[gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Tanstaafl]

I have a reasonable grasp of how to use IP addresses etc with IPv4, but 
every time I start rading about IPv6 I get a headache...

Does anyone know of a decent tutorial written specifically to those who 
have an ok (but not hugely in-depth) understanding of IPv4, and doesn't 
get bogged down in too many technical details, but simply explains what 
you need to know to be able to transition to it and use it effectively 
*and securely* - and/or how *not* to have to expose your entire private 
network to the world (what IPv4 NAT protects you from)?

Thanks...

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Michael Mol]

On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
> I have a reasonable grasp of how to use IP addresses etc with IPv4, but
> every time I start rading about IPv6 I get a headache...
>
> Does anyone know of a decent tutorial written specifically to those who have
> an ok (but not hugely in-depth) understanding of IPv4, and doesn't get
> bogged down in too many technical details, but simply explains what you need
> to know to be able to transition to it and use it effectively *and securely*
> - and/or how *not* to have to expose your entire private network to the
> world (what IPv4 NAT protects you from)?

I've been doing IPv6 presentations at LUGs and tech cons, and I'm
getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
sure I'm also not the most knowledgeable on this list wrt IPv6,
either. Still, what would you like to know? (I can use your questions
as fodder and experience for future presentations. ^^)


-- 
:wq

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1514 bytes --]

On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but
> > every time I start rading about IPv6 I get a headache...
> > 
> > Does anyone know of a decent tutorial written specifically to those who
> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
> > get bogged down in too many technical details, but simply explains what
> > you need to know to be able to transition to it and use it effectively
> > *and securely* - and/or how *not* to have to expose your entire private
> > network to the world (what IPv4 NAT protects you from)?
> 
> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
> sure I'm also not the most knowledgeable on this list wrt IPv6,
> either. Still, what would you like to know? (I can use your questions
> as fodder and experience for future presentations. ^^)


Now that IPv6 is enabled by default on Linux, is one meant to duplicate all 
the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what 
I saw in the config file it is either 4 or 6 that one can activate.  Perhaps 
this has improved with later versions.

The OP would probably have more questions, but if you ever pull together a 
pack of slides I would much appreciate a link to look at them.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Michael Mol]

On Thu, Jan 19, 2012 at 5:32 PM, Mick <michaelkintzios@gmail.com> wrote:
> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
>> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>> > every time I start rading about IPv6 I get a headache...
>> >
>> > Does anyone know of a decent tutorial written specifically to those who
>> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>> > get bogged down in too many technical details, but simply explains what
>> > you need to know to be able to transition to it and use it effectively
>> > *and securely* - and/or how *not* to have to expose your entire private
>> > network to the world (what IPv4 NAT protects you from)?
>>
>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>> either. Still, what would you like to know? (I can use your questions
>> as fodder and experience for future presentations. ^^)
>
>
> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
> the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what
> I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
> this has improved with later versions.
>
> The OP would probably have more questions, but if you ever pull together a
> pack of slides I would much appreciate a link to look at them.

Yes. The Linux command for managing IPv6 firewalls is 'ip6tables', as
opposed to 'iptables'.

You can see if you have an IPv6 firewall set up by issuing the command
'ip6tables -L' as root. (Well, there are more complete commands, but
that should be sufficient)

As far as firewall management software, I know fwbuilder can handle
IPv6, and I've been helping with Phil Whineray's IPv6-supporting
adaptation of firehol. (No ebuild yet for firehol, though.) I don't
know anything about arno.

https://github.com/mikemol/fireholv6

-- 
:wq

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Paul Hartman]

On Thu, Jan 19, 2012 at 4:32 PM, Mick <michaelkintzios@gmail.com> wrote:
> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
>> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>> > every time I start rading about IPv6 I get a headache...
>> >
>> > Does anyone know of a decent tutorial written specifically to those who
>> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>> > get bogged down in too many technical details, but simply explains what
>> > you need to know to be able to transition to it and use it effectively
>> > *and securely* - and/or how *not* to have to expose your entire private
>> > network to the world (what IPv4 NAT protects you from)?
>>
>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>> either. Still, what would you like to know? (I can use your questions
>> as fodder and experience for future presentations. ^^)
>
>
> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
> the IPv4 iptable rules also for IPv6?

short answer: yes :) ip6tables works exactly like iptables, but with
IPv6 addresses.

longer answer: probably, but it depends on what kind of rules you have
and whether all services you offer (or consume, if you block outbound
traffic) require both IPv4 and IPv6.

On my server, my rules are simple and just consist of opening certain
ports and dropping everything else. The rules are exactly the same for
IPv4 and IPv6 in that case.

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Michael Mol]

On Thu, Jan 19, 2012 at 6:16 PM, Paul Hartman
<paul.hartman+gentoo@gmail.com> wrote:
> On Thu, Jan 19, 2012 at 4:32 PM, Mick <michaelkintzios@gmail.com> wrote:
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
>>> > I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>>> > every time I start rading about IPv6 I get a headache...
>>> >
>>> > Does anyone know of a decent tutorial written specifically to those who
>>> > have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>>> > get bogged down in too many technical details, but simply explains what
>>> > you need to know to be able to transition to it and use it effectively
>>> > *and securely* - and/or how *not* to have to expose your entire private
>>> > network to the world (what IPv4 NAT protects you from)?
>>>
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>>> either. Still, what would you like to know? (I can use your questions
>>> as fodder and experience for future presentations. ^^)
>>
>>
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
>> the IPv4 iptable rules also for IPv6?
>
> short answer: yes :) ip6tables works exactly like iptables, but with
> IPv6 addresses.
>
> longer answer: probably, but it depends on what kind of rules you have
> and whether all services you offer (or consume, if you block outbound
> traffic) require both IPv4 and IPv6.
>
> On my server, my rules are simple and just consist of opening certain
> ports and dropping everything else. The rules are exactly the same for
> IPv4 and IPv6 in that case.

You do need to be a little more careful with ICMP, though. If you
block all of ICMP, you break neighbor discovery and a few other
(potentially less important on a server) things.


-- 
:wq

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Tanstaafl]

On 2012-01-19 5:32 PM, Mick <michaelkintzios@gmail.com> wrote:
> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl<tanstaafl@libertytrek.org>  wrote:
>>> I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>>> every time I start rading about IPv6 I get a headache...
>>>
>>> Does anyone know of a decent tutorial written specifically to those who
>>> have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>>> get bogged down in too many technical details, but simply explains what
>>> you need to know to be able to transition to it and use it effectively
>>> *and securely* - and/or how *not* to have to expose your entire private
>>> network to the world (what IPv4 NAT protects you from)?

>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>> either. Still, what would you like to know? (I can use your questions
>> as fodder and experience for future presentations. ^^)

> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
> the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what
> I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
> this has improved with later versions.

That was the very first question (and headache) I got from looking at this.

> The OP would probably have more questions, but if you ever pull together a
> pack of slides I would much appreciate a link to look at them.

I really wouldn't know where to start... that is why I was looking for a 
decent tutorial that covered the topic in total, so I could hopefully 
get to the point that I *could* ask some intelligent questions about it...

One very general question I have is, how can you - or even *can* you - 
hide all of your internal devices from the outside world, similar to how 
the use of 'private' IP's behind a NAT'd firewall are hidden from the 
outside world (nor directly accessible). I definitely do *not* want all 
of my internal devices directly accessible from the internet.

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[covici]

Tanstaafl <tanstaafl@libertytrek.org> wrote:

> On 2012-01-19 5:32 PM, Mick <michaelkintzios@gmail.com> wrote:
> > On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
> >> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl<tanstaafl@libertytrek.org>  wrote:
> >>> I have a reasonable grasp of how to use IP addresses etc with IPv4, but
> >>> every time I start rading about IPv6 I get a headache...
> >>>
> >>> Does anyone know of a decent tutorial written specifically to those who
> >>> have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
> >>> get bogged down in too many technical details, but simply explains what
> >>> you need to know to be able to transition to it and use it effectively
> >>> *and securely* - and/or how *not* to have to expose your entire private
> >>> network to the world (what IPv4 NAT protects you from)?
> 
> >> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
> >> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
> >> sure I'm also not the most knowledgeable on this list wrt IPv6,
> >> either. Still, what would you like to know? (I can use your questions
> >> as fodder and experience for future presentations. ^^)
> 
> > Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
> > the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what
> > I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
> > this has improved with later versions.
> 
> That was the very first question (and headache) I got from looking at this.
> 
> > The OP would probably have more questions, but if you ever pull together a
> > pack of slides I would much appreciate a link to look at them.
> 
> I really wouldn't know where to start... that is why I was looking for
> a decent tutorial that covered the topic in total, so I could
> hopefully get to the point that I *could* ask some intelligent
> questions about it...
> 
> One very general question I have is, how can you - or even *can* you - 
> hide all of your internal devices from the outside world, similar to
> how the use of 'private' IP's behind a NAT'd firewall are hidden from
> the outside world (nor directly accessible). I definitely do *not*
> want all of my internal devices directly accessible from the internet.

I saw something on the shorewall.org site which was an introduction to
ipv6 -- look in the documentation area.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Chris Frederick]

On 01/20/12 05:07, Tanstaafl wrote:
> On 2012-01-19 5:32 PM, Mick <michaelkintzios@gmail.com> wrote:
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl<tanstaafl@libertytrek.org>  wrote:
>>>> I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>>>> every time I start rading about IPv6 I get a headache...
>>>>
>>>> Does anyone know of a decent tutorial written specifically to those who
>>>> have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>>>> get bogged down in too many technical details, but simply explains what
>>>> you need to know to be able to transition to it and use it effectively
>>>> *and securely* - and/or how *not* to have to expose your entire private
>>>> network to the world (what IPv4 NAT protects you from)?
> 
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>>> either. Still, what would you like to know? (I can use your questions
>>> as fodder and experience for future presentations. ^^)
> 
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
>> the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what
>> I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
>> this has improved with later versions.
> 
> That was the very first question (and headache) I got from looking at this.
> 
>> The OP would probably have more questions, but if you ever pull together a
>> pack of slides I would much appreciate a link to look at them.
> 
> I really wouldn't know where to start... that is why I was looking for a decent tutorial that covered the topic in total, so I could hopefully
> get to the point that I *could* ask some intelligent questions about it...
> 
> One very general question I have is, how can you - or even *can* you - hide all of your internal devices from the outside world, similar to how
> the use of 'private' IP's behind a NAT'd firewall are hidden from the outside world (nor directly accessible). I definitely do *not* want all of
> my internal devices directly accessible from the internet.
> 

If you want a good place to start, try Mark Newton's AusCERT IPv6 talk.
http://risky.biz/AusCERT-Newton
It's not exactly "laymen", but I still recommend it.  It's a good talk taking your IPv4 knowledge and comparing it to the IPv6 equivalents, and
brings up some good general ideas that make you think of IPv6 in a practical sense.  Unfortunately I haven't found a video version of it. :(

I've done a hand full of IPv6 conversions, small to medium networks, I'd be willing to answer some questions if you need help.

As for your general question, the short answer is you can't.  If you need internet access, then you will have to have public IPs.

Question: Why do you want to hide internal devices?  I don't expect an answer, this is something you should ask yourself.

Is it to protect running services from attack/discovery?  Great, that's what your firewall is for, so you don't need to worry about private
addresses.  Another option is to deploy IPSec for internal services, this would hide internal services even from hosts on the private address
space unless they are trusted though IPSec rules.

Is it to hide the actual devices? or your network architecture/topology?  Scanning for host discovery in IPv6 is not feasible.  Consider how big
IPv6 is.  A typical host discovery scan on an IPv4 private network can be done in a few hours.  Given a (really fast) average host discovery of
1000 hosts a second, lets apply some math to your internal IPv6 range.  We'll compare both ::/64 and ::/48, which amounts to 2^64 and 2^80
addresses.  Your host discovery scan would take between 600 million, and 38 trillion years to check each IP.

If you still want private addresses, IPv6 has unique local addresses (fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to help
assign a /48 to you).  But since there's no address translation, your stuck running dual networks for everything that needs a private address
and internet access.  It's not entirely a bad thing, but it can be a long tedious process, and some software sucks at it (mysqld).

Hope that helps.
Chris

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Michael Mol]

On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
> On 2012-01-19 5:32 PM, Mick <michaelkintzios@gmail.com> wrote:
>>
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>>>
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl<tanstaafl@libertytrek.org>
>>>  wrote:
>>>>
>>>> I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>>>> every time I start rading about IPv6 I get a headache...
>>>>
>>>> Does anyone know of a decent tutorial written specifically to those who
>>>> have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>>>> get bogged down in too many technical details, but simply explains what
>>>> you need to know to be able to transition to it and use it effectively
>>>> *and securely* - and/or how *not* to have to expose your entire private
>>>> network to the world (what IPv4 NAT protects you from)?
>
>
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>>> either. Still, what would you like to know? (I can use your questions
>>> as fodder and experience for future presentations. ^^)
>
>
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate
>> all
>> the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from
>> what
>> I saw in the config file it is either 4 or 6 that one can activate.
>>  Perhaps
>> this has improved with later versions.
>
>
> That was the very first question (and headache) I got from looking at this.
>
>
>> The OP would probably have more questions, but if you ever pull together a
>> pack of slides I would much appreciate a link to look at them.
>
>
> I really wouldn't know where to start... that is why I was looking for a
> decent tutorial that covered the topic in total, so I could hopefully get to
> the point that I *could* ask some intelligent questions about it...
>
> One very general question I have is, how can you - or even *can* you - hide
> all of your internal devices from the outside world, similar to how the use
> of 'private' IP's behind a NAT'd firewall are hidden from the outside world
> (nor directly accessible). I definitely do *not* want all of my internal
> devices directly accessible from the internet.

Use a firewall on your router. My home firewall disallows incoming
connections, except to ports/hosts I designate.

If you want to avoid an external host from knowing your internal
hosts' IP addresses, you can use IPv6 privacy extensions. With these,
a machine has several temporary IP addresses and one permanent IP
address. It will prefer using its temporary IP addresses for outbound
connections.

If you want to go further, you can use DHCPv6 to prevent hosts from
autoconfiguring global-scope addresses.

-- 
:wq

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Michael Mol]

On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl <tanstaafl@libertytrek.org> wrote:
> On 2012-01-19 5:32 PM, Mick <michaelkintzios@gmail.com> wrote:
>>
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
>>>
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl<tanstaafl@libertytrek.org>
>>>  wrote:
>>>>
>>>> I have a reasonable grasp of how to use IP addresses etc with IPv4, but
>>>> every time I start rading about IPv6 I get a headache...
>>>>
>>>> Does anyone know of a decent tutorial written specifically to those who
>>>> have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
>>>> get bogged down in too many technical details, but simply explains what
>>>> you need to know to be able to transition to it and use it effectively
>>>> *and securely* - and/or how *not* to have to expose your entire private
>>>> network to the world (what IPv4 NAT protects you from)?
>
>
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
>>> sure I'm also not the most knowledgeable on this list wrt IPv6,
>>> either. Still, what would you like to know? (I can use your questions
>>> as fodder and experience for future presentations. ^^)
>
>
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate
>> all
>> the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from
>> what
>> I saw in the config file it is either 4 or 6 that one can activate.
>>  Perhaps
>> this has improved with later versions.
>
>
> That was the very first question (and headache) I got from looking at this.
>
>
>> The OP would probably have more questions, but if you ever pull together a
>> pack of slides I would much appreciate a link to look at them.
>
>
> I really wouldn't know where to start... that is why I was looking for a
> decent tutorial that covered the topic in total, so I could hopefully get to
> the point that I *could* ask some intelligent questions about it...

I *highly* recommend Hurricane Electric's IPv6 certification process.
It takes you from newbie status up through operating servers on IPv6.

https://ipv6.he.net/certification/

-- 
:wq

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Walter Dnes]

On Fri, Jan 20, 2012 at 10:45:08AM -0600, Chris Frederick wrote

> If you still want private addresses, IPv6 has unique local addresses
> (fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to
> help assign a /48 to you).

  If it's a unique ***LOCAL*** address, then why is it a problem if
multiple places on the planet use it???  Doesn't sound very "local" to
me.

  Probably the easiest conversion for most people would be to do what
was done with TV sets...

* When analogue UHF stations first came out, you could get a "translator
  box" that had a tuner which translated UHF channels to channel 3 or 4
  on your old VHF-only TV set

* When non-encrypted analogue midband channels came out on cable TV, you
  could get a "translator box" that mapped cable midband channels to UHF

* When ATSC (digital) broadcast TV came out, you could get a "translator
  box" that converted ATSC signals to NTSC, and fed them to your old
  non-digital TV set.

  Too bad that NAT-PT has been deprecated.  It could've been the
transition answer.

  Don't get me wrong.  I agree that eventually we'll have to transition
to IPV6.  I held off going 64-bit on Gentoo, until I got a machine with
more than 3 gigs of RAM.  Similarly, one of these days, I'll eventually
do an IPV6 install.  What I did not appreciate was the day when the
"ipv6" USE flag was added as a default.  I found out about it when
Firefox started taking a minute or so to find sites, i.e. timing out on
the IPV6 lookup before failing over to IPV4.  Since that day, I start my
USE flags with "-*" in /etc/make.conf to avoid similar surprises.

-- 
Walter Dnes <waltdnes@waltdnes.org>

Re: [gentoo-user] Good 'layman' tutorial on IPv4 > IPv6?

[Chris Frederick]

On Jan 20, 2012, at 9:36 PM, "Walter Dnes" <waltdnes@waltdnes.org> wrote:

> On Fri, Jan 20, 2012 at 10:45:08AM -0600, Chris Frederick wrote
> 
>> If you still want private addresses, IPv6 has unique local addresses
>> (fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to
>> help assign a /48 to you).
> 
>  If it's a unique ***LOCAL*** address, then why is it a problem if
> multiple places on the planet use it???  Doesn't sound very "local" to
> me.

The idea being, they are globally unique.  Assume network XYZ needs to merge with network ABC.

What happens in IPv4 when they both use the same private address space, you could be looking at re-assigning an entire 10/8 address block, including all services.  It sucks.

For IPv6, you go to the end point router for each network, configure a route to the opposite network, add some optional firewall/IPSec rules, and you're done.  This saves days, if not weeks, of work with little, or no downtime.

Home users probably won't care, most will probably use the public address space given to them from their ISP.

Chris