Understanding IPv6 Neighbours

Similar Messages

• Need help understanding ipv6

  Hi... I have a new wireless network camera and I've been successful at getting it connected but there is a big question as to whether I have the ipv6 part of it set up correctly... By the way, on the router end I have an AEBS...
  I've been trying to understand the correct format for an ipv6 IP address... I found a little Windows based utility called IP Convert that when I put in an ipv4 address like 10.0.1.252, it converts that to ::0A00:01FC which is simply the hex equivalent of the above decimal numbers... On the other hand the network camera produces a page that shows the same ipv4 address (10.0.1.252) in the ipv6 realm as one of the following two lines... (There is confusion as to which is really the ipv6 IP address but I don't understand either one or how they might relate to the simpler one, ::0A00:01FC, above... These two lines are,
  fe80::280:f0ff:fea7:8c5c
  2002:4c67:6043:0:280:f0ff:fea7:8c5c
  On one of the camera pages, both the above lines sit next to the single header, ipv6 IP Address...
  Can anyone make any sense out of these two lines I've posted above and how they might relate to 10.0.1.252 in the ipv4 realm???
  Any help would be much appreciated... thanks... bob...

  Hi Robert,
  You're correct -- IPv6 addresses are written in hex. But you can't just convert your IPv4 address to hex and have it be IPv6. IPv6 and IPv4 have different address spaces -- there is no connection between your IPv4 address and your IPv6 address.
  It sounds as if your network camera does in fact support IPv6. Out of curiosity, what model is it?
  Both of the IPv6 addresses you listed are being used by the camera. The fe80 address is its link-local address. These addresses are not routeable. They're used for internal "housekeeping" communication on the subnet (more technically, they're used for the IPv6 replacement for ARP, which isn't used in IPv6).
  The 2002 address is the camera's public IPv6 address.
  Having two addresses like this is very common for IPv6 devices. IPv6 devices always have the fe80 link-local address. In addition, they might have one or more public IPv6 addresses (which don't always start with 2002).
  Hope this helps,
  -derek

• Understanding IPv6 Address from RIR

  Hi Folks,
  I am very new to IPv6 and having some question need you guys advices as we are planning to integrate IPv6 to our existing network environment.
  RIR allocated 2300:1480::/32 to us, but they said the assignment windows is 2300:1480::/48.
  So what is the actual subnet to us? we don't quite understand the address assignment. How about 33-47 bits, it is belong to me or belong to RIR?
  (Actual IPv6 address has been removed/modified)
  Sent from Cisco Technical Support iPhone App

  Hi Sean,
  Further clarification with APNIC, this is their reply....
  Does it meant, bit /33-47 is my main subnet And /48-/63 id customer's subnet and /64 is interface id or host in generally?
  +++++
  For your own infrastructure, you can assign the IP as per your
  requirement. For your customers, you can only assign up to /48. If you
  need to assign more then /48 to your customers, you need to submit your
  APNIC second opinion request.
  +++++
  Sent from Cisco Technical Support iPhone App

• Getaddrinfo retuns ipv6 addres (::1) when resolving localhost in Solaris 10

  hi All,
  i have a problem with getaddrinfo when trying to resolve localhost and the host is not configured for ipv6 address but has ipv6 support enabled (default)
  getaddrinfo called with hints set to get only INET6 address is returning ::1 even when the machine is not configured for ipv6 addresses (i.e. ::1 loopback address does not exist) and /etc/hosts file does not have an entry for ::1. When i try binding to the returned address i get a Address not available error (as the address does not exist).
  Looking up getaddrinfo man page i found AI_ADDRCONFIG which returns ipv6 address only if the localhost has atlest one ipv6 address other than the loopback address. But this does not fit my requirement, in cases where a different host other than has a ipv6 address and i want to resolve it even if the local system does not have ipv6 address configured (but still supports ipv6 - i.e can understand ipv6)
  thank you
  Regards
  rakesh

  Then you might have an older installation with separate /etc/inet/hosts and /etc/inet/ipnodes files. You probably have a ::1 entry for localhost in ipnodes. You could consider removing that definition if ipv6 is not configured. Then you won't resolve that address.
  Darren

