at a minimum, it will be a problem.
Provided the router allows it, there is no problem. If the router supplied supports multiple network segments, but cannot "subnet" the allocated /64 prefix, that is a problem. /Per -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-17 09:32, Per Jessen wrote:
On 14/10/16 21:40, Greg Freemyer wrote:
Almost all home wireless routers offer a main SSID and a guest SSID don't they?
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
My two home routers do not, but one that I manage for a friend does. Different ISP, one that offers free wifi for people on the street, using the home routers of clients. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 10/17/2016 06:48 AM, Carlos E. R. wrote:
My two home routers do not, but one that I manage for a friend does. Different ISP, one that offers free wifi for people on the street, using the home routers of clients.
I hope those clients don't get stuck paying for that data! ;-) I don't know how well that would work where I live. I'm in a condo, with multiple units, a fair distance from the street. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Oct 17, 2016 at 8:47 AM, James Knott <james.knott@rogers.com> wrote:
On 10/17/2016 06:48 AM, Carlos E. R. wrote:
My two home routers do not, but one that I manage for a friend does. Different ISP, one that offers free wifi for people on the street, using the home routers of clients.
I hope those clients don't get stuck paying for that data! ;-)
I don't know how well that would work where I live. I'm in a condo, with multiple units, a fair distance from the street.
Comcast has rolled that out to 10's of millions of wifi routers. It's an opt-out option, so most Comcast (xfinity) customers have it. What you see is the "xfinitywife" SSID. Click "Home Hotspot" in the menu section of http://wifi.xfinity.com/ But yes, the data path is logically different from the subscribers data path. And the GBs transferred get applied to the actual user. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/17/2016 10:41 AM, Greg Freemyer wrote:
Comcast has rolled that out to 10's of millions of wifi routers. It's an opt-out option, so most Comcast (xfinity) customers have it.
What you see is the "xfinitywife" SSID.
Sitting in my condo, I can see at least a dozen WiFi SSIDs. I can just imagine seeing a dozen with the same SSID. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-17 14:47, James Knott wrote:
On 10/17/2016 06:48 AM, Carlos E. R. wrote:
My two home routers do not, but one that I manage for a friend does. Different ISP, one that offers free wifi for people on the street, using the home routers of clients.
I hope those clients don't get stuck paying for that data! ;-)
No, not at all. You pay for the fibre, use it as much as you want, not per megabyte.
I don't know how well that would work where I live. I'm in a condo, with multiple units, a fair distance from the street.
Same in the case I was talking about :-) I disabled the feature, anyway. I was not convinced. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
My previous reply several hours ago got lost. Reposting. On 2016-10-17 14:47, James Knott wrote:
On 10/17/2016 06:48 AM, Carlos E. R. wrote:
My two home routers do not, but one that I manage for a friend does. Different ISP, one that offers free wifi for people on the street, using the home routers of clients.
I hope those clients don't get stuck paying for that data! ;-)
No, not at all. You pay for the fibre, use it as much as you want, not per megabyte.
I don't know how well that would work where I live. I'm in a condo, with multiple units, a fair distance from the street.
Same in the case I was talking about I disabled the feature, anyway. I was not convinced. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
On 2016-10-17 09:32, Per Jessen wrote:
On 14/10/16 21:40, Greg Freemyer wrote:
Almost all home wireless routers offer a main SSID and a guest SSID don't they?
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
My two home routers do not, but one that I manage for a friend does. Different ISP, one that offers free wifi for people on the street, using the home routers of clients.
Yes, that's quite a clever setup. UPC has the same in Switzerland, but only for UPC customers who participate in the scheme. AFAIK, the UPC routers all have two SSIDs, one for guests, one for the owner. -- Per Jessen, Zürich (11.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Oct 17, 2016 at 7:17 AM, James Knott <james.knott@rogers.com> wrote:
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too.
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs. None were ISP provided, so maybe that's the difference. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/17/2016 09:47 AM, Greg Freemyer wrote:
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs.
None were ISP provided, so maybe that's the difference.
I bought my access point (not a router) almost 5 years ago. It supports up to 4 SSIDs & VLANs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/17/2016 09:47 AM, Greg Freemyer wrote:
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs.
None were ISP provided, so maybe that's the difference.
I bought my access point (not a router) almost 5 years ago. It supports up to 4 SSIDs & VLANs.
Which make/model? -- Per Jessen, Zürich (11.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 03:54 AM, Per Jessen wrote:
James Knott wrote:
On 10/17/2016 09:47 AM, Greg Freemyer wrote:
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs.
None were ISP provided, so maybe that's the difference. I bought my access point (not a router) almost 5 years ago. It supports up to 4 SSIDs & VLANs. Which make/model?
