IPv6 explained - SLAAC and DHCPv6 (IPv6 from scratch part 2)

  Рет қаралды 52,604

OneMarcFifty

OneMarcFifty

Күн бұрын

Пікірлер: 96
@James_Knott
@James_Knott 2 жыл бұрын
A couple of points about Wireshark: While you used a display filter, there are also capture filters. The display filters what you have received, so that you see only what you're looking for, but other stuff has also been captured. A capture filter controls what's captured. Of course, you can use both for maximum flexibility. Also, I have Wireshark configured with panels 2 & 3 on the same level, with 3 occupying only the minimum space required, leaving the rest of the space for panel 2. I have panel 1 at the top, taking full width. I find this provides the most info, with the best use of display space. Any ISP that changes the prefix daily is incompetent. There is an RFC, I don't recall the number at the moment, that says the prefix should be consistent. I've had the same prefix for a few years, surviving replacing both the cable modem and the computer I run my firewall/router (pfSense) on. With SLAAC privacy addresses the suffix changes daily, which should take care of security concerns. For servers, you'd use the SLAAC persistent address, often based on the MAC, which the DNS can point to. One important point to remember with IPv6 is the address space is so sparse, it's hard to find a target, even if they know the prefix. A single /64 prefix, which is what's on a LAN, contains 18.4 billion, billion addresses. It would take a *LOT* of scanning for an attacker to find a target. Also, Android devices won't work with DHCPv6. As for multicast, as you mentioned, recipients must belong to the multicast group. However, some are automatic. For example, all devices belong to the all nodes group and all routers belong to the routers group, etc.. There is also a special multicast type, used for neighbour solicitation. It's called solicited node multicast, where the 24 right most bits of the target address are used for the right most address bits of the multicast group. This means there's only a 1 in 16 million (2^24) chance of an unwanted device responding to the multicast.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi James, many thanks for your thorough feedback. I'll pin the comment as it contains a lot of useful information!
@itxptube
@itxptube Жыл бұрын
I hope I speak for everyone when I say - YAY a third video in the series. This has been my first introduction to your content and I find it a very nice overview of IPv6 thank you!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Paul - that's great, thanks so much for the nice feedback!
@AwesomeOpenSource
@AwesomeOpenSource 2 жыл бұрын
Absolutely terrific explanations. I love how you made analogies to Radio and emergency numbers for multi-cast and any-cast. Terrific!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hey Brian, many thanks ;-) Your comment proves that you have watched it until the end ;-)
@nulldev42
@nulldev42 2 жыл бұрын
Thank you for taking the time to put this together. I have to admit, for several years part of me has been wishing that IPv6 will just "go away" and be replaced with something that's a bit easier to understand. However, since this isn't going to realistically happen, I'm diving head first into your guides. I'm patiently waiting for your "Best way to do all of this in OpenWRT" video before enabling anything as I don't wish to inadvertently create a security hole or bridge an isolated subnet/VLAN. Thanks again!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hey, many thanks for the feedback - yes, I think we all felt (or feel) the same about IPv6. It's somehow similar to IPv4, yet strangely different. And as you say - we've got to take what we get ;-)
@James_Knott
@James_Knott 2 жыл бұрын
NUTS!!! You beat me to having the first reply. When I started my post, there were no other replies. However, I added to it, as the video progressed.
@guiller2371
@guiller2371 Жыл бұрын
When you find something difficult; things don't get replaced in IT. They just create an interface where the end user loses the chance to deal directly with the technology. At the end; things become even more complex and less friendly to those who actually want to learn. It's better to put some effort. In the long run; it is actually easier to control.
@rklauco
@rklauco 2 жыл бұрын
This is amazing series. Can't wait for next episode.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Robert, thank you very much ;-)
@acvKaZe
@acvKaZe Жыл бұрын
I have never been interested in IPv6 very much before watching your videos, but actually it's very interesting. thank you very much :D
@littlenewton6
@littlenewton6 2 жыл бұрын
我太爱这个视频了,能聆听网络专家的讲解是我的荣幸!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
谢谢你!
@ロジャー-n3s
@ロジャー-n3s Жыл бұрын
How about the IPv4 / IPv6 dual stack video? 😛
@unknown_channel_name
@unknown_channel_name 2 жыл бұрын
Great video Marc ! This was really informative. I love the idea of making a long series about this as it will be useful in the near future as we move slowly from IPv4 and given the fact that IPv6 has been around for so long yet we know very little about it makes it even more interesting.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Vibhu, thank you very much. we'll see how many viewers the series attracts. There's still a large amount of people who have a deny-by-default attitude towards IPv6 ;-)
@johnwang3303
@johnwang3303 2 ай бұрын
Very helpful for me to understand how is the IPV6 addresses be arranged.
