IPv6 explained - SLAAC and DHCPv6 (IPv6 from scratch part 2)

Поделиться
HTML-код
  • Опубликовано: 21 ноя 2024
  • НаукаНаука

Комментарии • 96

  • @James_Knott
    @James_Knott 2 года назад +27

    A couple of points about Wireshark: While you used a display filter, there are also capture filters. The display filters what you have received, so that you see only what you're looking for, but other stuff has also been captured. A capture filter controls what's captured. Of course, you can use both for maximum flexibility. Also, I have Wireshark configured with panels 2 & 3 on the same level, with 3 occupying only the minimum space required, leaving the rest of the space for panel 2. I have panel 1 at the top, taking full width. I find this provides the most info, with the best use of display space.
    Any ISP that changes the prefix daily is incompetent. There is an RFC, I don't recall the number at the moment, that says the prefix should be consistent. I've had the same prefix for a few years, surviving replacing both the cable modem and the computer I run my firewall/router (pfSense) on. With SLAAC privacy addresses the suffix changes daily, which should take care of security concerns. For servers, you'd use the SLAAC persistent address, often based on the MAC, which the DNS can point to. One important point to remember with IPv6 is the address space is so sparse, it's hard to find a target, even if they know the prefix. A single /64 prefix, which is what's on a LAN, contains 18.4 billion, billion addresses. It would take a *LOT* of scanning for an attacker to find a target.
    Also, Android devices won't work with DHCPv6.
    As for multicast, as you mentioned, recipients must belong to the multicast group. However, some are automatic. For example, all devices belong to the all nodes group and all routers belong to the routers group, etc.. There is also a special multicast type, used for neighbour solicitation. It's called solicited node multicast, where the 24 right most bits of the target address are used for the right most address bits of the multicast group. This means there's only a 1 in 16 million (2^24) chance of an unwanted device responding to the multicast.

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +10

      Hi James, many thanks for your thorough feedback. I'll pin the comment as it contains a lot of useful information!

  • @itxptube
    @itxptube Год назад +11

    I hope I speak for everyone when I say - YAY a third video in the series. This has been my first introduction to your content and I find it a very nice overview of IPv6 thank you!

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      Hi Paul - that's great, thanks so much for the nice feedback!

  • @AwesomeOpenSource
    @AwesomeOpenSource 2 года назад +13

    Absolutely terrific explanations. I love how you made analogies to Radio and emergency numbers for multi-cast and any-cast. Terrific!

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Hey Brian, many thanks ;-) Your comment proves that you have watched it until the end ;-)

  • @nulldev42
    @nulldev42 2 года назад +16

    Thank you for taking the time to put this together. I have to admit, for several years part of me has been wishing that IPv6 will just "go away" and be replaced with something that's a bit easier to understand. However, since this isn't going to realistically happen, I'm diving head first into your guides. I'm patiently waiting for your "Best way to do all of this in OpenWRT" video before enabling anything as I don't wish to inadvertently create a security hole or bridge an isolated subnet/VLAN. Thanks again!

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +3

      Hey, many thanks for the feedback - yes, I think we all felt (or feel) the same about IPv6. It's somehow similar to IPv4, yet strangely different. And as you say - we've got to take what we get ;-)

    • @James_Knott
      @James_Knott 2 года назад +1

      NUTS!!! You beat me to having the first reply. When I started my post, there were no other replies. However, I added to it, as the video progressed.

    • @guiller2371
      @guiller2371 Год назад +1

      When you find something difficult; things don't get replaced in IT. They just create an interface where the end user loses the chance to deal directly with the technology. At the end; things become even more complex and less friendly to those who actually want to learn.
      It's better to put some effort. In the long run; it is actually easier to control.

  • @acvKaZe
    @acvKaZe Год назад +1

    I have never been interested in IPv6 very much before watching your videos, but actually it's very interesting. thank you very much :D

  • @johnwang3303
    @johnwang3303 Месяц назад

    Very helpful for me to understand how is the IPV6 addresses be arranged.

  • @littlenewton6
    @littlenewton6 2 года назад +2

    我太爱这个视频了,能聆听网络专家的讲解是我的荣幸!

  • @SEARCHHiTech
    @SEARCHHiTech 5 месяцев назад

    Marc you are an absolute genius! A wonderful instructor and a brilliant technologist, THANKS!

  • @rklauco
    @rklauco 2 года назад +13

    This is amazing series. Can't wait for next episode.

