IPv6 configuration for LAN only when no IPv6 from ISP?

pzanga

First off I should say that I am still wrapping my head around IPv6 and don't have a deep understanding, but do get the high level basics and am working on learning more. Please feel free to point out anything here that does not sound right.
We recently switched from Comcast to Frontier fiber, who does not provide IPv6 support ( at least as far as I know; they did not give us any IPv6 info when they provided our static IP info; I suppose I should confirm that). Given that, we set IPv6 configuration type to none on WAN and LAN. A Voice VLAN was added after the ISP changeover and IPv6 config type also set to none.
I haven't seen any obvious issues, but noted in the firewall logs many default deny rule IPv6 entries on LAN interface and realized we have multiple devices on the LAN that have IPv6 enabled (PCs and printers mainly). What I am seeing is link-local addresses (fe80) as the source and IPv6 multicast addresses (ff02) as destination (and actually pretty constant, filling up the logs - not sure if that's normal given y config or if it points to something being misconfigured). Also, I should mention that all of the devices on the Voice VLAN (IP phones and some analog adapters) only have IPv4 enabled.
Reading what I wrote so far, I realize there are some other questions I should ask before the one in the subject of this post.
Is there any issue with having IPv6 disabled on all interfaces if no IPv6 from ISP and the only IPv6 enabled devices are on the LAN?
Similarly, is there a need to configure IPv6 on the pfsense interfaces if traffic is essentially limited to LAN? Pros and cons?
If I should configure IPv6, what options should I be using configuration type? From my reading it looks like it should be static, DHCP6 or SLAAC, but not clear which and then not sure what additional settings I would need for each. And then what would be the correct settings for DHCP6 server and RA?
Let me know if you need any more details about my network or pfsense config. And thanks ahead of time for any help. I realize I am basically asking " can you set up my system for me?" Any advice or feedback is appreciated.

JKnott

@pzanga

While you can probably shut down IPv6 without issues, have you considered a tunnel from he.net? Others here use them to get IPv6. IIRC, they provide a /48 prefix.

johnpoz

@pzanga If your isp doesn't support ipv6. There is little reason to have it locally at all. Just disable it on your devices so they don't spam your logs and network with ipv6 for no reason.

If your wanting to play with IPv6, just get a tunnel from HE as mentioned. You can get a /48 for free and very easy to setup.

While its hard to actually remove the ability to do ipv6 on modern OSes and devices - you normally can just turn it off from use. Windows you can just uncheck it from the interface.

I run IPv6 in this fashion on my network - most of the vlans have ipv6 setup and ready to go with a simple click on the device. I don't really use it day to day other than to provide ntp to the ntp pool. If I want to test something with IPv6 I just enable it.

clicky clicky - and IPv6, clickly and no ipv6..

pzanga

@johnpoz and @JKnott

Thank you both for the prompt replies. I think I'll just shut down the IPv6 on the LAN for now while I continue to learn about it and think about implementing once I am more knowledgeable and comfortable with it. I've got enough on my plate right now without adding 1 more thing. I can definitely do without the extra noise from IPv6 on the network. I have seen HE mentioned in other posts and will need to look into that as well.

Thanks again.

johnpoz

@pzanga said in IPv6 configuration for LAN only when no IPv6 from ISP?:

while I continue to learn about it and think about implementing once I am more knowledgeable and comfortable with it.

That is great way to look at it.. And one I completely agree with - if your not comfortable with ipv6, shut it down. Unless there is a resource you need to get to that requires ipv6, it has zero place on your network.

While it is the future, that future doesn't have to be today.

pzanga

@johnpoz said in IPv6 configuration for LAN only when no IPv6 from ISP?:

While it is the future, that future doesn't have to be today.

Seems like it's been the future for a few years now, and will be for at least several more.

Just a quick follow-up. I got IPv6 shut off on most devices and noted a definite decrease in noise on the network. Not any hard data, but can just see the lights on my switches stopped constantly blinking.
Thanks again.

johnpoz

@pzanga said in IPv6 configuration for LAN only when no IPv6 from ISP?:

will be for at least several more

Prob measured in decades to be honest.. Where you ran into a slow down in conversion is once all the mobiles went IPv6 - this put a huge ease on the ipv4 space.. T-mobile for example atleast in my part of the world all phones are ipv6 only..

