[gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Grant Edwards]

How do you specify a link-local ipv6 address in /etc/hosts?

For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
but I can't figure out how to put that address in /etc/hosts so I can
access it by name.

Similarly, how do you enter an ipv6 link-local address in Firefox or
Opera?  curl seems to accept such an address and return the proper web
page, but I can't find any interactive browser (graphical or
command-line) that will accept a link-local address.  So far I've
tried Firefox Opera w3m links. According to RFC2732 it looks like the
format should be

 http://[fe80::02c0:4eff:fe07:0005%eth1]:80/

But none of the browsers accept that.
 
-- 
Grant Edwards               grant.b.edwards        Yow! Used staples are good
                                  at               with SOY SAUCE!
                              gmail.com            

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

Grant Edwards wrote:
> How do you specify a link-local ipv6 address in /etc/hosts?
> 
> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
> but I can't figure out how to put that address in /etc/hosts so I can
> access it by name.

Tried several different approaches, can't get any of them to work. I
don't know where the bug is, though.

I did find that if I leave off the %iface in /etc/hosts, I get an
"invalid argument" error from ping6. I suspect there's a bug in ping6.
Working directly and extensively with link-local interfaces is *bound*
to reveal a bunch of bugs, because that's not intended SOP in IPv6, you
have to be more aware of which link scope you're talking to, and I doubt
most developers take it into account.

> 
> Similarly, how do you enter an ipv6 link-local address in Firefox or
> Opera?  curl seems to accept such an address and return the proper web
> page, but I can't find any interactive browser (graphical or
> command-line) that will accept a link-local address.  So far I've
> tried Firefox Opera w3m links. According to RFC2732 it looks like the
> format should be
> 
>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/
> 
> But none of the browsers accept that.

That's probably a bug in each browser.

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Felix Kuperjans]

AFAIK, link-local addresses shall not be used for usual services like
HTTP. They are only for neighbour discovery, local multicasts (all local
NTP servers, all local DHCP servers, and so on) or pinging.

It is possible (by specifying %interface) to access them, but this
remains unimplemented in most programs, as it is not usual / advisable
to use them this way.

I think your intention was probably to do some local testing in a LAN,
IPv6 offers two working possibilities:

* Usage of site-local addresses: For simple local testing, you could
assign (usually statically) site-local addresses. These are not routed
to the internet, but are not local to a single interface, and therefore
routed as usual IPv6 unicast traffic. However, this method has be
declared as obsolete and should not be used any more, but it still works
in all implementations I've seen.

* The "real" way for addresses within a LAN is to assign globally unique
addresses. In IPv6, this usually works this way: The ISP assigns a /64
subnet to your local router, who propagates this subnet via router
advertisements as the local network prefix. All computers in the network
choose their address within this subnet, either statically (default) or
randomly (privacy extensions). It is then possible, that those addresses
can be used world-wide, in order to isolate machines within your
network, AFAIK the advised way is to set up a proper firewall on your
router (or local machine), denying world wide access.

However, the world of IPv6 changed a lot and many things got obsoleted /
extended, it's sometimes hard to find documentation about the really
advised newest way of doing things... In addition, there's of course
lots of criticism, especially about privacy or security.

I used to try out site-local addresses first btw, despite they were
already obsoleted some time ago.

Regards,
Felix

Am 19.01.2012 16:25, schrieb Michael Mol:
> Grant Edwards wrote:
>> How do you specify a link-local ipv6 address in /etc/hosts?
>>
>> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
>> but I can't figure out how to put that address in /etc/hosts so I can
>> access it by name.
> Tried several different approaches, can't get any of them to work. I
> don't know where the bug is, though.
>
> I did find that if I leave off the %iface in /etc/hosts, I get an
> "invalid argument" error from ping6. I suspect there's a bug in ping6.
> Working directly and extensively with link-local interfaces is *bound*
> to reveal a bunch of bugs, because that's not intended SOP in IPv6, you
> have to be more aware of which link scope you're talking to, and I doubt
> most developers take it into account.
>
>> Similarly, how do you enter an ipv6 link-local address in Firefox or
>> Opera?  curl seems to accept such an address and return the proper web
>> page, but I can't find any interactive browser (graphical or
>> command-line) that will accept a link-local address.  So far I've
>> tried Firefox Opera w3m links. According to RFC2732 it looks like the
>> format should be
>>
>>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/
>>
>> But none of the browsers accept that.
> That's probably a bug in each browser.
>
>

