IPv6 Questions

Started by Bill, Apr 14, 2011, 13:22:21

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Bill

The Billion 7800N arrived (eventually- Royal Snail really lived down to their nickname >:( ), set up OK as supplied, loaded the IPv6 beta firmware, ticked the Enable IPv6 box and away it went, no problems  :thumb:

Test site is happy:

Your readiness scores:
10/10   for your IPv4 stability and readiness, when publishers offer both IPv4 and IPv6
10/10   for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

I might have some problems with speed tests and latency, but they can wait. Main question is:

If I go on to any site that will report my IP address, it shows the IPv4 one as my normal IDNet one (212.69.xxx.xxx). But the reported IPv6 address is the one that belongs to this computer, not the one that belngs to the router.

As if there's no NAT going on... is this the way IPv6 is supposed to work or have I set something up wrong?
Bill
BQMs-  IPv4  IPv6

Steve

#1
From the little I've read your right, no NAT so every machine is public whether you can revert to NAT not read that far.

http://ipv6.com/articles/nat/NAT-In-Depth.htm

It looks we don't need NAT due to the amount of IP addresses made available to us via the ISP
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Simon_idnet

Hi Bill

That's the beauty of IPv6 - that there are sooo many addresses that every device has a real, routable address. Of course that also means that you must have a v6 firewall too...
S


Bill

First thing I did when I thought there might be no NAT was to check the firewall settings :P

@ Steve- useful looking link that, thanks. Lots of reading, and I might even understand some of it :eek4:
Bill
BQMs-  IPv4  IPv6

Bill

OK, next question- I mentioned an issue with latency in the OP. I've set up a BQM for the v6 connection, it hasn't been running long but it looks pretty diabolical:



If I use tbb's reverse traceroute tool the results can be good:

# Host Sent Recvd Best Avg Worst
1 2a02:68:85a3::ffff 15 15 0ms 2ms 3ms
2 2a02:68:0:1::3 15 15 0ms 0ms 0ms
3 2001:7f8:17::30d0:1 15 15 0ms 1ms 5ms
4 2a02:390:0:ff00:204:4eff:feb3:741b 15 15 0ms 0ms 1ms
5 2a02:390:0:ff00:212:7fff:feae:411b 15 15 1ms 2ms 19ms
6 2a02:390:feed:6109:2142:4636:xxxx:xxxx 15 15 18ms 20ms 29ms


or they can be bad:

# Host Sent Recvd Best Avg Worst
1 2a02:68:85a3::ffff 15 15 0ms 2ms 8ms
2 2a02:68:0:1::3 15 15 0ms 4ms 59ms
3 2001:7f8:17::30d0:1 15 15 0ms 0ms 1ms
4 2a02:390:0:ff00:204:4eff:feb3:741b 15 15 0ms 1ms 4ms
5 2a02:390:0:ff00:212:7fff:feae:411b 15 15 1ms 25ms 343ms
6 2a02:390:feed:6109:2142:4636:xxxx:xxxx 15 15 18ms 47ms 432ms


The timings seem compatible with the BQM trace, an occasional (but regular) very long delay... Any suggestions?
Bill
BQMs-  IPv4  IPv6

Technical Ben

Quote from: Simon_idnet on Apr 14, 2011, 13:32:57
Hi Bill

That's the beauty of IPv6 - that there are sooo many addresses that every device has a real, routable address. Of course that also means that you must have a v6 firewall too...
S



It's might be helpful, but I could see some risk in this. Especially if some virus/bot/hacker thinks it's great to target you. Now they can do exactly that?
I use to have a signature, then it all changed to chip and pin.

Steve

But I guess you could change your IP address very quickly
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Bill

Quote from: Technical Ben on Apr 14, 2011, 15:58:40
It's might be helpful, but I could see some risk in this. Especially if some virus/bot/hacker thinks it's great to target you. Now they can do exactly that?

I don't know the details, but I think IPv6 contains a lot more inherent security than IPv4.
Bill
BQMs-  IPv4  IPv6

Steve

Now that your an expert Bill , does the SL firewall work or does it have to be manually configured for IPv6 and also is the local NIC configuration on SL(Mac) automatic for IPv6 address?
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Bill

To be honest I've got no idea... but it doesn't have a separate configuration area for v6.

I just made sure it was enabled, and set to allow only a (short!) list of apps to accept incoming connections. IOW, basically the default.
Bill
BQMs-  IPv4  IPv6

dmgeurts

Quote from: Bill on Apr 14, 2011, 16:19:50
I don't know the details, but I think IPv6 contains a lot more inherent security than IPv4.

