Re: [PLUG] Using IPv6 with dynamic endpoints

[Rich Freeman <r-plug@thefreemanclan.net>]

On Tue, Mar 4, 2014 at 9:26 PM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
> Ultimately my goal is to have an IPv6 gateway on one box (which
> doesn't run linux or any software that I can control), and DNS on
> another box, and have it just work.  Actually, I guess another
> question is how firewall rules work if all your client IPs change
> every time the ISP's assigned dynamic IP changes.

In case anybody is wondering, here is what I've found in my research so far.

This slide deck illustrates many of the options out there, with
pros/cons for each:
http://www.ipv6conference.ch/wp-content/uploads/2013/06/04-Gert-D%C3%B6ring-13_council_DynPfx_en.pdf

This Debian-oriented thread covers many of the relevant issues:
https://lists.debian.org/debian-ipv6/2005/06/msg00074.html

Bottom line is that it sounds like you're basically screwed if your
ISP assigns dynamic IPs and you actually want to have any kind of
central management of DNS/etc on your network.  IPv6 apparently
doesn't provide any really good options for NAT, as they basically
figured that nobody would want to use it.  You need application-level
autodiscovery/etc to get around the fact that any device on the
network can change IP at any time, and there is no way to provide DNS
support for this.

I did find Dibbler, which is a DHCPv6 server which can do DNS updates.
 However, it doesn't seem to support dynamic prefixes - you have to
hard-code the pool addresses into the config files, and it has no way
to handle a situation when a prefix has to change (and thus any device
using it has to reconfigure).

Now, FIOS tends to not change dynamic IPv4 very often, so you might be
able to just treat the address as if it were static and hard-code it
in the DNS config.  Then you just need to manually edit your config
when it changes, which is a pain, but maybe not the end of the world
if it only happens a few times per year or whatever.  To the extent
that you can run dynamic DNS update clients on devices they could
update themselves when that happens, but nobody makes a dynamic DNS
update client for my printer, tablet, etc.

It sounds like IPv6 works fine for browsing the web, or if you have a
static IP.  However, the way dynamic IPs are handled really breaks
down when you want to do anything else.

Also, it seems a bit insane that you can't have subnets smaller than a
/64 without breaking stuff.  We come up with an addressing scheme that
gives everybody an internet full of internets worth of address space,
and then make it impossible to subnet that because we've come up with
a stateless autoconfig design that requires an internet full of
internets worth of address space to work for a single subnet...

Ok, time to think about something else for a while.  I guess sooner or
later people will actually start using IPv6 with dynamic prefixes and
come up with software solutions to all of this.  It seems like several
people with a lot more IPv6 experience have investigated this and
found no solutions for the moment.  Maybe I'll get lucky and FIOS will
provide static IPv6 prefixes.  :)

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug