Great vid Paul - demystified some of IPv6 quite nicely. Hoping there's a followup vid in another couple of weeks or so, showing us your experiences trying to work around the big boys that haven't taken it up yet. With teenagers in the house, I'm still very reluctant to move away from my nice, comfy IPv4 setup.
Oh, so not only have I got a video task, I've got a two week time frame to make it! If those 'tech' companies don't support IPv6, then they don't support it. I'm just going to rebuild my network to be based more on IPv6 for the management of it, and use only IPv6 for things that can. You can play with IPv6 all you want without affecting the IPv4 crowd in your house, because it's a different parallel Internet altogether. If you don't shut anything down in IPv4, then they'll continue doing what they're doing.
@@TallPaulTech He is correct about that. Long as the router supports both IPv4 and IPv6 you're golden. I am doing this with pfSense as my router and firewall.
@@TallPaulTech IPv6 for the management of it? Why? IPv6 is no better at this than IPv4. IPv6 is really only good for reaching stuff out there on the Internet. I'm sure your LAN has nowhere near exhausted RFC1918 space.
I learnt ipv6 10 years ago because we supposed to be running out of ipv4 - yet here we are and ipv4 is still prevalent. (been in it 34 years - so yes old guard as you say)
Hey Paul. Excellent vid, mate. You've got a great pace and flow I reckon. I'm wondering though, that /48 prefix you were given, what would happen if one day the ISP handed you a different one? Edit: perhaps one's local IPv6 dhcp could dynamically consider the prefix.
@@25566 Corporates can join APNIC and get their own permanent allocation. One of the allowable criteria (aside from multi-homing) to get a direct allocation is if "the network is statically addressed and of a size or complexity that make renumbering operationally impractical, together with evidence that dynamic or multiple addressing options are either not available from the relevant ISP or are unsuitable" Still - it's a few hoops to jump through - so hopefully most ISPs will assign the non-portable prefixes for the long-term.
Agreed. And a lot of ISP do exactly that. Basically if the router they supply can cope with it they don't care because people who want to use their own equipment are a tiny percentage of their customers.
The DUID option chosen was "physical address plus time, DUID-LLT". Does it persist across reboots with Linux so your router reservations will be good for all time?
One reason some big companies avoid IPv6 is that you still need to be on the IPv4 Internet, so why introduce extra work and extra attack surface by also being on the IPv6 Internet?
I suggest NOT using DHCPv6 to hand out fixed IPv6 addresses to all your devices. You still have fixed IPv4 addresses you can use to reach them from your LAN. If you use SLAAC and enable RFC8981(or 4941) privacy extensions it will, at least to some extent, hide which particular device is connecting when one of your devices connects to something using IPv6.
All I can think during this video is what was making you laugh right at the start. The hieroglyphics on the whiteboard don't seem to have any jokes in them, so I'm out of ideas
@@TallPaulTech I legit can't tell if you're making a joke at my expense or actually offended I asked The transition from laughing to presenter mode is fantastic though
I've mostly avoided ipv6, and likely still will. As you've pointed out, a lot of big tech doesn't work with it. And your MAC address is part of your IP address. Which in our modern age of tracking and big government, is scary. Not that our IPs are dynamic anymore. But there's a distinction between tracking you down to a household, and tracking you down to a device. You lose the ability to say your neighbor did it, or even your ex-girlfriend. Guilty until proven innocent, and big tech is more trusted than you. Trying to educate law enforcement, judicial peeps, or a juror, that you are NOT guilty is mission impossible. But your honor, that's a 6 not an 8, and that's a 9 not a 6. Meh, close enough for us and we trust Big B. Enjoy your new jump suit, see you in twenty years...
No, all OS's that I know off will use privacy adresses which can localise to the network address not the individual host, this is because addresses of hosts change periodically within the same 64bit subnet. And on the anonymity thing. Your house probably has a whole single ipv4 address anyway. So you can't use the "my neighbour did it" stategy, even with CGNAT since providers log port connections anyway. This type of mindset is why some companies avoid deploying IPv6. They don't know what it is so they treat it as a security risk.
