| ▲ | jcalvinowens 20 hours ago |
| Do you actually own that /48? The problem with using the globally routable addresses internally is that your public /48 might change in the future, and and that will force you to change a bunch of internal stuff. I have my router set up to advertise two /64 prefixes on each LAN subnet: one from fddd:deca:fbad::/56* that I use for all internal communication, and one from 2001:5a8:xxxx:xxxx::/56 that is only used for talking to the internet. Every device I've ever tested supports this configuration flawlessly, including linux/apple/windows laptops, apple/android mobile devices, an IoT vacuum, and a 10+ year old VoIP phone. My router is a Linux PC, so I can configure radvd however I want (no GUI, I just edit the configs over SSH). Maybe home routers won't let you do this. * You're really supposed to pick a random prefix in fd00::/8, but uniqueness only matters if you intend to merge networks with somebody else later, I care more about it being easy to remember. |
|
| ▲ | uyzstvqs 20 hours ago | parent | next [-] |
| Ideally it'll be standard that your DHCP will assign you both an internet IP from your ISP-provided prefix (dynamic or static), and private IP from a ULA prefix, which can be made static through address reservation. |
| |
| ▲ | jcalvinowens 20 hours ago | parent [-] | | Don't use DCHPv6 at home. I tried: you will hate your life, lots of stuff doesn't support it. Android specifically has zero support for it, google says it never will. Use SLAAC. It just works. | | |
| ▲ | yjftsjthsd-h 19 hours ago | parent | next [-] | | How do you handle internal DNS? I'd really like `curl http://mylaptop.internal` (or so) to work; that's easy with DHCP. | | |
| ▲ | jcalvinowens 17 hours ago | parent | next [-] | | You can specify the DNS server in the router advertisements. This is how you do it in radvd.conf: interface enp2s0f1 {
AdvSendAdvert on;
AdvManagedFlag off;
AdvOtherConfigFlag off;
IgnoreIfMissing on;
prefix ::/64 {
AdvOnLink on;
AdvAutonomous on;
};
RDNSS fddd:deca:fbad:1::10 {
AdvRDNSSLifetime infinity;
};
DNSSL internal.domain {
AdvDNSSLLifetime infinity;
};
};
I haven't yet found a way to specify a local NTP server though, which is a drag. So everything not manually configured (like the voip phone) talks to the local NTP over ipv4. | | |
| ▲ | yjftsjthsd-h 17 hours ago | parent [-] | | Sure. And how does that internal DNS server know about your devices? I connect laptop1 and laptop2 to my network. With DHCP, they each told eg. dnsmasq their name when they connected so laptop1.mydomain.internal and laptop2.mydomain.internal both resolve to the IPs that were handed out to each device. With RDNSS+DNSSL I can tell them that they should look up records on my internal domain and against my internal DNS server, but I can't see a good way for that DNS server to know that they exist or what their hostnames are. | | |
| ▲ | jcalvinowens 16 hours ago | parent [-] | | Oh I see. You're supposed to use mdns, but I haven't actually done that yet, it's sort of the last thing on my list. Mine is all static. I run a bind9 forwarder for DNS, and KEA for dhcp4. I have a little list of machines/macs/addresses as the source of truth, and a pair of python scripts that generates kea-dhcp4.conf and a bind9 zone file from that table. When I enabled IPv6, I just put all the SLACC addresses in that table, and made the python script generate AAAA records too. But this is honestly really stupid, I need to actually use mdns... I thought about writing a little systemd oneshot that used rfc2136 dyndns updates for home. But it feels like reinventing the wheel a bit... | | |
| ▲ | yjftsjthsd-h 16 hours ago | parent [-] | | Perhaps I should give mDNS another look, then. Feels like a regression, but if it works. > When I enabled IPv6, I just put all the SLACC addresses in that table, and made the python script generate AAAA records too. Er, isn't that just manual static assignment, then? Not SLAAC? Don't get me wrong, static addresses do make DNS easy... | | |
| ▲ | jcalvinowens 16 hours ago | parent [-] | | > Er, isn't that just manual static assignment, then? Not SLAAC? Haha no, much dumber than that: I boot the machine, get the permanent SLAAC address it comes up with, put that in the static table, and re-run the script to generate the zone files. The downside is the address changes if you reinstall the OS, but I do that so rarely it honestly hasn't been a problem (and you can force the older MAC-based address generation if you want it to be stable). I wouldn't recommend this setup though... I do also have some static addresses, like that DNS server address. | | |
| ▲ | yjftsjthsd-h 16 hours ago | parent [-] | | LLOL, okay yes that is. Er. An unusual setup:D As the guy who usually says "if it works"... I'm surprised that works. But only because I thought SLAAC addresses changed at least per-boot. But since that clearly isn't the case: Well, if it works... P.S. thanks for the funniest HN comment I've read in a while |
|
|
|
|
| |
| ▲ | kstrauser 17 hours ago | parent | prev | next [-] | | Every device on my LAN handles mDNS, or at least the ones I SSH to do. | |
| ▲ | hbogert 17 hours ago | parent | prev [-] | | Nothing is stopping your router which does RA to also work in tandem with an internal dns server that can do hostnames for you mapped to slaac addresses. | | |
| ▲ | yjftsjthsd-h 17 hours ago | parent [-] | | I'm not sure I follow? AIUI, RA lets you tell hosts about a DNS server, and an internal DNS server could have AAAA records pointing at SLAAC addresses, but how would it know what hostnames go to those addresses? |
|
| |