TP-Link TL-WA901ND. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/17/2016 09:47 AM, Greg Freemyer wrote:
On Mon, Oct 17, 2016 at 7:17 AM, James Knott <james.knott@rogers.com> wrote:
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt. While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too.
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs.
None were ISP provided, so maybe that's the difference.
Greg
Wow. This message took almost 13 hours to get to me. According to the time stamp, it was sent at 9:47 AM and it's now 10:41 PM! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Wow. This message took almost 13 hours to get to me. According to the time stamp, it was sent at 9:47 AM and it's now 10:41 PM!
Yes, there seems to have been an issue getting it delivered from the SUSE mailserver to the opensuse mailing list server. -- Per Jessen, Zürich (11.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-10-17 15:47, Greg Freemyer wrote:
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs.
None were ISP provided, so maybe that's the difference.
I have a TP-Link TD-W8970 and it only has one SSID. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Greg Freemyer wrote:
On Mon, Oct 17, 2016 at 7:17 AM, James Knott <james.knott@rogers.com> wrote:
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too.
I admit to being surprised. I have bought / managed at least 5 new (or relatively new) wifi routers in the last 3 years. All had 2 or more SSIDs.
When I bought the TP-link boxes about a year ago, I wanted to stay away from Zyxel (poor support & software experience in the past), and while some had multiple SSID support, they didn't have VLAN support. I'm not even sure about our TP-link boxes right now, but they have 3 SSIDs. -- Per Jessen, Zürich (10.9°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 03:54 AM, Per Jessen wrote:
When I bought the TP-link boxes about a year ago, I wanted to stay away from Zyxel (poor support & software experience in the past), and while some had multiple SSID support, they didn't have VLAN support. I'm not even sure about our TP-link boxes right now, but they have 3 SSIDs.
Mulitple SSIDs without VLANs are somewhat useless. My TP-Link supports VLANs and mulitple SSIDs. but it has a flaw. Frames from the main LAN leaks into the VLAN, causing problems with devices getting the correct IPv6 address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/19/2016 03:54 AM, Per Jessen wrote:
When I bought the TP-link boxes about a year ago, I wanted to stay away from Zyxel (poor support & software experience in the past), and while some had multiple SSID support, they didn't have VLAN support. I'm not even sure about our TP-link boxes right now, but they have 3 SSIDs.
Mulitple SSIDs without VLANs are somewhat useless.
Yep. I have just checked it, the tplinks have 4 SSIDs with VLAN support.
My TP-Link supports VLANs and mulitple SSIDs. but it has a flaw. Frames from the main LAN leaks into the VLAN, causing problems with devices getting the correct IPv6 address.
Maybe a firmware upgrade? -- Per Jessen, Zürich (10.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 09:11 AM, Per Jessen wrote:
My TP-Link supports VLANs and mulitple SSIDs. but it has a flaw.
Frames from the main LAN leaks into the VLAN, causing problems with devices getting the correct IPv6 address. Maybe a firmware upgrade?
It already has the latest available. What's more, when I contacted support about it, I was told that was normal. He just couldn't understand that VLANs are supposed to behave as physically separate networks. I then was able to talk to someone who could provide more advanced support. He agreed it was a defect, but nothing came of it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/19/2016 09:11 AM, Per Jessen wrote:
My TP-Link supports VLANs and mulitple SSIDs. but it has a flaw.
Frames from the main LAN leaks into the VLAN, causing problems with devices getting the correct IPv6 address. Maybe a firmware upgrade?
It already has the latest available.
What's more, when I contacted support about it, I was told that was normal. He just couldn't understand that VLANs are supposed to behave as physically separate networks. I then was able to talk to someone who could provide more advanced support. He agreed it was a defect, but nothing came of it.
We're going off-topic - it reminds me of when I first switched our private line to a Zyxel ADSL/ISDN router. I wanted to activate logging to syslog over port 514, and it just did not work. Nothing ever got logged. I got hold of the local support from the distributor, and I was stubborn enough to make them reproduce it. They confirmed it and reported it back to Korea or Taiwan or whereever and I ended up with a firmware - which was never officially published though. -- Per Jessen, Zürich (10.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt.
While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too.
I was talking about the access point, not a modem/router. Just a plain wifi access point. I ended up with some boxes by TP-Link. -- Per Jessen, Zürich (10.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 03:37 AM, Per Jessen wrote:
James Knott wrote:
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt. While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too. I was talking about the access point, not a modem/router. Just a plain wifi access point. I ended up with some boxes by TP-Link.
