Mailing List Archive

On Wednesday, 29 July 2020 16:55:27 BST antlists wrote:

> I think there's static, and there's effectively static.
>
> If your router is running 24/7, then the IP won't change even if it's
> DHCP. But your router only needs to be switched off or otherwise off the
> network for the TTL (time to live), and DHCP will assign you a different
> IP when it comes back.

My ISP confirms that my addresses are static. Both IPv4 and IPv6. I don't pay
extra for static addresses, though I did have to request a v4 one some years
ago to avoid being blocked from this mail list.

> That's server-side configuration, so if the ISP doesn't elicitly
> allocate you an address in their DHCP setup, what you've got is
> effectively static not really static.
>
> But it really should be so damn simple - take the ISP's network address,
> add the last three octets of the customer's router or something like
> that, and there's the customer's network v6 assigned to the customer's
> router. One fixed address that won't change unless the customer changes
> router or ISP.

I don't recognise anything like that pattern in my addresses.

> I need to learn how v6 works ... :-)

Me too. I thought I was set up right, but I now doubt it.

--
Regards,
Peter.

On 2020-07-29, Peter Humphrey <peter@prh.myzen.co.uk> wrote:
> On Wednesday, 29 July 2020 13:59:11 BST Grant Edwards wrote:
>
>> Pricing isn't based on cost. Pricing is based on what people are
>> willing to pay. People are willing to pay extra for a static IPv6
>> address, therefore static IPv6 addresses cost extra.
>
> Aren't all IPv6 addresses static?

I don't know what most ISPs are doing. I couldn't get IPv6 via
Comcast (or whatever they're called this week) working with OpenWRT
(probably my fault, and I didn't really need it). So I never figured
out if the IPv6 address I was getting was static or not.

There is DHPCv6 (I've implemented it), but I have no idea if anybody
actually uses it. Even if they are using DHCPv6, they can be using it
to hand out static addresses.

> Mine certainly are.

The assumption always seemed to be that switching to IPv6 meant the
end of NAT and the end of dynamic addresses.

--
Grant

On 7/29/20 5:20 AM, Wols Lists wrote:
> On 29/07/20 00:11, james wrote:
>> On 7/28/20 12:10 PM, Wols Lists wrote:
>>> On 28/07/20 16:01, james wrote:
>>>> (2) DNS resolvers, (?) mail-servers for a robust mail system that "I"
>>>> admin, and (1) internet facing web server and (1) internal only facing
>>>> or limited outward facing Web server for development and security based
>>>> testing. Static IP are basically $5/month from my ISP.
>>>
>>> Do you really want to pay for a static IP? I'd go IPv6 instead.
>>>
>>> I learnt my v4 in the days of 10-base-2, and I'd really love to update
>>> to punching holes in a v6 router. Limited risk, and no worries about
>>> static IPs, NATing, all that legacy stuff ... :-)
>>>
>>> Cheers,
>>> Wol
>>>
>>
>>
>> So, IPv6 can be assigned without payment to an ISP? Besides having
>> static IPs without bandwidth connections routed (assigned) to those IP6
>> addresses are not useful?
>>
>>
>> If I go IPv6, where does the bandwidth come from?
>>
>>From your ISP?
>
> The OP's ISP charges EXTRA for a static address, which shouldn't be the
> case seeing as they have oodles of the things. Or maybe I'm out-of-date,
> seeing as my ISP in the old days provided a static IPv4 free of charge
> as a matter of course.
>
> Cheers,
> Wol

Here is the US, too few regulators even comprehend your arguments or
the state of commercial routing and networking. If ordinary folks can
get their porn in a web browser, robustly, then it is classified as a
'great ISP'.

What folk, with some measure of expertise, have, can and want to do, is
often only comprehensible by third level support as these ISPs, if you
get lucky. Free static IPs? Sure I like that idea, but I'd need a
current link as in the US I think that was some years ago. I'll file for
some, in a heartbeat, if anyone can point me to the registrar. Note::
here in the US, it may be easier and better, to just purchase an
assignment, that renders them yours. I'd be shocked if you do not have
to pay somebody residual fees, just like DNS.