• IPv6 address questions

  I'm having trouble understanding IPv6 addresses. In IPv4 the CIDR slash notation means what subnet the address is in. But a /48 in IPv6 does not mean subnet. I have no idea what it means. For instance I've seen the address 2001:0:1:5::1/64, and I have no idea what the /64 means. Can someone explain it?
  Link local address: it's not enough to put an FE80 to identify this kind of address, but for some reason, they decided to put FFFE in the middle of the ipv6 address. What were they thinking? Why do they need to identify this kind of address TWICE within the address, AND why couldn't they put the FFFE at the end or the beginning, but instead they put it right in the middle? WTF?
  3 types of addresses? What why? with that many bits in an address there's no reason to have 3 of them. Theres enough for everyone.
  Illogical allocation of bits. A global ip address reserves the last 64 bits for the host ip. This is equivalent to 18 quintillion hosts on ONE SUBNET! YEAH RIGHT! There's no way that's even remotely logical, feasible, or practical. The more I look at IPv6 notation, the more I think my 5th grader could have come up with a better design.
  Also, why didn't they adopt the OSI model of addressing, like in ISIS. That has more than enough addresses for everyone.
  Obviously i'm missing the point completely on IPv6. It sounds like the most unthoughtful pile of rubbish ever conceived. So can someone please direct me to a place or explain what the thought process was when creating this new addressing scheme?
  bonus points: what happened to ipv5, and what was ipv1,ipv2,ipv3? I think the inventor should have called it IPv2000, because he really went overboard.

  Hi Richee,
  ISPs generally give ipv6 addresses to companies with /48 prefix length.
  The company receiving this can create its own subnets within the /48 and /64 range.
  The last 64 for bits of the address are generally used to insert the mac-address of the local interface when using stateless auto-configuration, but you can use it for subnetting as well, if you configure your addresses manually.
  For the other questions I think this link could give you more info:
  http://www.cisco.com/en/US/tech/tk872/tsd_technology_support_protocol_home.html
  And one more little addition:
  Nothing is perfect in this universe. Everything can be considered good or bad, it is just a question of viewpoint.
  Try to look at ipv6 from both viewpoints. You will have surprises.
  Cheers:
  Istvan

• IPv4/ IPV6 Traffic Discrimination and Monitoring

  Hi Guys
  I would appreciate a lot your experiences and best practices about operating and monitoring dual stack networks in Service Provider environments. Currently we're working in a 6VPE model for Internet customers in order to provide dual stack services, but we are looking for a way that allows us discriminate and monitor both the IPv4 and IPv6 traffic separately. 
  Does anyone could to share his experiences, how did they were addressed?
  What kind of monitoring tools have you used? 
  What did you do in order to guarantee a reliable monitoring strategy?
  I will appreciate your support a lot.
  Marcelo

  Hi Russell,
  I'm in the process of writing a program to do this as I've not seen anything that provides this function available.
  For your wired network you should have an inventory of assets containing at least MAC addresses and the user who owns the device.
  On your wireless networks you will probably be using SLAAC and I guess you must be using 802.1x in which case you will be able to identify users to MAC addresses.
  Essentially you need to periodically gather (less than the age timer) the IPv6 neighbour table from your core switches (or any edge etc, if it routes), this will give you the GUA and ULA against the MAC address. If you using an type of authentication parse those logs for usernames and MAC addresses.
  Stir it all together in a database and you should have timestamp, IPv6 address, MAC and user .
  cheers,
  Seb.

• AFP uses IPv6 after 10.4.8 ???

  I installed 10.4.8 some time ago. All works ok on it. I was tracing network traffic using tcpdump for some other work when I noticed that AFP appears to prefer to use IPv6 after 10.4.8. Is this something new? I looked back in some traces and 10.4.3 didn't do it.

  You can turn IPv6 on and off in System Preferences but not tell the system whether it should prefer IPv6 to IPv4. Why does this matter you ask? Consider that 1) OSX installs with IPv6 enabled by default, and 2) there are routers in the world that do not understand IPv6 ... hence my question. If IPv6 is on by default and AFP uses it in preference to IPv4 you will find unexplained failures. For instance in my network, the Airport(s) support IPv6 but if someone plugs into a hardwired ethernet port AFP may not work due to older non-IPv6 router(s).
  I've got development work that needs IPv6 and non-development work that needs to be up 24x7 and can live forever without IPv6.
  I sure wish Apple would be more forthcoming about what is in any given incremental release. Documentation is sparse to say the least. Even M$ does a better job of telling its users what's in an update (and if AFP has preferred IPv6 all along I guess I need to figure out how it was working before but not now

• IPv6 and ASA OS

  We're preparing for a migration to IPv6 and I am trying to find if there is a recommended ASA OS by Cisco to support IPv6.  My firewall currently is running version 7.2(3).  I know this version has IPv6 commands, but I want to make sure it supports everything I need.
  Thanks!
  Dan

  Here is what is supported in version 7.2.x for IPv6:
  http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ipv6.html
  The later version of ASA has more supports for IPv6.
  Here is the configuration guide for ASA 8.3, and the IPv6 configuration can be found on a number of sections:
  http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/config.html
  (Under configuring interfaces section, Adding an IPv6 access-list section, Configuring IPv6 Neighbour Discovery section, etc.)
  Hope that helps.

