IPv6 day fun is beginning!

Jamie Bowden jamie at photon.com
Wed Jun 8 12:16:57 UTC 2011


The Actiontec is underpowered and if you put too many hosts behind it
will run out of memory for its NAT tables and your connectivity goes to
hell. My router is a D-Link not a Linksys.  When I last upgraded my home
router, the D-Links were plainly v6 capable; the Linksys may or may not
have been, but if so, it wasn't on the box and since my old router was
suffering from hardware problems, I wasn't really in the mood to go out
to Linksys' web site and dig around to hopefully find out.  That and
Cisco has irritated me with their abandonment issues.  My old Linksys
was still running draft N code and hadn't seen a firmware update in two
plus years.

Five minutes after getting the D-Link up and running, I did have my HE
tunnel though, which is nifty.  As far as the firewall goes, it is doing
SPI on both v4 and v6 with a default deny rule for all unrequested
traffic.

Jamie

-----Original Message-----
From: Harry Hoffman [mailto:hhoffman at ip-solutions.net] 
Sent: Wednesday, June 08, 2011 8:00 AM
To: Jamie Bowden; 'NANOG list'
Subject: RE: IPv6 day fun is beginning!

I have the same setup as you, except a Linux box that does the
firewalling.
The actiontec is pretty bad-ass, hardware-wise, and latest firmware
versions
give you a bit more freedom.

Eth0 is the public addr and eth1 is the private addr. On Eth1 I've got a
address from the routed /48 and then everything behind eth1 also gets
addrs
in that /48.
(Maybe a firmware update is available for the Linksys? Or open/dd wrt).

One thing to note, if you're not doing ipv6 filtering at the router.
TCP/135
is open by default on a Windows 7 laptop here so if you're not filtering
at
the laptop then you're potentially allowing the world to access that
port.

Cheers,
Harry

-----Original Message-----
From: Jamie Bowden [mailto:jamie at photon.com] 
Sent: Wednesday, June 08, 2011 7:40 AM
To: NANOG list
Subject: RE: IPv6 day fun is beginning!

Thanks to HE's tunnel broker service, I've got fully functional dual
stack at home (well, mostly, like most folks, VZ gives me a single
address and I live behind that with NATv4, but otherwise, I loves me
some FiOS) and yesterday went by for me without a hitch, including
accessing Facebook (I'd hear from the wife and kid really quickly if
they weren't working).  For a working tunnel, I put my DIR-825 as the
"DMZ" host behind the cheesy Actiontec router VZ requires, forward all
traffic with zero firewalling to it, and let the D-Link appliance handle
all my firewall needs (and it terminates my v6 tunnel obviously).  The
one thing I haven't quite figured out how to make it do (and maybe it's
just not capable) is use the /48 HE routes to me.  The box insists that
the internal interface be on the same subnet as the external, and it
hands out v6 addresses from that /64.

Jamie

-----Original Message-----
From: Jared Mauch [mailto:jared at puck.nether.net] 
Sent: Tuesday, June 07, 2011 7:15 PM
To: Iljitsch van Beijnum
Cc: NANOG list
Subject: Re: IPv6 day fun is beginning!


On Jun 7, 2011, at 7:13 PM, Iljitsch van Beijnum wrote:

> www.facebook.com has AAAA but doesn't load for me over IPv6, it does
for others though

If you go to www.v6.facebook.com it works, but it seems they have some
problem on their main site.  I am seeing some issues reaching them over
IPv6.

- Jared









More information about the NANOG mailing list