So sense there seems to be interest from several folks,
I'm all interested in how to do this, US centric. I think each country
sets policy on IP allocations from their (IP6) pool. A dozen or (2)
pools, so I can test IoT gear, would be keen for my interests. For IoT,
on aerial vehicles, the restrictions extreme, if you believe what has
been published.

Very, Very interested in this thread.

Another quesiton. If you have (2) blocks of IP6 address,
can you use BGP4 (RFC 1771, 4271, 4632, 5678,5936 6198 etc ) and other
RFC based standards to manage routing and such multipath needs? Who
enforces what carriers do with networking. Here in the US, I'm pretty
sure it's just up to the the
Carrier/ISP/bypass_Carrier/backhaul-transport company)....

Conglomerates with IP resources, pretty much do what they want, and they
are killing the standards based networking. If I'm incorrect, please
educated me, as I have not kept up in this space, since selling my ISP
more than (2) decades ago. The trump-china disputes are only
accelerating open standards for communications systems, including all
things TCP/IP.

curiously,
James

On 30/07/2020 00:23, james wrote:
> Very, Very interested in this thread.
>
> Another quesiton. If you have (2) blocks of IP6 address,
> can you use BGP4 (RFC 1771, 4271, 4632, 5678,5936 6198 etc ) and other
> RFC based standards? to manage routing and such multipath needs? Who
> enforces what carriers do with networking. Here in the US, I'm pretty
> sure it's just up to the the
> Carrier/ISP/bypass_Carrier/backhaul-transport company)....
>
> Conglomerates with IP resources, pretty much do what they want, and they
> are killing the standards based networking. If I'm incorrect, please
> educated me, as I have not kept up in this space, since selling my ISP
> more than (2) decades ago. The trump-china disputes are only
> accelerating open standards for communications systems, including all
> things TCP/IP.

From what little I understand, IPv6 *enforces* CIDR. So, of the 64
network bits, maybe the first 16 bits are allocated to each high level
allocator eg RIPE, ARIN etc. An ISP will then be allocated the next 16
bits, giving them a 32-bit address space to allocate to their customers
- each ISP will have an address space the size of IPv4?!

Each customer is then given one of these 64-bit address spaces for their
local network. So routing tables suddenly become extremely simple -
eactly the way IPv4 was intended to be.

This may then mean that dynDNS is part of (needs to be) the IPv6 spec,
because every time a client roams between networks, its IPv6 address HAS
to change.

I need to research more :-)

Cheers,
Wol

On Thu, Jul 30, 2020 at 10:05:46AM +0100, antlists wrote in
<b11e9eef-08e5-7e2a-ff35-2a118dbb8328@youngman.org.uk>:
>From what little I understand, IPv6 *enforces* CIDR. So, of the 64
>network bits, maybe the first 16 bits are allocated to each high level
>allocator eg RIPE, ARIN etc. An ISP will then be allocated the next 16
>bits, giving them a 32-bit address space to allocate to their
>customers - each ISP will have an address space the size of IPv4?!
>
>Each customer is then given one of these 64-bit address spaces for
>their local network. So routing tables suddenly become extremely
>simple - eactly the way IPv4 was intended to be.

An IPv6 address is 128 bits in length. Usually an ISP allocates 64
bits to a single customer, allowing the systems on/behind that
connection to automatically assign themselves an address based on
their MAC address for example. Note that also allocations bigger than
64 bits are common so customers get 70 or 76 bits to use and can use
multiple subnets on their home/business networks.

Point is though, with IPv6 addresses are no longer a scarce
commodity. The cost to an ISP to give you one IPv6 address (/128) is
just the same as given you enough room for your own IPv4 internet
(/64). Whether they make them static or dynamic depends on their
policy and what their customers are willing to put up with / pay for.

>Point is though, with IPv6 addresses are no longer a scarce
>commodity. The cost to an ISP to give you one IPv6 address (/128) is
>just the same as given you enough room for your own IPv4 internet
>(/64).

Oops, brain freeze. A /64 gives you enough room for an IPv4 internet
of IPv4 networks as IPv4 is just 32 bits.

On 30/07/2020 12:13, Remco R?nders wrote:
> An IPv6 address is 128 bits in length. Usually an ISP allocates 64
> bits to a single customer, allowing the systems on/behind that
> connection to automatically assign themselves an address based on
> their MAC address for example. Note that also allocations bigger than
> 64 bits are common so customers get 70 or 76 bits to use and can use
> multiple subnets on their home/business networks.