• Cisco switches that support IPv6 L2 security

  I'm looking for Cisco switches that support IPv6 layer 2 security. The following features are required:
  MLDv2 snooping [RFC4541]
  DHCPv6 snooping [RFC3315]
  DHCPv6 messages must be blocked between subscribers and the network so that false DHCPv6 servers cannot distribute addresses.
  Router Advertisement (RA) filtering [RFC4862, RFC5006]
  RA filtering must be used in the network to block unauthorised RA messages.
  Dynamic "IPv6 neighbour solicitation/advertisement" inspection [RFC4862]
  There must be an IPv6 neighbour solicitation/advertisement inspection, as in IPv4 "Dynamic ARP Inspection". The table with MAC-address and link-local and other assigned IPv6-addresses must be dynamically created by SLAAC or DHCPv6 messages.
  Neighbour Unreachability Detection [NUD, RFC4861] filtering
  There must be a NUD filtering function to ensure that false NUD messages cannot be sent.
  Duplicate Address Detection [DAD, RFC4429] snooping and filtering
  Only authorised addresses may be allowed as source IPv6 addresses in DAD messages from each port.
  Source: http://www.ripe.net/ripe/docs/ripe-501
  I've looked around in some configuration guides for some Cisco access switches but I can't seem to find any switch supporting these functionalities.

  See if this helps.
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-roadmap.html
  You may also want to consult with your sales team.
  What is the application?

• Query DNS ipv6

  Server oracle linux 6.6
  Oracle Enterprise 12c
  With a sniffer I see that there are several requests DNS AAAA (ipv6) to my DNS Server local.
  The query is : STANDARD QUERY 0X1212 AAAA "HOSTNAME"
  The reply is : STANDARD QUERY RESPONSE 0X1212 SERVER FAILURE
  In another server with similar features:
  The query is : STANDARD QUERY 0X1456 AAAA "HOSTNAME"
  The reply is : STANDARD QUERY RESPONSE 0X1456 NO SUCH NAME
  From what I understand IPv6 queries always anticipate queries IPv4.
  There is a way to change this order?
  the idea is to avoid this unnecessary traffic even if it is minimal.
  Thanks.

  What you see is very common and also described in https://www.ietf.org/rfc/rfc4074.txt
  It most likely means that your DNS server is not configured to provide IPv6 AAAA records, or perhaps your systems have different /etc/hosts files, which you might want to compare. It might be interesting to find out what causes the IPv6 DNS queries, but you can probably ignore it in case it is only a cosmetic issue.
  > From what I understand IPv6 queries always anticipate queries IPv4.
  I don't know what you mean by that, but if you do not need IPv6, I suggest to try disabling IPv6 in the kernel by adding an appropriate kernel paramter line at system startup, or by modifying /boot/grub/grub.conf and adding the following:
  ipv6.disable=1
  You can eventually also do the following:
  echo"install ipv6 /bin/true"> /etc/modprobe.d/ipv6_disabled.conf

• ME3600 packet loss problem - reboot to fix.

  One of our ME3600 units has developed a problem where we would lose IPv6 Neighbours and OSPFv3 neighbours, followed by the device not passing MPLS traffic. IPv4 traffic suffering bad packet loss.
  I discovered that devices attached to the Gigabit ports were receiving errored frames so the ME3600 seemed to be sending out bad frames.
  rebooting the device would fix it for a while but it kept happening at regular intervals, usually when the box was carrying more ipv6 traffic.
  We have upgraded to the latest firmware which did not help, and performed a full hardware replacement from Cisco only to find we are still seeing the same issue!
  there was no configuration change that I could point as being a catalyst for the problem, the most recent thing was enabling ipv6 VRFs, but IPv6 is also carried in the global table while we move some services around.po
  Has anyone else experienced similar problems with the ME3600?

  This sounds very similar to a problem we have seen across multiple boxes.
  I've not noticed whether OSPFv3 neighcors drop, however have seen MPLS stop forwarding and heavy v4 loss.  Control plane for v4 seems to stay up (ie v4 OSPF neighbors keep their adjacany) so routes still advertised etc.  Performing a shut / no shut of one of the core interfaces will generally result in a complete failure of the interfaces on that ASIC (the two 10G ports in our case) - can't ping adjacent devices after the no shut, but the GE ports still work.
  10G ports are core facing on our boxes, and adjacent neighbors see increasing input errors when the issue occurs.
  Issue has only been seen during peak traffic times.  Reboot fixes the problem.
  Did you find any resolution?  We've been pointed at CSCui23725, and advised to use the command "platform acl egress-disable".  This appears to be working so far.

