Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




541 posts

Ultimate Geek

Trusted
2degrees

# 240157 23-Aug-2018 15:04
17 people support this post
Send private message quote this post

Update below on IPV6 Address Space allocation - 10th October 2018.

 

Hi All,

 

With the introduction of BYOD (some customers choosing not to use a 2degrees supplied Fritzbox), we've had a bunch of queries about ipv6, how we provision it, what technologies we use etc. In order to assist you with troubleshooting any other equipment you may use, the team (Thanks Aaron) have pulled together the following information.

 

2degrees uses Juniper equipment to terminate subscribers, checkout the following links for more information on the architecture used and the implementation overview - Basic Architecture of a Subscriber Access Dual-Stack Network and Overview of Using DHCPv6 Prefix Delegation.

 

2degrees uses DHCPv6 Prefix Delegation to assign IPv6 prefixes to customer CPE, the only requirement this puts on the CPE is identification and choosing a prefix for delegation. 

 

DHCPv6 prefix delegation process

 

     

  1. The BNG provides IPv6 prefixes available for delegation.  In the case of dynamic customers this is provided by a local address-assignment pool, and for static IPv6 customers the BNG is informed of the /56 prefix to use via our RADIUS server.  Even though it’s a static assignment the BNG will still delegate the prefix to the CPE using DHCPv6.
  2. The CPE requests one or more prefixes from the delegating router.  The standard is a /64 allocation per LAN segment.
  3. The BNG chooses the prefixes for delegation, and responds to the CPE.
  4. The CPE is then responsible for the delegated prefixes.

 

CPE WAN link

 

Below are the methods we support:

 

     

  1. Link-local IPv6 address – The link-local address is provisioned by the appending the interface identifier negotiated by IPv6CP with the IPv6 link-local prefix (fe80::/10).
  2. DHCPv6 prefix delegation – The CPE can use the prefix it receives from the BNG to assign an IPv6 address to the interface between the CPE and BNG.  A Fritzbox modem uses this method by default.

 

Fritz configuration example (in lab environment)

 

 

  • This is the default setup and will establish a native IPv6 connection, the below configuration would be more specific

 

 

  • Here you can see the IPv6 address assigned to the CPE-BNG interface and the prefix that was delegated.
  • The Fritz in its default setup will assign the first available /64 to the LAN segment.
  • For our dynamic subscribers we allocate a /48 or /56 address space depending on the version of code they are running (due to our currently upgrades in progress), for static customers we allocate a /56 address space. Upgrades are planned to be completed in the first week of November 2018 which will see us standardise on /56 for all subscribers.

Nick.





nickmack GZ Signature


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Mr Snotty
8869 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2078025 23-Aug-2018 16:03
Send private message quote this post

Made this sticky.

 

Thanks very much for these guides - they're excellent!





851 posts

Ultimate Geek

Trusted

  # 2111304 20-Oct-2018 10:05
Send private message quote this post

@NickMack

 

Good to see 2D post this information

 

I was curious as to why 2D does not have their web accessible as IPv6 i.e. AAAA record etc

 

 


 
 
 
 




541 posts

Ultimate Geek

Trusted
2degrees

  # 2111362 20-Oct-2018 12:01
Send private message quote this post

xlinknz:

@NickMack


Good to see 2D post this information


I was curious as to why 2D does not have their web accessible as IPv6 i.e. AAAA record etc


 



Great question - not sure, I'll ask - Website is done by 3rd party.

Nick




nickmack GZ Signature


1945 posts

Uber Geek

Trusted
Subscriber

  # 2111363 20-Oct-2018 12:06
5 people support this post
Send private message quote this post

If only the other ISP's were so transparent and forthcoming - good to see.





________

 

Antonios K

 

Click to see full size


851 posts

Ultimate Geek

Trusted

  # 2111371 20-Oct-2018 12:47
Send private message quote this post

NickMack:
xlinknz:

 

@NickMack

 

Good to see 2D post this information

 

I was curious as to why 2D does not have their web accessible as IPv6 i.e. AAAA record etc

 

 

Great question - not sure, I'll ask - Website is done by 3rd party.