I don't think an ISP is supposed to allocate less ...

As I understood it, the first 64 bits are the "network address", ie
sort-of assigned to the edge router, and the remaining 64 bits are
assigned by the network operator.

So in your scenario of customers getting more bits, they are effectively
being assigned 2^6 or 2^12 network addresses. Exactly the scenario
planned for high-level ISPs parcelling out address space to low-level ISPs.

And looking at the wikipedia page, it looks like the ISP *must* allocate
at least a /64, because the spec says each device allocates itself a
least-significant-64 address at random using a collision-detect
protocol. Which is why many simplistic algorithms include the MAC
address to (try to) guarantee a unique address on the first attempt.

Cheers,
Wol

On Thu, Jul 30, 2020 at 01:48:05PM +0100, antlists wrote in
<f143bfa0-f0c9-c0da-d160-91183a41a4d3@youngman.org.uk>:
>I don't think an ISP is supposed to allocate less ...

I think your original message was open for multiple interpretations,
or at least I read it as you saying there are 32 bit addresses the ISP
allocates from. I now see the alternate one and the one you probably
intended that there is 32 bits worth of /64's to hand out to
customers. I'm sorry for misunderstanding at first.

Yes, a mimimum of /64 is what is recommended (and needed to make
stateless auto configuration work on the customers end). Whether the
/64 you get allocated is dynamic or static, can still depend on the
ISP's practises and business model.

Cheers,

Remco

On 30/07/2020 14:28, Remco R?nders wrote:
> On Thu, Jul 30, 2020 at 01:48:05PM +0100, antlists wrote in
> <f143bfa0-f0c9-c0da-d160-91183a41a4d3@youngman.org.uk>:
>> I don't think an ISP is supposed to allocate less ...
>
> I think your original message was open for multiple interpretations,
> or at least I read it as you saying there are 32 bit addresses the ISP
> allocates from. I now see the alternate one and the one you probably
> intended that there is 32 bits worth of /64's to hand out to
> customers. I'm sorry for misunderstanding at first.
>
> Yes, a mimimum of /64 is what is recommended (and needed to make
> stateless auto configuration work on the customers end). Whether the
> /64 you get allocated is dynamic or static, can still depend on the
> ISP's practises and business model.
>
No problem. Many people aren't native English speakers (and I can get a
little bit hot under the collar when Americans claim to speak English
:-) so I have no problem with mis-understandings.

Besides English I speak three other languages ranging from "get by" to
"struggling", so I well understand all the problems caused by implicit
nuances, differences in grammar, different mind-sets etc :-)

Cheers,
Wol

* antlists@youngman.org.uk:

> An ISP will then be allocated the next 16 bits, giving them a 32-bit
> address space to allocate to their customers - each ISP will have an
> address space the size of IPv4?!

ISPs can ask for several address spaces, each of which had a much,
*much* larger address space than the whole of IPv4. My ISP (Deutsche
Telekom) assigns /56 Subnets to Home Routers. Given that an IPv6 address
encompasses 128 Bits, each household is thus provided with an address
space of 2^(128-56) Bits. The whole of IPv4 spans only 2^32 Bits.

Any halfway decent data center should, at least, hand out /64 Subnets
for each and every hardware server and VM, free of charge. With virtu-
alisation becoming mainstream, I'd prefer to have a /56 for the host
server, so I can assign /64 subnets to each VM.

A wider address space does not mean one makes use of every available
address, of course. It just makes routing that much simpler, and there
is no need for silly stuff like NAT.

-Ralph

* Grant Edwards:

> Pricing is based on what people are willing to pay. People are willing
> to pay extra for a static IPv6 address, therefore static IPv6
> addresses cost extra.

Somewhere, and some people. I'd be interested to hear from users who
still need to pay extra for IPv6. Here in Germany IPv6 usually comes at
not extra cost (I write "usually" because I don't know every single ISP
here; some only operate in a particular city.)

-Ralph

On 7/29/20 9:41 AM, Peter Humphrey wrote:
> Aren't all IPv6 addresses static?

No.

SLAAC and DHCPv6 are as dynamic as can be.

Static is certainly an option. But I see SLAAC and DHCPv6 used frequently.