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Hi Robert, thank you very much ;-)

  • @RajaseelanGaneswaran
    @RajaseelanGaneswaran 2 года назад +2

    I really love this series and how you made it relate to real-life applications.
    I'm definitely going to expermiment w/ ipv6 in my homelab now.

  • @karlranseyer
    @karlranseyer Год назад +1

    Hi! Thanks for this video. Your presentation was very understandable. You mentioned Dual-Stack. Since you have also made Proxmox videos... How about a video zu incorporate IPv6 into an existing infrastructure... All videos I've seen so far don't address this (or they have all VMs on their router backbone). My Proxmox has 6 internal networks on separate virtual NICs and each network has it's own subnet. What does one have to do and configure, so that all the VMs and containers get an proper IPv6 address and that the routing works (also from and to the outside world). Thanks again!

  • @ロジャー-n3s
    @ロジャー-n3s Год назад +2

    How about the IPv4 / IPv6 dual stack video? 😛

  • @unknown_channel_name
    @unknown_channel_name 2 года назад +3

    Great video Marc ! This was really informative. I love the idea of making a long series about this as it will be useful in the near future as we move slowly from IPv4 and given the fact that IPv6 has been around for so long yet we know very little about it makes it even more interesting.

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Hi Vibhu, thank you very much. we'll see how many viewers the series attracts. There's still a large amount of people who have a deny-by-default attitude towards IPv6 ;-)

  • @jairunet
    @jairunet 2 года назад +1

    I will definitely need to watch it again, I need to really simulate the examples you showed here with a local IPV6 network and then see what I can simulate with the dynamic IPv6 address my provider assigns to my router. Nevertheless, thank you so much again for sharing the great knowledge!

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +1

      Hi jairu, many thanks for the feedback. I think the effect on most viewers is - like you say - I am going to try things out ;-) That's great ;-)

  • @der_imperator6907
    @der_imperator6907 Год назад +1

    Thanks for the Videos about IPv6.
    I have had the same problem with v6, to find similar points like v4.
    This two IPv6 Videos open my eyes.
    I also enjoy your OpenWRT Videos, learned a lot by watching them.
    Gruß aus Köln.

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      Hi, I am really happy that you liked the videos - and even more happy if they could help you. Thanks for your friendly feedback!

  • @micky1067
    @micky1067 2 года назад +1

    Großartiges Video. Wie immer. Ist wirklich Klasse wenn du weiter IP6 ausbaust in einer Serie.

  • @Username-hb1qi
    @Username-hb1qi 2 месяца назад

    thank you for these great explanations of IPv6 topics and showing examples in wireshark

  • @HafsaSIF-EDDINE
    @HafsaSIF-EDDINE 10 месяцев назад

    thank you so much for you videos such a precious content and your simplified explanation .Much respect and support from morocco

  • @RbNetEngr
    @RbNetEngr 2 года назад +2

    Thank you for continuing this series of videos on IPv6. I like your approach of teaching it as a knowledge building experience rather than just presenting everything about IPv6 in a bulk data dump, with no reference for using the various components.
    One thing I noticed that you did not touch on is EUI-64 addressing. Is this now considered less secure, and so its use is discouraged?
    One other comment. I’ve noticed that on my home network (dual stack) using SLAAC for IPv6 addressing, it is much more difficult to identify the devices on the network. In the IPv4 DHCP world, or with IPv4 static IP addressing, it is much easier to identify the devices based on IPv4 address. For IPv6 and SLAAC, and dual stack, I find myself looking at the MAC address of the device, and then looking up its IPv4 address in the ARP table to figure out which device it is. Is there a better way of doing this and remaining in the IPv6 realm?

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +1

      Hi, w/r to EUI-64 and whether it is secure or not - the clear answer is "it depends" ;-) The real question is - do you prefer having (1) a repeatably identifiable address or do you prefer (2) dynamic ("obfuscated") IPv6 address generation? If (1) then you can use EUI64 or DHCPv6. If (2) then use SLAAC with privacy extensions. It's really more about privacy than security. However, tracking these days is not done with the IP address. There are many mechanisms on the application layer (Browser fingerprinting etc.). W/r to identifying the workstation - real question here is why you would want to identify it or rather what for. Is a station doing something that it should not do ? In this case I think its OK to just dig a bit into MAC etc. or is it a Server / Container that you need to identify? If you need to have a fixed address in order to identify and access the station, then again you might use the mechanisms described above or even use an additional ULA that you could hand out with DHCPv6. If you want to track back on demand then probably a little script could help (ip neigh....)

  • @alternativedirt
    @alternativedirt 2 года назад +2

    Excellent video! Love the idea of demystifying IPv6.