Nick

 

Thank you for the reply

 

I see it is presented via the Redshield Cloud WAF, check whether that that can act as a IPv6 proxy even if the host provider cannot dual stack

 

antoniosk:

 

If only the other ISP's were so transparent and forthcoming - good to see.

 

 

I agree!


235 posts

Master Geek


  # 2111436 20-Oct-2018 16:00
Send private message quote this post

A related question. I am 2D customer with a Fritz box(1)

 

The DNS server in the Fritz box will resolve hosts on the LAN with a fully qualified domain name in the style $hostname.fritz.box

 

I have enabled IPv6. A dig query returns an ipv4 IP address but an AAAA query for an IPv6 address does not resolve. Have I missed a setting or is the Fritz box unable to do an AAAA for a local hostname?

 

 

 

1. Model:   7490    OS Version:   06.80





Obsequious hypocrite



541 posts

Ultimate Geek

Trusted
2degrees

  # 2111763 21-Oct-2018 08:52
Send private message quote this post

ObidiahSlope:

A related question. I am 2D customer with a Fritz box(1)


The DNS server in the Fritz box will resolve hosts on the LAN with a fully qualified domain name in the style $hostname.fritz.box


I have enabled IPv6. A dig query returns an ipv4 IP address but an AAAA query for an IPv6 address does not resolve. Have I missed a setting or is the Fritz box unable to do an AAAA for a local hostname?


 


1. Model:   7490    OS Version:   06.80



Not something I've looked at before on default Frtiz config, I suspect 99% of residential customers would care less ;-) (I use DNS from my Windows Active Directory, so this resolves fine). I'll have a look at this after the long weekend (camping at the mo) ;-)

Nick

Ps - theres a new version on Fritz OS you can upgrade to.




nickmack GZ Signature


 
 
 
 




541 posts

Ultimate Geek

Trusted
2degrees

  # 2112585 23-Oct-2018 08:57
Send private message quote this post

NickMack:
xlinknz:

 

@NickMack

 

Good to see 2D post this information

 

I was curious as to why 2D does not have their web accessible as IPv6 i.e. AAAA record etc

 



Great question - not sure, I'll ask - Website is done by 3rd party.

Nick

 

 

Website hosted by 3rd party in AWS. I've asked if they can investigate.

 

Update - should be resolved in the coming weeks.





nickmack GZ Signature




541 posts

Ultimate Geek

Trusted
2degrees

  # 2113177 24-Oct-2018 11:52
Send private message quote this post

NickMack:
ObidiahSlope:

 

A related question. I am 2D customer with a Fritz box(1)

 

The DNS server in the Fritz box will resolve hosts on the LAN with a fully qualified domain name in the style $hostname.fritz.box

 

I have enabled IPv6. A dig query returns an ipv4 IP address but an AAAA query for an IPv6 address does not resolve. Have I missed a setting or is the Fritz box unable to do an AAAA for a local hostname?

 

1. Model:   7490    OS Version:   06.80

 



Not something I've looked at before on default Frtiz config, I suspect 99% of residential customers would care less ;-) (I use DNS from my Windows Active Directory, so this resolves fine). I'll have a look at this after the long weekend (camping at the mo) ;-)

Nick

Ps - theres a new version on Fritz OS you can upgrade to.

 

Hiya,

 

It looks like AVM haven’t included this feature/functionality - We have fired off a request to have this considered/added in future releases.

 

Tested on the following hardware and firmware - Model  7490: v06.84, v07.01.

 

2degreess-MBP:~ 2degreesengineering$ dig 2degreess-MBP.fritz.box
 
; <<>> DiG 9.10.6 <<>> 2degreess-MBP.fritz.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6578
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
 
;; QUESTION SECTION:
;2degreess-MBP.fritz.box.   IN  A
 
;; ANSWER SECTION:
2degreess-MBP.fritz.box. 9  IN  A   192.168.178.22
 
;; AUTHORITY SECTION:
2degreess-MBP.fritz.box. 9  IN  NS  fritz.box.
 
