tag:blogger.com,1999:blog-3993498847203183398.post9149717349207749328..comments2024-03-29T11:00:39.953+00:00Comments on RevK<sup>®</sup>'s ramblings: IPv6 and ZenRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-3993498847203183398.post-8442153533811894062017-02-18T16:55:15.142+00:002017-02-18T16:55:15.142+00:00It redirects to https://loopsofzen.uk/ but seems t...It redirects to https://loopsofzen.uk/ but seems to be working fine for me.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-78515656182738244952017-02-18T16:53:19.802+00:002017-02-18T16:53:19.802+00:00Is it me, or is loopsofzen broken?Is it me, or is loopsofzen broken?Johnhttps://www.blogger.com/profile/17555396036856701009noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-11803242695762110812016-11-21T17:05:42.600+00:002016-11-21T17:05:42.600+00:00When Zen announced their IPv6 trial, I moved over ...When Zen announced their IPv6 trial, I moved over to them from AAISP to save some money.<br /><br />They claimed their IPv6 implementation met TR-187, but we disagreed on that. The upshot was that I'm back on AAISP, who I'm confident know what they're doing.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-8946795486861426062016-11-21T12:47:47.767+00:002016-11-21T12:47:47.767+00:00Even on the ethernet side, the standards for IPv6 ...Even on the ethernet side, the standards for IPv6 autoconfig are, frankly, a complete mess... Especially if you want any kind of control over the address the client machines have.<br /><br />We need to be able to identify which user traffic has come from. For IPv4 this is fairly easy, you can use a captive portal, or 802.1x to link an IP address with a user name. For IPv6 this is a complete and utter mess:<br /><br />Everyone has to use router announcements to set up the link local addresses at least. You can use RA to also configure the global scope address through SLAAC. You can also configure stuff like DNS through RA, but nothing supports that so in reality you can't. Also, devices will usually do IPv6 privacy extensions - the router has no control over whether they do or not, and if they do then they are going to change their address regularly, so good luck trying to link an IP with a user name for any period of time.<br /><br />So since nothing supports configuring DNS through RA you need DHCP anyway. You can run this in stateless mode, where the clients do SLAAC as normal and then DHCP to get things like the DNS address. But again, IPv6 privacy extensions mean clients keep changing address so you can't identify the users from captive portal logins (at least, not unless you want to regularly pop up the portal and piss off the user!).<br /><br />DHCP can also be run in stateful mode, which is more like traditional IPv4 - the DHCP server is responsible for giving the device a global scope address. This seems to solve most of the problems until you realise that nothing supports it (at least, as far as I can tell Android doesn't support stateful DHCPv6 at all, and last time I checked Fedora didn't support it without a lot of faff).<br /><br />So all in all a complete and utter mess...<br /><br />Here's how I think it would have been sensible to do this stuff:<br />- Use router discovery to allocate all the addresses. The router could tell the client whether to do SLAAC with privacy extensions, SLAAC without privacy extensions or explicitly give the client an address much like stateful DHCP does.<br />- Discover all the other services, including the DNS servers through mDNS. This is already done to find things like printers, no reason why you can't also do it to find DNS servers, NTP servers, and all the other stuff you'd usually do through DHCP.<br />- Throw DHCPv6 in the bin.<br /><br />For what it's worth, I do kind of support the idea of unifying the address allocation mechanism (i.e. using router discovery for PPP as well as ethernet); but the current system is a complete mess on all sides.Steve Hillhttps://www.blogger.com/profile/09798286430189689578noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-84311390282581403012016-11-20T12:28:09.288+00:002016-11-20T12:28:09.288+00:00I don't doubt it is, just so many to choose fr...I don't doubt it is, just so many to choose from :-(RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-14150389356309057992016-11-20T11:20:17.838+00:002016-11-20T11:20:17.838+00:00When I first signed up for Zen's IPv6 trial, t...When I first signed up for Zen's IPv6 trial, they explained how this was all very standards compliant (seemed messy to me..). Probably still have the email detailing the standards if its of interest...Anonymoushttps://www.blogger.com/profile/14634685104014626934noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-65332917766219848612016-11-20T09:00:44.800+00:002016-11-20T09:00:44.800+00:00CoolCoolRevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-45822800416910382792016-11-20T07:50:03.242+00:002016-11-20T07:50:03.242+00:00BT is fine now too.BT is fine now too.Anonymoushttps://www.blogger.com/profile/12948708949239902920noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-12119325168725067172016-11-19T19:35:49.533+00:002016-11-19T19:35:49.533+00:00Good to see I'm still first on the loops of ze...Good to see I'm still first on the loops of zen leader board. Lol. David Abbishawhttps://www.blogger.com/profile/17656602956866538037noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-48788975534171775712016-11-19T19:30:28.995+00:002016-11-19T19:30:28.995+00:00Cheers Rev, nice work (as usual)Cheers Rev, nice work (as usual)SimonFhttps://www.blogger.com/profile/03711861360301638111noreply@blogger.com