@SEARCHHiTech
@SEARCHHiTech 6 ай бұрын
Marc you are an absolute genius! A wonderful instructor and a brilliant technologist, THANKS!
@karlranseyer
@karlranseyer Жыл бұрын
Hi! Thanks for this video. Your presentation was very understandable. You mentioned Dual-Stack. Since you have also made Proxmox videos... How about a video zu incorporate IPv6 into an existing infrastructure... All videos I've seen so far don't address this (or they have all VMs on their router backbone). My Proxmox has 6 internal networks on separate virtual NICs and each network has it's own subnet. What does one have to do and configure, so that all the VMs and containers get an proper IPv6 address and that the routing works (also from and to the outside world). Thanks again!
@micky1067
@micky1067 2 жыл бұрын
Großartiges Video. Wie immer. Ist wirklich Klasse wenn du weiter IP6 ausbaust in einer Serie.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, vielen Dank.
@RajaseelanGaneswaran
@RajaseelanGaneswaran 2 жыл бұрын
I really love this series and how you made it relate to real-life applications. I'm definitely going to expermiment w/ ipv6 in my homelab now.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome, keep me updated ;-)
@alternativedirt
@alternativedirt 2 жыл бұрын
Excellent video! Love the idea of demystifying IPv6.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Josh, yeah - "demystifying IPv6" - that would have been a great title for the series ;-)
@Username-hb1qi
@Username-hb1qi 3 ай бұрын
thank you for these great explanations of IPv6 topics and showing examples in wireshark
@rwantare1
@rwantare1 2 жыл бұрын
Thank you. It was worth the wait.
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Thank you very much. Glad you liked the video ;-)
@der_imperator6907
@der_imperator6907 Жыл бұрын
Thanks for the Videos about IPv6. I have had the same problem with v6, to find similar points like v4. This two IPv6 Videos open my eyes. I also enjoy your OpenWRT Videos, learned a lot by watching them. Gruß aus Köln.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, I am really happy that you liked the videos - and even more happy if they could help you. Thanks for your friendly feedback!
@HafsaSIF-EDDINE
@HafsaSIF-EDDINE 11 ай бұрын
thank you so much for you videos such a precious content and your simplified explanation .Much respect and support from morocco
@Kofivey
@Kofivey Жыл бұрын
Great video Mark. When can we expect the next video on dual stack? Also could you put the series of videos in a playlist?
@JavedAkhtarKhanUtmanZai
@JavedAkhtarKhanUtmanZai 2 жыл бұрын
My ISP is now providing IPv6 on my main modem/router. My Openwrt router is connected to main router but i dont know how to configure IPv6 in downstream. Waiting for IPv6 configuration on OpenWRT
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, it will come very soon ;-)
@JavedAkhtarKhanUtmanZai
@JavedAkhtarKhanUtmanZai 2 жыл бұрын
@@OneMarcFifty thanks for response. Just want to mention, how ISP should allocate IPV6? I see a /64 subnet allocated to ONT. i managed to assign /128 IPV6 to devices by using repay mode in wan and lan interfaces but note sure if its sufficient
@sahaos847
@sahaos847 2 жыл бұрын
@@OneMarcFifty thanks so much! Same issue, can't wait. :)
@RbNetEngr
@RbNetEngr 2 жыл бұрын
Thank you for continuing this series of videos on IPv6. I like your approach of teaching it as a knowledge building experience rather than just presenting everything about IPv6 in a bulk data dump, with no reference for using the various components. One thing I noticed that you did not touch on is EUI-64 addressing. Is this now considered less secure, and so its use is discouraged? One other comment. I’ve noticed that on my home network (dual stack) using SLAAC for IPv6 addressing, it is much more difficult to identify the devices on the network. In the IPv4 DHCP world, or with IPv4 static IP addressing, it is much easier to identify the devices based on IPv4 address. For IPv6 and SLAAC, and dual stack, I find myself looking at the MAC address of the device, and then looking up its IPv4 address in the ARP table to figure out which device it is. Is there a better way of doing this and remaining in the IPv6 realm?
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, w/r to EUI-64 and whether it is secure or not - the clear answer is "it depends" ;-) The real question is - do you prefer having (1) a repeatably identifiable address or do you prefer (2) dynamic ("obfuscated") IPv6 address generation? If (1) then you can use EUI64 or DHCPv6. If (2) then use SLAAC with privacy extensions. It's really more about privacy than security. However, tracking these days is not done with the IP address. There are many mechanisms on the application layer (Browser fingerprinting etc.). W/r to identifying the workstation - real question here is why you would want to identify it or rather what for. Is a station doing something that it should not do ? In this case I think its OK to just dig a bit into MAC etc. or is it a Server / Container that you need to identify? If you need to have a fixed address in order to identify and access the station, then again you might use the mechanisms described above or even use an additional ULA that you could hand out with DHCPv6. If you want to track back on demand then probably a little script could help (ip neigh....)
