Comcast Residential /64 Delegation
-
@bob-dig said in Comcast Residential /64 Delegation:
The US has plenty of IPv4 addresses. In other parts of the world this is not the case. For instance in Germany there is more and more IPv4 CG NAT and/or DS-Lite (Dual Stack Lite). So if you want to host something at home, you have to use IPv6... but also every major cellphone provider here supports it ootb, so it is doable, although it sucks big time.
There are plenty stuck behind CGNAT in North America too. My ISP, Rogers, provides IPv6 on both cable and cell networks. On the other hand, the big phone company doesn't yet offer IPv6 to consumers on their ADSL or fibre networks and doesn't properly support it on their cell network. My work phone, on that company, it gets only 1/10 on test-ipv6.com. "Danger IPv6 sorta works - however, large packets appear to fail...". They also don't provide IPv6 to devices connected to the hot spot.
-
Many "tech guys" don't get a lot of things. For example, look at all those who run Windows as admin. That leaves them wide open to malware. On my own computers, I run as a mere mortal, with admin rights when needed, just as I do on Linux.
Many are also not that great on network issues.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@jknott Considering our dependency on Windows, I expect to wake up one day and find out that Windows Update promulgated a delayed signed ransomware attack that simultaneously devastated both the enterprise and retail installs, and this then proceeds to global catastrophe.
-
Well this is FRUSTRATING AS HELL!!!
Got up this AM - noticed that I had a new IPv4 Address on WAN from COMCAST - but the IPv6 one did not change. So I went to the IPv6 test page and now see what I get:
I have done done this page too - where COMCAST support sent me:
This makes no sense - at all. Verified that IPv6 is still setup on the NIC of the Server - the same STATIC addresses I put there.
Curtis
-
I used to be a trainer at my job. I used to touch on IPv6 and explain follows:
IPv4 (State . City . Street . House #) - as an example of the 4 numbers.
IPv6 (Planet : Continent : Country : State : City : Street : House # : Room) - so a much more granular address.
It was kewl to see light bulbs come on. LOL
Curtis
-
Agreed - I 95% of the time login to my Windows computers as a 'mere-mortal' and only use Admin stuff when I need it.
I typically login if I have lots to do - on the DC as admin --- so I am not pestered with the warning (you must ask to be a god) --- LOL
Curtis
-
I think they are calling that WINDOWS 11 !!!
Microsoft in kahootz with the computer manufacturers to see more computers for which they cannot get chips for them - so the prices are 4x what they should be.
-
@bearhntr said in Comcast Residential /64 Delegation:
Well this is FRUSTRATING AS HELL!!!
Do a reboot of pfSense. I have to do that daily (via cron) to keep IPv6 working.
-
OK - care to share? CRON? {steps???}
-
-
I will have to reboot pfSense later - as I work from home, and in the middle of my day here. I will lose Internet during that period of reboot.
Let you all know.
Curtis
-
@bob-dig said in Comcast Residential /64 Delegation:
Check the box: Do not allow PD/Address release
That wouldn't cause a complete loss of IPv6, only a new prefix.
-
@jknott said in Comcast Residential /64 Delegation:
That wouldn't cause a complete loss of IPv6, only a new prefix.
For me pfSense is failing when the prefix changes so that is why I gave your advice.
-
@bearhntr that analogy not actually true - but ok.. IPv6 is no more granular than IPv4 - there is just way more addresses.
Does not make it more granular.
Think of it this way vs everyone living in say an apartment complex and the mailman having to just drop off and pick up mail from the mail room at the building (nat) - and the building mailman moving the mail to apt A, B and Z, etc.. The address on the mail was granular enough to get to the building, and even has which apartment it is and who - its just the building uses a address scheme for apt that the public mailman doesn't understand
With ipv6 each apartment can just send and get mail directly to their own mailbox.
-
@johnpoz For a residential account, that does not have any option of paying more than a single dynamic public IPv4 address, IPv6 definitely feels more functional in being able to get around this, especially without NAT, and ultimately can be more granular.
Not that I have tried this, but I know I can ping clients directly from anywere over both, but IPv6 should be much cleaner and direct, where IPv4 would require dynamic DNS, NAT, and port forwards to accomplish the same. For a residential account, IPv6 feels like a way around the ISP restricting static and multiple addresses.
