I was asked to look at some hosts this morning because theyβd stopped communicating with a storage host.Pinged storage from one host and got destination unreachable. But then noticed the reply came from a public address outside our network, outside the DC network, too.
Pretty odd I thought. Told my boss and was told itβs not an issue, βGWOLRβ was one of the responses. A lazy Google didnβt yield any useful info.
Question is - is this a problem? Or, a potential problem, even?
Hi!
We've run a network where DMZ servers have internal (RFC1918) IPv4 addresses and our perimeter firewall have owned the public IPv4s, then we've NAT4'ed from public->internal IP. That means server only see their internal IP.
Now, in IPv6 era, we're supposed to stop doing NAT(?). And that brings the question, what IPs are you now putting on the server? Public IP directly, both public IP _and_ a management-internal-IP on two interfaces - or other options? Do you do NAT on IPv4 and direct public IP for IPv6? I'm open to hear both what you do, and what you think _should_ be done :) If NAT6 is still a thing for servers, I'm also open for that suggestion! Looking for common and best practices.
I've got in interesting one I think. I have BPG routes being advertised to me from a 3rd party (AWS) to an ASR-1001X that has a number of VRFs present. AWS sends very large networks (as they should) so that I receive something like 11.12.0.0/12. I have the need to send a more specific route downstream to my firewall, something like 11.12.123.0/30. It looks like the exist-map/inject-map combo would be the perfect solution for me.
This article here sums it up pretty well: https://www.noction.com/blog/bgp-conditional-route-injection
Now, the trouble is that when I went to apply the config the feature was missing from my VRF address family. Turns out Cisco knows and doesn't seem to excited to fix the issue. As it stands now I can only set an inspect-map at the system level and not specifically to a VRF. https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf40744
So my question, has anyone run into a similar situation before and found a viable workaround?
Because on my local network, for some strange reason, I get double the latency using IPv6 pings compared to IPv4. Granted, these are all <1ms so in real life this isn't going to matter and isn't a big deal in the slightest, but it does make me very curious as to why and what the technical reason behind this is. I would imagine the pings shouldn't differ in latency given it's the same exact hardware and follows the exact same route (hardware-wise) on the network.
The setup is as follows: 10G Intel NICs using single mode fiber, connected to a Unifi 10G switch. From a Linux container (running on a Proxmox server) I ping my Windows 10 workstation. Server IPs are static, PC IPs are DHCP assigned. On IPv4 I get roughly half the latency compared to IPv6. Keep in mind the hardware and the route is exactly the same. The IPs I'm pinging below lead to the exact same Windows 10 machine.
Anybody have an idea what the technical reason could be?
root@container:~# ping 192.168.1.76
PING 192.168.1.76 (192.168.1.76) 56(84) bytes of data.
64 bytes from 192.168.1.76: icmp_seq=1 ttl=128 time=0.158 ms
64 bytes from 192.168.1.76: icmp_seq=2 ttl=128 time=0.169 ms
64 bytes from 192.168.1.76: icmp_seq=3 ttl=128 time=0.172 ms
64 bytes from 192.168.1.76: icmp_seq=4 ttl=128 time=0.285 ms
64 bytes from 192.168.1.76: icmp_seq=5 ttl=128 time=0.131 ms
64 bytes from 192.168.1.76: icmp_seq=6 ttl=128 time=0.148 ms
64 bytes from 192.168.1.76: icmp_seq=7 ttl=128 time=0.134 ms
64 bytes from 192.168.1.76: icmp_seq=8 ttl=128 time=0.107 ms
64 bytes from 192.168.1.76: icmp_seq=9 ttl=128 time=0.112 ms
64 bytes from 192.168.1.76: icmp_seq=10 ttl=128 time=0.092 ms
--- 192.168.1.76 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9183ms
rtt min/avg/max/mdev = 0.092/0.150/0.285/0.051 ms
root@container:~# ping fdac::cd
PING fdac::cd(fdac::cd) 56 data bytes
64 bytes from fdac::cd: icmp_seq=1 ttl=63 time=0.354 ms
64 bytes from fdac::cd: icmp_seq=2 ttl=63 time=0.377 ms
64 bytes from fdac::cd: icmp_seq=3 ttl=63 time=0.269 ms
64 bytes from fdac::cd: icmp_seq=4 ttl=63 time=0.298 ms
64 bytes from fdac::cd: icmp_seq=5 ttl=63 time=0.260 ms
64 bytes from fdac::cd: icmp_seq=6 ttl=63 time=0.238 ms
64 bytes from fdac::cd: icmp_seq=7 ttl=63 time=0.241 ms
64 bytes from fdac::cd: icmp_seq=8 ttl=63 time=0.280 ms
64 bytes from fdac::cd: icmp_seq=9 ttl=63 time=0.235 ms
64 bIt seems to be an increasing number of apps that uses IPv4 / IPv6 addresses directly instead of named addresses, and thus will avoid any DNS filtering like NextDNS provides. Facebook apps is one example, where the majority of the traffic coming from their apps are through unnamed servers.
