09 September 2013

Wanted: IPv6 Addressing - Static with RA

We have previously discussed the methods we have available to us to address hosts on our network with an IPv6 address. What I want to discuss here is a method I believe is missing.

Static Addressing with RA or "Hybrid Static-SLAAC"

Presently a host can not make use of any RA's it sees on the network unless it is configuring itself with SLAAC or DHCPv6. That means we either:

  1. Let the host do SLAAC and "make up" its own address within the on-link subnet; or
  2. Run DHCPv6 infrastructure, and maintain a static lease for each host on the network.
In a business environment, SLAAC might be fine for end-users, but for infrastructure (think printers, WAP's etc) it's not the best. Having to maintain a DHCPv6 infrastructure isn't great either.

What if we could statically assign the host-part of the address (the least significant 64-bits), and the host got the network part (the higher 64-bits) from any RA's it sees?

Best of both worlds!

Of course, to make this really useful, a modification to IPv6 itself would be beneficial: the ability to talk "on-link" using only the host-part of an address.

For example, let's put 2 hosts on our imaginary example network: 2001:db8::100 and 2001:db8::200. Now what if those hosts could talk to each other as just ::100 and ::200 respectively without regard for the network part of the address?

Perhaps we could utilize a triple-colon to signify "this network", or to avoid confusion and typos, another new special network like fe80 or fc00.

So what are the benefits of this scheme?
  • Readdressing a network is as simple as updating the RA's. This would greatly simplify the readdressing of networks when changing ISP's for those of us who can't afford the cost and/or complexity of owning and routing our own IPv6 prefix.
  • We can always talk to other hosts on the local network using only the host part of their address, regardless of the network (see previous point), without having to implement and maintain ULA addresses as well as globally unique addresses.
  • Ability to retain an addressing scheme for hosts (ie, hosts :::200:x are printers, :::300:x are WAP's) within the network without having to statically address the network prefix.

08 September 2012

Commonwealth Bank DNS Weirdness

Whenever I try to login to netbank, I get this error after submitting my authentication details:
https://www2.my.commbank.com.au/netbank/Portfolio/Home/Home.aspx
...
Error 7 (net::ERR_TIMED_OUT): The operation timed out.

30 August 2012

Link: ISC Diary on Addressing Mechanisms

A good article over at the ISC Diary today regarding IPv6 addressing mechanisms:


  1. "Other" and "Managed" flag cleared, but the DHCP server is still running and the systems had a DHCP address prior to the last rebootWindows 8 and OS X will still use the DHCP server.
    Linux and Window 7 will only use the RA provided address
  2. "Managed" flag set, DHCP server running
    all operating systems tested will use RA and DHCP provided addresses
  3. "Managed" and "Other" flag set, but the DHCP server is not runningall operating systems tested will just use the RA provided addresses
  4. "Managed" and "Other" flag set (and DHCP Server running
    This test was a bit tricky. In a first round, all operating systems ignored the RA, and only used the DHCP address. In a second round, they accepted all.

Visit the ICS Diary to see the full details:
http://isc.sans.edu/diary.html?storyid=13978