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

On Thu, Jan 19, 2012 at 10:57 AM, Felix Kuperjans
<felix@desaster-games.com> wrote:
> AFAIK, link-local addresses shall not be used for usual services like
> HTTP. They are only for neighbour discovery, local multicasts (all local
> NTP servers, all local DHCP servers, and so on) or pinging.

In a well-maintained network, use of link-local addresses for
global-scope services may very well be a bad idea. However, that's
very much in the realm of possibility, and different network
management policies will employ the different tools differently. It's
not a decided issue.

IPv6 link-local addresses are there, and fully support TCP, UDP and
any other packet type you might care to drop on top of an IP packet.
Core libraries support them just fine, applications and libraries
should avoid breaking them.

>
> It is possible (by specifying %interface) to access them, but this
> remains unimplemented in most programs, as it is not usual / advisable
> to use them this way.

As with ULA addresses or RFC1918 addresses, you shouldn't put them in
globally-visible DNS, certainly.

>
> I think your intention was probably to do some local testing in a LAN,
> IPv6 offers two working possibilities:
>
> * Usage of site-local addresses: For simple local testing, you could
> assign (usually statically) site-local addresses. These are not routed
> to the internet, but are not local to a single interface, and therefore
> routed as usual IPv6 unicast traffic. However, this method has be
> declared as obsolete and should not be used any more, but it still works
> in all implementations I've seen.

Not sure what the deprecation state is of ULA addresses, but it's my
understanding they're a more recent development than "site-local".

>
> * The "real" way for addresses within a LAN is to assign globally unique
> addresses. In IPv6, this usually works this way: The ISP assigns a /64
> subnet to your local router, who propagates this subnet via router
> advertisements as the local network prefix.

An ISP should assign at *least* a /64, but it's not strictly
necessary. If they're ignorant, mean or have a bad upstream, they
could choose to assign only, e.g. a /112, and force your router to
employ something like ULA (or even LL nat (*shudder*)) or DHCPv6 in
order to supply your local network.

A decent ISP, IMNSHO, would route you at least a /56 or /48, which
your router could then divide into /64s for your local network.

> All computers in the network
> choose their address within this subnet, either statically (default) or
> randomly (privacy extensions).

With router announcements, yes. You can also use DHCPv6. I very much
prefer RAs myself, but there's currently limited support for DNS
configuration that way.

> It is then possible, that those addresses
> can be used world-wide, in order to isolate machines within your
> network, AFAIK the advised way is to set up a proper firewall on your
> router (or local machine), denying world wide access.

That's definitely the preferred way to set things up, as it's by far
the most flexible.

>
> However, the world of IPv6 changed a lot and many things got obsoleted /
> extended, it's sometimes hard to find documentation about the really
> advised newest way of doing things... In addition, there's of course
> lots of criticism, especially about privacy or security.

IPv6 is a massive thing, with an incredible amount of flexibility in
how it's employed and deployed. Nothing prevents an operator of an
IPv6 network from making it look very much like their RFC1918 IPv4
network, and still have most things work.

There's a huge difference between "what will work best" and "yes, you
can squeak by that way if you choose to." Regardless, there will be
environments where an added layer of indirection such as NAT66 or
masq, is an appropriate onion-layer of security, and there will be
environments where it won't.

IMO, with appropriate baseline firewalls, the environments where NAT
is appropriate will be niche and relatively rare. Still, it's going to
take a long time before network administrators grow comfortable with
the relative openness of IPv6 addressing, and some curmudgeons will
never grow comfortable with it.

