Tag Archives: IPv6 Prefix

Palo Alto NGFW: Handling of IPv6 on the Interface

2023-06-20IPv6, Palo Alto NetworksEUI-64, IPv6, IPv6 Interface Identifier, IPv6 Prefix, Link-Local Address, Palo Alto Networks, Router AdvertisementJohannes Weber

For the last few years, I have been confused about Palo Alto NGFWs’ various options for configuring an IPv6 address on a layer 3 interface. Let’s have a look at some details:

Continue reading Palo Alto NGFW: Handling of IPv6 on the Interface →

#heiseshow: IPv6 setzt sich langsam durch – die wichtigsten Fragen

2022-04-13Conference Talks, Internet Access, IPv6#heiseshow, FRITZ!Box, IPv6, IPv6 Dynamic Prefix, IPv6 Prefix, ISP, NATJohannes Weber

Ich durfte zu Gast bei der #heiseshow zum Thema IPv6 sein. In Anlehnung an die Artikelserie über IPv6 in der c’t 7/2022, in der auch mein Artikel über die Vorteile von IPv6-Adressen erschienen ist, ging es bei diesem Video-Podcast um gängige Fragen zu IPv6 sowohl im Heimanwender- als auch im Enterprise-Segment. Ne knappe Stunde lief die Schose und ich empfand es als ziemlich kurzweilig. ;)

Continue reading #heiseshow: IPv6 setzt sich langsam durch – die wichtigsten Fragen →

SharkFest’18 Europe: Crash Course: IPv6 and Network Protocols

2018-11-21Conference Talks, IPv6, Routing, SwitchingIPv6, IPv6 Duplicate Address Detection, IPv6 Prefix, Network Protocol, Router Advertisement, SharkFest, Switch, WiresharkJohannes Weber

I did a session at SharkFest’18 Europe in Vienna with the title of “Crash Course: IPv6 and Network Protocols“. Since the presentation slides + audio were recorded you can listen to the talk, too. Here are some notes about the motivation for this session as well as feedback from the attendees.

Continue reading SharkFest’18 Europe: Crash Course: IPv6 and Network Protocols →

2001:db8::/32 in the Wild

2018-09-13Internet Access, IPv62001:db8::/32, Documentation, In the Wild, IPv6, IPv6 PrefixJohannes Weber

If you have ever read some docs or RFCs about IPv6 you should be quite familiar with the 2001:db8::/32 “IPv6 Address Prefix Reserved for Documentation”, RFC 3849. This RFC clearly states how you should handle addresses within this range: “This assignment implies that IPv6 network operators should add this address prefix to the list of non-routeable IPv6 address space, and if packet filters are deployed, then this address prefix should be added to packet filters.”

I was interested whether those addresses are actually used in the Internet. For this purpose I analyzed my firewall logs for 6 months to get an idea. Though it was not that much, I actually got a couple of connections inbound and outbound (!) sourced or destined to those reserved IPv6 addresses.

Continue reading 2001:db8::/32 in the Wild →

IPv6 Interface ID Structure

2018-09-05IPv6, MemorandumIPv6, IPv6 Global Unicast Address, IPv6 Interface Identifier, IPv6 PrefixJohannes Weber

While there are many approaches on how to structure your IPv6 prefix into /64 subnets (blogposts, books, talks) there are only a few hints what you can do with the other 64 bits of the addresses, namely the IPv6 interface identifier or IID. To my mind you can put some (but not too much) logic into those IIDs to a) have some structure for your addresses that b) helps you identifying those addresses when seeing them in logs or anywhere else. Hence it is easier for you to remember the IPv6 address behind a name (forward DNS) as well as the host when seeing the address (reverse DNS).

This post just shows the approach I am using in my lab. You might find it useful or you might disagree completely. Anyhow, feel free to comment your experiences or solutions for that. :D I am wondering why there isn’t much discussion about these IIDs at all. Maybe for some good reasons I am not seeing yet?

Continue reading IPv6 Interface ID Structure →

Weberblog.net

IT-Security, Networks, IPv6, VPN, DNSSEC, NTP