--
Grant. . . .
unix || die

On 7/29/20 1:28 PM, Grant Edwards wrote:
> I don't know what most ISPs are doing. I couldn't get IPv6 via
> Comcast (or whatever they're called this week) working with OpenWRT
> (probably my fault, and I didn't really need it). So I never figured
> out if the IPv6 address I was getting was static or not.

Ya.... That was probably a DHCPv6 for outside vs DHCPv6 Provider
Delegation (PD) issue. I remember running into that with Comcast. I
think for a while, they were mutually exclusive on Comcast.

> There is DHPCv6 (I've implemented it), but I have no idea if anybody
> actually uses it. Even if they are using DHCPv6, they can be using
> it to hand out static addresses.

I've seen DHCPv6 used many times. It can be stateless (in combination
with SLAAC to manage the address) or stateful (where DHCPv6 manages the
address). Either way, there is a LOT more information that can be
specified with DHCPv6 that simple SLAAC doesn't provide. For a long
time you couldn't dynamically determine DNS server IP addresses without
DHCPv6 or static configuration.

> The assumption always seemed to be that switching to IPv6 meant the
> end of NAT

That's what the IPv6 Zealots want you to think.

> and the end of dynamic addresses.

Nope, not at all.



--
Grant. . . .
unix || die

On 7/30/20 5:38 PM, Ralph Seichter wrote:
> I'd be interested to hear from users who still need to pay extra
> for IPv6.

I'd be willing, if not happy, to pay a reasonable monthly fee to be able
to get native IPv6 from my ISP.

But it's 2020 and my ISP doesn't support IPv6 at all. :-(

As such, I use a tunnel for IPv6.



--
Grant. . . .
unix || die

On 7/29/20 5:23 PM, james wrote:
> Free static IPs?

Sure.

Sign up with Hurricane Electric for an IPv6 in IPv4 tunnel and request
that they route a /56 to you. It's free. #hazFun

> Note:: here in the US, it may be easier and better, to just purchase
> an assignment, that renders them yours.

Simply paying someone for IPs doesn't "render them yours" per say.

> I'd be shocked if you do not have to pay somebody residual fees,
> just like DNS.

It is highly dependent on what you consider to be "residual fees".

Does the circuit to connect you / your equipment to the Internet count?

What about the power to run said equipment?

Does infrastructure you already have and completely paying for mean that
adding a new service (DNS) to it costs (more) money?

Yes, there is annual (however it works out) rental on the domain name.
But you can easily host your own DNS if you have infrastructure to do so on.

My VPS provider offers no-additional-charge DNS services. Does that
mean that it's free? I am paying them a monthly fee for other things.
How you slice things can be quite tricky.

> So sense there seems to be interest from several folks,
> I'm all interested in how to do this, US centric.

I think the simplest and most expedient is to get a Hurricane Electric
IPv6-in-IPv4 tunnel.

> Another quesiton. If you have (2) blocks of IP6 address,
> can you use BGP4 (RFC 1771, 4271, 4632, 5678,5936 6198 etc ) and other
> RFC based standards? to manage routing and such multipath needs?

Conceptually? Sure.

Minutia: I don't recall at the moment if the same version of the BGP
protocol handles both IPv4 and IPv6. I think it does. But I need more
caffeine and to check things to say for certain. Either way, I almost
always see BGPv4 and BGPv6 neighbor sessions established independently.

There is a fair bit more that needs to be done to support multi-path in
addition to having a prefix.

> Who enforces what carriers do with networking. Here
> in the US, I'm pretty sure it's just up to the the
> Carrier/ISP/bypass_Carrier/backhaul-transport company)....

Yep.

There is what any individual carrier will do and then there's what the
consensus of the Internet will do. You can often get carriers to do
more things than the Internet in general will do. Sometimes for a fee.
Sometimes for free. It is completely dependent on the carrier.

> Conglomerates with IP resources, pretty much do what they want, and they
> are killing the standards based networking. If I'm incorrect, please
> educated me, as I have not kept up in this space, since selling my ISP
> more than (2) decades ago.

Please elaborate on what you think the industry / conglomerates are
doing that is killing the standards based networking.

> The trump-china disputes are only accelerating open standards for
> communications systems, including all things TCP/IP.