| ▲ | simoncion 19 hours ago | parent | prev [-] | | I'm pretty sure that you can use both. RAs even have bits to indicate if one is supposed to autoconfigure, [0] hit up a DHCPv6 server for some or all configuration, [1] or both. radvd refers to them as AdvAutonomous and AdvOtherConfigFlag/AdvManagedFlag, respectively. [0] <https://datatracker.ietf.org/doc/html/rfc4861#section-4.6.2> [1] <https://datatracker.ietf.org/doc/html/rfc4861#section-4.2> | | |
| ▲ | retatop 18 hours ago | parent | next [-] | | This is exactly what I do. Almost everything has a nice DHCPv6 address so that I can actually remember the ULA + the suffix, but then for the two devices on my network that don't do DHCPv6 they get a SLAAC. One oddity though is that it means most devices on my network have both a SLAAC and a DHCP-provided one, since I wasn't able to be able to get it to prioritize a DHCP. Combine that with them having both ULA addresses and public addresses and some stuff on my network have way more addresses than you'd expect | |
| ▲ | jcalvinowens 16 hours ago | parent | prev [-] | | You can use both, but I've never found a good reason to at home. The DHCPv6 option for specifying an NTP server might be a good reason to... but even Linux machines ignored it when I tried. Maybe in five years :) |
|
|
|
|
| ▲ | compounding_it 20 hours ago | parent | prev | next [-] |
| >Do you actually own that /48? In my experience the ISP generally fixes a /64 for each customer. So if in the future you change your ISP, you might want to keep the remaining addresses same while just using a script to replace the preceding /64 address. |
| |
| ▲ | kccqzy 20 hours ago | parent | next [-] | | My ISPs change the /64 more often. So I use the ULA a lot more often. My router runs its own DNS server and then it advertises this DNS server using a ULA address. | | |
| ▲ | miyuru 19 hours ago | parent [-] | | I have mentioned this elsewhere, but ISPs should make BYOIPv6 more common, not just to the Business customers. Their are people like OP who do this via a VPS provider that supports BYOIP and then tunnel to the VPS network, so there is a demand. https://news.ycombinator.com/item?id=47355038 | | |
| ▲ | jcalvinowens 16 hours ago | parent [-] | | I've never heard of an end user ISP that would announce and route a customer owned block of addresses. They'll all give you a static allocation, but it will be in their block. Maybe if you were a huge customer they could do it... but I can't believe they would go to that much trouble for the measly <$100/month they get from me. Also, I very much don't want all my outbound internet traffic to come from a permanent address range I am publicly known to own. I'd still want an ephemeral /56 for outbound traffic that changed from time to time. |
|
| |
| ▲ | jcalvinowens 20 hours ago | parent | prev [-] | | Typically it's similar to ipv4, they try to assign the same address/prefix for the same MAC/DUID. The most common reason to lose your addresses is replacing your router. Hopefully new routers allow you to set the dhcpv6 DUID somehow... | | |
| ▲ | compounding_it 20 hours ago | parent [-] | | I haven't experienced this. For me it's statically assigned but my guess is that the PON serial and/or MAC is being used or the customer ID. I think the ISPs have gotten very automated these days and everything seems to be some sort of SDN. It saves lot of labour hours in troubleshooting like customer forgetting their wifi passwords to their routers. | | |
| ▲ | jcalvinowens 20 hours ago | parent [-] | | Interesting. Honestly I like having control over it, that would annoy me. I deliberately change the DUID in dhcpcd to force my public addresses to change every so often. |
|
|
|
|
| ▲ | simoncion 19 hours ago | parent | prev | next [-] |
| > Do you actually own that /48? Well. From TFA: So I decided to use Free Range Cloud service provider to lease a /48, which cost me around C$10/year. I also used their tunnel service to then route this over to me.
The link embedded in the pull quote is [0], which isn't maximally helpful, but it's useful. Approximately 60 seconds of poking around there brings us to [1], which quotes a "ARIN - /48 IPv6 lease ... Use on our network or yours" for $8/year with a $2 setup fee. That sounds a lot like what's mentioned in TFA.So. You tell me? [0] <https://freerangecloud.com/> [1] <https://freerangecloud.com/products.php> |
| |
| ▲ | jcalvinowens 16 hours ago | parent [-] | | It's was a rhetorical question, he doesn't own it. And it takes much less than sixty seconds to figure that out: $ whois 2602:fed2:7e02::
...
NetRange: 2602:FED2:: - 2602:FED2:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR: 2602:FED2::/32
NetName: 10VPN-PRIMARY
NetHandle: NET6-2602-FED2-1
Parent: NET6-2600 (NET6-2600-1)
NetType: Direct Allocation
If that VPN provider goes out of business, he probably loses those addresses. |
|
|
| ▲ | simoncion 19 hours ago | parent | prev [-] |
| > * You're really supposed to pick a random prefix in fd00::/8, but uniqueness only matters if you intend to merge networks with somebody else later, I care more about it being easy to remember. If you don't care about collision resistance, why didn't you pick fd00:: ? That's way easier to remember than that jumble of letters you selected. It's actually my go-to subnet when someone claims that local-only IPv6 addresses are "hard to remember". fd00::1 is notably shorter than 10.0.0.1. |
| |
| ▲ | jcalvinowens 16 hours ago | parent | next [-] | | Heh, fair enough. I picked it because it makes me laugh when I have to type it (say it in Elmer Fudd's voice). I don't actually type it very often. | |
| ▲ | mr_mitm 17 hours ago | parent | prev [-] | | You can write it as 10.1 though | | |
| ▲ | simoncion 17 hours ago | parent [-] | | You could, sure. You shouldn't, because not only is it nonstandard, roughly noone writes it that way. Without consulting documentation or otherwise querying external memory, tell me what is 10.1.1? |
|
|