Is there anyone tracking what kind of data is sent to these servers, and do there exist any easy to use solution with blocklists or similar to block this kind of traffic?
For the first time ever I was issued a public IP (129.x.x.x/21) rather than CGNAT with firmware 0a38f6f7-00f1-4187-bc68-f8ee12545830.uterm.release reboot this morning.
Definitely seeing some routing issues. Lots of packet drop to 1.1.1.1 but fairly solid to 8.8.8.8
Also IPv6 is gone.
I'm browsing around for a new provider, and I see that Hetzner demands 1.70 EUR/month for IPv4, but no additional cost for only IPv6.
What's the caveat here, is it feasible to just use IPv6? My thought is that if I point requests at my domain, the DNS ought to redirect to the IPv6 just as easily and fast as IPv4, but I'm not at all well-versed in the art of IP.
If it helps, it will be running plex, arrs and torrenting via private trackers.
Hey guys, looking for an assist with finding a proxy to assist with IPv4 to IPv6 translations.
The Backstory
I've got a simple EKS cluster; the pods are all assigned IPv4 addresses. Occasionally, the pods need to make outbound calls to IPv6 resources.
Requirements
- The IPv4 outbound request should be able to hit the proxy
- Within the proxy, the A record should be swapped out for an AAAA record
- The remaining original request should be forwarded on the IPv6 (destination) endpoint
- Given a response, the proxy should reverse these mappings (AAAA -> A record) upon return
If it matters, this is for a Telco which, as I understand it, sometimes they have special needs.
If anyone can recommend a proxy to begin testing I would greatly appreciate it. BONUS POINTS IF the solution:
- you have used/tested it - it is known to work
- runs in a container (Kubernetes-friendly)
- is Open Source
- is simple/inexpensive (as possible) to own/operate (automatable)
- EX: preferably, no manual mappings to make it brittle; all DNS-based lookups
TIA
Hi guys,
I was struggeling long time setting up XMRvsBeast Raffle. I realized that my ISP doesn't provide me an public IPv4. Then, I tested a service for 7 days where someone provided me an public IPv4 (in cooperation with my ISP) - then it worked well! I already won the raffle once. Since I don't want to spend 10β¬ per months (that's the price for the pub IPv4 service), I did some research on my own.
I've set up an VSP for 1β¬ per month. I want to use it to convert IPv4 requests on the machine and forward it to the respective port (IPv6) on my PC that is mining. So I've set firewall rules for these ports in the VPS provider settings, installed "6tunnel" (on Ubuntu) and used the following command:
>6tunnel [PORT] [IPV6ADRESS] [IPV6PORT]
This should have worked since no error was thrown. Additionally, I've set the respective port forwarding rules in my router (IPv4 + IPv6!). And of course I've added firewall rules to my mining PC (Win 10).
When I use this tool https://www.yougetsignal.com/tools/open-ports/ , it says that the respective port is open.
I just re-registered for the raffle and that worked as well (didn't work without the VPS before (just for the 7 day trial of the expensive service))!
So I am happy that these things worked at least already.
But one things were me curious:
- monerod.exe continues throwing "No incoming connections, check firewalls/routers allow port 18080"
- p2pool does not show incoming connections (besides I've enabled them by setting them to "2")
- XMRvsBeast raffle history showed "2022-01-07 19:23:01 ERROR: Unable to connect to your p2pool node" - but I am not 100% sure if this may have been the time where I reinstalled the Ubuntu image today (does this error occur when the port closes in general or only when I've won but it didn't work?)
Now I am pretty unsure if it worked anyhow. Do you have any idea how to test it by myself without waiting for the raffle to choose me one day?
I already checked if my ISP maybe gave me a new IPv6 prefix but negative!
I already thought about using a DynDNS but since my IPv6 prefix is the same as when I set up the 6tunnel on the VPS, this shouldn't be causing this issue, right?
I am very thankful for all of your hints or ideas!
Thanks in advance!!
Ziply Fiber has 17 IPv4 address block allocations listed in ARIN. Is there anyway to tell from which ones of them Ziply Fiber DHCP assigns addresses in my service area (Forest Grove, OR)?
ZIPLY-FIBER-IPV4-1 to ZIPLY-FIBER-IPV4-17
I've had the same ipv4 address for about a week so I tried to do some direct port forwarding and some upnp forwarding. Both worked! Nat type shows open on xbox right now, and plex is finally reachable without ngrok.
Estou procurando instrução pra começar na Ñrea, como é muito vasta, eu queria saber como é cada uma delas, o que é feito e etc
Very excited that I can now VPN into my Starlink remotely without needing to VPN into my old antique DLS line to view my CCTV system or plex.
