Re: Address spaces
Hi Loïc,
I don't have all your answers, but to share what I can:
My questions are not debian specific but concerns messages I've been
reading here in the last weeks.
I'm in the process of choosing the IPv6 addresses of all my hosts, and
I'm quite lost because of the overwhelming possibilities.
I have normal IPv4 hosts with a public IP and I've setup
6to4 to them, as explained in Rob Leslie's message (#18 in
<http://lists.debian.org/debian-ipv6/2003/debian-ipv6-200304/>).
I configured ALL my hosts as "6to4 gateways", and I'm wondering if
it's the correct use of the architecture described in the message. I
understand the goal of these gateways only if I have one of:
- IPv6-only hosts,
- IPv4/IPv6 hosts with private v4 (only one public IPv4 on my
network).
However, I do not have any of these.
If your normal IPv4 hosts with public IPs are connected by a network
you control, then you can run native IPv6 among them and really only
need one 6to4 gateway to reach IPv6 hosts elsewhere in the world. It
doesn't matter whether the hosts on your network have public or private
IPv4 addresses (only the 6to4 gateway is required to have a public IPv4
address). Your 6to4 gateway should also run the router advertisement
daemon, radvd, so IPv6 hosts on the local network can receive the
network prefix and know how to reach the outside world.
In my case, I had multiple such networks separated by IPv4-only
networks out of my control (i.e. my ISPs), so I needed one 6to4 gateway
for each IPv6 network "island."
Another question that keeps harassing me is about ::w.x.y.z/96
addresses, I thought they were the official 6to4 addresses, but most
documents I read refer to 2002:w.x.y.z::/16 addresses.
Once I setup a 6to4 tunnel with a 2002 address, I see both kind of
addresses:
inet6 addr: 2002:8ac3:9c9b::1/16 Scope:Global
inet6 addr: ::138.195.156.155/128 Scope:Compat
Does that mean that ::w.x.y.z addresses are deprecated? Which one do
you advertise in your DNS?
::w.x.y.z addresses are called "IPv4-compatible" addresses. (I
mistakenly made one reference to this type of address as "IPv4-mapped"
in my previous message.) I understand these are only used as addresses
of (dynamic) IPv6-in-IPv4 tunnel endpoints. You should probably only
advertise the 2002::/16 addresses in your DNS.
I have a VPN with 10.x.y.z addresses, should I use site-local
addresses
or 6to4 addresses for 10/8? I read in this list site-local addresses
would also be deprecated in a near future.
There still seems to be quite a bit of debate over site-local addresses
on the IETF mailing list. The impetus to deprecate seems to be based on
the inability of the working group to agree on the degree of
specification required. On the other hand, one argument for keeping
them stems from the absence of any usable substitute.
Regardless of what happens, there seems to be agreement to reserve the
fec0::/10 prefix, so as long as there support in the kernel and you
have a use for the addresses, I don't see any reason to stop using
site-locals on networks you control until a clear alternative is
presented.
Final question: I read in 6to4 setup instructions that one should add
a route with ::192.88.99.1 as gateway for 2000::/3. I also read that
IANA currently has been assigned 2000::/3, so it seems to be a default
route.
However, with my setup, I can't ping6 ::192.88.99.1. I think this
is because I did absolutely nothing to support anycast addresses, how
should I? Do you have any links regarding this?
I can't ping6 ::192.88.99.1 either. However, you should be able to ping
192.88.99.1 (using pure IPv4). The anycast magic happens in the routing
protocols on the Internet backbones; unless you are multi-homed with
more than one ISP, you shouldn't have to do anything for this to work.
Cheers,
--
Rob Leslie
rob@mars.org
Reply to: