mixmastamyk 1 day ago

There’s something about ip6 addresses being big as a guid that makes them hard to remember. Seem like random gibberish, like a hash. But I can look at an ip4 address like a phone number, and by looking tell approximately its rules.

Maybe there’s a standard primer on how to grok ip6 addresses, and set up your network but I missed it.

Also devices typically take 2 or 4 ip6 addresses for some reason so keeping on top of them is even harder.

2
vel0city 1 day ago

A few tips:

When just looking at hosts in your network with their routable IPv6 address, ignore the prefix. This is the first few segments, probably the first four in most cases for a home network (a /64 network) When thinking about firewall rules or having things talk to each other, ignore things like "temporary" IP addresses.

So looking at this example:

   Connection-specific DNS Suffix  . : home.arpa
   IPv6 Address. . . . . . . . . . . : 2600:1700:63c9:a421::2000
   IPv6 Address. . . . . . . . . . . : 2600:1700:63c9:a421:e17f:95dd:11a:d62e
   Temporary IPv6 Address. . . . . . : 2600:1700:63c9:a421:9d5:6286:67d9:afb7
   Temporary IPv6 Address. . . . . . : 2600:1700:63c9:a421:4471:e029:cc6a:16a0
   Temporary IPv6 Address. . . . . . : 2600:1700:63c9:a421:91bf:623f:d56b:4404
   Temporary IPv6 Address. . . . . . : 2600:1700:63c9:a421:ddca:5aae:26b9:a53c
   Temporary IPv6 Address. . . . . . : 2600:1700:63c9:a421:fc43:7d0a:7f8:e4c8
   Link-local IPv6 Address . . . . . : fe80::7976:820a:b5f5:39c3%18
   IPv4 Address. . . . . . . . . . . : 192.168.20.59
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::ec4:7aff:fe7f:d167%18
                                       192.168.20.254
Ignore all those temporary ones. Ignore the longer one. You can ignore 2600:1700:63c9:a421, as that's going to be the same for all the hosts on your network, so you'll see it pretty much everywhere. So, all you really need to remember if you're really trying to configure things by IP address is this is whatever-is-my-prefix::2000.

But honestly, just start using DNS. Ignore IP addresses for most things. We already pretty much ignore MAC addresses and rely on other technologies to automatically map IP to MAC for us. Its pretty simple to get a halfway competent DNS setup going on, so many home routers will have things going by default, and its just way easier to do things in general. I don't want to have to remember my printer is at 192.168.20.132 or 2600:1700:63c9:a421::a210 I just want to go to http://brother or ipp://brother.home.arpa and have it work.

1 reply
mixmastamyk 1 day ago

Helps, thanks a lot!

But as you can see this is still an explosion of complexity for the home user. More than 4x (32 --> 128), feels like x⁴ (though might not be accurate).

I like your idea of "whatever..." There should be a "lan" variable and status could be shown factored, like "$lan::2000" to the end user perhaps.

I do use DNS all the time, like "printer.lan", "gateway.lan", etc. But don't think I'm using in the router firewall config. I use openwrt on my router but my knowledge of ipv6 is somewhat shallow.

bombela 1 day ago

At home, with both ip v4 and v6. For any device exposed on the Internet, I add a static IPv6 address with the host part the same as the IPv4 adress.

example: 2001:db8::192.168.0.42

This makes it very easy to remember, correlate and firewall.

1 reply
mixmastamyk 1 day ago

Ok, that parses somehow in Python, matches, and is apparently legit. ;-)

    >>> from ipaddress import IPv6Address as address
    >>> address('2001:db8::192.168.0.42')
    IPv6Address('2001:db8::c0a8:2a')
    >>> int('2a', 16)
    42
Openwrt doesn't seem to make ipv6 static assignment easy unfortunately.