(Then again, some of us curmudgeons prefer to spend most of our time
in a text terminal.)


>
> I used to try out site-local addresses first btw, despite they were
> already obsoleted some time ago.
>
> Regards,
> Felix
>
> Am 19.01.2012 16:25, schrieb Michael Mol:
>> Grant Edwards wrote:
>>> How do you specify a link-local ipv6 address in /etc/hosts?
>>>
>>> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
>>> but I can't figure out how to put that address in /etc/hosts so I can
>>> access it by name.
>> Tried several different approaches, can't get any of them to work. I
>> don't know where the bug is, though.
>>
>> I did find that if I leave off the %iface in /etc/hosts, I get an
>> "invalid argument" error from ping6. I suspect there's a bug in ping6.
>> Working directly and extensively with link-local interfaces is *bound*
>> to reveal a bunch of bugs, because that's not intended SOP in IPv6, you
>> have to be more aware of which link scope you're talking to, and I doubt
>> most developers take it into account.
>>
>>> Similarly, how do you enter an ipv6 link-local address in Firefox or
>>> Opera?  curl seems to accept such an address and return the proper web
>>> page, but I can't find any interactive browser (graphical or
>>> command-line) that will accept a link-local address.  So far I've
>>> tried Firefox Opera w3m links. According to RFC2732 it looks like the
>>> format should be
>>>
>>>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/
>>>
>>> But none of the browsers accept that.
>> That's probably a bug in each browser.
>>
>>
>



-- 
:wq

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Paul Hartman]

On Thu, Jan 19, 2012 at 8:43 AM, Grant Edwards
<grant.b.edwards@gmail.com> wrote:
> How do you specify a link-local ipv6 address in /etc/hosts?
>
> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
> but I can't figure out how to put that address in /etc/hosts so I can
> access it by name.

Just put the address without the %iface. Then you must specify the
interface in your program, for example:

in /etc/hosts:
fe80::02c0:4eff:fe07:0005 foobar

ping6 -I eth0 foobar

should work.

> Similarly, how do you enter an ipv6 link-local address in Firefox or
> Opera?  curl seems to accept such an address and return the proper web
> page, but I can't find any interactive browser (graphical or
> command-line) that will accept a link-local address.  So far I've
> tried Firefox Opera w3m links. According to RFC2732 it looks like the
> format should be
>
>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/

% in a URL must be escaped, so you probably need to replace the %
symbol with %25. Try this:

http://[fe80::02c0:4eff:fe07:0005%25eth1]:80/

I didn't try it. Good luck. :)

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

On Thu, Jan 19, 2012 at 10:46 AM, Paul Hartman
<paul.hartman+gentoo@gmail.com> wrote:
> On Thu, Jan 19, 2012 at 8:43 AM, Grant Edwards
> <grant.b.edwards@gmail.com> wrote:
>> How do you specify a link-local ipv6 address in /etc/hosts?
>>
>> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
>> but I can't figure out how to put that address in /etc/hosts so I can
>> access it by name.
>
> Just put the address without the %iface. Then you must specify the
> interface in your program, for example:
>
> in /etc/hosts:
> fe80::02c0:4eff:fe07:0005 foobar
>
> ping6 -I eth0 foobar
>
> should work.

Works here with ping6. Sucks, though, because most network clients
don't allow you to specify the interface, so those won't work.


>
>> Similarly, how do you enter an ipv6 link-local address in Firefox or
>> Opera?  curl seems to accept such an address and return the proper web
>> page, but I can't find any interactive browser (graphical or
>> command-line) that will accept a link-local address.  So far I've
>> tried Firefox Opera w3m links. According to RFC2732 it looks like the
>> format should be
>>
>>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/
>
> % in a URL must be escaped, so you probably need to replace the %
> symbol with %25. Try this:
>
> http://[fe80::02c0:4eff:fe07:0005%25eth1]:80/
>
> I didn't try it. Good luck. :)
>

Doesn't seem to work with wget. Don't have a GUI web browser on IPv6
to play with here.

