blogx - syst.ca

divisionimpossibleNetworking and Communications

Oct 24, 2013 (4 years and 20 days ago)

106 views

So, I was asked to write a ‘high
-
tech’ blog on a topic of my choice, I have never written a blog before, so
someone can comment with

writing

suggestions for if I write another



Couple weeks ago, I was having NAT issues. A particular game is played by
multiple people in this house
on different computers. In order for this to work, I have to go in and change the port
-
forwarding in my
router, to the person who is currently playing. The problem becomes when multiple people want to
play at the same time


one cannot forward the same port to multiple internal IP addresses.


I can use multiple IP addresses from Shaw to work around this, but it makes more of a headache,
keeping the computers on my internal network, but giving them different external NAT’d add
resses, and
keeping them straight with which IP goes where.


My solution was to implement IPv6 on my network.

I have been waiting for Shaw to release some
addresses to the customers but the only response I have ever gotten is it

is being worked on and wil
l
happen sometime in the future.


So
I am forced to use a tunnel, there are a couple that have been given really high reviews, SixXS

http://www.sixxs.net

and Hurricane Electric
www.tunnelbroker.net

.


I chose tunnelbroker.net because
it is run by
a single company, the reviews and in
-
depth research is that
SixXS is a not
-
for
-
profit and is less reliable for uptime compared to Hurricane Electric.


Signing up is very simple, single

page, the standard form, Name, E
-
Mail address, Address, phone
number. Then you are emailed your account password which you can then change.


Once signed in, Create Regular Tunnel is available, when creating, it asks what your IPv4 endpoint is, and
which
server you want to use


a script runs and suggests the server with the lowest ping to your
browser. In order to create the tunnel, your IPv4 address must respond to pings.


When your tunnel is created, it defaults to a /64 block of IPs

being assigned to
you (
which is 2^64
individual addresses, also can be approximated as 1.84 x 10^19). From my research, a /64
subnet
is
supposed to be the smallest
a
subnet *should* be.

I read most of RFC3177 and all of RFC6177, RFC6177
recommends that home sites be given

more than a /64, but not necessarily a /48 and that a /56 is
recommended at this time. RFC3177 recommended that a /48 be given to home sites.


Personally, I see it becoming common
-
place to assign /48 to business customers and /56 to home users
in the com
ing years.


For the subnet ‘challenged’, there are 65536 /64 subnets in a /48 network block. There are
256 /64
subnets in a /48 block. Shaw, and most ISPs have been given /32 for their network, and to give to their
customers. Some have been given a /29,

and most of the ISPs have a /29 reserved for them as an
extension of their /32.

There are 65536 /48 networks in a /32 allocation.


So, I added many lines of configuration to my router, the nice bonus I found at tunnelbroker.net this
time setting it up on

my router (I tried years ago when it was still a new idea on the internet), that
tunnelbroker.net has many example configurations for different routers and operating systems.


After all of this, I have now have a /64 and a /48 assigned to me, my /64 is se
rving my internal network,
servers, workstations, printers
. I plan on doing a lot of subnetting with my /48. My next project will be
offering public WiFi internet access using IPv6 only.


If anyone is thinking about this, I will say this, security with o
bscurity, is not security. As an example, my
networked
laser printer is my first hardware device that is using IPv6, so it has a public IP address, if
anybody finds my printer’s IP, there is nothing to stop them from remote printing, I had to create a few

firewall rules to stop printing from outside my allocated blocks.
2001:0DB8:0000:0003:0000:01FF:0000:002E is an example of an IPv6 address.

Just because my printer
is

hard to find, doesn’t mean

it is
impossible

for random people to print to
.


Gamers
will see the

biggest short
-
term gain from IPv6 as it fixes the dreaded NAT issues,
-
Xbox users
getting the Strict NAT error for example.