Please elaborate.



--
Grant. . . .
unix || die

On 7/30/20 3:05 AM, antlists wrote:
> From what little I understand, IPv6 *enforces* CIDR.

Are you talking about the lack of defined classes of network; A, B, C,
D, E? Or are you talking about hierarchical routing?

There is no concept of a class of network in IPv6.

Hierarchical routing is a laudable goal, but it failed 15-20 years ago.

> Each customer is then given one of these 64-bit address spaces for their
> local network. So routing tables suddenly become extremely simple -
> eactly the way IPv4 was intended to be.

Except that things didn't work out that way.

Provider Independent addresses, multi-homing, and redundant routes mean
that hierarchical routing failed 15-20 years ago.

Many providers try to address things so that hierarchical routing is a
thing within their network. But the reality of inter-networking between
providers means that things aren't as neat and tidy as this on the Internet.

> This may then mean that dynDNS is part of (needs to be) the IPv6 spec,
> because every time a client roams between networks, its IPv6 address HAS
> to change.

Nope.

It's entirely possible to have clients roam between IPv6 (and IPv4)
networks without (one of) it's address(es) changing. Mobile IP. VPNs.
Tunnels. BGP....

Sure, the connection to the network changes as it moves from network to
network. But this doesn't mean that the actual IP address that's used
by the system to communicate with the world changes.

Take a look at IPv6 Provider Delegation. At least as Comcast does it,
means that you only have a link-local IPv6 address on the outside and a
/56 on the inside of a network. The world sees the globally routed IPv6
network on the inside and doesn't give 2? what the outside link-net IPv6
address is. Comcast routes the /56 they delegate to you via the
non-globally-routed IPv6 link-net IPv6 address.

There are multiple ways to keep the same IP while changing the
connecting link.



--
Grant. . . .
unix || die

On 7/31/20 12:30 PM, Grant Taylor wrote:
> On 7/29/20 5:23 PM, james wrote:
>> Free static IPs?
>
> Sure.
>
> Sign up with Hurricane Electric for an IPv6 in IPv4 tunnel and request
> that they route a /56 to you.? It's free.? #hazFun
>

Great to know. I'll see what happens.
>> Note:: here in the US, it may be easier and better, to just purchase
>> an assignment, that renders them yours.
>
> Simply paying someone for IPs doesn't "render them yours" per say.
agreed.
>
>> I'd be shocked if you do not have to pay somebody residual fees, just
>> like DNS.
>
> It is highly dependent on what you consider to be "residual fees".
>
> Does the circuit to connect you / your equipment to the Internet count?

Usually, the circuit for connectivity and the other costs, are bundled
by the ISP/bandwidth-carrier. Sure it get's more complicated with
bypass, dark-fiber, IEC, and a myriad of other vendor solutions.

>
> What about the power to run said equipment?

Comm gear is usually low power, but if they assign you a rack or
whatever, then the accounting can tag you with hundreds per month for
Air Conditioning, transport, etc etc. So I was not intending to go down
that pathway of charges and fees.

>
> Does infrastructure you already have and completely paying for mean that
> adding a new service (DNS) to it costs (more) money?
>
> Yes, there is annual (however it works out) rental on the domain name.
> But you can easily host your own DNS if you have infrastructure to do so
> on.

yep, at least (2) static IPs. Once running I'll find a similar bandwidth
usage organization and swap DNS secondary services. Now days with all
the issue wit CA and others similar/related issues. that might get
complicated. (2) static IPs for (2) dns primary resolvers should get me
going.
>
> My VPS provider offers no-additional-charge DNS services.? Does that
> mean that it's free?? I am paying them a monthly fee for other things.
> How you slice things can be quite tricky.

Yep yep yep.
>
>> So sense there seems to be interest from several folks,
>> I'm all interested in how to do this, US centric.
>
> I think the simplest and most expedient is to get a Hurricane Electric
> IPv6-in-IPv4 tunnel.
>
I agree, based on what you have shared.

