Tech Clinic: IPv6
#16
Join Date: Dec 2009
Location: RDU
Programs: DL DM+(segs)/MM, UA Ag, Hilton DM, Marriott Ti (life Pt), TSA Opt-out Platinum
Posts: 3,227
How does security on IPv6 work? Effectively the same as IPv4, with the one difference being IPv4 routers (home or otherwise) do NAT and IPv6 addresses are almost always globally routable. What does that mean? In IPv6, every device behind a router has an IPv6 address that is unique across the entire internet. That is not necessarily a bad thing, because that is how IPv4 was intended to work, but the addresses ran out to quickly.
#17
Join Date: Jul 2001
Location: Lower Merion Township, PA, (an inner-ring suburb to the Socialist Workers City/State of Philadelphia, PA)
Posts: 596
Interesting, thanks for that info. I have one question...if a device is behind a firewall, how does it make sure to get an IP Address that is unique (across the whole IPv6 spectrum? Is it tied to the hardware (i.e. MAC address) somehow? Or is there some kind of global registry?
The other 64 bits, for 128 bits total in an IPv6 address, are unique to each device on your LAN. This is where SLAAC, or less preferably DHCPv6 comes into the picture. Note that even if you use SLAAC on the LAN side may, DHCPv6 may sometimes be needed to get "other" into to the clients, it's called SLAAC with the "other" flag enabled.
#18
Join Date: Jul 2001
Location: Lower Merion Township, PA, (an inner-ring suburb to the Socialist Workers City/State of Philadelphia, PA)
Posts: 596
With TWC, DHCPv6 is used on the router end to assign the router itself an IPv6 address as well as grab the /64 prefix that should be given out to devices behind the router. SLAAC is likely used to give the individual computers IPs, yes, but it's also possible to run DHCPv6 in tandem (with DHCPv6 assigning network properties that can't be assigned with SLAAC).
#19
FlyerTalk Evangelist
Original Poster
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Yep, for example Time Warner has assigned me 2604:6000:150e:c23a:: as my /64 prefix. I can have up to 2^64 addresses on my LAN. My Win10 laptop has a few IPv6 addresses in there...my understanding of this is that it generates a new IPv6 address for each new connection, then gets rid of the address when the connection is closed.
According to the IPv6 app I have on my iPhone, the flags on the connection are UP, BROADCAST, NOTRAILERS, RUNNING, SIMPLEX, and MULTICAST. No "OTHER".
According to the IPv6 app I have on my iPhone, the flags on the connection are UP, BROADCAST, NOTRAILERS, RUNNING, SIMPLEX, and MULTICAST. No "OTHER".
#20
Join Date: Jul 2001
Location: Lower Merion Township, PA, (an inner-ring suburb to the Socialist Workers City/State of Philadelphia, PA)
Posts: 596
On my Win 7 laptops, I do see multiple addresses, both temporary and public (permanent until the lifetime expires at which time a new set is generated for the network adapter), and I know one way to make this happen, which is to cause the router's IPv6 configuration to believe you are changing some part of the IPv6 config settings. Save the change and the second set of addresses appear out on the client(s).