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Hi Josh, yeah - "demystifying IPv6" - that would have been a great title for the series ;-)

  • @focofon
    @focofon 9 месяцев назад

    Your videos are getting better over the time. Congrats! But i'm unable to see wheres the next part😅

  • @Kofivey
    @Kofivey Год назад +1

    Great video Mark. When can we expect the next video on dual stack? Also could you put the series of videos in a playlist?

  • @Indigo897
    @Indigo897 2 года назад +3

    Waiting the video about how setup properly IPv6 on OpenWRT 🙂

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +3

      Hi, many thanks for the comment - it's going to come soon ;-)

    • @joeblow2456
      @joeblow2456 2 года назад

      It would be really good if the openwrt setup included cascading routers. Eg Edge Router for a DMZ and internal routers for home/iot etc.

  • @nicksmith4507
    @nicksmith4507 Год назад +1

    So much detailed information presented succinctly and logically. Excellent, thanks!

  • @ErnestGWilsonII
    @ErnestGWilsonII Год назад

    Thank you for making this video and sharing it with all of us! I am, of course, subscribed with notifications turned on, and thumbs up!

  • @LampJustin
    @LampJustin 2 года назад +1

    And don't be sorry about another couple of videos on v6! v6 is totally underrated and needs all the attention it can get!

  • @LampJustin
    @LampJustin 2 года назад +1

    Thank you very much for your effort! It was a great explanation! Really funny how I'm just now trying to implement v6 in our OpenStack Cloud XD

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Awesome - let me know how it goes ;-)

  • @karolisr
    @karolisr 2 года назад +1

    Thank you so much. I am beginning to understand now!

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Hey Karolis, that's awesome ;-) Thanks for feeding back.

  • @rwantare1
    @rwantare1 2 года назад +2

    Thank you. It was worth the wait.

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Thank you very much. Glad you liked the video ;-)

  • @龙兴天下
    @龙兴天下 Год назад

    May I ask what software you use to make your videos, they are really great!

  • @JavedAkhtarKhanUtmanZai
    @JavedAkhtarKhanUtmanZai Год назад +3

    My ISP is now providing IPv6 on my main modem/router. My Openwrt router is connected to main router but i dont know how to configure IPv6 in downstream. Waiting for IPv6 configuration on OpenWRT

    • @OneMarcFifty
      @OneMarcFifty  Год назад +2

      Hi, it will come very soon ;-)

    • @JavedAkhtarKhanUtmanZai
      @JavedAkhtarKhanUtmanZai Год назад +1

      @@OneMarcFifty thanks for response. Just want to mention, how ISP should allocate IPV6? I see a /64 subnet allocated to ONT. i managed to assign /128 IPV6 to devices by using repay mode in wan and lan interfaces but note sure if its sufficient

    • @sahaos847
      @sahaos847 Год назад +1

      @@OneMarcFifty thanks so much! Same issue, can't wait. :)

  • @guiller2371
    @guiller2371 Год назад +1

    I am watching from my phone which screen is very tiny, not letting me see the details from Wireshark. Hopefully, I will have the chance to watch this video from my desktop. And yes, coming from IP V4, this is like magic, especially dynamic address server configuration, a real headache.

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      Hi, many thanks for the feedback - and also many thanks for the hint with the phone screen. I'll add more zooms in the future if there is a lot of info on the screen.

  • @briancoverstone4042
    @briancoverstone4042 Год назад +8

    Keep in mind that Android has a major flaw in that it does not work with dhcpv6!! There's a ticket that's been open for nearly 14 years.

    • @OneMarcFifty
      @OneMarcFifty  Год назад +6

      Hi Brian, many thanks for sharing this. Ah - 14 years only ? Should be solved by 2037 then ;-)

    • @herpederpe4320
      @herpederpe4320 7 месяцев назад

      It works just fine with SLAAC for a phone

  • @elvioguerrero5914
    @elvioguerrero5914 Год назад +1

    All your videos are great man!

  • @joka7370
    @joka7370 Год назад +1

    Great video and good explanation as usual Mark,i would like to see a video about configuring an Open Portal on Opnwrt as well.Thanks and keep up the good work,like and subscribed👍🏻

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      Hi George, you mean a captive portal, right? I.e. ask the user to consent to rules or potentially pay before they can use the network ? I have actually been thinking about using this to do VPN on demand ;-)

    • @joka7370
      @joka7370 Год назад +1

      @@OneMarcFifty yes Mark,just a simple one where user agree to terms and conditions and get access to internet(of course there are more options like paid vouchers,radius authentication etc etc)
      Thanks again for reply👍🏻

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      OK, I see - you may want to have a look at OpenNDS openwrt.org/docs/guide-user/services/captive-portal/opennds - the video will take a while ;-(

  • @SuperHddf
    @SuperHddf Год назад +1

    Thank you! ♥

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      Hi, you're welcome. Thanks for watching.

  • @AntonioHenrike
    @AntonioHenrike Год назад +1

    I'm waiting on the next episode 😎

    • @OneMarcFifty
      @OneMarcFifty  Год назад +1

      It's out already. You should find it on my channel page ;-)

  • @senkottuvelan
    @senkottuvelan 2 года назад +2

    Thank you for part 2 😀❤️

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +1

      Hi, you're welcome - thanks for watching

    • @senkottuvelan
      @senkottuvelan 2 года назад +2

      @@OneMarcFifty Thank you for replying Marc. ❤️

  • @Meneer456
    @Meneer456 Год назад +1

    Great videos Marc

  • @rexxxx1984
    @rexxxx1984 4 дня назад

    Anycast with target Berlin.... Good Luck ;)

  • @chrisbourne3543
    @chrisbourne3543 Год назад

    Do you know anything about net neutrality

  • @bogaczew
    @bogaczew Год назад +1

    can anyone provide good material how to set ipv6 lan with raspberry pi as a router?

    • @OneMarcFifty
      @OneMarcFifty  Год назад

      Hi Pawel, if you want to install OpenWrt on it, maybe have a look at this video : ruclips.net/video/jlG_nrCOmJc/видео.html

  • @joeblow2456
    @joeblow2456 2 года назад +1

    Interestingly when I try to ping ff02::1 or ff02::2, it never works on any of my linux boxes or Macs but will only work on my openwrt routers

    • @OneMarcFifty
      @OneMarcFifty  2 года назад

      Hi Joe, I have seen different results on different machines. I would need to dig deeper in order to figure out if it is the switch filtering or not. Are they all on the same switch ?

    • @joeblow2456
      @joeblow2456 2 года назад

      @@OneMarcFifty Two cascaded routers. Two different unmanaged switches. I spun up a new openwrt router and connected my linux mint computer directly to the LAN port of the new router and I get the same result. Also my iPhone won't work ping ff02::1 either

  • @rhopsi-q6b
    @rhopsi-q6b Месяц назад

    Love it.

  • @ukaszs5021
    @ukaszs5021 2 года назад +1

    Awesome

  • @autarchprinceps
    @autarchprinceps 4 месяца назад

    Are those multicast pings supposed to work in an everyday dualstack network? Because I have tried at home, work and in the cloud, and while I regularly use IPv6 (even installed a plugin that tells you what site uses IPv6, as I wanted to see how common it was), and definitve can ping with IPv6 against normal endpoints, local and global, nothing with ff02 ever works anywhere, and those are all provided by entirely different network designs and companies as well as different OSs and clients.
    Not saying it's not great for you to explain it truly the simple way. Certainly seems like an interesting concept in comparison to trying to rely on Layer 2 things like ARP requests, that shouldn't even exist.

  • @olafschluter706
    @olafschluter706 11 месяцев назад

    ping6 ff02::1 (or ff02::2 for that matter) doesn't work on my home network, although that has ipv6 full enabled on all machines (and I am connected by dual-stack to the internet). I tried it on a raspberry and a macOS machine.
    Edit: never mind. Found that one needs to specify the interface to use (which kind of makes sense) for this to work: ping6 ff02::1%en0.

  • @catfishrob1
    @catfishrob1 9 месяцев назад

    Sounds like you have a really high interest loan. You should be trying to reconsolidate into something better. Get the smallest possible payment, and then do double payments every month and it will go down much faster since every payment above the minimum reduces the principal.

  • @vaughnbay
    @vaughnbay 8 месяцев назад

    Good vid!

  • @Felix-ve9hs
    @Felix-ve9hs 2 года назад +1

    One thing to note is that Android *does not* and *will not* support DHCPv6 because Google doesn't want to support it ...

    • @OneMarcFifty
      @OneMarcFifty  2 года назад +1

      Hi Felix, many thanks for pointing this out.

  • @AwesomeSheep48
    @AwesomeSheep48 10 месяцев назад

    Too bad my router blocks those fun ff02 addresses

  • @anonyfamous42
    @anonyfamous42 Год назад

    How do you use dhcpv6 with Android ? 😂