IPv6 Launch Day





  • Oh finally. I am really keen to try IPv6 but haven't yet as PFsense doesn't officially support it. Think I will try the IPv6 build though just for testing! IPv4 is getting expensive with our ISPs here too so very keen!



  • i see the company i work for is a sponsor, I just hope they are ready in june because I haven't seen the roll out plan yet or even beta areas.


  • Rebel Alliance Global Moderator

    "as PFsense doesn't officially support it."

    Not sure I agree with that statement, been using ipv6 for quite some time on pfsense – code is from pfsense servers, from pfsense developers, etc..

    Is it part of the current stable release - no, but it will be part of 2.1.. It sure isn't some 3rd party hack sort of thing ;)



  • Does anybody know which rfcs for ipv6 are implemented:
    Ripe 501 says following:
    For Host
    Mandatory:
    IPv6 Basic specification [RFC2460]
    IPv6 Addressing Architecture basic [RFC4291]
    Default Address Selection [RFC3484]
    ICMPv6 [RFC4443]
    DHCPv6 client [RFC3315]
    SLAAC [RFC4862]
    Path MTU Discovery [RFC1981]
    Neighbour Discovery [RFC4861]
    Basic Transition Mechanisms for IPv6 Hosts and Routers [RFC4213]
    IPsec-v2 [RFC2401, RFC2406, RFC2402]
    IKE version 2 (IKEv2) [RFC4306, RFC4718]
    If support for mobile IPv6 is required, the device needs to comply to “MIPv6”
    [RFC3775, RFC5555] and “Mobile IPv6 Operation With IKEv2 and the Revised
    IPsec Architecture” [RFC4877]
    DNS protocol extensions for incorporating IPv6 DNS resource records [RFC3596]
    DNS message extension mechanism [RFC2671]
    DNS message size requirements [RFC3226]

    Optional:
    Revised ICMPv6 [RFC5095]
    Extended ICMP for multi-part messages [RFC4884]
    SEND [RFC3971]
    SLAAC Privacy Extensions [RFC4941]
    Stateless DHCPv6 [RFC3736]
    DS (Traffic class) [RFC2474, RFC3140]
    Unique Local IPv6 Unicast Addresses (ULA) [RFC4193]
    Cryptographically Generated Addresses [RFC3972]
    IPsec-v3 [RFC4301, RFC4303, RFC4302]
    SNMP protocol [RFC3411]
    SNMP capabilities [RFC3412, RFC3413, RFC3414]
    Multicast Listener Discovery version 2 [RFC3810]
    Packetization Layer Path MTU Discovery [RFC4821]

    For Firewall
    Mandatory
    IPv6 Basic specification [RFC2460] (FW, IPS, APFW)
    IPv6 Addressing Architecture basic [RFC4291] (FW, IPS, APFW)
    Default Address Selection [RFC3484] (FW, IPS, APFW)
    ICMPv6 [RFC4443] (FW, IPS, APFW)
    SLAAC [RFC4862] (FW, IPS)
    Router-Alert option [RFC2711] (FW, IPS)
    Path MTU Discovery [RFC1981] (FW, IPS, APWF)
    Neighbour Discovery [RFC4861] (FW, IPS, APFW)
    If the request is for the BGP4 protocol, the equipment must comply with
    RFC4271, RFC1772, RFC4760 and RFC2545 (FW, IPS, APFW)
    If the request is for a dynamic internal guidance protocol (IGP), then the required RIPng [RFC2080], OSPF-v3 [RFC5340] or IS-IS [RFC5308]. The contracting authority shall specify the required protocol. (FW, IPS, APFW)
    If the requested OSPF-v3, the device must support "Authentication/Confidentiality for OSPFv3" [RFC4552] (FW, IPS, APFW)
    Support for QoS [RFC2474, RFC3140] (FW APFW)
    Basic Transition Mechanisms for IPv6 Hosts and Routers [RFC4213] (FW)
    Using IPsec to Secure IPv6-in-IPv4 Tunnels [RFC4891] (FW)

    Optional:
    Revised ICMPv6 [RFC5095]
    DHCPv6 client / server [RFC3315]
    Extended ICMP for Multipart Messages [RFC4884]
    SEND [RFC3971]
    SLAAC Privacy Extensions [RFC4941]
    Stateless DHCPv6 [RFC3736]
    DHCPv6 PD [RFC3633]
    BGP Communities Attribute [RFC1997]
    BGP Capabilities Advertisement WITH-4 [RFC3392]
    (QOS), Assured Forwarding [RFC2597]
    (QOS) Expedited Forwarding [RFC3246]
    Unique Local IPv6 Unicast Addresses (ULA) [RFC4193]
    Cryptographically Generated Addresses [RFC3972]



  • Hi

    This is today (tomorrow).
    Any pfsense update for this event?
    Cya



  • This event is a great possibility to play with pfsenses v6 capabilities - thank you and all respect for making this possible - So finally i decided to try ipv6 between my vbox and the host machine…

    
    C:\Users\root>ping b0::babe
    Ping wird ausgeführt für b0::babe mit 32 Bytes Daten:
    Antwort von b0::babe: Zeit<1ms
    Antwort von b0::babe: Zeit=2ms
    Antwort von b0::babe: Zeit=2ms
    Antwort von b0::babe: Zeit=2ms
    
    

    … Okay - this is really simple, but amusing and sweet to ping a babe :))
    oh - this zer0 is optional ups ?!



  • About a week ago we hoped to be in shape to release a BETA0 before today, but because of movement on the CARP front with IPv6 support we'll overshoot this day by a few weeks.

    This was one of the last hard fearture blockers for the 2.1 release.

    Quite a few other tickets have already been cleaned up since then. You'll have to trust us that we're still actively making headway on the 2.1 Release front.

    Between the developers 2.1 has been really good to use so far. It feels better then the runup to 2.0 in my opinion. Others might have experienced it differently.

    It would also mean a milestone and about 1.5 years of work I have in the IPv6 support. Which isn't to say that the others have not poured time in it.

    The feature list is a bit long, we have a public Google Docs sheet that lists everything that we support, it doesn't list RFC numbers though.


  • Rebel Alliance Developer Netgate



  • @databeestje and the rest of the developers that have been working on implementing IPv6 into pfSense; just want to say thank you for all the hard work! Been using it for a while now… Have to admit tho, the internet got really really slow today... Not sure if its my ISP or because i'm maxing my HE tunnel, i'll check later...lol


  • Rebel Alliance Developer Netgate

    Netflix turned on IPv6 for streaming, so I bet he.net and friends are really feeling a bit of a bandwidth spike. :-)



  • @jimp:

    Netflix turned on IPv6 for streaming, so I bet he.net and friends are really feeling a bit of a bandwidth spike. :-)

    I've been expecting the day that happens is the day they stop offering free IPv6 tunnels (as tons of people outside the US will start using it to have US IPs), so we'll see. They do appear to put a 1 Mb limit on the tunnels at least at times, sometimes I can get 10+ Mbps, sometimes it flatlines right at 1 Mb, so that's not all that useful for Netflix given the highest quality SD stream seems to be around 3-4 Mbps continuous.


Locked