-- 
:wq

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Paul Hartman]

On Thu, Jan 19, 2012 at 10:00 AM, Michael Mol <mikemol@gmail.com> wrote:
> On Thu, Jan 19, 2012 at 10:46 AM, Paul Hartman
> <paul.hartman+gentoo@gmail.com> wrote:
>> On Thu, Jan 19, 2012 at 8:43 AM, Grant Edwards
>> <grant.b.edwards@gmail.com> wrote:
>>> How do you specify a link-local ipv6 address in /etc/hosts?
>>>
>>> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
>>> but I can't figure out how to put that address in /etc/hosts so I can
>>> access it by name.
>>
>> Just put the address without the %iface. Then you must specify the
>> interface in your program, for example:
>>
>> in /etc/hosts:
>> fe80::02c0:4eff:fe07:0005 foobar
>>
>> ping6 -I eth0 foobar
>>
>> should work.
>
> Works here with ping6. Sucks, though, because most network clients
> don't allow you to specify the interface, so those won't work.

Yeah, the real solution is like Felix suggests, to use site-local (or
global) addresses instead of link-local.

>>> Similarly, how do you enter an ipv6 link-local address in Firefox or
>>> Opera?  curl seems to accept such an address and return the proper web
>>> page, but I can't find any interactive browser (graphical or
>>> command-line) that will accept a link-local address.  So far I've
>>> tried Firefox Opera w3m links. According to RFC2732 it looks like the
>>> format should be
>>>
>>>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/
>>
>> % in a URL must be escaped, so you probably need to replace the %
>> symbol with %25. Try this:
>>
>> http://[fe80::02c0:4eff:fe07:0005%25eth1]:80/
>>
>> I didn't try it. Good luck. :)
>>
>
> Doesn't seem to work with wget. Don't have a GUI web browser on IPv6
> to play with here.

I know MSIE on Windows does (since version 7-ish) and I think wget
from Busybox does, other browsers/programs are hit and miss...

According to RFC 3986:

"A host identified by an IPv6 literal address is represented inside
the square brackets without a preceding version flag.  The ABNF
provided here is a translation of the text definition of an IPv6
literal address provided in [RFC3513].  This syntax does not support
IPv6 scoped addressing zone identifiers."

Key being the last sentence. :) So, some browsers support that syntax,
but it's not required. So I would not depend on that feature existing.
Best to avoid using those addresses for web stuff if you can help it.

Re: [gentoo-user] Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

On Thu, Jan 19, 2012 at 11:28 AM, Paul Hartman
<paul.hartman+gentoo@gmail.com> wrote:
> On Thu, Jan 19, 2012 at 10:00 AM, Michael Mol <mikemol@gmail.com> wrote:
>> On Thu, Jan 19, 2012 at 10:46 AM, Paul Hartman
>> <paul.hartman+gentoo@gmail.com> wrote:
>>> On Thu, Jan 19, 2012 at 8:43 AM, Grant Edwards
>>> <grant.b.edwards@gmail.com> wrote:
>>>> How do you specify a link-local ipv6 address in /etc/hosts?
>>>>
>>>> For example, I can ping/telnet/ssh to fe80::02c0:4eff:fe07:0005%eth1,
>>>> but I can't figure out how to put that address in /etc/hosts so I can
>>>> access it by name.
>>>
>>> Just put the address without the %iface. Then you must specify the
>>> interface in your program, for example:
>>>
>>> in /etc/hosts:
>>> fe80::02c0:4eff:fe07:0005 foobar
>>>
>>> ping6 -I eth0 foobar
>>>
>>> should work.
>>
>> Works here with ping6. Sucks, though, because most network clients
>> don't allow you to specify the interface, so those won't work.
>
> Yeah, the real solution is like Felix suggests, to use site-local (or
> global) addresses instead of link-local.
>
>>>> Similarly, how do you enter an ipv6 link-local address in Firefox or
>>>> Opera?  curl seems to accept such an address and return the proper web
>>>> page, but I can't find any interactive browser (graphical or
>>>> command-line) that will accept a link-local address.  So far I've
>>>> tried Firefox Opera w3m links. According to RFC2732 it looks like the
>>>> format should be
>>>>
>>>>  http://[fe80::02c0:4eff:fe07:0005%eth1]:80/
>>>
>>> % in a URL must be escaped, so you probably need to replace the %
>>> symbol with %25. Try this:
>>>
>>> http://[fe80::02c0:4eff:fe07:0005%25eth1]:80/
>>>
>>> I didn't try it. Good luck. :)
>>>
>>
>> Doesn't seem to work with wget. Don't have a GUI web browser on IPv6
>> to play with here.
>
> I know MSIE on Windows does (since version 7-ish) and I think wget
> from Busybox does, other browsers/programs are hit and miss...
>
> According to RFC 3986:
>
> "A host identified by an IPv6 literal address is represented inside
> the square brackets without a preceding version flag.  The ABNF
> provided here is a translation of the text definition of an IPv6
> literal address provided in [RFC3513].  This syntax does not support
> IPv6 scoped addressing zone identifiers."
>
> Key being the last sentence. :) So, some browsers support that syntax,
> but it's not required. So I would not depend on that feature existing.
> Best to avoid using those addresses for web stuff if you can help it.
>