• Show time connected

  I have been using Airport Extreme for the past 1 year.  Recently I noticed that the "time connected" doesnt show correctly.  It is freezing to a standstill or suddenly resets the counter to Zero or sometimes, it starts some negative values.  I have tried to reset the Airport Extreme and to factory defaults and changed the settings and nothing corrected the issue.  I am not able to understand iPv6 connections and sharing.  Please help me solve this issue.  But, my internet speed seems to be the same and I dont loose connection at any point of time.  Thanks in advance to community members. 

  Hi Ian,
  Interesting one…
  When you connect via a USB modem the computer is 'doing' the connecting using the modem so the computer has the 'time connected' status available locally. In the case of a router it is connected to the internet irrespective of the computer's status; on, off, sleep, or even, connected to the router. The only way you're going to get the info is from the router itself and, unless it has a setting whereby it will automatically 'inform' the computer of its connected time, I think you're going to have to carry on as you are.
  I don't know that particular Netgear but used to have a different one until a thunderstorm fried it. I don't remember it having such a setting. My current Belkin certainly hasn't.
  I'm quite interested to know why you want this info. Are you on some kind of PAYG tariff?
  Adrian

• Overlapping Channels Query

  Hi,
  I'm troubleshooting a wireless issue at one of our sites and had a query about the current setup. I've attached a diagram of the AP locations and the channels that are in use.
  I notice that there are a few neighbouring APs using the same (overlapping) channel and wondered if this is of any concern. Wireless is not my speciality, but as far as I understand it, neighbouring APs are supposed to use non-overlapping channels.
  For Info;
  APs 2-3,9 -10, and 26 use omni-directional antennas
  APs 4-8, 11-15, use directional antennas facing out of the building.
  All APs are autonomous and use the same SSID
  Should the channels be reconfigured so there are no overlapping channels?
  Thanks,
  Paul

  Hi,
  When working with wireless on the 2.4ghz we need to make sure that you distribut the 3 non overlapping channels between all your access points so that the access points with the same channel are the further apart and on the 5ghz we do not need to worry about this becasue all the channels are non overlapping vrs the 2.4ghz that the only non overlapping channels are 1-6-11.
  Also we need to keep in mind that other access points close to you from another company will create interfirence to yours and yours to them the only way to fix this is distribut the non overlapping channels between your access points and the close access points.

• Windows 7 and verizon internet suite ,removed driver Teredo tunneling adapter when installed

  I installed verizon internet suite on 2 brand new emachine laptops and on both now i get a massage on both laptops saying the teredo tunneling adapter driver needs to be reinstalled ,the computer try to install it but cant ,why does viss do this ,like i said it happened on both computers right after i installed viss

  While I do not know, I can take educated guess(es).
  #1 That tunneling adapter allows for IPv6:
  a) and the verizon internet suite does not understand IPv6, yet.
  b) OR when IPv4 and IPv6 are enabled cause(s) some sort of security and performace issues.
  #2 Or the verizon internet suite does underand what that tunnel is about.
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• DHCPv6 Custom Prefix Length

  Hi all,
  I've been trying to implement dhcpv6 with Windows Server 2012. Due to our ISP not offering native IPv6 access, we went through a third party tunnel provider to have ipv6 internet connectivity. What I need to do however, is set a custom prefix length for
  our dhcp server. Our tunnel provider gave us a /48 block to use for hosts, but windows will only let me create a /64 size scope. Any ideas? The prefix size needs to be /48 in order for this to work correctly. All of our routers are already setup, and we attempted
  to use static ipv6 configuration to do a test for configuration, which has succeeded. The only issue is dhcp giving out ipv6 with /48 prefix to work with tunnel provider. Any ideas? We use Windows Server 2008 R2, and Windows Server 2012, if that helps.