IPv6 does not contain more security than IPv4. Though you can choose if you assign a machine (read subnet due to IPv6's dynamic addressing) to a subnet that has a non public network.

Security will come from your firewall rule base. NAT was never designed as or intended to be a security feature.
- pfSense - Cisco - Ubuntu - MAC -

Bill

Quote from: dmgeurts on Apr 14, 2011, 16:45:03
IPv6 does not contain more security than IPv4.

Is this not relevant?

http://ipv6.com/articles/security/IPsec.htm

QuoteIPsec is a mandatory component for IPv6

Genuine question, I don't know.
Bill
BQMs-  IPv4  IPv6

Adam

Quote from: Steve on Apr 14, 2011, 16:24:33
Now that your an expert Bill , does the SL firewall work or does it have to be manually configured for IPv6 and also is the local NIC configuration on SL(Mac) automatic for IPv6 address?

OS X has been IPv6 compatible for a long time, and the firewall is based on FreeBSD's ipfw which also fully supports IPv6 filtering. The application firewall in System Preferences is fully configured for IPv6 filtering out of the box.
Adam

Steve

So as far as moving over from IPv4 to IPv6 on Mac OS X it's a fairly seamless transition?
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Adam

Quote from: Steve on Apr 14, 2011, 21:11:53
So as far as moving over from IPv4 to IPv6 on Mac OS X it's a fairly seamless transition?

Pretty much, auto-configuration is one of the stated benefits of IPv6 and OS X has everything covered. Any configuration is usually done at the router and some (most?) IPv6 routers include an IPv6 firewall for added protection.
Adam

Bill

Quote from: Steve on Apr 14, 2011, 21:11:53
So as far as moving over from IPv4 to IPv6 on Mac OS X it's a fairly seamless transition?

Yup, dead easy.

In Network Prefs, just go into "Advanced" on your connection type (Ethernet, Airport), in the Configure IPv6 drop-down select "Automatically", click OK and Apply.

That's it!

The 7800N is just as easy- under WAN, check the IPv6 Enable box and click "Apply".
Bill
BQMs-  IPv4  IPv6

Steve

Does the Billion 7800N have a IPv6 firewall? Is the beta software available in the UK or does one use the one available on the Aussie site?
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Adam

Quote from: Steve on Apr 14, 2011, 21:21:43
Does the Billion 7800N have a IPv6 firewall? Is the beta software available in the UK or does one use the one available on the Aussie site?

No idea if the Billion SPI firewall also supports IPv6, one would think it should. The IPv6 firmware is now available from the Billion UK site now though.
Adam

Bill

#18
The various pages under "Firewall" all seem to have independent v6 and v4 settings, so far I've left them at default.

@ Adam- are you sure about the IPv6 firmware being on the site? I got mine today via email, as per Simon's post here:

http://www.idnetters.co.uk/forums/index.php/topic,25325.msg603394.html#msg603394
Bill
BQMs-  IPv4  IPv6

Steve

The version showing is 1.06c on the UK and Australian sites.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Bill

Quote from: Steve on Apr 14, 2011, 21:34:09
The version showing is 1.06c on the UK and Australian sites.

That doesn't support IPv6... even if it says it does in the release notes. In the tbb thread I linked to earlier (http://forums.thinkbroadband.com/dslrouter/t/3983589-is-the-billion-bipac-7800n-ipv6-ready.html) there's a post from baby_frogmella:

QuoteOh deary me  just called up billion support and asked why there isnt a setting for ipv6 in 1.06c. Was told this firmware does NOT support ipv6 and the mention of it in the release notes was an error. Was assured next fw release will definitely enable ipv6. Sorry for getting everyone excited

You have to get the beta.
Bill
BQMs-  IPv4  IPv6

Steve

Thanks Bill, although reading that thread is a tad confusing but a post by nicotine http://forums.thinkbroadband.com/dslrouter/t/3990875-is-the-billion-bipac-7800n-ipv6-ready.html suggest a firmware of 1.06c.dc1 is the beta firmware and that is also available for download. :dunno:
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Bill

Quote from: Steve on Apr 14, 2011, 21:49:20suggest a firmware of 1.06c.dc1 is the beta firmware and that is also available for download. :dunno:

The version is right, that's what I've got, but he doesn't say you can download it:

Quotebeta firmware 1.06c.dc1 for testing only is availalble by request via sales@billion.uk.com
Bill
BQMs-  IPv4  IPv6

Adam

That's a shame, I had thought it was available on the website. If anyone has a copy you can attach it to a post (should be able to anyway), or if you drop me a PM I will give you my email and host a copy for download.
Adam

Steve

Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.