IPv6 and link local addresses (FE80::)

Hi

Currently all my interfaces only have link local addresses (FE80::/64) ...
now... this doesn't allow routing and we got our IPv6 addresses. So I'd like
to use them. But I've some questions:

1) does every interface ALWAYS have a link local address? ... is this
recommended or does every interface have to have one??

2) about the "real" IPv6 addresses... I'm planing to distribute them using
DHCPv6 ... but I don't understand how the routing works... in the interface
settings I can specify a "standard gateway" ... but, I didn't get a standard
gateway from my ISP... do I need one or how does this work? ... I understand
how it works in IPv4, so I'm a bit surprised, that I didn't get an address
of a gateway for IPv6...

.... well, let's start with those 2 questions... I've a lot more, but...
that's enough for now :-)

Rudolf

I presume by this you mean you have obtained Internet IPv6 addresses.

If so, are you assigning these to DMZ servers, or to desktops?

If the latter, I would suggest you think carefully about why you want to do
this. Making desktops Internet-visible is seldom a good idea. Instead,
obtain a NAT router which is IPv6-capable and assign sitelocal IPv6 addresses
to your client computers, either manually or by DHCP. In principle the
considerations here are identical to those of IPv4.

Note that sitelocal is the equivalent of IPv4 linklocal. IPv6 linklocal has
an entirely different function.

Most ADSL combined modem/routers pick-up the ISP's gateway address
automatically. Desktops are pointed to the router's IP as the gateway.

BTW, for my personal opinion, IPv6 = typical example of Design by Committee.
(F'ing mess!) No wonder hardly anyone uses it.

"Rudolf Meier" wrote:

> Hi
>
> Currently all my interfaces only have link local addresses (FE80::/64) ...
> now... this doesn't allow routing and we got our IPv6 addresses. So I'd like
> to use them. But I've some questions:
>
> 1) does every interface ALWAYS have a link local address? ... is this
> recommended or does every interface have to have one??
>
> 2) about the "real" IPv6 addresses... I'm planing to distribute them using
> DHCPv6 ... but I don't understand how the routing works... in the interface
> settings I can specify a "standard gateway" ... but, I didn't get a standard
> gateway from my ISP... do I need one or how does this work? ... I understand
> how it works in IPv4, so I'm a bit surprised, that I didn't get an address
> of a gateway for IPv6...
>
> .... well, let's start with those 2 questions... I've a lot more, but...
> that's enough for now :-)
>
> Rudolf
>
>
>

Hi


> I presume by this you mean you have obtained Internet IPv6 addresses.

Yes

> If so, are you assigning these to DMZ servers, or to desktops?

I didn't decide this now... for the moment I only want to know, how to
realize both versions.

> If the latter, I would suggest you think carefully about why you want to
> do
> this. Making desktops Internet-visible is seldom a good idea. Instead,
> obtain a NAT router which is IPv6-capable and assign sitelocal IPv6
> addresses
> to your client computers, either manually or by DHCP. In principle the
> considerations here are identical to those of IPv4.

That's what I think too... but there's a lot of people telling you, that
this isn't correct and that NAT should never be used and bla bla bla... in
this case you would really need a firewall on every pc and every pc is in
danger from being attacked... today they don't even see those pcs... on the
other hand side... not using NAT, but something like "NAT without address
translation" ... that could be the solution... but I don't know the options
that I have with RRAS... that's why I'm trying to set this up now and to
figure it out...

> Note that sitelocal is the equivalent of IPv4 linklocal. IPv6 linklocal
> has
> an entirely different function.

Yes, I know... but the question is, if every interface has to have a
linklocal address... let's assume I'd distribute sitelocal addresses (or
internet addresses) in my network (3 different buildings) ... then I don't
see why I would need the linklocal addresses... so, that's why I'm asking
myself, if I could disable them... normaly too many addresses only mess up
everything.

> Most ADSL combined modem/routers pick-up the ISP's gateway address
> automatically. Desktops are pointed to the router's IP as the gateway.

Ok, that's interesting... but it still needs a gateway... that's what I
thouhgt...

> BTW, for my personal opinion, IPv6 = typical example of Design by
> Committee.
> (F'ing mess!) No wonder hardly anyone uses it.

.... that might be correct... but unfortunatelly we have to live with it and
to understand it as good as possible...


Rudolf

If you are using real IPs then you don't also need sitelocal or linklocal
addresses.

The default gateway is the IP of the next upstream router, whether this is
NAT or conventional. This may be the IP of an internal Cisco, for example, or
may be the IP of a gateway computer at your ISP.

Under normal circumstances the default gateway must be inside the computer's
own subnet range.

"Rudolf Meier" wrote:

> Hi
>
>
> > I presume by this you mean you have obtained Internet IPv6 addresses.
>
> Yes
>
> > If so, are you assigning these to DMZ servers, or to desktops?
>
> I didn't decide this now... for the moment I only want to know, how to
> realize both versions.
>
> > If the latter, I would suggest you think carefully about why you want to
> > do
> > this. Making desktops Internet-visible is seldom a good idea. Instead,
> > obtain a NAT router which is IPv6-capable and assign sitelocal IPv6
> > addresses
> > to your client computers, either manually or by DHCP. In principle the
> > considerations here are identical to those of IPv4.
>
> That's what I think too... but there's a lot of people telling you, that
> this isn't correct and that NAT should never be used and bla bla bla... in
> this case you would really need a firewall on every pc and every pc is in
> danger from being attacked... today they don't even see those pcs... on the
> other hand side... not using NAT, but something like "NAT without address
> translation" ... that could be the solution... but I don't know the options
> that I have with RRAS... that's why I'm trying to set this up now and to
> figure it out...
>
> > Note that sitelocal is the equivalent of IPv4 linklocal. IPv6 linklocal
> > has
> > an entirely different function.
>
> Yes, I know... but the question is, if every interface has to have a
> linklocal address... let's assume I'd distribute sitelocal addresses (or
> internet addresses) in my network (3 different buildings) ... then I don't
> see why I would need the linklocal addresses... so, that's why I'm asking
> myself, if I could disable them... normaly too many addresses only mess up
> everything.
>
> > Most ADSL combined modem/routers pick-up the ISP's gateway address
> > automatically. Desktops are pointed to the router's IP as the gateway.
>
> Ok, that's interesting... but it still needs a gateway... that's what I
> thouhgt...
>
> > BTW, for my personal opinion, IPv6 = typical example of Design by
> > Committee.
> > (F'ing mess!) No wonder hardly anyone uses it.
>
> .... that might be correct... but unfortunatelly we have to live with it and
> to understand it as good as possible...
>
>
> Rudolf
>
>

Hi

> If you are using real IPs then you don't also need sitelocal or linklocal
> addresses.

ok... can I disable them? ... how? (Windows Server 2008 R2 and Windows 7)
....

Rudolf