  I'll comment between your questions/comments:
  JC - first off, in IPv6 there is the concept/operations known as Address Autoconfiguration. This process requires up to 2 components in a network system: L3 switches or router to send Router Advertisements - which tells client how to do all this, and then
  possibly DHCPv6 servers to provide clients with IPv6 addresses and/or "other information" like dns, domain name, time srvr, download srvr, etc.
  This taes a bit to get used to, as well as sometimes a bit of work to "discover" what all is needed and how to properly configure.
  a) the DHCPv6 route is not advertised, so the distributed dynamic IPv6 addresses are useless (no connectivity between hosts); there is a manual/temporary netsh override for that, but I don't think this is the proper way to go.
  JC - clients learn the default gateway via the router's Router Advertisement (RA). RFC3315 (DHCPv6) does not provide a scope option for def g/w. You should not manually enter an IPv6 def g/w.
  b) Here might be another issue, I don't know how I configured the DHCPv6 role in past (stateless vs stateful), perhaps that's the problem, need to look deeper into it, but either way our outdated networking infrastructure (routers and switches) is not aware
  of IPv6 protocol at all, it probably doesn't help that I don't even know how the DHCPv6 role was configured in past.
  JC - if you want a DHCPv6 server to supply IPv6 addresses and DNS/domain name, etc to clients, that role is Stateful. If you want DHCPv6 to supply only DNS, domain name, etc and the RA supply the network prefix (SLAAC), that role is Stateless (SLAAC plus
  some DHCPv6).
  Stateful (DHCPv6) operations are the closest to how we run DHCP for IPv4 networks today.
  c) I assigned static IPv6 /112 addresses to servers (and they work fine including the DNS lookups) and was hoping to have the same prefix/subnet for clients, instead I get up to 4 different IPv6 addresses on servers (static, dynamic, temporary route, link-local)
  and just one address on clients and that one belonging to that dynamic prefix (not what I wanted to have initially) ...
  JC - all IPv6 subnets should be /64 for 64 bit network and 64 bit Interface ID (IID) (host address), most OSs will be happier and that is the defined standard way of operating IPv6. Also as you have seen, Microsoft's DHCPv6 server does not allow you to change
  the network prefix (/64).
  You will always have link-local addresses, and if you are getting the IPv6 and IPv6 Temp, then your RA on the subnet is sending RA's with the "A" flag on for SLAAC, and of you have a static addresses defined for servers on the server vlan, you don't want
  SLAAC config on that vlan.
  d) How do I fix IP Helper on our core router to pass the IPv6 DHCP requests to other VLANs (currently they are blocked/discarded), it seems that IPv4 IP Helper doesn't work for IPv6?
  JC - IPv4 and IPv6 are TOTALLY separate protocols. Everything you do for IPv4, needs a counterpart enabled for IPv6. No IPv4 config does anything for IPv6.
  You need a dhcpv6-relay definition which is the IPv6 counterpart to dhcp-relay/IP helper-address...see your L3 switch/router vendor docs for configuring dhcpv6-relay.
  Is it all by design then and re-installing DHCPv6 server in stateful mode won't change that or I am missing something completely?
  JC - Correct, simply having Stateful (DHCPv6) is not all there is to it. You must configure your RA to instruct IPv6 clients how to address themselves. According to the IPv6 RFCs, clients are told how to address themselves (except for manual addressing),
  which is not like the way IPv4 operates.
  All your IPv6 config components need to be specifically configured in order for the system you want to work correctly, to work. IPv6 routing, specific option flags in the RA's, dhcpv6-relay, and DHCPv6 scopes. You can't (generally) just "turn on" IPv6 and
  have it work (the way you think it should).
  IPv6 is quite a beast, but it seems that majority of windows server admins (like me) have limited knowledge on how to configure it properly, resulting in some unexpected outcomes and gotchas ... then days of troubleshooting and then another gotcha ... I
  browsed technet for days/weeks and either end up finding unresolved IPv6 "issue" threads where nobody knows what is what or some super-complicated solutions that truly work only for a few ... frustrating ...
  JC - IPv6 is not a simple "turn-it-on" protocol, as there are differences in its operation as you see. There 5 great IPv6 books you should consider getting:
  Guide to TCP/IP, 4th edition - IPv4 and IPv6 TCP/IP foundations, operations, and examples
  Practical IPv6 for Windows Administrators
  Understanding IPv6
  IPv6 Fundamentals
  IPv6 Essentials (but wait for the 3rd edition coming out in July)
  Check out gogo6.com/main and view the IPv6 webinar/workshop training calendar. A few of us have facilitated some basic IPv6 trng webinars. I think the schedule is being worked on at the moment, but more classes should be coming.
  Additionally, I offer IPv6 Forum Certified training.  teachmeipv6.com and I provide IPv6 consulting services.
  Hmm...maybe I'll design a webinar for configuring a system like you are doing: L3 switch/router configuration and server side DHCPv6 config. I currently facilitate IPv6 hands-on lab workshops (full day) that cover all of this content.
  hth...Jeff
  Jeff Carrell