At first IPv6 was based on MAC address on the device and then it became a major privacy issue so now OS's randomize the few octets of the address. It was a good compromise as IPv6 is not really designed to be NAT'd behind the firewall.
Your MAC address does not have to be part of your IP address. Using SLAAC and enabling RFC8981 privacy extensions goes a good way towards countering the tracking problem you describe.
for in house testing , i use abba::n/64 where n is the last number of the previous fixed ip4 ip address (or babe::n/64) seems my isp now giving out ipv6 and my tp-link uses it, chromebook says loading ...
Best plain English and well broken down into logical parts explanation of ipv6 I’ve seen. Thanks Paul.
Great vid Paul - demystified some of IPv6 quite nicely. Hoping there's a followup vid in another couple of weeks or so, showing us your experiences trying to work around the big boys that haven't taken it up yet. With teenagers in the house, I'm still very reluctant to move away from my nice, comfy IPv4 setup.
Oh, so not only have I got a video task, I've got a two week time frame to make it! If those 'tech' companies don't support IPv6, then they don't support it. I'm just going to rebuild my network to be based more on IPv6 for the management of it, and use only IPv6 for things that can. You can play with IPv6 all you want without affecting the IPv4 crowd in your house, because it's a different parallel Internet altogether. If you don't shut anything down in IPv4, then they'll continue doing what they're doing.
@@TallPaulTech He is correct about that. Long as the router supports both IPv4 and IPv6 you're golden. I am doing this with pfSense as my router and firewall.
@@TallPaulTech IPv6 for the management of it? Why? IPv6 is no better at this than IPv4. IPv6 is really only good for reaching stuff out there on the Internet. I'm sure your LAN has nowhere near exhausted RFC1918 space.
@@BrianG61UK You have completely missed the point. It's to learn how it works. I now know way more about how it actually works than I did 2 weeks ago.
The resistance to change will go when the old guard retire.
I learnt ipv6 10 years ago because we supposed to be running out of ipv4 - yet here we are and ipv4 is still prevalent. (been in it 34 years - so yes old guard as you say)
I'm not sure. So much to do with handling IPv6 feels unfinished and bodged compared with the old IPv4 ways.
what a coincidence, I finished the ipv6 lesson today.
Beautiful ! Thank you, I need to play a bit with IPv6
6to 4 stuff is interesting mix and match, nice vid BTW
Hey Paul. Excellent vid, mate. You've got a great pace and flow I reckon. I'm wondering though, that /48 prefix you were given, what would happen if one day the ISP handed you a different one?
Edit: perhaps one's local IPv6 dhcp could dynamically consider the prefix.
Just wondering while you were setting this up/testing it, did you get any complaints from the other people in your house? 😄
what i dont like is if the isp has to give you a different prefix, then you have to reconfigure everything!
Yeah, I thought of that whilst going through this.
Wait really? That's a BIG drawback for ipv6... Imagine having to redo a corporate network
@@25566 Corporates can join APNIC and get their own permanent allocation. One of the allowable criteria (aside from multi-homing) to get a direct allocation is if "the network is statically addressed and of a size or complexity that make renumbering operationally impractical, together with evidence that dynamic or multiple addressing options are either not available from the relevant ISP or are unsuitable" Still - it's a few hoops to jump through - so hopefully most ISPs will assign the non-portable prefixes for the long-term.
Agreed. And a lot of ISP do exactly that.
Basically if the router they supply can cope with it they don't care because people who want to use their own equipment are a tiny percentage of their customers.
@@25566 Hopefully methods of coping with it will begin to appear and to work acceptably. IPv6 still kind of appears a bit unfinished.
Hats off to you TP!
One other thing that would be interesting to check, does your switch actually use Multicast or does it just broadcast all multicast packets anyway?
I'll be having a closer look at things like that as I get more into it.