Plex is working pretty good! things load fast without any buffering while testing remotely.
CIB DVR (CCTV is also working very well!.
I no longer need to wait 8 seconds for an individual to move on the cameras lol..
I'm going to continue testing this and see if the IPV4 connection either changes or drops later on in the day. I'll report back if that happens.
https://preview.redd.it/1y1mshilnx581.png?width=624&format=png&auto=webp&s=e4f899f648cf81210ca74ef29a8a6a9dedc4db87
Update on Ipv4
NetRange: 129.222.0.0 - 129.222.255.255 CIDR: 129.222.0.0/16 NetName: SPACEX-STARLINK-IPV4 NetHandle: NET-129-222-0-0-1
I'm from Maine
Update. I still have a static IP, everything is working fine 12/18/2021
Hi, I've got a problem where the M2000 I received in DEC. 2021, will not allow me to change to IPV4 only without losing service completely, even after restarting multiple times, until I swap back to IPV4 & 6. I get under 10Mbps speeds so I've tried to follow peoples guides posted here to see if I can get it higher.
Unfortunately I'm hitting this roadblock and so I'm posting here today to ask if anyone has experience overcoming this or can provide step by step instructions on how to ensure the m2000 will use IVP4.
Any tips on how to potentially get better speeds would be much appreciated too!
Hi everybody
I have some questions about my routers security. In my router, I have an IPv4 address and IPv6.
My first question is : Why two address ??
My second is : Do I need protect the two address or just one ??
The last is: My router has a firewall enable. Do I need configure firewall on my computer and why ??
Thanks in advance for your help
Should I set up ipv6 on my home network? Does it have any advantages? Does it increase the speed connection?
Especially with regards to firewalling ? What about port forwarding ? Is that still even a thing in IPv6 ? Do we still need NAT with IPv6 ?
Hi, when I set up my server I soon realized that there is no IPv4 listed in ifconfig.
I ignored this but now it's causing lots of problems.
I can't get files from GitHub using curl or wget. I can't even ping GitHub. (And some other websites)
But when I try to ping google everything works.
I found a website that allows me to see the IP addresses 'behind' domain names.
Google has an IPv4 and an IPv6 address but GitHub only has IPv4. This is probably the reason why I can't download any files from there.
Other websites are affected by this too. How can I make it work?
FIXED:
Turns out I just had to remove it from my network on my router's settings and reboot the device.
Friday I noticed my servers weren't accessible remotely over ipv6 anymore. When I got home and checked, ipv6 was gone and I now have a public ipv4. Do I reconfigure all my ddns for ipv4 now or is this going to keep switching back and forth?
Does anyone know any way to get statistics on how much bandwidth is used for IPv4 vs IPv6. I run a small ISP and am rolling out IPv6 and would like to know how much traffic is offloaded from the my v4 pool of IPs. I currently use LibreNMS for basic monitoring, but I don't think the Mikrotiks provide that kind of data. I can run torch on the core router, but for 100s of users, it's not really a viable solution.
Don't need anything too fancy, really just looking for percentages, graphs would be nice.
Hey there. Yeah, unusual, I know. Constructive criticism, please. Let's get to it.
The opportunity here is to capitalize on the limited amount of IPv4 addresses in open circulation. The risk is that IPv6 adoption will occur sufficiently prior to any price increase and will result in loss of demand in IPv4. Put differently, this is a bet that companies which are unwilling, or unable, to fully adopt IPv6 will pay a significant premium to continue doing business using their current tech.
The price of IPv4 addresses has risen from ~$8/ea in 2014 to $50/ea in 2021 (1.)
- One concern here is that price growth was flat in 2019 before it started growing sharply in 2020. This might be indicative of a short-term bubble due to unexpected increased demand in remote needs.
- This is a relatively high-volume market. There are tens of millions in transactions occurring weekly. (2.)
- You must hold purchases for two years before they are able to be resold. (3.)
IPv6 adoption has grown from 3% to 38% from 2014 to 2021. (4.)
- This represents 5% growth per year. 10 years from now would be 88%.
- Adoption growth is linear and slowing - adoption has not quickened in response to the IPv4 price hike. Growth was exponential in 2014 and slowed to linear.
- Adoption has been far slower than anticipated. "On 7 March 2013, the Internet Engineering Task Force created a working group for IPv4 sunset ... in May 2018 this working group was closed as no immediate work could be identified due to the slow transition to IPv6." (5.)
I think this is a good play for me personally because:
- I work in tech and feel I understand the needs of tech decently well.
- I am looking for a 'collectible' asset for part of my portfolio. I see IPv4 addresses as something similar to investing in M:TG cards, for example. I want to hold slightly less cash without investing more into stocks or cryptocurrency.