My access point is also TP-Link, a TL-WA901ND. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 10/19/2016 03:37 AM, Per Jessen wrote:
James Knott wrote:
On 10/17/2016 03:32 AM, Per Jessen wrote:
Not in my experience. About a year ago I wanted to split the office wifi traffic into private, business, guest and voip, so I needed multiple SSIDs and VLANs. AFAIR, I only had one single choice (unless I wanted to buy Cisco) or get into dd/open-wrt. While I won't say most, many do. In fact, the cable modem provided by my ISP does. I have seen some consumer grade routers that do too.
I was talking about the access point, not a modem/router. Just a plain wifi access point. I ended up with some boxes by TP-Link.
My access point is also TP-Link, a TL-WA901ND.
Ha, what a coincidence, same here! I have not seen the issue you mentioned about leaking frames though. I have installed at least one new firmeware release. http://www.tp-link.com/en/download/TL-WA901ND.html#Firmware Doesn't mention anything about leaking frames though. -- Per Jessen, Zürich (10.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/19/2016 09:18 AM, Per Jessen wrote:
Ha, what a coincidence, same here! I have not seen the issue you mentioned about leaking frames though. I have installed at least one new firmeware release.
http://www.tp-link.com/en/download/TL-WA901ND.html#Firmware
Doesn't mention anything about leaking frames though.
Mine's V1 and I have the beta version listed under V1. It didn't fix the problem. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/17/2016 01:01 PM, Lew Wolfgang wrote:
Hi Folks,
I finally started to fiddle with my router's IPv6 configuration. My ISP (Cox cable modem) advertises v6 compatibility, so things should work if all my stars line up, right?
The router is a ZyXEL USG 20W, but I'm not using the Wifi radio portion.
I click the /system/IPv6 "Enable IPv6" check box and it then enables v6 configuration options.
Under /Network/Interface/Ethernet I now get options to configure the logical interfaces. (the USG 20W allows individual RJ45 Ethernet ports to be assigned to logical interfaces. I've got switches connected to the various ports to segment the lan appropriately.) IPv6 is disabled for all interfaces at this point. So I click on wan1 to edit it's config and am presented with these interesting options, among others:
Yes/No: Enable SLACC V6 Address/Prefix Length (optional) Gateway (optional) Metric: 0-15 Address from DHCPv6 Delegation (add entries) DHCPv6: Server/Client/Relay Yes/No: Enable Router Advertisement Yes/No: Advertised Hosts get Network Config from DHCP6 Yes/No: Advertised Hosts get Other Config from DHCP6 MTU: 1480 default Router Preference: Low/Medium/High Advertised Prefix Table: Add IPv6 address/prefix length Advertised Prefix from DHCPv6 Prefix Delegation (add entries) Egress bandwidth: for load balancing Ingress bandwidth: for load balancing
LAN1, LAN2, and DMZ have similar configuration screens.
Certainly not plug-and-play!
The modem/router provided by my ISP certainly was. Just plug it in and it works. On the otherhand, the firewall I use, pfSense, has more options.
I'm sure that many of the config choices have reasonable defaults, but above that I haven't the foggiest notion how to configure this, and also how to test the configs for proper security. I'm sure I could figure it all out, but at this point in time, why bother? Maybe sometime if I've got a long weekend when no one else is using the network I'll fiddle with it again.
Regards, Lew
You want SLAAC on and it will automagically set your prefix and network address. BTW, the local LAN prefix is normally a /64, providing 64 bits for the network address and 64 for the host. The prefix serves the exact same function as the subnet mask in IPv4. Gateway and metric work the same as IPv4. Address from DHCPv6 Delegation (add entries) DHCPv6: Server/Client/Relay You generally don't need DHCPv6, though it can be used to hand out things like NTP server addresses etc. Yes/No: Enable Router Advertisement Yes, as that's how your devices normally get their prefix. MTU depends on your Internet connection, just as with IPv4 Many of the others are not relevant to small networks as, for example, I doubt you're using load balancing. Yours is more complex because you have a router that's more intended for business use, where they'd have more complex networks, than for home, small office use. Many of those settings would also apply to IPv4. As I mentioned, I'm running pfSense and it has a lot of options that I don't worry about, as they don't apply to me. I also have a Cisco router here, which I could certainly configure for my Internet connection, but it has far more options than I'd ever need for my home network. Incidentally, a company I set up a VoIP system for, week before last, has the same ISP and cable modem as I do. They had IPv6 up & running even though the didn't even know anything about it. The ISP's modem/router was all ready to go with IPv6, right out of the box. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Andrei Borzenkov -
Carlos E. R. -
Greg Freemyer -
James Knott -
Lew Wolfgang -
Per Jessen