# I dont get IPV6

## turtles

IPV6 is what 22 years old now? 

And has not made it to my neck of the woods.

I see articles about it, statistics have gone up in the last few years:

https://www.google.com/intl/en/ipv6/statistics.html

Cool 128 bit addresses instead of (32+16) 48, we need addresses, no more free static IP's, I sorta get it.

Here in the USA, like most, my home OSI layer 1 land line ISP options are a 'Bell' baby or a former cable company.

There are sites I can go to to check IPV6 availability in my area:

http://test-ipv6.comcast.net/

and I get  *Quote:*   

> No IPv6 address detected You appear to have no IPv6 address.
> 
> It looks like you have only IPv4 Internet service at this time. Don't feel bad - most people are in this position right now. Most Internet service providers are not quite yet ready to provide IPv6 Internet to residential customers.

 

I don't have any political beef with IPV6, if my ISP wants to use it I'll use it right away.

and as long as my isp does not give me a routable IPV6 address I am invisible to IPV6 internet correct?

Whats odd is for years I have had issues with IPV6 trying to be on top of its dual stack with IPV4, slowing my machines to a crawl, first trying to resolve IPV6 dns then IPV4.

I have learned to set 

```
/etc/gai.conf
```

```
precedence ::ffff:0:0/96  100
```

I started taking it out of my kernels,

I run no local loopback on IPV6, 

just don't need it.

Now hopefully I am mistaken but it appears user-space programs are depending on IPV6?

And that makes me interested, why should user-space care if its on IPV6 or IPV4?

Now I have to compile in IPV6 as a kernel module and disable it on boot for user-space to be happy.

For example 

```
www-client/google-chrome
```

 with IPV6 behind the scenes logs stuff like:

```
ERROR:socket_udp.cc(153)] bind() to :::0 failed: -109
```

```
tcpdump enp13s0 -i wlp2s0 -vv ip6
```

 reveals devices on my network trying to self assign a IPV6 address and start routing themselves.

```
22:51:22.248799 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1e7:6298:aefb:8c8d > ff02::1:fff5:6d70: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::62fb:42ff:fef5:6d70
```

What am I missing?

Thanks in advance for your comments / rants / views to enlighten me.

Cheers

----------

## eccerr0r

You could get a remote broker to tunnel IPV6 to you over IPV4, like hurricane electric if your ISP does not do so.

For me my ISP uses 6RD and is likewise a IPV6 over IPV4 tunnel.  The IPV6 address I get are routable over the network and yes I have to make sure I firewall off the client machines that are bypassing the IPV4 NAT firewall by using IPV6.  I technically should look into getting IPV6 NAT but the firewall ended up being easier.

There are programs that are starting to use IPV6.  The problem is that the IPV6 stack can do both IPV4 and IPV6 connects, and to make software maintenance easier (isn't this always the case?), people code IPV6 directly.

----------

## UberLord

 *eccerr0r wrote:*   

> You could get a remote broker to tunnel IPV6 to you over IPV4, like hurricane electric if your ISP does not do so.

 

And the big problem here is NetFlix.

Like all good programs it will default to IPv6.

Like the big bad corporate it is it detects a tunnel and refuses to play  :Sad: 

The *huge* downside of IPv6 is that the core is Router Advertisements which are broadcast.

I have no way of saying "exclude my Google Chromecast from IPv6".

And that's the big white elephant in the room.

I've tried many ways of trying to get em to play nice, but I've just given up now.

I use a HE tunnel, but it's not advertised on my home network - each node that needs IPv6 needs a static config.

And as the maintainer of dhcpcd which prides itself on 100% automation this situation sucks.

----------

## eccerr0r

Agreed, this is not a ipv6 problem, this is a netf*x problem.

The autoconfig ipv6 is nice, but yes to work around the netf*x problem is the trouble.

Then g**gle is the other problem not allowing them to configure chromecast to disable ipv6.

Not a real problem, it's completely bigbadcorporate.

----------

## turtles

I thought the point of IPV6 just to create more static IP's and everything would run like IPV4 with ports and firewalls.

It seems like userspace applications are wanting to use  'SLAAC' https://tools.ietf.org/search/rfc4862 :

 *rfc4862 wrote:*   

>    The IPv6 stateless autoconfiguration mechanism requires no manual
> 
>    configuration of hosts, minimal (if any) configuration of routers,
> 
>    and no additional servers.  The stateless mechanism allows a host to
> ...

 

So I havent read that entire RFC but it seems like 'SLAAC' is a ghost network that will start running on its own regardless of routers but where does the 'same link' then end? the modem, a CTMS or DSLAM? the ISP itself?

 *eccerr0r wrote:*   

> I have to make sure I firewall off the client machines that are bypassing the IPV4 NAT firewall by using IPV6.  

 

So regular home router has a IPV6 setting that can be set to 'disabled' but that means the router will still forward IPV6 packets across the router?