>> Another quesiton. If you have (2) blocks of IP6 address,
>> can you use BGP4 (RFC 1771, 4271, 4632, 5678,5936 6198 etc ) and other
>> RFC based standards? to manage routing and such multipath needs?
>
> Conceptually?? Sure.
>
> Minutia:? I don't recall at the moment if the same version of the BGP
> protocol handles both IPv4 and IPv6.? I think it does.? But I need more
> caffeine and to check things to say for certain.? Either way, I almost
> always see BGPv4 and BGPv6 neighbor sessions established independently.
>
> There is a fair bit more that needs to be done to support multi-path in
> addition to having a prefix.

yep yep yep!

>
>> Who enforces what carriers do with networking. Here in the US, I'm
>> pretty sure it's just up to the the
>> Carrier/ISP/bypass_Carrier/backhaul-transport company)....
>
> Yep.
>
> There is what any individual carrier will do and then there's what the
> consensus of the Internet will do.? You can often get carriers to do
> more things than the Internet in general will do.? Sometimes for a fee.
> Sometimes for free.? It is completely dependent on the carrier.


Verizon killing its email services:

https://www.inquirer.com/philly/blogs/comcast-nation/Verizon-exiting-email-business.html

>
>> Conglomerates with IP resources, pretty much do what they want, and
>> they are killing the standards based networking. If I'm incorrect,
>> please educated me, as I have not kept up in this space, since selling
>> my ISP more than (2) decades ago.
>

Well, it's probable not appropriate for me to "finger" specifics. But if
you just learn about all the things some carriers are experimenting
with, in the name of 5G, it is a wide variety experimentation, to put it
mildly.

> Please elaborate on what you think the industry / conglomerates are
> doing that is killing the standards based networking.
>
>> The trump-china disputes are only accelerating open standards for
>> communications systems, including all things TCP/IP.

>
> Please elaborate.

Forking the internet into 1.China & pals 2. European Member states. 3.
USA and allies.


"Some" folks would argue the mess with Certificate Authority (CA)
provides an enormous venue for Nefarious activities. Some would say "the
feds & company" would/are choosing instability, rather than enforceable
rules, which include the (US) federal authorities. Their default is
"hack the planet", as long as we get backdoors and other forms of access
to everything.

However this list has many very smart readers. I'm not going too deep.
I will say that every RF chipset is deeply comprised and it takes
millions of dollars in gear to delineate that. Believe what you want.

But someone like you (Grant) could help guide and document a gentoo
centric collective that provides for
email services, secure/limited web servers and a pair of embedded/DNS
(primary) resolvers so we can keep email systems alive. With that
baseline, folks with a need, can add what they want. That's what I'm
trying to achieve. Common interest that eventually also leads to a very
robust testing semantic. Web, Email, and DNS services is a very large
effort, particular with robust and routine security testing.

There is another movement to put linux, source base, onto your "open"
cell phone, but that's another thread for another day. 2 projects
(gentoo centric) in estimation, destine to become robust and as
critically important, as the Linux kernel itself.

Personally, I strongly dislike all of those replacement services, from
megalopolis like Google, Facebook, Microsoft and others. ymmv.

Thanks for your insight and suggestions.

James

On 7/31/20 12:38 PM, Grant Taylor wrote:
> On 7/30/20 3:05 AM, antlists wrote:
>> From what little I understand, IPv6 *enforces* CIDR.
>
> Are you talking about the lack of defined classes of network; A, B, C,
> D, E?? Or are you talking about hierarchical routing?
>
> There is no concept of a class of network in IPv6.
>
> Hierarchical routing is a laudable goal, but it failed 15-20 years ago.
>
>> Each customer is then given one of these 64-bit address spaces for
>> their local network. So routing tables suddenly become extremely
>> simple - eactly the way IPv4 was intended to be.
>
> Except that things didn't work out that way.
>
> Provider Independent addresses, multi-homing, and redundant routes mean
> that hierarchical routing failed 15-20 years ago.
>
> Many providers try to address things so that hierarchical routing is a
> thing within their network.? But the reality of inter-networking between
> providers means that things aren't as neat and tidy as this on the
> Internet.
>
>> This may then mean that dynDNS is part of (needs to be) the IPv6 spec,
>> because every time a client roams between networks, its IPv6 address
>> HAS to change.
>
> Nope.
>
> It's entirely possible to have clients roam between IPv6 (and IPv4)
> networks without (one of) it's address(es) changing.? Mobile IP.? VPNs.
> Tunnels.? BGP....
>
> Sure, the connection to the network changes as it moves from network to
> network.? But this doesn't mean that the actual IP address that's used
> by the system to communicate with the world changes.
>
> Take a look at IPv6 Provider Delegation.? At least as Comcast does it,
> means that you only have a link-local IPv6 address on the outside and a
> /56 on the inside of a network.? The world sees the globally routed IPv6
> network on the inside and doesn't give 2? what the outside link-net IPv6
> address is.? Comcast routes the /56 they delegate to you via the
> non-globally-routed IPv6 link-net IPv6 address.
>
> There are multiple ways to keep the same IP while changing the
> connecting link.