Indeed. Other reasons to avoid using LL addresses unless necessary:
What if the MAC address on the server changes? What if your network
grows to have hundreds of clients? Do you really want that much
broadcast and wide multicast (think DNS-SD and  NTP in multicast mode)
traffic on the same Ethernet segment?

Flameeyes discovered an oddity with ethernet/wifi bridges which broke
node solicitation, too.

LL addresses are very useful for diagnostic and investigation
purposes, of course.

-- 
:wq

[gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Grant Edwards]

On 2012-01-19, Michael Mol <mikemol@gmail.com> wrote:

> Indeed. Other reasons to avoid using LL addresses unless necessary:
> What if the MAC address on the server changes?

It won't.  It's an embedded device with a hard-wired MAC that the user
can't change.

> What if your network grows to have hundreds of clients?

Then people probably won't be using L-L addresses.  However, for a
network that consists of 6 small devices all living inside a cabinet
with no router, DHCP server, or connection to the outside workd, L-L
is great.

> Do you really want that much broadcast and wide multicast (think
> DNS-SD and NTP in multicast mode) traffic on the same Ethernet
> segment?

That bit I don't understand.  It's no worse that ARP, and we seem to
live with that quite easily.

> LL addresses are very useful for diagnostic and investigation
> purposes, of course.

Indeed, and that's what I'm doing.

-- 
Grant Edwards               grant.b.edwards        Yow! I'm rated PG-34!!
                                  at               
                              gmail.com            

Re: [gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

On Thu, Jan 19, 2012 at 4:55 PM, Grant Edwards
<grant.b.edwards@gmail.com> wrote:
> On 2012-01-19, Michael Mol <mikemol@gmail.com> wrote:
>
>> Indeed. Other reasons to avoid using LL addresses unless necessary:
>> What if the MAC address on the server changes?
>
> It won't.  It's an embedded device with a hard-wired MAC that the user
> can't change.

It was more a philosophical question, not one of the specific use
case. In most systems, hardware NICs fail and may be replaced. (Well,
virtualization is making that a bit odd, but still.) I have ideas
about your use case, but I can't and won't judge because I don't know
enough specifics. Your product, not mine. :)

>
>> What if your network grows to have hundreds of clients?
>
> Then people probably won't be using L-L addresses.  However, for a
> network that consists of 6 small devices all living inside a cabinet
> with no router, DHCP server, or connection to the outside workd, L-L
> is great.

Sure, so long as various applications get fixed to understand LL
addresses and are corrected to direct traffic to the appropriate
interfaces, which is something I'd definitely like to see.