The DUID option chosen was "physical address plus time, DUID-LLT". Does it persist across reboots with Linux so your router reservations will be good for all time?
That's one of the things I still have to figure out. It's on the list.
One reason some big companies avoid IPv6 is that you still need to be on the IPv4 Internet, so why introduce extra work and extra attack surface by also being on the IPv6 Internet?
Great work as always. Interesting stuff.
Wow that was a very interesting video full of good informations! Thank you
I'll be surprised if BoM is IPv6 before the end of the century 😂
I suggest NOT using DHCPv6 to hand out fixed IPv6 addresses to all your devices. You still have fixed IPv4 addresses you can use to reach them from your LAN.
If you use SLAAC and enable RFC8981(or 4941) privacy extensions it will, at least to some extent, hide which particular device is connecting when one of your devices connects to something using IPv6.
Great video, can you add Tor to this Pi Router ?
All I can think during this video is what was making you laugh right at the start.
The hieroglyphics on the whiteboard don't seem to have any jokes in them, so I'm out of ideas
I'm just a happy mother fucker. You got a problem with that cunt?!
@@TallPaulTech I legit can't tell if you're making a joke at my expense or actually offended I asked
The transition from laughing to presenter mode is fantastic though
what laugh? he was just smiling for a brief moment
@@RoryIsNotACabbage You're not Australian are you? Calm down
@@TallPaulTech You're the one who used curse words.
again I am just a beginner. I record so softsetups and a Microkorg, even use it as a midi keyboard. But the problem arrives with content
As far I know Android dont support ipv6 via DHCP, so only RA.
I have it setup this way.
I wonder what they're doing to prevent Mac address limits....
Great that you have 80bits to play with, but what about the table limits?
😂
Is your pi on a router specific distro or just plain Linux?
Debian
there is no "just plain linux" lol
@@poiiihy Well Debian is "plain vanilla" Linux. lol. That's what I am using as my daily driver.
yes
dude you look like jack manifold
soft?
There's a tablet for that...
Fakhri Habibi hamoud
"Welco-"
Everyone, it's been a year since I ca to tNice tutorials video, and my progress is amazing.
I've mostly avoided ipv6, and likely still will. As you've pointed out, a lot of big tech doesn't work with it. And your MAC address is part of your IP address. Which in our modern age of tracking and big government, is scary. Not that our IPs are dynamic anymore. But there's a distinction between tracking you down to a household, and tracking you down to a device. You lose the ability to say your neighbor did it, or even your ex-girlfriend. Guilty until proven innocent, and big tech is more trusted than you. Trying to educate law enforcement, judicial peeps, or a juror, that you are NOT guilty is mission impossible. But your honor, that's a 6 not an 8, and that's a 9 not a 6. Meh, close enough for us and we trust Big B. Enjoy your new jump suit, see you in twenty years...
No, all OS's that I know off will use privacy adresses which can localise to the network address not the individual host, this is because addresses of hosts change periodically within the same 64bit subnet. And on the anonymity thing. Your house probably has a whole single ipv4 address anyway. So you can't use the "my neighbour did it" stategy, even with CGNAT since providers log port connections anyway.
This type of mindset is why some companies avoid deploying IPv6. They don't know what it is so they treat it as a security risk.
all os's have been using regularly-changing randomized ipv6 addresses for years.
At first IPv6 was based on MAC address on the device and then it became a major privacy issue so now OS's randomize the few octets of the address. It was a good compromise as IPv6 is not really designed to be NAT'd behind the firewall.
Your MAC address does not have to be part of your IP address. Using SLAAC and enabling RFC8981 privacy extensions goes a good way towards countering the tracking problem you describe.
@@poiiihy If you allow them to. Set things up as described in this video (fixed addresses handed out by DHCPv6) and they won't.
for in house testing , i use abba::n/64 where n is the last number of the previous fixed ip4 ip address (or babe::n/64)
seems my isp now giving out ipv6 and my tp-link uses it, chromebook says loading ...