this post was submitted on 18 Jun 2024
361 points (98.7% liked)

Selfhosted

40183 readers
506 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 22 points 5 months ago (37 children)

Very useful, but I don't understand concept 1, "Don't pick numbers".

If I'm right, it's basically saying don't do stuff manually, just let the computer do it. I kind of disagree with this. All of my fixed devices have a fixed IP that I manually assigned and derived from the original v4 schema I also have. For example 192.168.x.y becomes prefix::y

Am I misunderstanding something?

[–] [email protected] 10 points 5 months ago* (last edited 5 months ago) (12 children)

On one hand you definitely don't want to be assigning manual/static IPv6 to all your devices because if your prefix ever changes you'll have to update it everywhere. IPv6 doesn't really have a concept of private address space (with a few exceptions). ~~On the other hand most modern IPv6 stacks support dynamic protocols like SLAAC while also assigning a static suffix to the published prefix (e.g. You want :0:0:1234:1 to go to your server, and SLAAC gets the prefix 200x::5678/64 your server would assign itself 200x::5678:0:0:1234:1).~~

DHCPv6 fixes a lot of these headaches for managed networks by allowing you to reserve specific IPv6 for a given DUID.

IMO, your network, do what you want. ~~I have two jump Raspberry PIs that I have static suffixes so I always know where they are without relying on DNS or whatever.~~ Edit: I apparently misremembered how I had these setup. I use a custom interface up script to take the SLAAC prefix and append the custom suffix to it as a secondary IP.

[–] [email protected] 6 points 5 months ago (4 children)

IPv6 does have private spaces. Any prefix beginning with fd is 'private,' and (IIRC) there's a formula to generate the next 40 bits of prefix to minimize the chance of intersections. i.e., you can generate your own internal /48 functionally equivalent to 192.168/16 or 10/8

Don't know if you can use that with SLAAAC, but it works if you run a dhcpv6 and makes ipv6 feel a lot like ipv4. You have to NAT everything inside &c, but if you already have a functioning internal IPv4 network, IPv6 is just a matter of figuring out which config options need to be changed (eg, dhcp6.name-servers for option domain-name-servers)

[–] [email protected] 0 points 5 months ago (2 children)

Yes, ULA are one of the exceptions I mentioned. It covers fc00::/7 which is fc00 to fdff, though I believe most use just the top half. I use one for an intermediate network between my edge router and my primary firewall to not consume one of my limited /64 networks.

I haven't played with IPV6 NAT much. I know its use is a bit discouraged as NAT was always designed as a stopgap measure for IPV4 exhaustion. It might be a good option if you need additional space and your ISP doesn't support additional prefixes. Just keep in mind that if you use these in DNS, they won't be accessible externally.

[–] [email protected] 3 points 5 months ago

Yeah, my ISP "supports" IPv6, but assigns a /128 to users. It seems to wipe out most of the desirable features of IPv6, and has probably given me a distorted view of its philosophy. OTOH, it did force me to learn how to do DNS views, so names can have the ULA address inside and the global address outside the house, which is pretty cool.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

The downside with ULA is that ipv4 is given preference, which is annoying on dual stack networks. I believe there is a draft RFC to change this but it will take a while for it to be approved and longer still for OSes to change their behaviour. I workaround it by using one of the unused (but not ULA) prefixes.

load more comments (1 replies)
load more comments (8 replies)
load more comments (32 replies)