Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
glitchc a day ago

While these articles are useful in understanding the utility of IPv6, what would really help is an article explaining step by step how to configure a home network using IPv6. The tutorial should answer these questions:

- How to ensure there are no collisions in address space? Translates to, how to pick safe addresses, is there a system?

- How do I route from an external network resource to an internal network resource? Translates to, can you provide syntax on how to connect to an smb share? Set up a web service that works without WireGuard or equivalent?

- How does one segment networks, configure a vlan, set up a firewall?

candiddevmike a day ago | parent | next [-]

- if you're talking a private/local prefix, you can use tools like this to generate one: https://unique-local-ipv6.com/. Otherwise DHCPv6 and SLAAC will ensure no collisions for the most part.

- Use global/public addresses on all your devices (using something like prefix delegation) or use NAT.

- Same as IPv4. Prefix delegation will let your ISP assign you multiple networks, and then most routers will break these up into /64 networks for each of your VLANs.

Latty a day ago | parent | prev [-]

- SLAAC - the address spaces for IPv6 are so huge, collisions are extremely unlikely outside of intentional actions.

- Open holes through firewalls, point DNS at the address, and it should just work, the joys of actually having public addresses.

- Same way as with IPv4 mostly. The only real difference is because SLAAC assumes a /64 you probably want your networks to be at least that big.

oezi a day ago | parent [-]

> extremely unlikely outside of intentional actions.

But come on! It is a legitimate question, do you just scramble keys when picking an address?

> the joys of actually having public addresses.

If your ISP gives you a static IPv6. Unfortunately in Germany none of the ISP for private users does (last I checked).

db48x a day ago | parent | next [-]

> do you just scramble keys when picking an address?

No. Your ISP or tunnel broker gives you a network prefix. Then you configure SLAAC to use that prefix and hand out addresses within it. Job done.

For example, the prefix might look like 2001:470:e904::/48. Your computers can use any addresses you want as long as they start with that prefix. Since you don’t want to manually hand out addresses to every computer, you configure a router to hand out addresses via SLAAC. Your computers will use SLAAC to discover the prefix from the router, then fill in the bottom 64 bits of the address with a random number. They then ask the local network if anyone is using that full address. If not then they are done and have a working address. If somehow someone is using that address then they try again with a different random number. Servers that want a fixed address will just use their network card’s MAC address (or anything similar, if you want) instead of a random number. The protocol is the same either way.

Notice that this actually gives you some bits of your own to play with, if you want. The full address is 128 bits long. The first 48 were used by the prefix and the bottom 64 by the individual devices, leaving 16 bits in the middle. You could tell your router that the prefix for SLAAC is 2001:470:e904:42::/64, for example, and then use the other subnets for other purposes. Maybe 2001:470:e904:beef::/64 is a special subnet just for your meat freezer and associated monitoring equipment. I don't know, you get to make these things up for yourself. Maybe you manage a corporate network that has a separate VLAN for phones than for normal PCs, and a third VLAN for the guest WiFi. You can give them each a different prefix by embedding the VLAN id into the prefix you advertise via SLAAC.

There’s also DHCPv6 if you want even more control over which addresses are handed out, or you want to subdivide your network even more finely. Or if ISPs ever start handing out smaller prefixes.

> If your ISP gives you a static IPv6. Unfortunately in Germany none of the ISP for private users does (last I checked).

Sure, that’s true. But they probably don’t hand out static addresses for IPv4 either. Not without paying extra, that’s for sure. Either way if you want some static identifier for your computer(s) then the solution is the same: DNS.

Of course if you _are_ running a corporate network with a bunch of VLANS like that then you should actually get your own prefix from your RIR rather than from your ISP. Then you purchase IP transit services from your ISP rather than consumer internet access. You can then advertise your prefix(es) via BGP. Again, this is exactly what you would do for IPv4. Same software, same configuration, just longer addresses. The main advantage of this extra work is that you can keep your addresses static even if you move to an entirely different ISP. You can also use the same addresses over multiple connections to multiple ISPs for better redundancy.

flumpcakes a day ago | parent [-]

This is a good overview. I think the difficulty with IPv6 is that people rely on all of the crutches invented for IPv4 as features: private addressing NATing gives you security (it doesn't) and portability (it does), IPv6 usually uses subnets per physical location making failover difficult, where as IPv4 will use bgp announcements to failover public IPs, etc. I'm not saying one way is better than the other, just that IPv6 is pretty different and people very much have a IPv4 world view.

Latty a day ago | parent | prev [-]

> But come on! It is a legitimate question, do you just scramble keys when picking an address?

I did give the answer: SLAAC.

> If your ISP gives you a static IPv6. Unfortunately in Germany none of the ISP for private users does (last I checked).

Weird, here in the UK all the ones I've had have given me a static /56. Still, the same answer for that (DDNS) exist as for dynamic IPv4 addresses, you still get the advantage of not having to deal with NAT.