Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
I dont get IPV6
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1394

PostPosted: Wed Jan 15, 2020 7:11 am    Post subject: I dont get IPV6 Reply with quote

IPV6 is what 22 years old now?
And has not made it to my neck of the woods.
I see articles about it, statistics have gone up in the last few years:
https://www.google.com/intl/en/ipv6/statistics.html
Cool 128 bit addresses instead of (32+16) 48, we need addresses, no more free static IP's, I sorta get it.

Here in the USA, like most, my home OSI layer 1 land line ISP options are a 'Bell' baby or a former cable company.
There are sites I can go to to check IPV6 availability in my area:
http://test-ipv6.comcast.net/
and I get
Quote:
No IPv6 address detected You appear to have no IPv6 address.

It looks like you have only IPv4 Internet service at this time. Don't feel bad - most people are in this position right now. Most Internet service providers are not quite yet ready to provide IPv6 Internet to residential customers.


I don't have any political beef with IPV6, if my ISP wants to use it I'll use it right away.
and as long as my isp does not give me a routable IPV6 address I am invisible to IPV6 internet correct?

Whats odd is for years I have had issues with IPV6 trying to be on top of its dual stack with IPV4, slowing my machines to a crawl, first trying to resolve IPV6 dns then IPV4.

I have learned to set
Code:
/etc/gai.conf

Code:
precedence ::ffff:0:0/96  100

I started taking it out of my kernels,
I run no local loopback on IPV6,
just don't need it.

Now hopefully I am mistaken but it appears user-space programs are depending on IPV6?
And that makes me interested, why should user-space care if its on IPV6 or IPV4?
Now I have to compile in IPV6 as a kernel module and disable it on boot for user-space to be happy.
For example
Code:
www-client/google-chrome
with IPV6 behind the scenes logs stuff like:
Code:
ERROR:socket_udp.cc(153)] bind() to :::0 failed: -109


Code:
tcpdump enp13s0 -i wlp2s0 -vv ip6
reveals devices on my network trying to self assign a IPV6 address and start routing themselves.
Code:
22:51:22.248799 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1e7:6298:aefb:8c8d > ff02::1:fff5:6d70: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::62fb:42ff:fef5:6d70

What am I missing?
Thanks in advance for your comments / rants / views to enlighten me.
Cheers
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7446
Location: almost Mile High in the USA

PostPosted: Thu Jan 16, 2020 12:36 am    Post subject: Reply with quote

You could get a remote broker to tunnel IPV6 to you over IPV4, like hurricane electric if your ISP does not do so.

For me my ISP uses 6RD and is likewise a IPV6 over IPV4 tunnel. The IPV6 address I get are routable over the network and yes I have to make sure I firewall off the client machines that are bypassing the IPV4 NAT firewall by using IPV6. I technically should look into getting IPV6 NAT but the firewall ended up being easier.

There are programs that are starting to use IPV6. The problem is that the IPV6 stack can do both IPV4 and IPV6 connects, and to make software maintenance easier (isn't this always the case?), people code IPV6 directly.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6777
Location: Blighty

PostPosted: Thu Jan 16, 2020 2:44 am    Post subject: Reply with quote

eccerr0r wrote:
You could get a remote broker to tunnel IPV6 to you over IPV4, like hurricane electric if your ISP does not do so.


And the big problem here is NetFlix.
Like all good programs it will default to IPv6.

Like the big bad corporate it is it detects a tunnel and refuses to play :(

The *huge* downside of IPv6 is that the core is Router Advertisements which are broadcast.
I have no way of saying "exclude my Google Chromecast from IPv6".
And that's the big white elephant in the room.

I've tried many ways of trying to get em to play nice, but I've just given up now.
I use a HE tunnel, but it's not advertised on my home network - each node that needs IPv6 needs a static config.
And as the maintainer of dhcpcd which prides itself on 100% automation this situation sucks.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7446
Location: almost Mile High in the USA

PostPosted: Thu Jan 16, 2020 3:45 am    Post subject: Reply with quote

Agreed, this is not a ipv6 problem, this is a netf*x problem.
The autoconfig ipv6 is nice, but yes to work around the netf*x problem is the trouble.

Then g**gle is the other problem not allowing them to configure chromecast to disable ipv6.

Not a real problem, it's completely bigbadcorporate.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1394

PostPosted: Thu Jan 16, 2020 6:20 pm    Post subject: Reply with quote

I thought the point of IPV6 just to create more static IP's and everything would run like IPV4 with ports and firewalls.

It seems like userspace applications are wanting to use 'SLAAC' https://tools.ietf.org/search/rfc4862 :

rfc4862 wrote:
The IPv6 stateless autoconfiguration mechanism requires no manual
configuration of hosts, minimal (if any) configuration of routers,
and no additional servers. The stateless mechanism allows a host to
generate its own addresses using a combination of locally available
information and information advertised by routers. Routers advertise
prefixes that identify the subnet(s) associated with a link, while
hosts generate an "interface identifier" that uniquely identifies an
interface on a subnet. An address is formed by combining the two.
In the absence of routers, a host can only generate link-local
addresses. However, link-local addresses are sufficient for allowing
communication among nodes attached to the same link.


So I havent read that entire RFC but it seems like 'SLAAC' is a ghost network that will start running on its own regardless of routers but where does the 'same link' then end? the modem, a CTMS or DSLAM? the ISP itself?

eccerr0r wrote:
I have to make sure I firewall off the client machines that are bypassing the IPV4 NAT firewall by using IPV6.


