On 18/06/19 10:32 PM, Reco wrote: > Hi. > > On Tue, Jun 18, 2019 at 09:56:17PM +1200, Richard Hector wrote: >> On 18/06/19 3:38 AM, Reco wrote: >>> Hi. >>> >>> On Mon, Jun 17, 2019 at 10:38:27AM -0400, Gene Heskett wrote: >>>> But that opens yet another container of worms. If I arbitrarily assign >>>> ipv6 local addresses, and later, ipv6 shows up at my side of the router, >>>> what if I have an address clash with someone on a satellite circuit in >>>> Ulan Bator. How is that resolved, by unroutable address blocks such as >>>> 192.168.xx.xx is now? >>> >>> More or less yes. It's called ULA (Unique Local Address) in IPv6 lingua. >>> If you're using anything from fd00:/8 - you're safe. >> >> As long as you choose them randomly. If you decide to use fd00::/64, or >> something else predictable, you may run into conflicts ... but only if >> you connect directly to their network. > > No sensibly configured router will allow forwarding ULAs to the > internet. A scenario you're describing is therefore impossible unless > one adds NAT66 or some kind of VPN to it. In the former case > predictability of site addresses do not matter, in the latter it's > solvable with the appropriate amount of custom routes. Custom routes? When routing between 2 networks using the same range, either with a VPN or some kind of direct connection? It's going to need some evil double NAT sorcery, especially if the same actual addresses are in use on both. >> Better safe than sorry though. > > As long as it works for you - sure. > > >> The main reason I'm using v6 is that 2 networks I'm running a VPN >> between both chose 192.168.1.0/24, and I can't change either ... > > So? If your VPN is running in L3 mode it's still possible to add some > kludges to IPv4 routing. If your VPN passes L2 - you're doing it > terribly wrong. Yes, I'm routing. Not sure what kludges you're proposing to let a machine at one end talk to a machine at the other which it thinks is on the same network. Adding v6 at both ends with properly unique ranges seemed much the saner option. Educational, as well :-) >> There are online random ULA generators - but I'm not convinced one of >> them didn't give me the same block twice, or whether it was my own error. > > Never used one. IPv6 /8 block consists of 2^56 unique /64 subnets. > Surely it's possible to choose several unique /64 subnets by using, say, > ipv6calc. Yes, but there is a recommendation to use random ones, and even a suggestion of how to do it, in RFC 4193. I'd rather do that than find a reason I hadn't thought of later which breaks things. Richard
Attachment:
signature.asc
Description: OpenPGP digital signature