General IPv6

  • ITdojo’s v6 Vertex #4: A Brief Explanation of IPv6 Address Types

    v6 Vertex – A Brief Explanation of IPv6 Address Types

    ITdojo’s v6 Vertex is an ever-expanding set of quick tips and useful advice for using IPv6 in your network.

    People who have been using IPv4 for some time know that there are three basic address types that are commonly discussed:  unicast, broadcast and multicast.

    When it comes to address types IPv6 offers us some of what we already know and then takes things a step further.  In this article I offer a quick, concise explanation of each IPv6 address type.

  • ITdojo’s v6 Vertex #2: Forcing ssh to use IPv6

    v6 Vertex – Quick Tips & Pointers for IPv6 Users

    ITdojo’s v6 Vertex is an ever-expanding set of quick tips and useful advice for using IPv6 in your network.

    SSH use is daily and ubiquitous. In our increasingly mixed IPv4/IPv6 world we need to be conscious of the ways in which we are connecting (or not connecting) to our devices.

    There are a few ways in which you will connect to your remote devices via SSH. They include:

    • By using the actual IP address (v4 or v6). This option doesn’t require much discussion. the type of IP address you enter (4 or 6) will determine the protocol you use.
      • Example: ssh 2001:db8::1234
      • Example: ssh
    • Using a NetBIOS name you can do a local broadcast or WINS query (Microsoft). This will give you IPv4 addresses only. IPv6 and NetBIOS don’t go together.
      • Example: ssh computer1
      • Note: Microsoft does not have a built-in ssh client.  It is one of the great mysteries of our time as to why they won’t embrace something so commonly used.
      • Another note: How your device is configured may vary the way in which this is resolved. It could get your system’s DNS suffix appended and be sent to DNS rather than broadcast on the local LAN or, perish the thought, sent to a WINS server. No, I have not forgotten the hosts file or the LMHOSTS file. I’m just ignoring them for the moment.
    • DNS query. This could return either an A record (IPv4), an AAAA record (IPv6), or both. This depends on your network. If you get both, most modern systems will prefer the AAAA record or use the “Happy Eyeballs” technique to connect to whichever responds first.
      • Example: ssh <fully-qualified-domain-name>
    • Multicast name resolution (mDNS, ZeroConf, SSDP, Bonjour, Avahi, etc.). Like DNS, this could return either an A record or an AAAA record, depending on the nodes in your network.
  • IPv6 Training on East Coast Oct. 8 – 11

    Coming up on October 8, 2013, we will be running our IPv6: Understanding, Analysis & Implementation training course here at our Virginia Beach facility. Let’s face it, the implementation of IPv6 is inevitable and will effect every enterprise network on the planet eventually. The protocol is already being deployed worldwide! IPv6 allows for increased address […]

  • Why Hasn’t Everyone Moved To IPv6?

    We spotted this interesting IPv6 article this morning written by Angus Kidman at Lifehacker and wanted to share it with you. Here’s an excerpt: “We’ve known for decades that the available pool of IPv4 address was eventually going to dry up, but despite numerous warnings usage of its successor IPv6 is still minimal. Why haven’t […]

  • Pushing Firewall Admins into an ICMPv6 Frame of Mind

    ITdojo IPv6 TrainingPath MTU discovery (PMTUD) is far from a new concept to IT folk.  A sending node sets the Don’t Fragment bit in its IPv4 header which is the nodes way of telling any router along the journey to the packet’s destination that it may not fragment the packet into smaller parts.  The router, being an obedient device, honours the instructions in the packet and, when the exit interface does not support the size of the packet, it drops it (rather than fragmenting it).  Now, it is polite, but not required, for routers to tell you when they do such things.  The router that dropped your unfragmentable packet can (should) send you back an nice ICMP message that effectively says, “…just wanted you to know that the packet you just sent was too big to go out my interface so I dropped it.  The biggest MTU I can handle on that interface is ____________ bytes.  If you want to you can try again with an MTU no bigger than that.”.  This ICMP message originates from the router that dropped your packet and is sent back to you (also note that routers can be configured to quietly discard the packets, sending you no ICMP Packet-too-Big message).  The problem we have had for years is that firewall administrators, who live in a perpetual state of fear of all things ICMP, frequently disable ip unreachable packet generation on routers and also block most, if not all, incoming ICMP traffic from the Internet.  This was a problem in IPv4 which can provide for some interesting troubleshooting scenarios.  Disabling IP unreachables (using the ‘no ip unreachables’ command on Cisco routers) is considered a security best-practice even though it is widely known to cause PMTUD issues.  The problem persists in IPv6 and is arguably worse.

  • SSH Using Link-Local IPv6 Addresses

    ITdojo IPv6 TrainingBecause every interface on your system, physical or virtual, has a link local IPv6 address your system needs a little guidance as to which one to use when sending packets to link-local IPv6 addresses.  From an IPv4 perspective this type of addressing is an alien concept.  But to IPv6, it’s everyday life.

  • Deprecate, Deprecate, Deprecate

    IPv6 has added many new words and ideas to the lexicon of IT professionals.  One of the least expected:  deprecate.

    The dictionary ( says that deprecate means “to express earnest disapproval of”, to “urge reasons against” or, oddly, “to pray for deliverance from”.  In the IT world the world a thing being ‘deprecated’ is a thing being removed from use and (hopefully) replaced with something better.  And many things have been deprecated in IPv6’s journey to replace IPv4 as the mechanism for getting packets from near to far.

    I’m sure the list is longer than even I realize but there are many ideas/implementations/technologies that IPv6 once employed that have since been deprecated.  A few examples:

    IPv4-compatible IPv6 Addresses.  Status:  Deprecated.

  • Know Thy (IPv6) Neighbor

    In IPv6 there are four [tables | lists | data structures] used as part of the packet forwarding process (e.g. Neighbor Discovery and the Conceptual Sending Algorithm).  They are:

    • Neighbor Cache
    • Destination Cache
    • Prefix List
    • Default Router List

    These data structures are currently defined by RFC 4861 (and previously by RFC 1970 and RFC 2461, both now obsolete).  RFC 4861 does a good job describing what these data structures are for and how they should be used but does not, as is typical (and appropriate) to RFC’s, provide any specifics on how they are implemented by each operating system.

    The Neighbor Cache, whose closest conceptual relative in IPv4 is the ARP cache, is primarily a list of IPv6-to-MAC address mappings.  If that were all that was true we could say that the ARP cache and the Neighbor Cache were the same thing.  But they are not.  A Neighbor Cache is much more than an ARP cache.  The Neighbor Cache contains the following information:

  • IPv6 Training Upgrade!

    Our IPv6 training is undergoing  a major overhaul!  The increased demand for this training in the transition to IPv6 is keeping us on our toes! In staying with our philosophy to bring you the best, we strive to keep our IPv6 class as up-to-date as possbile (one of the benefits of writing your own courseware […]

  • Chief Information Officers Council – Roadmap Toward IPv6 Adoption for the Federal Government

    Just last week (July 12, 2012), the Chief Information Officers Council released this updated version of the Roadmap Toward IPv6 Adoption for the Federal Government to help with the upcoming deadlines for September of 2012 and September 2014. It highlights the history as well as the government’s vision for IPv6. To read the original article […]

  • June 8th 2011 is World IPv6 Day

    June 8th, 2011 is World IPv6 Day! If you aren’t already running IPv6 this is as good a time as any to get your systems set up to play on the IPv6 Internet. Head over to the official World IPv6 Day web site and get going.