Mobile devices are the huge strain on IP addresses..

Enterprises really have no incentive to go ipv6.. If they can manage their internal network on ipv4, and have for years.. rfc1918 space is HUGE chunk of space to be able to use. You don't really need all that much ipv4 public space, and using ipv6 for your public resources is easy to do as well.. But its never going to really go main stream until such time as there is incentive for the big enterprises to move away from ipv4. Its not all that simple of a move - management of address space changes a lot, firewalls also require much more effort.. And during the move you have to contend with dual stack, etc.

So while you see it with massive new deployments - I am in the middle of project for IPv6 space for a project to do with cars.. Which reminds me need to delegate some space in arin ;) I personally think yeah your still decades away before it actually becomes something you "have" to have - especially for some home or small business deployment.

JKnott

@pzanga said in IPv6 configuration for LAN only when no IPv6 from ISP?:

Seems like it's been the future for a few years now, and will be for at least several more

That depends on where you are in the world. Asian countries are far more ahead of the west because they didn't get many IPv4 addresses. On the other hand, the U.S. got the bulk of IPv4 addresses, so the pressure isn't so great. On the other hand, there are still many there that are stuck behind carrier grade NAT and so can't run VPNs etc. to their home network.

The sooner everyone moves to IPv6 the better.

JKnott

@johnpoz said in IPv6 configuration for LAN only when no IPv6 from ISP?:

T-mobile for example atleast in my part of the world all phones are ipv6 only.

Same with Rogers in Canada. My phone is IPv6 only and uses 464XLAT for IPv4. I don't know what other cell companies are doing but, IIRC, IPv6 is supposed to be mandatory for 4G. Rogers has also provided native IPv6 on the cable network for about 6 years and via tunnels for a while before that.

Enterprises really have no incentive to go ipv6.

A while ago, I read an article about Comcast moving to IPv6, because they couldn't seamlessly manage their network with IPv4. Of course many other companies, such as Google, Microsoft, Facebook, IBM and more run IPv6. I don't believe any of them are mom & pop operations.

In addition to much greater address space, there are several other advantages to IPv6.

johnpoz

@jknott said in IPv6 configuration for LAN only when no IPv6 from ISP?:

there are several other advantages to IPv6.

All of which come with their own learning curve and headaches.. Sorry but until such time that I can not get to the resources I need, there is no driving force moving me away from tried and true and stable ipv4.. Which goes for pretty anyone..

Sorry companies do not spend money to change something unless its going to save them money in the long run. Or fix something that is actually broken and costing them in some way.

There is zero incentive for your typical home user to move to IPv6. Other than playing and learning about it - name 1 resource just 1, that your typical user would need ipv6 to access? Where they need to run it on their home network.. Even the promise of no nat and better easier way to run games is a bust, because the game makers have no clue how to actually use ipv6 correctly.. And many of the isp actually rolling it out - suck at it!

JKnott

@johnpoz said in IPv6 configuration for LAN only when no IPv6 from ISP?:

Sorry companies do not spend money to change something unless its going to save them money in the long run.

There are some things that benefit large networks, such as eliminating broadcasts and fragmenting at routers. Both of those can cause a performance hit. In fact, a friend of mine who's an IT guy with the province of Ontario mentioned the broadcast noise issue. Every device has to handle a broadcast, but only the targets have to handle a multicast. The rest discard irrelevant multicasts in the NIC. Another benefit for ISPs and carriers is smaller routing tables. Several years ago, the Internet crashed because some routers ran out of memory to handle all the routes. The reason for that is IPv4 addresses were handed out without regard to location, making it difficult for routers to aggregate routes. IPv6 is designed with prefixes handed out according to location.

JKnott

@johnpoz said in IPv6 configuration for LAN only when no IPv6 from ISP?:

name 1 resource just 1, that your typical user would need ipv6 to access?

As I mentioned, there are many who are stuck behind CGNAT. They cannot connect to their networks from outside.