From owner-freebsd-net@freebsd.org  Wed Jul  1 23:24:39 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2D8099223B
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  1 Jul 2015 23:24:38 +0000 (UTC)
 (envelope-from kob6558@gmail.com)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com
 [IPv6:2607:f8b0:4003:c06::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A6EC81C36
 for <freebsd-net@freebsd.org>; Wed,  1 Jul 2015 23:24:38 +0000 (UTC)
 (envelope-from kob6558@gmail.com)
Received: by oiax193 with SMTP id x193so43679483oia.2
 for <freebsd-net@freebsd.org>; Wed, 01 Jul 2015 16:24:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:cc:content-type;
 bh=YAkHz1kfrSqvuHRJjES8kJG1qkiAgVJf7Zs7Sp+Y9ks=;
 b=wlr2tAz+HrFO1oFwFhe46Kpkrju743TDz+KEWvpP0TGvgRUJDziAjP57XOrhGQZhwF
 C3pCMYdMYxGf3JcqmVOl2DMWXDSqF4Idb7Hyn0kSBSgGz78TO686JIUHmkxbsEpZ3JLw
 05oHKnW8diNRhjavqniHlZjfs39uYBh8bj/J5oVuZZTnfx0DoM5bQQfT9c18C20jkC5I
 madCR/P6CUTCm+rD2SShYxI96unb322IDLuabof2/ruyAN5VpVJpjnVixiwXEgjIKo3B
 UuVc43jWx1HX1XWfYMnfa6sKuxDzzzBGlZ7YAcJhQLZmZ3eroaoPaaXXKlHW/aabdWqz
 IMXw==
MIME-Version: 1.0
X-Received: by 10.202.188.139 with SMTP id m133mr26235240oif.73.1435793077880; 
 Wed, 01 Jul 2015 16:24:37 -0700 (PDT)
Sender: kob6558@gmail.com
Received: by 10.202.221.69 with HTTP; Wed, 1 Jul 2015 16:24:37 -0700 (PDT)
In-Reply-To: <20150701151709.GB40789@neutralgood.org>
References: <20150701002949.GA79350@neutralgood.org>
 <CAN6yY1uRY_6Q6TjcywwObb0aah3N7t7GFSnT8NtZ0YfLr3udnA@mail.gmail.com>
 <20150701151709.GB40789@neutralgood.org>
Date: Wed, 1 Jul 2015 16:24:37 -0700
X-Google-Sender-Auth: 8HR-b3IdJlTypd6dvLGOx7thPl0
Message-ID: <CAN6yY1uVpo0krCiS5dGfnU7WgtQ9sFiiDE9y_Tg1JK0d3=K+=A@mail.gmail.com>
Subject: Re: rc settings for ipv6 in 9.3?
From: Kevin Oberman <rkoberman@gmail.com>
To: kpneal@pobox.com
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 23:24:39 -0000

On Wed, Jul 1, 2015 at 8:17 AM, <kpneal@pobox.com> wrote:

> On Tue, Jun 30, 2015 at 09:40:46PM -0700, Kevin Oberman wrote:
> >    On Tue, Jun 30, 2015 at 5:29 PM, <[1]kpneal@pobox.com> wrote:
> >
> >      I just got a /56 block of ipv6 addresses today and I'm trying to
> >      figure
> >      out how to use it.
> >      Before I go rebooting my server I wanted to ask if the information
> >      in the
> >      handbook "[2]https://www.freebsd.org/doc/handbook/network-ipv6.htm=
l
> "
> >      is correct
> >      for 9.3-p14.
> >      I have a static address for my server and I've been given the stat=
ic
> >      address of the router. So I should just be able to set (in my
> >      rc.conf)
> >      ifconfig_bce0_ipv6 and ipv6_defaultrouter, correct?
> >      Or do I really need these two lines from the handbook?:
> >      ifconfig_bce0_ipv6=3D"inet6 accept_rtadv"
> >      rtsold_enable=3D"YES"
> >      Also, can someone translate this statement from my provider for me=
:
> >      "Note: [provider] is routing 2607:f758:2280::/56 to
> >      2607:f758:2280::4/64"
> >      BTW, is the term "netmask" ever used in IPv6? I thought "prefixlen=
"
> >      was
> >      the term and "netmask" was for v4 only?
> >      Thanks for any help!
> >      --
> >      Kevin P. Neal=C3=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=
=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=82  =C3=82
> >      [3]http://www.pobox.com/~kpn/
> >
> >    No, If your system has a static address (and a server should have
> one),
> >    you don't need SLAAC or Router Solicitation. You just need to set th=
e
> >    address:
> >    =C3=82 ifconfig_bce0_ipv6=3D"inet6 2607:f758:2280::n/64" and
> >    ipv6_defaultrouter=3D"Router address".
>
> Excellent. Thanks!
>
> >    I am unable to translate the statement from the provider with
> >    certainty. I am guessing that the /64 2607:f758:2280::/64=C3=82  is =
used by
> >    their router with 2607:f758:2280::4 as the address on their
> >    router(s).=C3=82  The remainder of the /56 is yours but I could not =
swear
> to
> >    that.
> >    You will probably want more than one /64 for different purposes. Oth=
er
> >    than externally accessible servers, you should put systems in a
> >    different /64 and spread them at random around that space if they ar=
e
> >    statically addressed. (I don't recommend for or against statically
> >    addressing, though.)
>
> Wouldn't each /64 need a router, then? I've got most of the /56 to myself=
,
> but there's only one router address. So how can it work to use different
> /64 subnets?
>
> Sorry, this is my first time playing with IPv6. I do appreciate your help=
.
> --
> Kevin P. Neal                                http://www.pobox.com/~kpn/
>
>                     "A pig's gotta fly." - Crimson Pig
>

Each interface on an IPv6 capable router will get one or more IPv6
addresses. IPv6 mandates that any interface on a host or router may have
many addresses. You will need an IPv6 capable router to do this. So you put
a different /64 on(for several reasons, you really should stick to using
/64s until/unless you have multiple routers. Prefixes longer than /64 have
a lot of problems, though they theoretically can work. In practice, they
don't. Also, you will need to adjust any firewalls to allow NDP (Neighbor
Discovery Protocol) which replaces ARP for IPv6. This is usually the
default, but not always.In general, IPv6 will just work aslong as your
system can find the gateway/router and the gateway/router can find your
system.

Since your addresses are public, you do need a stateful firewall. With IPv4
and NAT, you get one automatically as NAT won't work without one. IPv6 does
not have such a requirement. Almost all IPv6 capable CPE routers include a
stateful firewall, but a few don't and ISPs generally don't provide this
capability unless they also provide the customer edge hardware.

If you really want to learn about IPv6, you might want to look at "IPv6 for
IPv4 Experts" available in PDF from The Internet Society at
http://www.internetsociety.org/deploy360/resources/ebook-ipv6-for-ipv4-expe=
rts-available-in-english-and-russian/.
It's really a book at around 700 pages. (It came out after I retired and
I'll have to admit that I have only skimmed it, but it looked good and it's
free!)
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683