Reserving a Server IPv6 Address?

Windows7ge · March 2, 2022, 5:57pm

Assigning a Static IP isn’t the difficult part I’m having trouble with. I do have a fundamental understanding of how the address scheme works:

netw:netw:netw:subn:user:user:user:user/64

If I wanted to I should even be able to represent it as:

netw:netw:netw:subn::user/64

Assuming :: meaning all zeros upto the last 64 host bits.

I will admit I’m still lost when it comes to functions such as Link Local addresses. No idea what role they play.

Where my knowledge falls apart is how do I prevent duplicate addresses on the network by reserving an IP but I guess that’s a hardware limitation on my junk router. That and if NAT isn’t being used and technically the device IP is visible on the Internet then as MadMatt has been explaining the ISP hasn’t allocated addresses for me to use unless I go out of my way to ask for them.

The DNS server I’m setting up doesn’t need to accept connections from outside the LAN. That is unless queries coming back from Public DNS do. So far my testing contradicts that so I wouldn’t expect any Port Forwarding is needed. The goal of adding IPv6 to the setup is giving IPv6 clients a fail-over DNS server they can use if/when the local server can’t resolve the hostname.

MadMatt:

With the proper hardware, and a sane config from your provider, it ‘just works’ … you enable IPV6 on the router and on the clients, they autoconfigure and you’re set
If you want to ‘fiddle’ with that / use a dumb router that doesn’t let you use the autoconfig then you are (as usual) supposed to try it out and see if it works for you.
That requires to get familiar with the technology, and it doesn’t help that ISPs that are supposed to be assigning to you whan in effect is static IPV6 addresses try and make it very hard by having them change
One of the dumbest is the one we have in Italy … it has been ‘experimenting’ with IPV6 since almost ten years now, it supports prefix delegation, but it routers IPV6 traffic on a slower interconnect, and assigns to you a new prefix every 180 seconds … go figure

Then I guess I’ll have to stick with just IPv4 for now. That’s a letdown. IPv6 has been around for so many years already I thought now would be a good time to get onboard but it seems all the features of it still haven’t hit most residential connections/hardware. What I have in mind relies on being able to setup this server by ones-self without ISP intervention or replacing/upgrading router equipment.

All of this tells me IPv6 still isn’t ready for consumer adoption even though dual stack has been widely implemented in most networks/devices.

pfeiferj · March 2, 2022, 8:49pm

Isn’t the static ipv6 easier than that? I thought the way it was supposed to work was that your router has a prefix, then your device detects that prefix and assigns itself an ipv6 based off of it’s own mac address, thereby as long as your prefix doesn’t change you have a static ipv6. Further, if your router does get a new prefix, the only part of the ipv6 that changes is the prefix.

I think the reason people find nat to be essential to their security is because they don’t really understand the idea of how every device having a public ip works due to never really having been in that situation before. That and consumer router firewalls aren’t really configurable enough to handle ipv6. So they have gotten themselves into the mindset that instead of proper firewall rules you burn all your traffic with fire and then put a couple bridges across with port forwarding. Whereas with ipv6 you just let your firewall do it’s job. Block all non-negotiated inbound connections, then if you want public access to a service on an internal system allow the ports to the service only on the single ipv6 address of the system.

pfeiferj · March 2, 2022, 8:53pm

I guess there’s also some discussion about ICMP and ipv6 as far as security goes. Like whether you should allow incoming ping requests for ipv6. That and some of the ICMP requests are pretty critical to ipv6 working correctly and there’s an age old idea of not allowing any ICMP requests at all from the public network.

pfeiferj · March 2, 2022, 8:57pm

oh, and there’s potentially a tracking issue when your device does use it’s mac address for determining it’s ipv6 because then a website could identify you based off of that part of the ipv6 address. I believe most devices allow for creating a pseudo-random ipv6 based off of some details about the local network so that they can have a consistent ipv6 when they reconnect to a network but not have a consistent ipv6 ending when they move to a different network

pfeiferj · March 2, 2022, 9:06pm

oh, i guess madmatt already pointed out most of what I said. Dang impulsiveness got me to post before reading

MadMatt · March 2, 2022, 9:07pm

I think it is more the case of your router not letting you set up prefix delegation, Spectrum should be supporting it, if your router is able to request them, without additional config. With that there would be non need to set up IPV6-NAT and/ot dhcpv6 on your lan …
And if the router doesn’t support that, I doubt it will let you set up IPV6-NAT, that would be the go to choice if you went with statically assigned/private IPV6 addresses…
You would need something like an edgerouter or an USG , or a custom pfsense/opnsense/vyos appliance to get going, but I am assuming that is not what you are wanting …

wertigon · March 2, 2022, 9:34pm

Yes, it is this simple, but, IPv6 based on MAC means you get a new IP if, for some reason, your NIC goes down. So there are still instances where you want a manually assigned static address. Another problem is that some manufacturers reuse their MAC addresses, sometimes even assigning the same address to an entire batch of a certain network card.

You do have very little need for DHCP in an IPv6 world though.