>> Do you really want that much broadcast and wide multicast (think
>> DNS-SD and NTP in multicast mode) traffic on the same Ethernet
>> segment?
>
> That bit I don't understand.  It's no worse that ARP, and we seem to
> live with that quite easily.

Not just arp, but actual broadcast/multicast data. If you've ever run
PulseAudio and enabled network sources and sinks on a couple boxes,
you might have accidentally discovered an easy way to bring a wireless
network to its knees. And that's just something I've had personal
experience with. Come to think of it, that's a good reason I should
continue to keep my home wired and wireless networks on separate
subnets, and not simply bridged as I'd done at the time.

One anecdote a friend of mine gave me...there was a network he was
brought in to manage where he discovered that a huge campus of over a
thousand hosts was configured as one large ethernet segment with
various-speed links bridging smaller islands. The slower links were
absolutely flooded with arp and netbios broadcasts, and the network
moved along at a crawl. Chopping that up into a few routed subnets
gave the entire network a massive performance boost.

>
>> LL addresses are very useful for diagnostic and investigation
>> purposes, of course.
>
> Indeed, and that's what I'm doing.

-- 
:wq

[gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Grant Edwards]

On 2012-01-19, Michael Mol <mikemol@gmail.com> wrote:

>>> Do you really want that much broadcast and wide multicast (think
>>> DNS-SD and NTP in multicast mode) traffic on the same Ethernet
>>> segment?
>>
>> That bit I don't understand. ??It's no worse that ARP, and we seem to
>> live with that quite easily.
>
> Not just arp, but actual broadcast/multicast data. If you've ever run
> PulseAudio and enabled network sources and sinks on a couple boxes,
> you might have accidentally discovered an easy way to bring a wireless
> network to its knees. And that's just something I've had personal
> experience with. Come to think of it, that's a good reason I should
> continue to keep my home wired and wireless networks on separate
> subnets, and not simply bridged as I'd done at the time.

I don't understand what that has to do with L-L address support in
applications.

-- 
Grant Edwards               grant.b.edwards        Yow! Youth of today!
                                  at               Join me in a mass rally
                              gmail.com            for traditional mental
                                                   attitudes!

Re: [gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

On Fri, Jan 20, 2012 at 9:03 AM, Grant Edwards
<grant.b.edwards@gmail.com> wrote:
> On 2012-01-19, Michael Mol <mikemol@gmail.com> wrote:
>
>>>> Do you really want that much broadcast and wide multicast (think
>>>> DNS-SD and NTP in multicast mode) traffic on the same Ethernet
>>>> segment?
>>>
>>> That bit I don't understand. ??It's no worse that ARP, and we seem to
>>> live with that quite easily.
>>
>> Not just arp, but actual broadcast/multicast data. If you've ever run
>> PulseAudio and enabled network sources and sinks on a couple boxes,
>> you might have accidentally discovered an easy way to bring a wireless
>> network to its knees. And that's just something I've had personal
>> experience with. Come to think of it, that's a good reason I should
>> continue to keep my home wired and wireless networks on separate
>> subnets, and not simply bridged as I'd done at the time.
>
> I don't understand what that has to do with L-L address support in
> applications.

The "Do you really want that much broadcast and wide multicast traffic
on the same Ethernet segment" was in the context of having a large
network not divided up into separate subnets, which was in the context
of how broadcast and multicast traffic can saturate a link scope if
the link scope is too large. It was an argument against huge link
scopes, not against link-local support.

Thinking about it, in your device's case, I suspect you won't want
link-local scope to be your only IPv6 address; you'll want either a
ULA address or a global-scope address. Otherwise, clients not on the
local Ethernet segment won't be able to communicate with it, period;
the user of your device would need a proxy sitting on the segment.

Something you might think about: Register a ULA subnet, and configure
your devices to use it. That would allow the network operators at
destination sites to include network routing as a means to
restrict/allow access to it. You'll also want to allow configuration
of global-scope addresses via RAs and DHCPv6. (Though
enabling/disabling that on initial device setup will be interesting;
Having a ULA address preconfigured when you ship would be much like
one's SOHO router being preconfigured with '192.168.0.220" on its
internal interface. You could use LL addresses to bootstrap, too, but
you come back to the browser support issue you've run into.)

