Re: IPv4 v IPv6

To: debian-user@lists.debian.org
Subject: Re: IPv4 v IPv6
From: Gene Heskett <gheskett@shentel.net>
Date: Mon, 17 Jun 2019 12:25:31 -0400
Message-id: <[🔎] 201906171225.31224.gheskett@shentel.net>
In-reply-to: <[🔎] 20190617145419.glhpvbajzwanhfpx@randomstring.org>
References: <[🔎] b04173f9596abe835b5d70d62daf1cf2@gmail.com> <[🔎] 201906171038.27859.gheskett@shentel.net> <[🔎] 20190617145419.glhpvbajzwanhfpx@randomstring.org>

On Monday 17 June 2019 10:54:19 am Dan Ritter wrote:

> Gene Heskett wrote:
> > But that opens yet another container of worms. If I arbitrarily
> > assign ipv6 local addresses, and later, ipv6 shows up at my side of
> > the router, what if I have an address clash with someone on a
> > satellite circuit in Ulan Bator.  How is that resolved, by
> > unroutable address blocks such as 192.168.xx.xx is now?
>
> Sort of.
>
> IPv6 has a concept of "scope" that says: this address space is
> purely local. This address space is global. This address space
> is for a link.
>
> If you fire up 'ip -6 address' on a stock Debian machine with
> IPv6 enabled (which is the default these days), you will see
> something like this:
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
>
> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen
> 1000
>         inet6 2001:570:1c07:ff7:d63d:7eff:fe93:e318/64 scope
> global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::a2d3:c1ff:ce24:b122/64 scope link
>        valid_lft forever preferred_lft forever
>
> Your loopback interface has one address with scope host: it's only on
> this machine.  The eth0 has two addresses: one is scope global,
> and can be used for routing to your machine from the outside
> world, and one is scope link, and should only be used to talk to
> your local network. IPv6 routers should never forward those
> packets.
>
> If you don't get an address block from your ISP, you won't have
> a scope global address.
>
> > What I've read so far has not addressed this serious security
> > concern. Or even mentioned it.  If in the future all addressing is
> > by dhcpd6, how do the other machines on my local net, advertise
> > their presence to the other machines on my local net. So I can still
> > ssh -Y vna.coyote.den for instance, if I can ever make ssh work to a
> > win-10-home edition box. Thats a rarely used hookup at best.
> > Presently the hosts file duplicated on all machines fill's this
> > requirement.
>
> Most IPv6 boxes don't use dhcpd6; they use SLAAC: stateless
> automatic address configuration. But you're asking about local
> naming, and that's done the same way on IPv4 and 6: zeroconf,
> aka Rendezvous, Bonjour or Avahi.
>
> Try (installing avahi-utils if needed)_  avahi-browse-domains -a
>
> -dsr-


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- IPv4 v IPv6
  - From: mick crane <mick.crane@gmail.com>
- Re: IPv4 v IPv6
  - From: Gene Heskett <gheskett@shentel.net>
- Re: IPv4 v IPv6
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Reading pdf files
Next by Date: Re: IPv4 v IPv6
Previous by thread: Re: IPv4 v IPv6
Next by thread: Re: IPv4 v IPv6
Index(es):
- Date
- Thread