Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - JKnott

Pages: [1] 2 3 4 5 ... 99
Did you not understand?

Please go back and look at the times when you said a link local address could not be used.  I quoted one of them. Perhaps I don't understand because you said one thing at one time and something else at another.

Here's another quote:
There is no way to know the link-local address of the next hop in this case.

As I showed, there is what to know, whether it's via DHCPv6 or manual configuration or whatever.  I also showed that my ISP has no problem working with a link local address.

All this assumes that everyone is using proper transfer networks that have no other hosts on them meaning they have an obvious "next hop" and the packets sent from the other end of the "pipe" have no other route to take other than the router at the other end. This doesn't hold when you're dealing with amateurs/hobbyists that like to be creative and don't care about proper topology in their networks.

I'm not quite sure what you're getting at, other than some users may be clueless about how networks work.  On point to point networks, all that's needed is the interface, as there's only one device beyond it.  On multipoint networks, such as Ethernet, a MAC address is needed to identify the individual devices on the shared network.  An IP address is only used to determine, via ARP or neighbour solicitation, the MAC address of the destination.

In large networks, routers may have multiple interfaces and possibly multiple routes to a destination.  It uses the routing tables to determine the best interface to forward the packet over.  That's all it does, find the best next hop to a destination.

Dude. NOBODY is saying link-local cannot be used. What is your problem?

You seemed to be implying that a routeable address was needed to reach the customer.

Now reverse the roles. You are the ISP who needs to route a static /48 to a user. Do you route it to  fe80::217:10ff:fe9 Or do you assign the end user a unicast address on their WAN interface and route to that? You cannot use DHCP6 and you cannot use SLAAC. What do you do?

BTW, to answer the question, beyond DHCPv6 and SLAAC, the customer would likely have their own prefix, which the ISP will route to.  This is often done using OSPF or at least knowing what's at the other end of the connection.  I have set up several routers for business customers where all the info is provided.  The customer would then be connected to the ISP via fibre.  In this instance, it's just a matter of configuring the routing, based on the info provided.  The ISP knows that the customer and only the customer is at the other end of the fibre.  They also know the customers prefix, either because they provided it or the customer advised them.  Also, in the case of a tunnel, as you mentioned, there is already some means to identify the customer.  With, it's account configuration.  With the provider I used to use, it was my login ID.  Also, as I mentioned, point to point links, such as or VPN don't even need an address.

Don't forget, routing is all about finding the next hop to a network.  All the router needs to know is the best way to get there.  It does not need to know the IP address of any router beyond the next one.  Now, at the ISP router, an IP address may be needed, as in the case of my cable modem.  Why is it necessary for that to be a routeable address, as you seem to imply, when it's only going to be used over the link directly between the ISP's and customer's routers?  At that level, the IP address is resolved to a MAC address, to use over that link.  The IP address of the customer's router is irrelevant beyond the ISP's gateway router.

Take a look at your default gateway and tell me what you see.  As I said before, mine's a link local address.  The MAC for that link local address is the same as shown in the arp cache for the IPv4 default gateway.  And ultimately, it's the MAC address that's used to carry the traffic to the router.

However, there are two cases where using a link-local address as the
   next-hop clearly does not work.  One is when the static route is an
   indirect (or multi-hop) static route.  The second is when the static
   route is redistributed into another routing protocol.  In these
   cases, the above text from RFC 4861 notwithstanding, either a GUA or
   ULA must be used.

I assume this is the relevant section you're referring to.  It lists exception to the rule.  The 2nd would seem to apply to something like converting between IPv4 and IPv6,  The other is simply recursive routing, where you have to go through the same processes repeatedly, until you work down to the next hop.

Furthermore, many network operators are concerned about the
   dependency of the default link-local address on an underlying MAC
   address, as described in the previous section.

For this, you'd need to know what the issues are.  It does not say link local cannot be used, but might not.

Now reverse the roles. You are the ISP who needs to route a static /48 to a user. Do you route it to  fe80::217:10ff:fe9 Or do you assign the end user a unicast address on their WAN interface and route to that? You cannot use DHCP6 and you cannot use SLAAC. What do you do?