----------

## pjp

 *turtles wrote:*   

> So I havent read that entire RFC but it seems like 'SLAAC' is a ghost network that will start running on its own regardless of routers but where does the 'same link' then end? the modem, a CTMS or DSLAM? the ISP itself?

  Seems like it is the IPv6 equivalent of IPv4 169.254... link-local addressing.  *Quote:*   

> IPv4 link-local addresses are assigned to address block 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). In IPv6, they are assigned the address block fe80::/10.

 

https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration

https://en.wikipedia.org/wiki/Link-local_address

----------

## UberLord

 *turtles wrote:*   

> So I havent read that entire RFC but it seems like 'SLAAC' is a ghost network that will start running on its own regardless of routers but where does the 'same link' then end? the modem, a CTMS or DSLAM? the ISP itself?

 

It's only on the network segment - a router will never forward it to another one.

----------

## turtles

Got it thanks.

It sure causes a lot of network chatter on a network that has no IPV6. 

Still seems strange that google-chrome code internals trys to bind to a local IPV6 socket instead of a unix socket:

```

[22788:22797:0114/103013.939174:ERROR:socket_udp.cc(153)] bind() to :::0 failed: -109
```

----------

## Tony0945

 *turtles wrote:*   

> Still seems strange that google-chrome code internals trys to bind to a local IPV6 socket instead of a unix socket:
> 
> 

 

Because google-chrome is not a real Linux program. It's a Windows program adapted to Linux.

----------

## gentoo_ram

Are you using dhcpcd to get an IPv4 address from your network?  Because dhcpcd can also get IPv6 addresses.  This works on my Spectrum network connection.  It gets an IPv6 host address (/128) for my internet interface 'inet0' and gets a (/64) block for my internal interface 'lan0'.

The key parts of dhcpcd.conf for IPv6 for my working config are: 

```
noipv6rs

interface lan0

        ipv6only

interface inet0

        ipv6rs

        ia_na 1

        ia_pd 2 lan0/0
```

----------

## eccerr0r

You get an ipv6 address only if there's a ipv6 address service.  You'll only get a link local address if there are no advertisements on your network.

If you have a DHCPV6 service, which I don't think many ISPs use yet, you get an ISP assigned IPV6 address, but it shouldn't be a /128, it should include your ISP's prefix.

If there is no DHCPV6 service but have a router advertisement service, your machine will automatically come up with its own IP address based on the router advertisement.  Once again you end up getting a fixed prefix (usually 40 to 80 bits) and then SLAAC takes care of the rest of the address.  

However I'm not sure how many ISPs use DHCPV6 yet.  I actually have the more common SLAAC variety and technically have over 2^64 IPV6 addresses, all routable...

----------

## UberLord

 *eccerr0r wrote:*   

> You'll only get a link local address if there are no advertisements on your network.

 

For IPv6 you always have a link-locak address starting fe80

 *Quote:*   

> 
> 
> If you have a DHCPV6 service, which I don't think many ISPs use yet, you get an ISP assigned IPV6 address, but it shouldn't be a /128, it should include your ISP's prefix.
> 
> 

 

All IA_NA and IA_TA addresses from DHCPv6 are /128 because they are not related to a prefix.

You need a working prefix from a RA as well as a default router to get anywhere.

IA_PD on the other hand does have a prefix, but that requires a little setup in dhcpcd as it's not automatic.

And that still needs a default route from the RA to be useful.

 *Quote:*   

> 
> 
> If there is no DHCPV6 service but have a router advertisement service, your machine will automatically come up with its own IP address based on the router advertisement.  Once again you end up getting a fixed prefix (usually 40 to 80 bits) and then SLAAC takes care of the rest of the address.  
> 
> 

 

You can run SLAAC and DHCPv6 addresses side by side.

Infact, DHCPv6 *reequires* RA to fully work.

 *Quote:*   

> 
> 
> However I'm not sure how many ISPs use DHCPV6 yet.  I actually have the more common SLAAC variety and technically have over 2^64 IPV6 addresses, all routable...

 

My ISP doesn't have any IPv6 yet  :Sad: 

----------

## Tony0945

 *UberLord wrote:*   

> My ISP doesn't have any IPv6 yet 

 

Nor mine. So every computer is built with USE="-ipv6" in make.conf  Don't know about the IOT things. The HP printers are probably ipv6. I have the wireless shut off because it keeps trying to phone home and they are connected USB only. My old Officejet had an ethernet port, which I vastly prefer. I'd get a different brand but Linux support seems spotty.

Blinding flash of light! Maybe I could use an old (antique) Windows computer as a print server. Just set it to share it's printer and connect the  ethernet port to the network. Set iptables on the Linux printer to only allow printer traffic and whatever ports remote windows  desktop uses.

Sorry for the off-topic.

----------