I'd like to start with a basic list/brief description of these, please?

James

On 2020-07-31, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:
> On 7/29/20 5:23 PM, james wrote:
>> Free static IPs?
>
> Sure.
>
> Sign up with Hurricane Electric for an IPv6 in IPv4 tunnel and request
> that they route a /56 to you. It's free. #hazFun

If I had a week with nothing to do, I'd love to try to get something
like that working -- but, I assume you need a static IPv4 address.

--
Grant

On 2020-07-31, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:
> On 7/30/20 5:38 PM, Ralph Seichter wrote:
>> I'd be interested to hear from users who still need to pay extra
>> for IPv6.
>
> I'd be willing, if not happy, to pay a reasonable monthly fee to be able
> to get native IPv6 from my ISP.
>
> But it's 2020 and my ISP doesn't support IPv6 at all. :-(

Some posts back, somebody mentioned what a "half way decent
datacenter" would do (or something like that). There may be half way
decent ISPs in the US, but I haven't seen one in over 20 years since
the last one I was aware of stopped dealing with residential
customers. They were a victem of the "race to the bottom" when not
enough residential customers were willing to pay $10 per month over
what Comcast or US-West was charging for half-assed, crippled internet
access).

--
Grant

On 2020-07-31, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:
> On 7/29/20 9:41 AM, Peter Humphrey wrote:
>> Aren't all IPv6 addresses static?
>
> No.
>
> SLAAC and DHCPv6 are as dynamic as can be.

Nit: DHCPv6 can be (and usually is) dynamic, but it doesn't have to
be. It's entirely possible to have a static IP address that your OS
(or firewall/router) acquires via DHCPv6 (or v4). [I set up stuff
like that all the time.]

--
Grant

On 7/30/20 4:38 PM, Ralph Seichter wrote:
> * Grant Edwards:
>
>> Pricing is based on what people are willing to pay. People are willing
>> to pay extra for a static IPv6 address, therefore static IPv6
>> addresses cost extra.
>
> Somewhere, and some people. I'd be interested to hear from users who
> still need to pay extra for IPv6. Here in Germany IPv6 usually comes at
> not extra cost (I write "usually" because I don't know every single ISP
> here; some only operate in a particular city.)
>
> -Ralph
>

For where I am, if you need a static IPv4 address (which I do) IPv6 is
not available at all from my ISP... it's not a matter of paying.

Dan

On 7/31/20 1:39 PM, james wrote:
> I'd like to start with a basic list/brief description of these, please?

They basically come down to two broad categories:
1) Have the ""static IP bound to an additional network interface on the
destination system and leverage routing to get from clients to it.
2) Have the ""static IP bound to a remote system that forwards traffic
to a different address on the local system.

Traffic frequently spans the network between the local system and the
remote system through some sort of VPN.

Note: VPNs can be encrypted or unencrypted.

I think one of the simpler things to do is to have something like a
Raspberry Pi (a common, simple, inexpensive example) SSH to a Virtual
Private Server somewhere on the Internet and use remote port forwarding.

root@pi# ssh root@vps -R 203.0.113.23:25:127.0.0.1:25

Note: I'm using root to simplify the example. Apply security best
practices.

This will allow port 25 on a VPS with a (true) static IP (configured in
/etc/conf.d/net) to receive TCP connections and forward them to your
local mail server completely independent of what IP your local Pi may
connect to the Internet with.

Your MX record(s) resolve to the IP address of the VPS. You can change
local IPs or ISPs or even country as often as you like.

Another more complex method is to use a more traditional VPN; e.g. GRE
tunnel, IPsec tunnel, SSH L2 / L3 tunnel, OpenVPN, WireGuard and IP
forwarding on the VPS to route the TCP connections to the local mail server.