@elvioguerrero5914
@elvioguerrero5914 2 жыл бұрын
All your videos are great man!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Elvio, thank you very much.
@nicksmith4507
@nicksmith4507 Жыл бұрын
So much detailed information presented succinctly and logically. Excellent, thanks!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Nick, thank you very much ;-)
@jairunet
@jairunet 2 жыл бұрын
I will definitely need to watch it again, I need to really simulate the examples you showed here with a local IPV6 network and then see what I can simulate with the dynamic IPv6 address my provider assigns to my router. Nevertheless, thank you so much again for sharing the great knowledge!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi jairu, many thanks for the feedback. I think the effect on most viewers is - like you say - I am going to try things out ;-) That's great ;-)
@LampJustin
@LampJustin 2 жыл бұрын
And don't be sorry about another couple of videos on v6! v6 is totally underrated and needs all the attention it can get!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Noted ;-)
@龙兴天下
@龙兴天下 Жыл бұрын
May I ask what software you use to make your videos, they are really great!
@Meneer456
@Meneer456 Жыл бұрын
Great videos Marc
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thank you very much Jan
@Indigo897
@Indigo897 2 жыл бұрын
Waiting the video about how setup properly IPv6 on OpenWRT 🙂
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, many thanks for the comment - it's going to come soon ;-)
@joeblow2456
@joeblow2456 2 жыл бұрын
It would be really good if the openwrt setup included cascading routers. Eg Edge Router for a DMZ and internal routers for home/iot etc.
@ErnestGWilsonII
@ErnestGWilsonII Жыл бұрын
Thank you for making this video and sharing it with all of us! I am, of course, subscribed with notifications turned on, and thumbs up!
@karolisr
@karolisr 2 жыл бұрын
Thank you so much. I am beginning to understand now!
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hey Karolis, that's awesome ;-) Thanks for feeding back.
@briancoverstone4042
@briancoverstone4042 Жыл бұрын
Keep in mind that Android has a major flaw in that it does not work with dhcpv6!! There's a ticket that's been open for nearly 14 years.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Brian, many thanks for sharing this. Ah - 14 years only ? Should be solved by 2037 then ;-)
@herpederpe4320
@herpederpe4320 8 ай бұрын
It works just fine with SLAAC for a phone
@focofon
@focofon 10 ай бұрын
Your videos are getting better over the time. Congrats! But i'm unable to see wheres the next part😅
@SuperHddf
@SuperHddf Жыл бұрын
Thank you! ♥
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, you're welcome. Thanks for watching.
@LampJustin
@LampJustin 2 жыл бұрын
Thank you very much for your effort! It was a great explanation! Really funny how I'm just now trying to implement v6 in our OpenStack Cloud XD
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Awesome - let me know how it goes ;-)
@AntonioHenrike
@AntonioHenrike Жыл бұрын
I'm waiting on the next episode 😎
@OneMarcFifty
@OneMarcFifty Жыл бұрын
It's out already. You should find it on my channel page ;-)
@bogaczew
@bogaczew Жыл бұрын
can anyone provide good material how to set ipv6 lan with raspberry pi as a router?
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Pawel, if you want to install OpenWrt on it, maybe have a look at this video : kzbin.info/www/bejne/oJ2qkKGoeLSggMU
@senkottuvelan
@senkottuvelan 2 жыл бұрын
Thank you for part 2 😀❤️
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi, you're welcome - thanks for watching
@senkottuvelan
@senkottuvelan 2 жыл бұрын
@@OneMarcFifty Thank you for replying Marc. ❤️
@Bournechris640
@Bournechris640 Жыл бұрын
Do you know anything about net neutrality
@guiller2371
@guiller2371 Жыл бұрын
I am watching from my phone which screen is very tiny, not letting me see the details from Wireshark. Hopefully, I will have the chance to watch this video from my desktop. And yes, coming from IP V4, this is like magic, especially dynamic address server configuration, a real headache.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, many thanks for the feedback - and also many thanks for the hint with the phone screen. I'll add more zooms in the future if there is a lot of info on the screen.
@joeblow2456
@joeblow2456 2 жыл бұрын
Interestingly when I try to ping ff02::1 or ff02::2, it never works on any of my linux boxes or Macs but will only work on my openwrt routers
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Joe, I have seen different results on different machines. I would need to dig deeper in order to figure out if it is the switch filtering or not. Are they all on the same switch ?