Routing is always to the next hop.  The routing tables point to the next closest router to the destination, always.  No exception.  The router simply needs to know the exit interface.  The address in the routing table is simply used to determine which interface that is.  Always.

The ISP has the link local and MAC address of the end user and may have an IPv6 WAN address.  When a packet for the end user network arrives, the router looks up the interface to send it out to go to that network.  It uses an IP address, could be either link local or global address to determine the interface.  The packet is then sent out that interface to the customer's router, where it will be forwarded to the local LAN.  This is how routing works at every single step of the way.  The packets are simply sent out the interface that will take it closer to the destination.  It makes no difference whether it's another router that's directly connected, a router connected via cable modem or DSL etc.  It's just pushing packets out the correct interface and the addresses of all the routers in between are irrelevant.  They do not appear in the routing tables.  And no, the link local address is not routed and I've never claimed that.  It's just irrelevant, except when used to determine the exit interface.  Let's take this a step further and include MAC addresses.  That's what IP addresses eventually resolve to on directly connected links.  Do you route according to MAC address when sending to a network several hops away?  No you don't.  You also don't route to any router IP address along the way.  You simply follow a route hop by hop to the destination network, as determined by the routing table.  As I've mentioned, you don't even need an IP or even MAC address, if using a point to point link, as the interface alone is enough to get the right direction.

Would you like me to suggest some books from Cisco that cover all this?

General Questions / Re: General Questions from a Noob
« on: Yesterday at 09:28:12 pm »
No one suggested any 4 port switch, or Wifi devices.

2) Avoid TP-Link
3) Avoid TP-Link

IPv6 / Re: [Resolved] IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 08:41:38 pm »
We are talking about a specific case where the ISP needs to route a /48 to a WAN interface at the customer.

No matter what it's routing, it needs an IP address on a multipoint link.  That can be link local.  I provided my default gateway earlier, but here it is again:
default            fe80::217:10ff:fe9 UGS         re0

Notice that it's link local.  This is on a cable modem connection, with the modem in bridge mode.  Using Wireshark, I discovered that my IPv6 gateway has the same MAC as shown for IPv4 in the arp cache.  So, I am using a link local address for the gateway.  Don't forget, IPv6 can use things like neighbour advertisements to announce their IPv6 address and I can see those on the WAN link.  As mentioned, I am on a cable modem.  It uses DHCPv6 to get it's WAN global address.  But DHCPv6 uses ICMPv6, using the link local address to reach the server.  So, with that mechanism, the server has the MAC address and link local address.  It will also have the DUID, as provided by the DHCPv6 client.  The ISP now has the link local address to use to forward the /48.

See Also: HE.NET GIF interfaces. Same thing. uses a point to point tunnel to carry IPv6 and therefore does not need any IP address.  However, this is a bit different situation, where the link has to be configured over IPv4.  The configuration tells the router which link to use for the /48.

This is one of the areas where IPv6 is different from IPv4.  It has the link local address which is used for so much in configuring networks etc.  No need for ARP.  DHCP is often used to provide addresses other than for an interface, though that can happen too.  It also has things like router and neighbour advertisements and requests and so much more.  It makes some things a lot easier than IPv4.

BTW, I just used Packet Capture to look at my WAN interface.  I see neighbour solicitations and advertisements using link local addresses, not global, even though that interface has a global address.

Also, how do you display the neighbour MAC addresses for IPv6 addresses in pfsense.  With Linux, the command ip -6 neigh show does it and with FreeBSD it should be npd -a, but that command is not available with pfsense.

IPv6 / Re: [Resolved] IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 07:04:02 pm »
There needs to be a next hop interface.  Point to point links don't need an address at all and multipoint need the interface and next hop address.  That next hop address is usually link local on IPv6.  Any router address beyond the next hop is irrelevant.  As for the IPv6 address at the other end of a link, why is there any difference between GUA and link local?  If doing manual configuration, you'd need to know the address either way.  If using a routing protocol, such as OSPF, it's all worked out automatically.

