Welcome IPv4 user

One year on

It has been almost a year since my last post here. The first World IPv6 Day has come and gone. There is now a little more awareness of IPv6 - which is definitely a good thing. But looking back on what I was blogging about a year ago and I realise that very little has actually changed.

I helped out with getting South Africa's biggest technical news and discussion site turned up for IPv6. MyBroadband got a AAAA record just in time for IPv6 Day and since then its been uneventful. More on that another day.

I was quite surprised when talking to a local cloud server provider that they were under the impression that World IPv6 Day was the first time that IPv6 had been used for real stuff. Paraphrasing their response slightly: "The first tests with IPv6 were only completed a few weeks ago. We don't think that there is any reason for us to be deploying such an immature technology"

Another person still stuck in the first phase of their mourning for the demise of IPv4 - DENIAL.


Can you afford to wait?

Many system administrators seem content that if their IPv4 is working then there is no reason to deploy IPv6. The thought is that "IPv4 is not going to die any time soon so why should I bother with IPv6?"

Some predictions for the African region suggest that AfriNIC will continue to have IPv4 addresses available until 2014. "We have plenty of IPv4 space. We won't run out soon. Whats the point of putting IPv6 on my network."

The point is that its not about Africa. IPv6 becomes a requirement as soon as the first service launches that is IPv6 only and your customer wants to access that service. It is somewhat pointless having large amounts of IPv4 address space when the content that people want is not on the IPv4 Internet.

While it is likely that there will be much bartering and redistribution of IPv4 address space when the exhaustion phase happens in the next 100 days. Despite that, we can expect to see some IPv6 only services within quite a short period after the start of the exhaustion.


Time for some audience participation

I have added a new feature to the blog template. You'll notice a thin coloured bar right at the top of the page.

If you see a red bar then you are using a legacy IPv4 connection. If - however - you see a green at the top of the page then you are visiting this site over IPv6. If you're sure that you've setup IPv6 but you still see a red bar then your IPv6 is most likely broken.

Now I'm interested in getting some feedback from you. If you reach this site over IPv6 then please post a comment about the service provider that you are using or the tunnelling mechanism that you are using.

Looking forward to some feedback.


Where does that IP come from?

Due to the size of the IPv6 address space it has been possible to reserve large blocks of addresses for specific purposes and reduce the fragmentation of IP blocks considerably. This leads us to be able to quite easily identify the IPv6 addresses which appear in log files and connection lists:

  • 2001:0:* - This block of addresses is assigned to the Teredo protocol. This tunneling protocol is installed by default on Windows Vista and Windows7 operating systems. It is used by hosts behind NAT gateways to reach IPv6 hosts. Teredo is NOT preferred over IPv4 and will only generally be used when a suitable IPv4 connection can't be made. Teredo is quite popular with torrent clients to reach hosts behind a NAT.
  • 2001:200-A000:* - The first global address allocations were made out of this range of prefixes. Typically these are early adopter networks and many of the major tunnel brokers have prefixes in this range.
  • 2002:* - The 6to4 protocol was assigned this prefix. The 8 digits following the initial sequence are a hexadecimal representation of the public IPv4 address that defines the end of the tunnel. 6to4 thus only functions if the tunnel endpoint is a public IP. In the past 6to4 has been popular for providing IPv6 along side IPv4 on residential gateway/router devices.
  • 240*: - Range that was issued to APNIC for users in the Asia and Pacific regions.
  • 260*: - Range that was issued to ARIN for users in the North American region.
  • 280*: - Range that was issued to LACNIC for user in the Latin American region.
  • 2A0*: - Range that was issued to RIPE NCC for user in the European region.
  • 2C0*: - Range that was issued to AfriNIC for user in the African region.

DNS in IPv6 land

Many of the experienced networking people that I speak to about IPv6 have one major complaint: "IPv6 is rubbish - I would never be able to type an address that long out of my head"

It is true that many network technicians and engineers make regular use of IPv4 literals in their daily lives. My view is that if you are typing the IP address then - YOU ARE DOING IT WRONG!

IPv6 may well be the push that is required to get many lazy networking professionals to implement proper DNS on their networks. A properly set up DNS infrastructure even on a home LAN can be a life saver and it save a lot of time in the long run.

DNS tips for IPv6 survival:

  • DNS everything - choose an easy to remember hostname for every device on your network. Every PC, server, router, wifi AP and IP capable device should have a hostname that you can add to your zonefile.
  • Choose your best IP for DNS. DNS should be the only thing that you ever have to manually configure on a device. Choose the shortest and easiest available IP address for your DNS server. If you are running a large network then choose 3 or 4 prefixes that you reserve for DNS anycast resolvers. That way you avoid confusion by using the same DNS server IP throughout the whole network.
  • Keep it local. If you don't want to do full DNS infrastructure then add it to your local DNS resolver. Many home routers and gateways have a 'hosts' facility that allows you to add DNS entries that are visible only within your local network.

and finally

  • Make proper use of 'search domains'. Most IP devices have a config option called a 'search domain' or sometimes just 'domain'. This is the home domain of the host and is appended to any DNS query when it is first looked up. This means that you can use the DNS name 'myserver' and it automatically gets expanded to 'myserver.example.com' for you. This is a huge time saver since your DNS name is now in fact shorter than even the IPv4 address of a host.