-
@jpvonhemel said in Comcast Residential /64 Delegation:
and ultimately can be more granular.
No it is not more granular than IPv4 - still a just an address.. To a device - think you guys need to look up what granular means ;)
His analogy of address makes no sense in comparing ipv4 to ipv6, the ability to have more addresses does not add granularity to the address itself..
Your toaster having its own address - again doesn't add granularity. And that can be done with IPv4..
The ability to not have to nat - doesn't add granularity to the address. Yes IPv6 with the huge amount of space available allows users to have more addresses to use. But that has been possible with IPv4 - you not having enough IPv4 and having enough IPv6 doesn't add granularity - it just adds more addresses.
-
I was not trying to start an argument and I appreciate the help. But I must disagree. Just about every single router sold in the US has a default IP Address of 192.168.1.1 or 192.168.10.1 (I have had numerous). If every household in America had the same IPv4 address range for their home, they would all be 192.168.1.xxx (or .10.xxx) -- INSIDE their home.
Granted every network device would have its own MAC address - providing a granular break down of those addresses (within that home). As a MAC address (short for media access control address) is the worldwide unique hardware address of a single network adapter. The physical address is used to identify a device in computer networks. So even if your neighbor's TV and your TV both have the same IPv4 address (192.168.1.15) - they would have different MAC addresses...but also their Internet gateway would most likely be different as well even if on the same ISP.
What I was alluding to was the granularity of IPv6 to IPv4
(granularity -- [ˌɡranyəˈlerədē] NOUNTechnical
the scale or level of detail present in a set of data or other phenomenon.)Was that in IPv6 -- yes while having a much larger data pool of addresses. This being said, it does have a form of granularity in that traffic has a more direct path to a device - rather than having to hit multiple translation tables (ARPs).
Again - I was not trying to start an argument, but given MAC addresses are unique, and follows a world-wide 'format' - many IPv6 addresses are based on this MAC address (in fact may be part of the IPv6 address).
I saw in an online video several years ago - that within IPv6 there are enough IP Addresses that every man, woman, their children and pets for 4 generations and their devices could be assigned a specific address - and still have millions of addresses left over. <LOL - that is a lot of addresses>. So I am just waiting for that letter from the N.W.O. telling me I have been assigned an IPv6 address and that is my new "identifier".
-
Your analogy is wrong dude just plain and simple. A different address that points to the same thing does not provide more granularity.. Not wanting to argue - just pointing out that reason to move to IPv6 doesn't make any sense. Getting rid of nat doesn't provide more detail to what you point to.
Detail - the detail does not change from an IPv4 to IPv6.. Be it that IP is natted or not - 1.2.3.4:80 gets to my webserver.. "aaaa:bbbb:: 1234:80" still gets to my webserver.
Switching to IPv6 does not provide any more granularity than the IPv4..
multiple translation tables (ARPs).
What? Are you talking about mac - again every layer 2 your traffic passes through will use different mac addresses to move the traffic. Just be cause you have IPv6 doesn't make some magic tunnel between, still lots of hops to get there.
So what if everything on the planet can have an IP - this does not add detail to what that address is.. Still points to X, be it ipv4 or ipv6..
-
One thing I've often said is there are enough addresses to give every person on earth over 4000 /48s.
-
@jknott Yup agree - doesn't mean any specific address has more "detail" over the IPv4 address.. Which was my point about why the analogy being bad.
Sure there are advantages to having really unlimited address space - the big one hey no nat, hey your phone and and ipad and laptop and watch and etc.. etc.. Can all have their own address. But this does not add "detail" So going to IPv6 does not add granularity like what planet.
To be honest with with IPv6 and devices all just using random temp IPvs to talk to something - you could say granularity in my firewall rules become more difficult. How do I allow or block device X from going to xyz, if he could use any address in the whole /64 to go there, verse if he was IPv4 I would know exactly what address he was coming from.. Its very simple and easy to set it to have only that IP address via dhcp reservation.
While this is possible with ipv6 - its not as simple, and there is a huge learning curve. And depending on the devices you might not be able to use dhcpv6, they might only support slaac. Also with something like comcast and your prefix changing - now your rules become even more difficult trying to use granularity of specific details of device X, when that could change at the drop of hat.