@joeblow2456
@joeblow2456 2 жыл бұрын
@@OneMarcFifty Two cascaded routers. Two different unmanaged switches. I spun up a new openwrt router and connected my linux mint computer directly to the LAN port of the new router and I get the same result. Also my iPhone won't work ping ff02::1 either
@rexxxx1984
@rexxxx1984 Ай бұрын
Anycast with target Berlin.... Good Luck ;)
@joka7370
@joka7370 Жыл бұрын
Great video and good explanation as usual Mark,i would like to see a video about configuring an Open Portal on Opnwrt as well.Thanks and keep up the good work,like and subscribed👍🏻
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi George, you mean a captive portal, right? I.e. ask the user to consent to rules or potentially pay before they can use the network ? I have actually been thinking about using this to do VPN on demand ;-)
@joka7370
@joka7370 Жыл бұрын
@@OneMarcFifty yes Mark,just a simple one where user agree to terms and conditions and get access to internet(of course there are more options like paid vouchers,radius authentication etc etc) Thanks again for reply👍🏻
@OneMarcFifty
@OneMarcFifty Жыл бұрын
OK, I see - you may want to have a look at OpenNDS openwrt.org/docs/guide-user/services/captive-portal/opennds - the video will take a while ;-(
@rhopsi-q6b
@rhopsi-q6b 2 ай бұрын
Love it.
@ukaszs5021
@ukaszs5021 2 жыл бұрын
Awesome
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Thanks mate ;-)
@autarchprinceps
@autarchprinceps 5 ай бұрын
Are those multicast pings supposed to work in an everyday dualstack network? Because I have tried at home, work and in the cloud, and while I regularly use IPv6 (even installed a plugin that tells you what site uses IPv6, as I wanted to see how common it was), and definitve can ping with IPv6 against normal endpoints, local and global, nothing with ff02 ever works anywhere, and those are all provided by entirely different network designs and companies as well as different OSs and clients. Not saying it's not great for you to explain it truly the simple way. Certainly seems like an interesting concept in comparison to trying to rely on Layer 2 things like ARP requests, that shouldn't even exist.
@olafschluter706
@olafschluter706 Жыл бұрын
ping6 ff02::1 (or ff02::2 for that matter) doesn't work on my home network, although that has ipv6 full enabled on all machines (and I am connected by dual-stack to the internet). I tried it on a raspberry and a macOS machine. Edit: never mind. Found that one needs to specify the interface to use (which kind of makes sense) for this to work: ping6 ff02::1%en0.
@vaughnbay
@vaughnbay 9 ай бұрын
Good vid!
@catfishrob1
@catfishrob1 10 ай бұрын
Sounds like you have a really high interest loan. You should be trying to reconsolidate into something better. Get the smallest possible payment, and then do double payments every month and it will go down much faster since every payment above the minimum reduces the principal.
@Felix-ve9hs
@Felix-ve9hs 2 жыл бұрын
One thing to note is that Android *does not* and *will not* support DHCPv6 because Google doesn't want to support it ...
@OneMarcFifty
@OneMarcFifty 2 жыл бұрын
Hi Felix, many thanks for pointing this out.
@AwesomeSheep48
@AwesomeSheep48 11 ай бұрын
Too bad my router blocks those fun ff02 addresses
@anonyfamous42
@anonyfamous42 Жыл бұрын
How do you use dhcpv6 with Android ? 😂
Zabbix - Monitoring and Alerting with  @AwesomeOpenSource
18:23
OneMarcFifty
Рет қаралды 74 М.
IPv6 from scratch - the very basics of IPv6 explained
14:34
OneMarcFifty
Рет қаралды 206 М.
Жездуха 41-серия
36:26
Million Show
Рет қаралды 5 МЛН
Air Sigma Girl #sigma
0:32
Jin and Hattie
Рет қаралды 45 МЛН
Artificial Intelligence in Business - Opportunities and Insights
14:52
Arthur Petropoulos
Рет қаралды 1,7 М.
IPv6 with OpenWrt
25:29
OneMarcFifty
Рет қаралды 38 М.
Certificates from Scratch - X.509 Certificates explained
21:50
OneMarcFifty
Рет қаралды 132 М.
build a home lab server with proxmox
18:27
OneMarcFifty
Рет қаралды 325 М.
Why IPv6 Hasn't Taken Off
14:48
Tall Paul Tech
Рет қаралды 110 М.
Super Easy IPV6 In 10 Minutes
12:15
Andy Malone MVP
Рет қаралды 10 М.
IPv6 Basics for Beginners
27:59
danscourses
Рет қаралды 206 М.
I spent a WEEK without IPv4 to understand IPv6 transition mechanisms
18:04
apalrd's adventures
Рет қаралды 139 М.