-- 
:wq

Re: [gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Walter Dnes]

  I think it comes down to a question of whether you're running a few
machines at home or small office, versus a large multinational outfit
with tens of thousands of machines.

On Sat, Jan 21, 2012 at 09:27:29AM -0500, Michael Mol wrote

> Thinking about it, in your device's case, I suspect you won't want
> link-local scope to be your only IPv6 address; you'll want either a
> ULA address or a global-scope address. Otherwise, clients not on the
> local Ethernet segment won't be able to communicate with it, period;
> the user of your device would need a proxy sitting on the segment.

  Possibly important for large installations, but not in the case of the
average home user.  I don't care if I buy a Christmas tree with separate
addresses for each light bulb, in the end, I only have one physical wire
from my ISP to my home.  So it all has to be funnelled through that one
router/gateway.

> You could use LL addresses to bootstrap, too, but
> you come back to the browser support issue you've run into.

  How many machines connect directly to the internet anyways?  Cable or
fibre internet absolutely requires a modem/gateway anyways, and most
ADSL users connect via ADSL modems.  They serve as "proxies" under V4
and can do so under V6.  While ADSL PPPOE can be handled directly by
your machine, it uses up some of your CPU cycles, and clutters up
iptables logfiles.

-- 
Walter Dnes <waltdnes@waltdnes.org>

[gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Grant Edwards]

On 2012-01-21, Michael Mol <mikemol@gmail.com> wrote:
> On Fri, Jan 20, 2012 at 9:03 AM, Grant Edwards
><grant.b.edwards@gmail.com> wrote:
>> On 2012-01-19, Michael Mol <mikemol@gmail.com> wrote:
>>
>>>>> Do you really want that much broadcast and wide multicast (think
>>>>> DNS-SD and NTP in multicast mode) traffic on the same Ethernet
>>>>> segment?
>>>>
>>>> That bit I don't understand. ??It's no worse that ARP, and we seem to
>>>> live with that quite easily.
>>>
>>> Not just arp, but actual broadcast/multicast data. If you've ever run
>>> PulseAudio and enabled network sources and sinks on a couple boxes,
>>> you might have accidentally discovered an easy way to bring a wireless
>>> network to its knees. And that's just something I've had personal
>>> experience with. Come to think of it, that's a good reason I should
>>> continue to keep my home wired and wireless networks on separate
>>> subnets, and not simply bridged as I'd done at the time.
>>
>> I don't understand what that has to do with L-L address support in
>> applications.
>
> The "Do you really want that much broadcast and wide multicast traffic
> on the same Ethernet segment" was in the context of having a large
> network not divided up into separate subnets,

Ah, I see.

> Thinking about it, in your device's case, I suspect you won't want
> link-local scope to be your only IPv6 address;

You're right.  We don't plan on supporting only link-local IPv6
addressing. But, I wanted to get all the basic features from the
IPv4-only version working and tested before I started worrying about
DHCPv6, router advertisements, or adding support for a user-configured
static IPv6 address.  I was surprised how difficult it was to use
link-local addresses on the development host (Gentoo) side of things.
After banging my head against the wall trying to use link-local
addresses, I've now added the capability to configure a static IPv6
address (and I set up a ULA subnet for my testing).

Now, I can use Firefox instead of curl, and I can assign the device a
hostname via Gentoo's /etc/hosts file.

> Something you might think about: Register a ULA subnet, and configure
> your devices to use it. That would allow the network operators at
> destination sites to include network routing as a means to
> restrict/allow access to it. You'll also want to allow configuration
> of global-scope addresses via RAs and DHCPv6. (Though
> enabling/disabling that on initial device setup will be interesting;
> Having a ULA address preconfigured when you ship would be much like
> one's SOHO router being preconfigured with '192.168.0.220" on its
> internal interface.

That's basically how the existing device works with IPv4 it comes with
a pre-configured static address -- however, there are Windows and
Linux management apps (that don't use IP) that the customer can use to
change that static IP address (the most common use-case) or to using
DHCP (very rare). I assume we'll update the management apps to handle
configuration of IPv6 as well.

> You could use LL addresses to bootstrap, too, but you come back to
> the browser support issue you've run into.)

Exactly.

-- 
Grant

Re: [gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Michael Mol]

On Sun, Jan 22, 2012 at 9:34 AM, Grant Edwards
<grant.b.edwards@gmail.com> wrote:
> On 2012-01-21, Michael Mol <mikemol@gmail.com> wrote:
>> Thinking about it, in your device's case, I suspect you won't want
>> link-local scope to be your only IPv6 address;
>
> You're right.  We don't plan on supporting only link-local IPv6
> addressing. But, I wanted to get all the basic features from the
> IPv4-only version working and tested before I started worrying about
> DHCPv6, router advertisements, or adding support for a user-configured
> static IPv6 address.  I was surprised how difficult it was to use
> link-local addresses on the development host (Gentoo) side of things.
> After banging my head against the wall trying to use link-local
> addresses, I've now added the capability to configure a static IPv6
> address (and I set up a ULA subnet for my testing).
>
> Now, I can use Firefox instead of curl, and I can assign the device a
> hostname via Gentoo's /etc/hosts file.

Cool.

>> Something you might think about: Register a ULA subnet, and configure
>> your devices to use it. That would allow the network operators at
>> destination sites to include network routing as a means to
>> restrict/allow access to it. You'll also want to allow configuration
>> of global-scope addresses via RAs and DHCPv6. (Though
>> enabling/disabling that on initial device setup will be interesting;
>> Having a ULA address preconfigured when you ship would be much like
>> one's SOHO router being preconfigured with '192.168.0.220" on its
>> internal interface.
>
> That's basically how the existing device works with IPv4 it comes with
> a pre-configured static address -- however, there are Windows and
> Linux management apps (that don't use IP) that the customer can use to
> change that static IP address (the most common use-case) or to using
> DHCP (very rare). I assume we'll update the management apps to handle
> configuration of IPv6 as well.

Here's an elucidation of what I was thinking. I'll assume the company
building the product builds many embedded systems. I was thinking you
could use an assumed ULA prefix as associated with all of these
products, e.g. fd62:f67b:fcb9::/48.[1] You've then got 32 bits of
address space for product organization and categorization before you
come down to a /64, whereupon each device in the line gets its own
unique address derived from its MAC. You could then either have the
device broadcast an RA for that /64 or manually configure another host
to use that /64 to access that device's initial configuration
interface.

Anyway, that's what I was thinking there. Just food for thought. :)

[1] I used an Android app which implements RFC4193 to generate this
prefix; you'd obviously want to come up with your own prefix.

-- 
:wq

[gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Grant Edwards]

On 2012-01-22, Michael Mol <mikemol@gmail.com> wrote:

> Here's an elucidation of what I was thinking. I'll assume the company
> building the product builds many embedded systems. I was thinking you
> could use an assumed ULA prefix as associated with all of these
> products, e.g. fd62:f67b:fcb9::/48.[1] You've then got 32 bits of
> address space for product organization and categorization before you
> come down to a /64, whereupon each device in the line gets its own
> unique address derived from its MAC. You could then either have the
> device broadcast an RA for that /64 or manually configure another host
> to use that /64 to access that device's initial configuration
> interface.
>
> Anyway, that's what I was thinking there. Just food for thought. :)

That certainly sounds like a good place to start.

> [1] I used an Android app which implements RFC4193 to generate this
> prefix; you'd obviously want to come up with your own prefix.

Right.  Thanks.

-- 
Grant Edwards               grant.b.edwards        Yow! for ARTIFICIAL
                                  at               FLAVORING!!
                              gmail.com