Things quickly get deep in minutia of what method you want to use and
what you want to go over it.

I think the SSH remote port forwarding is an elegant technique. It's
relatively simple and it has the added advantage that when the
connection is down the VPS will not establish a TCP connection (because
ssh is not listening on the remotely forwarded port) thus remote
connecting systems will fail hard / fast, thus it's more likely to be
brought to a human's attention.



--
Grant. . . .
unix || die

On 7/31/20 12:01 PM, james wrote:
> yep, at least (2) static IPs.

You can actually get away with one static IP. It's ill advised. But it
will function.

You can also have external 3rd party secondary DNS servers that pull
from your (private) primary DNS server. You might even be able to get
this communications over a VPN if the secondary DNS server operator is
cooperative.

> Once running I'll find a similar bandwidth usage organization and swap
> DNS secondary services.

That's a nice idea. But I've not bothered with that in about 18 years.

I have Linode DNS servers be secondaries for my domains and point the
world at them. I'm still in complete control of the domains via my
personal primary DNS server.

Note: I'm not offering reciprocal secondary DNS service.

This is trivial (for Linode) perk that I get by being a customer for
other things. I think a single < $5 / month VPS qualifies me. (I don't
remember if there is a lower tier VPS or not.)

> Now days with all the issue wit CA and others similar/related
> issues. that might get complicated.

Don't let those features blind you, especially if you don't want to use
their features. Also be mindful of ascribing credit them if they are
simply front ending something like Let's Encrypt, which you can do on
your own for free.

> (2) static IPs for (2) dns primary resolvers should get me going.

1 static IP somewhere will get you started. ;-)

> Verizon killing its email services:
>
> https://www.inquirer.com/philly/blogs/comcast-nation/Verizon-exiting-email-business.html

I'm not at all surprised.

> Well, it's probable not appropriate for me to "finger" specifics. But if
> you just learn about all the things some carriers are experimenting
> with, in the name of 5G, it is a wide variety experimentation, to put it
> mildly.

5G is just the latest in a long line of motivators that have caused
providers to do questionable things.

> Forking the internet into 1.China & pals? 2. European Member states. 3.
> USA and allies.

I've not yet seen any indication that these Geo Political issues have
influencing the technological standards that are used. Sure, they are
influencing who they are used with, and in some cases /not/ used with.
But, thus far, the underlying technical standards have been the same.

> But someone like you (Grant) could help guide and document a gentoo
> centric collective that provides for email services, secure/limited
> web servers and a pair of embedded/DNS (primary) resolvers so we can
> keep email systems alive.

A couple of things:

1) Nothing about what I'm suggesting is Gentoo, or even Linux,
specific. The same methodologies can be used on other OSs.

2) I don't think that email is going to die. It certainly won't do it
faster than Usenet has (not) done. (Usenet is still alive and quite
active.)

Yes, email is growing and changing. But each and every one of us that
thinks about running our own email server has a tiny bit of influence in
that through our actions.

> Thanks? for your insight and suggestions.

You're welcome. :-)



--
Grant. . . .
unix || die

On 7/31/20 1:54 PM, Grant Edwards wrote:
> If I had a week with nothing to do, I'd love to try to get something
> like that working

You don't need a week. You don't even need a day. You can probably
have a test tunnel working (on your computer) in less than an hour.
Then maybe a few more hours to get it to work on your existing equipment
(router) robustly and automatically on reboot.

I encourage you to spend that initial hour. I think you will find that
will be time well spent.

Hurricane Electric does have something else that will take more time,
maybe a few minutes a day over a month or so. Their IPv6 training
program (I last looked a number of years ago) is a good introduction to
IPv6 in general. Once you complete it, they'll even send you a shirt as
a nice perk.

Note: H.E. IPv6 training is independent and not required for their
IPv6-in-IPv4 tunnel service.

> but, I assume you need a static IPv4 address.

Nope. Not really.

You do need a predictable IPv4 address. I'm using a H.E. tunnel on a
sticky IP (DHCP with long lease and renewals) perfectly fine.

If your IP does change, you just need to update the tunnel or create a
new one to replace the old one. This is all manged through their web
interface.



--
Grant. . . .
unix || die