So regular home router has a IPV6 setting that can be set to 'disabled' but that means the router will still forward IPV6 packets across the router?
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18439

PostPosted: Thu Jan 16, 2020 6:47 pm    Post subject: Reply with quote

turtles wrote:
So I havent read that entire RFC but it seems like 'SLAAC' is a ghost network that will start running on its own regardless of routers but where does the 'same link' then end? the modem, a CTMS or DSLAM? the ISP itself?
Seems like it is the IPv6 equivalent of IPv4 169.254... link-local addressing.
Quote:
IPv4 link-local addresses are assigned to address block 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). In IPv6, they are assigned the address block fe80::/10.


https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration
https://en.wikipedia.org/wiki/Link-local_address
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6777
Location: Blighty

PostPosted: Thu Jan 16, 2020 9:01 pm    Post subject: Reply with quote

turtles wrote:
So I havent read that entire RFC but it seems like 'SLAAC' is a ghost network that will start running on its own regardless of routers but where does the 'same link' then end? the modem, a CTMS or DSLAM? the ISP itself?


It's only on the network segment - a router will never forward it to another one.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1394

PostPosted: Fri Jan 17, 2020 2:36 am    Post subject: Reply with quote

Got it thanks.
It sure causes a lot of network chatter on a network that has no IPV6.

Still seems strange that google-chrome code internals trys to bind to a local IPV6 socket instead of a unix socket:
Code:

[22788:22797:0114/103013.939174:ERROR:socket_udp.cc(153)] bind() to :::0 failed: -109

_________________
Donate to Gentoo
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3684
Location: Illinois, USA

PostPosted: Fri Jan 17, 2020 4:03 am    Post subject: Reply with quote

turtles wrote:
Still seems strange that google-chrome code internals trys to bind to a local IPV6 socket instead of a unix socket:

Because google-chrome is not a real Linux program. It's a Windows program adapted to Linux.
Back to top
View user's profile Send private message
gentoo_ram
Guru
Guru


Joined: 25 Oct 2007
Posts: 417
Location: San Diego, California USA

PostPosted: Fri Jan 17, 2020 7:22 pm    Post subject: Reply with quote

Are you using dhcpcd to get an IPv4 address from your network? Because dhcpcd can also get IPv6 addresses. This works on my Spectrum network connection. It gets an IPv6 host address (/128) for my internet interface 'inet0' and gets a (/64) block for my internal interface 'lan0'.

The key parts of dhcpcd.conf for IPv6 for my working config are:
Code:
noipv6rs

interface lan0
        ipv6only

interface inet0
        ipv6rs
        ia_na 1
        ia_pd 2 lan0/0
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7446
Location: almost Mile High in the USA

PostPosted: Sat Jan 18, 2020 4:33 am    Post subject: Reply with quote

You get an ipv6 address only if there's a ipv6 address service. You'll only get a link local address if there are no advertisements on your network.
If you have a DHCPV6 service, which I don't think many ISPs use yet, you get an ISP assigned IPV6 address, but it shouldn't be a /128, it should include your ISP's prefix.

If there is no DHCPV6 service but have a router advertisement service, your machine will automatically come up with its own IP address based on the router advertisement. Once again you end up getting a fixed prefix (usually 40 to 80 bits) and then SLAAC takes care of the rest of the address.

However I'm not sure how many ISPs use DHCPV6 yet. I actually have the more common SLAAC variety and technically have over 2^64 IPV6 addresses, all routable...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6777
Location: Blighty

PostPosted: Sat Jan 18, 2020 9:45 am    Post subject: Reply with quote

eccerr0r wrote:
You'll only get a link local address if there are no advertisements on your network.


For IPv6 you always have a link-locak address starting fe80

Quote:

If you have a DHCPV6 service, which I don't think many ISPs use yet, you get an ISP assigned IPV6 address, but it shouldn't be a /128, it should include your ISP's prefix.


All IA_NA and IA_TA addresses from DHCPv6 are /128 because they are not related to a prefix.
You need a working prefix from a RA as well as a default router to get anywhere.

IA_PD on the other hand does have a prefix, but that requires a little setup in dhcpcd as it's not automatic.
And that still needs a default route from the RA to be useful.

Quote:

If there is no DHCPV6 service but have a router advertisement service, your machine will automatically come up with its own IP address based on the router advertisement. Once again you end up getting a fixed prefix (usually 40 to 80 bits) and then SLAAC takes care of the rest of the address.


You can run SLAAC and DHCPv6 addresses side by side.
Infact, DHCPv6 *reequires* RA to fully work.

Quote:

However I'm not sure how many ISPs use DHCPV6 yet. I actually have the more common SLAAC variety and technically have over 2^64 IPV6 addresses, all routable...


My ISP doesn't have any IPv6 yet :(
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3684
Location: Illinois, USA

PostPosted: Sat Jan 18, 2020 5:09 pm    Post subject: Reply with quote

UberLord wrote:
My ISP doesn't have any IPv6 yet :(


Nor mine. So every computer is built with USE="-ipv6" in make.conf Don't know about the IOT things. The HP printers are probably ipv6. I have the wireless shut off because it keeps trying to phone home and they are connected USB only. My old Officejet had an ethernet port, which I vastly prefer. I'd get a different brand but Linux support seems spotty.

Blinding flash of light! Maybe I could use an old (antique) Windows computer as a print server. Just set it to share it's printer and connect the ethernet port to the network. Set iptables on the Linux printer to only allow printer traffic and whatever ports remote windows desktop uses.

Sorry for the off-topic.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum