Ipv6 address setup in local zone

I'm having problems with a local zone that needs a defined IPv6 address. I've had a number of issues -- now i'm down to routing.
I've set up a manual address on a physical interface, and assigned it to a zone by setting it from the global zone:
ifconfig bge3 inet6 addif 2001:6b0:8:1::54/64 zone g.ns.se upThe zone "gets" the interface but there are no default routes visible in the local zone. I can ping the interface from the local LAN connected to bge3, but not beyond. snoop in the global zone sees the packets.
The global zone can configure ipv6 by RA and gets its routing information all right.
Manually adding a default route from the global zone does not help.
Clues?

My experience with a default route ipv6 visibility within a local zone is the same.
One way to get an ipv6 default route info into the local zone is to let the global zone in.ndpd daemon do the ipv6 autoconfig including a default route discovery (ipv6 RA you've mentioned) and manully configure/add a new unique link-local FE80::/10 address within the local zone (besides the global ipv6 address you've already set up). At that point default route makes it into the local zone table and ipv6 connectivity happens. Both ipv6 interfaces - a global zone with ndpd and also a local zone one - have to stay within the same LAN.
I see this as a temporary workaround as this way lacks autoconfig ability (remember ipv6 ?) and currently offers less compared to ipv4 setup options.

Similar Messages

Solaris 10 local zone setup requirement/steps for am/ps 7.0 installation

Hi,
Is there any document available on solaris 10 local zone creation/requirement for am server/ portal server 7.0 install? Any help/pointer is appreciated.
Thanks,

I don't believe there is any specific documentation am/portal in a zone. And as far as I know there are no specific requirements either. I have successfully installed portal in a solaris zone.
A good starter tutorial on zones is here: http://partneradvantage.sun.com/protected/solaris10/adoptionkit/tech/zones/tutorial.html
Hi,
Is there any document available on solaris 10 local
zone creation/requirement for am server/ portal
server 7.0 install? Any help/pointer is
appreciated.
Thanks,

Network access from local zones on a Solaris 10 router

I'm kind of stuck at an interesting problem.
I have a Solaris 10u6 system which is itself a router between a number of networks.
It has several dozen routes to different networks via different next-hop gateways,
just one of which is a default route to the ISP to internet.
I thought of setting up local zones to securely run infrastructure services (BIND,
Squid, Mail relay) on this machine, with only a single dedicated public IP address
(from our delegated address space) per such zone. Zones use a shared-IP stack
on one of the machine's VLAN interfaces (the LAN part with public IP addresses).
The problem is - since this machine is the gateway for the subnet used for the
local zones, they don't inherit any default route. The one default we have to the
ISP is on another interface's subnet.
[root@ns8 /]# netstat -rn | grep default
[root@ns8 /]# netstat -rn | wc -l
50
On a side note, these zones do inherit dozens of other routes (50 above) with
next-hop routers not on the local zone's subnet - so these are also not accessible.
I think such useless routes should also be filtered away - as "mismatching" default
routes are.
Due to all this the zone has no networking outside its subnet/mask: it doesn't
even try to send anything, since there is not a single route with a matching next
hop router, i.e.
[root@ns8 /]# traceroute -nI 194.87.0.50
traceroute to 194.87.0.50 (194.87.0.50), 30 hops max, 40 byte packets
1 xx.yy.zz.8 0.102 ms !H 0.032 ms !H 0.027 ms !H
To reiterate, this setup is different from that of the numerous replays of "How to
set up internet for zones with virtual IP addresses?"
That recipe suggests to add a fake router and maintain its ARP address to be
that of the real default gateway, and set up NAT to rewrite private IP addresses
to the global zone's public IP. While I've also used the recipe a number of times,
it does not seem feasible in this router's case - there are too many next-hop
routers (and learned with a dynamic routing protocol), not just one default-gw.
I can of course go back to running services in the global zone and binding them
to these dedicated public IP addresses via configuration files - and this works
since the global zone has access to any needed routers having IP addresses
in relevant subnets - but I hoped to secure the system a bit more and separate
routing from infrastructure tasks...
So the question is: how can I set up networking for local zones in this case
when they are running on a router? Is it possible?
Thanks,
//Jim

You can set the Airport Extreme in "Bridge" mode, and then it will just extend the existing subnet.
Airport Utility -> Airport Extreme -> Internet -> Connection Sharing -> Off (bridge mode)

IPv6 Address Management and Security Questions

I'm trying to draft an IPv6-based version of our location's current routing configuration in anticipation of when our ISP will finally roll it out, and address management has been giving me the biggest headache - ironic, considering IPv6 was supposed to simplify address allocation.
My first config draft was made assuming that I would be getting a static /56 or /60 prefix from the ISP, and I was just going to insert the prefix into my DHCP pools and there would be no issues. That was before reading around and discovering that some ISPs are considering prefix delegation (PD) for both residential and business accounts instead of static blocks. Now I have questions about how to stick as close to the current IPv4 configuration as possible.
For the PD scenario, what I am looking at now are two addresses ranges for each network - a ULA /120 space that I want to control using stateful DHCPv6, and the global space which can be /64 and auto-configured. That way there will be a "private" address space for internal routing in the event of a prefix change or an extended outage. But I'm not sure how the config should look for such a scenario. What I have drafted so far is this:
ipv6 dhcp pool DHCP6_INTERNAL
address prefix FDAB::1:0/120
domain-name whatever.net
dns-server FDAB::1:1
ipv6 dhcp pool DHCP6_DMZ-WIFI
address prefix FDAB::2:0/120
domain-name guest.whatever.net
dns-server FDAB::2:1
interface GigabitEthernet0
description WAN-LINK
ipv6 enable
ipv6 address dhcp
no ipv6 unreachables
no ipv6 redirects
ipv6 flow ingress
ipv6 flow egress
ipv6 virtual-reassembly in
ipv6 nd autoconfig default-route
ipv6 dhcp client pd hint ::/56
ipv6 dhcp client pd ISP-PREFIX
zone-member security OUTSIDE
speed auto
duplex auto
no cdp enable
interface FastEthernet8.1
description VLAN_1-INTERNAL
encapsulation dot1Q 1 native
ipv6 enable
ipv6 address FDAB::1:1/120
ipv6 address ISP-PREFIX ::1:0:0:0:1/64
ipv6 flow ingress
ipv6 flow egress
ipv6 virtual-reassembly in
zone-member security INSIDE
ip tcp adjust-mss 1300
ipv6 dhcp server DHCP6_INTERNAL
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
interface FastEthernet8.2
description VLAN_2-DMZ-WIFI
encapsulation dot1Q 2
ipv6 enable
ipv6 address FDAB::2:1/120
ipv6 address ISP-PREFIX ::2:0:0:0:1/64
ipv6 flow ingress
ipv6 flow egress
ipv6 virtual-reassembly in
zone-member security DMZ
ip tcp adjust-mss 1300
ipv6 dhcp server DHCP6_DMZ-WIFI
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
Will this config work? By which I mean: will the DHCPv6 servers provide ULA addresses, and will SLAAC work for global address allocation? If not, what needs to be changed?
Also, another question. I found a few references to a prefix name (the "ISP-PREFIX") which can be used as part of a static IPv6 address on an interface, which is a good idea in case the prefix changes. But that brings up another concern - if the prefix changes, that will invalidate ACLs referencing the global addresses using the previous prefix. Is there anything similar to the prefix name string that can be used in ACLs to keep this from occurring?

DHCPv6-PD is not necessarily dynamic the same way as DHCP was with the public IPv4 addresses in the IPv4 world.
While the outside network (PPPoE, DHCPv6, anything) might be truly dynamic and changing with possibly every login session, the DHCPv6 delegated prefix might be tied to your login credentials or DHCPv6 client's DUID after the first connection. A bit like a DHCP lease reservation.
If that is the case, there is some possibility that your ISP will run reverse route injection, and will always route your "fixed" prefix to the currently active dynamic "outside" address.
Talk to your ISP and have them confirm that, once the PD'd /48 or /56 is initially assigned, it won't change, and that the same prefix will be delegated every time. Then you can treat it as if it were fully static, and you won't have to go down the ULA path.
I contacted one of our local ISPs, and they're doing it exactly that way: PPPoE for IPv4 and IPv6 (fully dynamic), and DHCPv6-PD with the /48 tied to the PPPoE login credentials. I might change to that ISP sooner or later.
With my current ISP, my IPv6 access is 6RD based. I get a /60, with my current public ipv4 address (by DHCP) embedded into those 60 bits. Readressing is bound to happen sooner or later, and it happens every so often, and it breaks my IPv6 ACLs.
I'm also looking for a way to write IPv6 ACLs with wildcard bits, not prefix/mask, so I can use them with ZBFW. So far, no sign of it.
A few more comments:
ULA addressing:
It may look tempting, plausible and intuitive to use dual global and ULA addressing.
I started this way as well. However, it turns out that Windows 7 has (had?) some issues with proper source address selection. The "longest common prefix" rule never seemed to work properly. In some cases, it would pick the global address to talk to ULA hosts, or stubbornly insist to use the ULA address to talk to an IPv6 internet host. It was a frustrating experience. Be sure to test this to the full extent (and back, and again and then some more) with every operating system you intend to use.
Using /120:
Be sure to test this as well, and very thoroughly. Subnet masks longer than /64 are sometimes called "uncharted territory" in IPv6. Longer subnet masks will break SLAAC, and there may be (embedded) devices that will not react benevolently to a subnet mask other than /64, or simply lack support for DHCPv6.
adjust-mss
I see you have "ip tcp adjust-mss 1300". While PMTUd may be mandatory with IPv6, I found it being broken already :-( . "ipv6 tcp adjust-mss .... " is now a separate command since IOS 15.4(1). I would suggest considering it, depending with your experience with PMTUd on IPv6.

Setting a floating IP in a solaris local zone!!

I want to install my fault tolerant application in two different
solaris local zones just to save the hardware cost and for testing
purposes.
Earlier before solaris 10, My application runs on two different
machines and receives the incoming requests on a floating IP, thus it
achieves the Fault tolerant behavior with floating IP moving across
the machines on the active application.
There was a separate monitoring process on each machine which runs as
root user and sets and unsets the floating IP using ioctl system calls
on a particular machine as per request received from the application.
Now i want to replicate the same behaviour in solaris 10 setup with my
Fault tolerant application running on two local zones and my
monitoring process which runs on each local zone, set and unset the
floating IP on the particular local zone.
No i want to know that if it is possible for any application to set
floating IP on a particular local zone, from that zone itself and how
can we achieve the same?
regards,
rish

<div class="jive-quote">
<span class="jive-quote-header">MichaelMyers wrote:</span>
I gather some big changes are afoot with the IP stack and zones with the latest Solaris update (the 8/07, update 4 release) -- each zone either does or can have it's own IP stack. This may change the answer to this question...those who's been playing with Open Solaris and/or Solaris Express probably can answer more about that.
</div>
That's correct. You can now use private IP instances for a non-global zone if you want. That zone will now have it's own IP stack and can up/down addresses or whatever. But for now they have to have their own dedicated "interface". This has to be an ethernet device or a VLAN device.
<div class="jive-quote">
<span class="jive-quote-header">
On an unrelated note: the new forum editor apparently doesn't have a way to insert "code" type examples (eg. pre-formatted, in courier, etc.)...
</span>
</div>
Yup. Even in the old editor it was inconsistent where worked. Some forums it would, but not all. I guess now it consistently doesn't work? :-)<br />
<br />
-- <br />
Darren<br />

Local zone doesnot boot

Hi all,
I have the following NIC setup:
ifconfig -alo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.0.1.201 netmask fffff000 broadcast 10.0.15.255
ether 0:3:ba:99:9f:57
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 10.0.1.202 netmask fffff000 broadcast 10.0.15.255
ether 0:3:ba:99:9f:58
bge2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 10.0.1.203 netmask fffff000 broadcast 10.0.15.255
ether 0:3:ba:99:9f:59
I configured and installed a zone named 'z1'
cat /etc/zones/z1.xml<zone name="z1" zonepath="/export/home/zone/1" autoboot="true">
<inherited-pkg-dir directory="/lib"/>
<inherited-pkg-dir directory="/platform"/>
<inherited-pkg-dir directory="/sbin"/>
<inherited-pkg-dir directory="/usr"/>
<network address="10.0.1.203" physical="bge2"/>
</zone>
zoneadm list -cvID NAME STATUS PATH
0 global running /
- z1 installed /export/home/zone/1
while booting the zone 'z1', following happens
zoneadm -z z2 bootzoneadm: zone 'z2': bge2:1: could not bring interface up: address in use by zone 'global': Cannot assign requested address
zoneadm: zone 'z2': call to zoneadmd failed
Did I miss something?
What is my misstake?

Hi
you don't have to use the same network adress for your global and a local zone. You have to use another adress in your lokal zone or delete the beg2 interface in your global zone. That's all.
harruh

IPv6 Addressing Point to Point Links in the enterprise

For an enterprise, it doesn't seem to make sense to use Global addressing for point to point, transit-only links and loopbacks.
Link-local only addressing breaks debugging tools like traceroute, DNS, etc.
Is Unique Local the correct choice for this?
I've searched quite a bit and I've not found a lot of discussion about scope selection for point to point links. Some RFCs such as 6164 imply Global scope vs Unique Local scope usage is a preference. Most discussions of point to point addressing focus on bit length. I'm assuming this means design concerns are agnostic toward scope selection.
Is anyone aware of documentation I've missed or have any recommendations in this area?
If ULA was the correct choice, address hierarchy might look like this:
DataNetwork1 -- Router1 -- ULA.1.1 -- Link -- ULA1.2 -- Agg Router -- Core
DataNetwork2 -- Router2 -- ULA.2.1 -- Link -- ULA2.2 -- Agg Router /
DataNetwork3 -- Router3 -- ULA.3.1 -- Link -- ULA3.2 -- Agg Router /
The network core would have summarized entries for DataNetwork[1|2|3] and ULA[1|2|3]. IE, there would be a Global hierarchy and a ULA hierarchy.

Scott,
Let me break this down into some categories for you.
Address selection:
I believe that best practice is to use Global Unicast Addressing everywhere (coupled with a proper security policy at your edge). ULA was a compromise for Site Local never being properly defined and whilst it can be used in the same way as GUA I don't believe it is worth it. Irrespective of what you use (GUA or ULA), subject to your security and routing policy traceroute will work from both ends (e.g. you tracing out, someone tracing in)
Address masking:
The general rule of thumb is that you allocate /64s to eveything and then mask down to the appropriate mask for the function you are expecting (P.S. Forget everything you learnt about IPv4 address conservation). If you are using /127 masks then in theory every p2p link in your network is either a 0 (::) or a 1 (::1)
e.g.
traceroute HostB:
1     2001:1234:abcd:1::1
2     2001:1234:abcd:2::1
3     2001:1234:abcd:3::1
4     2001::4:10
The only exception to this is loopbacks, you can sequentially allocate /128s from the same /64 block
NOTE: /127 support is recent and may not be supported by some vendors, in this case use /126 masking (same as you would use /30s in IPv4)
If you have a /48 ( a normal enterise allocation) or larger then this should not be an issue ( you have access to 65536 x /64s) the only reason you would consider ULA for infrastructure numbering is because you have a small IPv6 pool. I would still argue you should get more IPv6 addresses than use ULA.
I hope this helps
Cheers

How to create raw partition in a local zone?

I tried to search for an answer for my question, but I spent a week and still no luck.
What I am trying to do is to create raw partitions for Sybase in a local zone. I tried to add device and set match to the block and raw device.
However, when I tried to do "format", I got core dumped. When I did zpool create, I got permission denied. Any advice?
zonecfg:z001> info
zonename: z001
zonepath: /export/ZONE/z001
autoboot: true
pool:
limitpriv:
fs:
dir: /shared/tmp
special: /tmp
raw not specified
type: lofs
options: []
net:
address: 10.110.1.2
physical: e1000g1
device
match: /dev/rdsk/c6t60060160DF2413003E2F0C2DF945DC11d0
device
match: /dev/dsk/c6t60060160DF2413003E2F0C2DF945DC11d0

You can't manipulate pools directly in a non-global zone. I'm not sure if you can run 'format'. You can use at least a limited amount of globbing. You might want to put a '*' at the end of your matched device name.
You can hand off a raw partition via 'match' and put it under UFS control, or with recent versions of Solaris Express, you can delegate a portion of a ZFS filesystem to the zone.
See the ZFS administration guide:
http://www.opensolaris.org/os/community/zfs/docs/zfsadmin.pdf
Especially the section on using ZFS in a zone (page 171). Note the guide is for the most recent version of ZFS in OpenSolaris. Versions available in Solaris 10 may not have all the same features.
Darren

Connect to server using IPv6 address in afp URL

I'm not sure whether this is the correct forum for this question, but does anyone know whether I can specify an IPv6 address in the "Connect to Server" dialog?
I've setup IPv6 over direct-wired ethernet between my MBP and Mini. Using ping6, I can ping one from the other (but only when I specify -I en0)
I've tried the following URLs:
afp://[fe80::0216:cbff:dead:beef]
afp://[fe80::0216:cbff:dead:beef%en0]
I think the problem might be because I don't have an IPv6 router between the two hosts.
Thanks.
MacBook Pro 15 2.0GHz Mac OS X (10.4.8) mini 1.83GHz

I have the same problem and for me it extends to everything from SSH to HTTP. I think that mac has a bug in it networking. I can't get it to work on any mac I've tried. Can your mini connect to your laptop?
I've been googling for 3 days and can't find any solution.
MBP Mac OS X (10.4.9)

Local zones during global shutdown in Solaris 10

Hello,
I am trying to determine if issuing a shutdown command from the global zone, e.g. shutdown -g0 -i5 -y performs graceful shutdowns on any running local zones, or does it issue a halt to the local zones without running shutdown scripts in them. Searching the Solaris zones forum brings up some older discussions (pre 2010) where users reported a halt was done, but the expectation is this would be changed in later Solaris 10 patches or revisions. Has this ever been addressed? Is there a way to determine if a local zone has been halted or shutdown? What is the recommended way to perform a shutdown of a global zone, when local zones are running?
Thanks,

The global zone will run a "svcadm disable zones" for each zones and this corresponds to a "zoneadm shutdown" or "zoneadm halt". Both zoneadm command will use a "init 0" in each zone.
If you have a zone that requires a shutdown script to stopping for example a database gracefully, then you should run the shutdown inside each zone directly.

Why do the connected devices to the router have the smae IPV6 address?

Hi,
Now I meet the issue
The operation steps on router (WRVS4400N):
1.Set the IP mode as Dual-stack IP and then save
2.Disable the IPV4 DHCP server
3.Use other deivces to connect the router.
The connected devices have the same IP address(2005:123:456:789::1),I am confused,why is it?
please help.
Thanks!

Hello,
The WRVS4400N is in fact assigning IPv6 addresses to all the devices connected to it, but the WRVS4400N does not show a table with the IPv6 addresses assigned to each device connected, it only shows the IPv4 addresses and the respective MAC address for each device. The IPv6 of the WRVS4400N is an aggregetable global unicast IPv6 address (See the image below)
If you go to Setup > LAN you will see that you cannot modify the prefix of the IPv6 address, all you can modify is the postifx and prefix length field (As you can see in the image below).
For more information about these fields and general IPv6 configuration, please refer to the article IPv6 Configuration on WRVS4400N Wireless-N Gigabit Security Routers
The only way you have to see the IPv6 address assigned to each device connected to the WRVS4400N is to check on each device the IPv6 address assigned. The WRVS4400N does not provide this information. You can see from the below picture the IPv6 address assigned to my computer. As you can see, the WRVS4400N assign the the computer the prefix 2002:c0a8::/6. Then you can see the actual IPv6 address which is 2002:c0a8:0:b182:e6a:9b0e:cdcf.
As you can see, the initial part (The prefix) remains the same, since these are the first 64 bits of the whole IPv6 address. The other 64 bits of the IPv6 address represents the interface ID, that is, the device that is connected to the WRVS4400N.
I hope you find this information helpful. If you have further questions, don't hesitate to ask.
Alejandro Moncada
SBCD Engineer
[email protected]

Static ipv6 address from a /64

Hi all
I have a cisco 6500 that i configured a /64 on int1/39 that has a linux server connected to it and supressed RAs. On this server i assigned a static ip,
2001:x:77:4::2. i can ping to/from the server with no issues. However when doing a show ipv6 neighbors i still see the auto config ipv6 on fast1/39.
interface FastEthernet1/39
ip address x.x.x.33 255.255.255.240
ip flow ingress
speed 100
duplex full
ipv6 address 2001:x:77:4::1/64
ipv6 nd ra suppress
spanning-tree portfast edge
My question why is that attached server getting an auto config ipv6 address when i have the supress command under interface. Also is it correct to assign a /64 to an int/vlan and statically assign ips instead or should i move to a /56. I'm not really sure if what im doing is common or if it create issues.
TIA, Paul

Deepak, while i assigned a static ip to the server doing a show ipv6 neighbor shows this static ip and it also shows the auto config ip. Again based on my config above shouldnt it jsut show the static ip. Why is SLAAC in play here if i have
ipv6 nd ra suppress on the interface, will this setup cause issues.
sh ipv6 neighbors
IPv6 Address                              Age Link-layer Addr State Interface
2001:x:77:4::2                            1 0019.b9e6.5647 STALE Fa1/39
2001:x:77:4:219:B9FF:FEE6:x     49 0019.b9e6.5647 STALE Fa1/39
FE80::219:B9FF:FEE6:5647                    1 0019.b9e6.5647 STALE Fa1/39
note i can ping the static and auto config ip and the server lists both of them.

Raw diskslices not visible in local zones

Hi,
I'm using sol X86-64 and created a local container. I want to run Oracle with ASM in this container. Because of that i need raw disks (of disk slices) in my container. I added them in the global container with the add device / set match command (see below).
I rebooted my zone (also tried to halt and boot), but i can't see the devices in the local zones.
Anyone ideas ????
Frank
zonecfg:zora1> info
zonename: zora1
zonepath: /zones/zora1
brand: native
autoboot: true
bootargs:
pool: pool_zora1
limitpriv:
scheduling-class:
ip-type: shared
fs:
dir: /usr/local
special: /opt/zora1/local
raw not specified
type: lofs
options: []
net:
address: 99.99.99.999
physical: e1000g0
device
match: /dev/rdsk/c1t8d0s3
device
match: /dev/dsk/c1t8d0s3
zonecfg:zora1>

Hi,
It is "Solaris 10 8/07 s10x_u4wos_12b X86". So, i will look into this solution. It looks promising. I will let you know if it worked.
By the way, We're running sol x86-64 as a quick test. We will eventually be running Sol 10 SPARC.
Thanx,
Frank

IPv6 address is not send over WLan

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hi!
My Cisco router is working fine with Ethernet and IPv6. There is a “little” problem concerning the promotion of IPv6 addresses under WLan. When I’m using WLan the router is not providing any IPv6 addresses, only IPv4. Do you have any clue why the router is not promoting the IPv6 addresses.
btw. I will post the config later on, when I’m at home.
Cheers

It´s an integrated AP!
Here is the Code:
gateway#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 29-Oct-09 12:35 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE
gateway uptime is 8 weeks, 13 hours, 17 minutes
System returned to ROM by power-on
System restarted at 20:04:22 MET Thu Apr 29 2010
System image file is "flash:c870-advipservicesk9-mz.124-15.T11.bin"
bridge irb
dot11 ssid v6gregor
   vlan 2
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 1407051D5A03382E232721
ip dhcp pool wlan_v6
   network 10.11.60.0 255.255.255.0
   default-router 10.11.60.1
   domain-name ipv4.at
   dns-server 195.70.224.45 62.218.28.35
interface Dot11Radio0
description Provisioned by CSM (private interface)
no ip address
load-interval 30
no dot11 extension aironet
encryption vlan 2 mode ciphers tkip
encryption vlan 3 mode ciphers tkip
encryption vlan 1 mode wep optional
ssid daham
ssid open
ssid v6gregor
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
power local cck 17
power local ofdm 17
power client 17
channel 2432
station-role root
rts threshold 2312
antenna receive right
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface BVI1
ip address 10.10.10.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
ipv6 address 2001:938:DAD:400::1/64
ipv6 enable
ipv6 nd prefix 2001:938:DAD:400::/64
ipv6 nd router-preference High
interface BVI2
ip address 10.11.60.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ipv6 address 2001:938:DAD:800::1/64
ipv6 enable
ipv6 mtu 1300
ipv6 nd prefix 2001:938:DAD:800::/64
ipv6 nd managed-config-flag
ipv6 nd router-preference High
ipv6 nd ra interval 60

IPv6 address questions

I'm having trouble understanding IPv6 addresses. In IPv4 the CIDR slash notation means what subnet the address is in. But a /48 in IPv6 does not mean subnet. I have no idea what it means. For instance I've seen the address 2001:0:1:5::1/64, and I have no idea what the /64 means. Can someone explain it?
Link local address: it's not enough to put an FE80 to identify this kind of address, but for some reason, they decided to put FFFE in the middle of the ipv6 address. What were they thinking? Why do they need to identify this kind of address TWICE within the address, AND why couldn't they put the FFFE at the end or the beginning, but instead they put it right in the middle? WTF?
3 types of addresses? What why? with that many bits in an address there's no reason to have 3 of them. Theres enough for everyone.
Illogical allocation of bits. A global ip address reserves the last 64 bits for the host ip. This is equivalent to 18 quintillion hosts on ONE SUBNET! YEAH RIGHT! There's no way that's even remotely logical, feasible, or practical. The more I look at IPv6 notation, the more I think my 5th grader could have come up with a better design.
Also, why didn't they adopt the OSI model of addressing, like in ISIS. That has more than enough addresses for everyone.
Obviously i'm missing the point completely on IPv6. It sounds like the most unthoughtful pile of rubbish ever conceived. So can someone please direct me to a place or explain what the thought process was when creating this new addressing scheme?
bonus points: what happened to ipv5, and what was ipv1,ipv2,ipv3? I think the inventor should have called it IPv2000, because he really went overboard.

Hi Richee,
ISPs generally give ipv6 addresses to companies with /48 prefix length.
The company receiving this can create its own subnets within the /48 and /64 range.
The last 64 for bits of the address are generally used to insert the mac-address of the local interface when using stateless auto-configuration, but you can use it for subnetting as well, if you configure your addresses manually.
For the other questions I think this link could give you more info:
http://www.cisco.com/en/US/tech/tk872/tsd_technology_support_protocol_home.html
And one more little addition:
Nothing is perfect in this universe. Everything can be considered good or bad, it is just a question of viewpoint.
Try to look at ipv6 from both viewpoints. You will have surprises.
Cheers:
Istvan

Ipv6 address setup in local zone

Similar Messages

Maybe you are looking for