;; ADDITIONAL SECTION:
fritz.box.      9   IN  A   192.168.178.1
fritz.box.      9   IN  AAAA    fd00::c225:6ff:fef2:e1a2
fritz.box.      9   IN  AAAA    2406:e001:2:5401:c225:6ff:fef2:e1a2
 
;; Query time: 0 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Wed Oct 24 11:43:11 NZDT 2018
;; MSG SIZE  rcvd: 143
 
2degreess-MBP:~ 2degreesengineering$ dig -t "AAAA" 2degreess-MBP.fritz.box
 
; <<>> DiG 9.10.6 <<>> -t AAAA 2degreess-MBP.fritz.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
;; QUESTION SECTION:
;2degreess-MBP.fritz.box.   IN  AAAA
 
;; AUTHORITY SECTION:
fritz.box.      9   IN  SOA fritz.box. admin.fritz.box. 1540334593 21600 1800 43200 10
 
;; Query time: 0 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Wed Oct 24 11:43:13 NZDT 2018
;; MSG SIZE  rcvd: 83

 

Nick.





nickmack GZ Signature


83 posts

Master Geek


  # 2121711 7-Nov-2018 17:13
Send private message quote this post

Works for me, and has for years...

 

 

$ dig fritz.box ANY

 

; <<>> DiG 9.9.5-3ubuntu0.18-Ubuntu <<>> fritz.box ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 3

 

;; QUESTION SECTION:
;fritz.box. IN ANY

 

;; ANSWER SECTION:
fritz.box. 9 IN SOA fritz.box. admin.fritz.box. 1 21600 1800 43200 10
fritz.box. 9 IN NS fritz.box.
fritz.box. 9 IN A 192.168.1.1
fritz.box. 9 IN AAAA fd00::c225:######
fritz.box. 9 IN AAAA 2406:e006:######

 

;; AUTHORITY SECTION:
fritz.box. 9 IN NS fritz.box.

 

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.1.1
fritz.box. 9 IN AAAA fd00::c225:######
fritz.box. 9 IN AAAA 2406:e006:######

 

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Nov 07 17:11:56 NZDT 2018
;; MSG SIZE rcvd: 268

 

 

 

Works for other internal hosts too.


357 posts

Ultimate Geek


  # 2130934 21-Nov-2018 11:20
Send private message quote this post

Nick, is there any other parameters that 2degrees need to negotiate? eg MTU




541 posts

Ultimate Geek

Trusted
2degrees

  # 2130935 21-Nov-2018 11:22
Send private message quote this post

attewell:

 

Nick, is there any other parameters that 2degrees need to negotiate? eg MTU

 

 

Nope, it should negotiate.

 

Nick.





nickmack GZ Signature


27 posts

Geek


  # 2175810 10-Feb-2019 12:00
Send private message quote this post

Does this mean by default, every IPV6 compatible device on the network will be publicly accessible over IPV6?


Mr Snotty
8869 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2175816 10-Feb-2019 12:23
Send private message quote this post

greven:

 

Does this mean by default, every IPV6 compatible device on the network will be publicly accessible over IPV6?

 

No, it is firewalled off.





436 posts

Ultimate Geek
Inactive user


  # 2175928 10-Feb-2019 13:33
Send private message quote this post

michaelmurfy:

 

greven:

 

Does this mean by default, every IPV6 compatible device on the network will be publicly accessible over IPV6?

 

No, it is firewalled off.

 

 

 

 

You mean "No, it SHOULD be firewalled off".

 

However, because there is no NAT you must make sure your firewall policies are correct.

 

An erroneous firewall policy could easily open those devices up to be publicly accessible.

 

It is also worth noting just because a device supports a feature under IPv4, on that same device the feature is automatically present under IPv4. If you are rolling out IPv6, double check your inbound firewall rules, and double check your device specs (maybe firmware specs) what features are available under IPv6.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.