Here's something from the Cisco book IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6, 2nd ed., page 425:

ipv6-address: The IPv6 address of the next hop that can be used to reach the specified
network. The IPv6 address of the next hop need not be directly connected;
recursion is done to find the IPv6 address of the directly connected next hop. When
an interface type and interface number are specified, you can optionally specify
the IPv6 address of the next hop to which packets are output. Note that you must
specify an interface type and an interface number when using a link-local address as
the next hop. (The link-local next hop must also be an adjacent router.) This argument
must be in the form documented in RFC 4291, where the address is specified
in hexadecimal, using 16-bit values between colons.

Notice they say a link local address can be used.

IPv6 / Re: [Resolved] IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 04:58:22 pm »
I agree, but Q: How does upstream know the downstream link-local address for a static route? A: It doesn't and can't.

It doesn't need it.  All it needs to know is which direction takes a packet closer to the destination, that is the exit interface.  Then, at the next router, the same thing happens again, which exit interface to get the packet closer to the destination.  This can keep on happening for as many hops as necessary, until the packet reaches the destination network, where it's finally delivered.  None of the routers along the path needs to know the WAN address of the destination router, only the way to get to the destination network.

Think about what happens on IPv4.  Do all the routers know the WAN address of the destination network?  Or do they just know the way to the next hop, according to routing tables?  If you assume that the WAN IP address must be known, then the IP address of all the routers must also be known and with complex networks, that's not likely to happen.

Go to the command prompt and enter netstat -r and you'll see the routing table listing which interface is used for the known addresses and the default route for any unknown addresses.

IPv6 / Re: [Resolved] IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 02:12:56 pm »
Right but I'm talking static routing. Or a routing protocol. Not anything dynamic like DHCP/PDs.

It looks like we crossed in our posts.  However, a router only needs to know the interface to send the packets out of to reach the next hop.  This can be any valid IPv6 address or, in the case of point to point links, just the interface.  Every route in a routing table eventually works it way down to an exit interface.  The routes in a routing table can be entered manually or via routing protocol.  It makes no difference.  All that matters is the exit interface to the next hop.

IPv6 / Re: [Resolved] IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 02:09:29 pm »
A Router Advertisement will likely results in a destination route to a link-local address, but an ISP static route probably should not since the link-local address for the route destination is un-knowable.

Happy to be educated to the contrary.

With routing, the task is to determine what interface to use to reach a destination.  This is done with routing tables that point to the appropriate interface.  It makes no difference whether static or routing protocol, such as OSPF is used.  A multipoint link requires the IP address of the next router and link local is fine for that.  A point to point link doesn't even need that, as there is only one possible destination.  When routing to a destination, only the end point IP address is relevant.  Any address in between is not, so long as the router knows which interface to use.

Bottom line, routing over the entire Internet, using only link local addresses is possible.  Global addresses are needed only for management and diagnostics.

Here is the default route for my pfsense firewall:
default            fe80::217:10ff:fe9 UGS         re0

It lists the link local address for my ISP's router and the interface it's found on.

IPv6 / Re: [Resolved] IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 01:42:36 pm »
One last question:
ISPs use one interface by customer then?

That would depend on the ISP and connection type.  I have a cable modem and the segment is shared by others.  So, the link local address would have to be unique on the segment, but not elsewhere.

IPv6 / Re: IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 01:07:44 pm »
When you said
the link local address can be locally assigned.  For example, with pfsense, on my local LAN, the default gateway is fe80::1:1.
do you mean that you have manually chosen and set this link-local address?

if yes, can it be a problem for the ISP if someone did like you and chose the same address?

No, I didn't choose it, pfsense did.  Also, that's on the LAN side, so the ISP wouldn't see it.  However, even on the WAN side it might not be a problem, as the link local address needs to be unique only on a given link.  There's no reason why it can't be used on another one.

IPv6 / Re: IPv6 /48 routed trough /64 interconnection
« on: Yesterday at 12:43:11 pm »
no risk that my link-local IPv6 address changes?

Given that it's normally based on the MAC address, no chance unless you change the hardware.  In some instance, such as routers, the link local address can be locally assigned.  For example, with pfsense, on my local LAN, the default gateway is fe80::1:1.

Firewalling / Re: how Block L2TP and PPTP in firewall ?
« on: Yesterday at 09:12:20 am »
In which direction?  Also, PPTP runs over GRE tunnel and L2TP over PPP.  We need a bit more info here.

Pages: [1] 2 3 4 5 ... 99