- I do not have any reservations about holding for half a decade. This is a small amount of money (~5% of portfolio) and have absolutely no intent of selling within two years.
I was also able to find:
- https://fly.io/blog/32-bit-real-estate/ A YCombinator startup highlighting their frustrations with the IPv4 market
- Someone asking abou
How often is this implemented?
In rfc8305#section-7.2 it says,
>7.2. Hostnames with Broken AAAA Records
>
>At the time of writing, there exist a small but non-negligible number of hostnames that resolve to valid A records and broken AAAA records, which we define as AAAA records that contain seemingly valid IPv6 addresses but those addresses never reply when contacted on the usual ports. These can be, for example, caused by: o Mistyping of the IPv6 address in the DNS zone configuration o Routing black holes o Service outages While an algorithm complying with the other sections of this document would correctly handle such hostnames on a dual-stack network, they will not necessarily function correctly on IPv6-only networks with NAT64 and DNS64. Since DNS64 recursive resolvers rely on the authoritative name servers sending negative ("no error no answer") responses for AAAA records in order to synthesize, they will not synthesize records for these particular hostnames and will instead pass through the broken AAAA record. In order to support these scenarios, the client device needs to query the DNS for the A record and then perform local synthesis. Since these types of hostnames are rare and, in order to minimize load on DNS servers, this A query should only be performed when the client has given up on the AAAA records it initially received. This can be achieved by using a longer timeout, referred to as the "Last Resort Local Synthesis Delay"; the delay is recommended to be 2 seconds. The timer is started when the last connection attempt is fired. If no connection attempt has succeeded when this timer fires, the device queries the DNS for the IPv4 address and, on reception of a valid A record, treats it as if it were provided by the application (see Section 7.1).
It seems that wikipedia has a broken ipv6 address. if you dig aaaa wkipedia.org you can find a record of it but if you curl it via ipv6 (if you have ipv6 network)
curl -6 https://en.wikipedia.org/wiki/Main_Page
you can find that it can't be access via IPv6 network.
edit: I guess it's just my network. sorry
I have a MacOS that lives in a IPv6 only networ
... keep reading on reddit β‘Hello I've just started to learn about monero and when I runned monerod.exe it couldn't start ΒΏhow can I fix this problem?
Been wondering - at the moment all current IPv4-as-a-service technologies always get translated back to IPv4 at the AS-level, but how would that work in the future when the upstream IPv4 networks are retired?
Current NAT64 flow:
- Client needs to connect to server
99.88.77.66, synthesizes that as64:ff9b::99.88.77.66, this prefix gets routed to the stateful NAT64 server of the ISP - NAT64 server translates destination to
99.88.77.66sends over IPv4backbone(sorry, peering route), using the IPv4 routing tables to the destination AS that owns99.88.0.0/16 - receiving AS routes over own network to the server that has address
99.88.77.66
So in a future world without AS-to-AS IPv4 networks, how would this work? I would imagine it goes something like:
- Client synthesizes
64:ff9b::99.88.77.66, this prefix gets routed to a stateless NPT66 server of the ISP - NPT66 server looks up the AS that owns
99.88.0.0/16, looks up the IPv6 block for that AS (2001:abcd::0/32), translates the prefix to2001:abcd::99.88.77.66and sends over the IPv6backbone(sorry, peering route) - receiving AS does stateful NAT64 from
2001:abcd::99.88.77.66to99.88.77.66, routes it over its internal IPv4 network to the server that has this address
Is this indeed the supposed 'endgame' for upstream IPv4? Or would traffic get tunneled between AS #1 and AS #2 instead of translated? Is there an RFC that describes this?
Is IPV6 so important or not? Thanks
I've been seeing Starlink connections with a public IP in the 98.97.128.0/18 subnet over the last few hours.
This means we no longer will have the limitations that CGN brings for peer-to-peer connections or otherwise being able to run your own VPN server, etc.
Hello,
My SL has given me a public IPv4 IP address; I'm on the AS14593 so I lost IPv6, but seem to have a public IPv4 now.
I've forwarded a port (25566) from my RT-AC68U router to the server hosting minecraft...however, I'm unable to connect to it from outside my home network.
MC server is running fine...I can connect on the LAN using 25566, and when sniffing TCP traffic, I can see when I try to connect from the outside, but the connection times out.
Is Starlink blocking this traffic somehow?
Thanks!
I got good news here!
Recently my ISP has begun deploying MAP-T for all its customers, finally making IPv6 a first class citizen and IPv4 a second class one π
That sucks for people with 3rd party CPEs because it's not very well supported at all, but as this is a very big and well known company (Sky) becoming ISP I think the vendors will add support in the future if they don't want to miss a huge marketshare... for now I managed to get my hands on a OpenWRT supported router which works just fine (except for performance which is sub optimal but it's good enough)
This is very good news here in Italy, where basically none of the biggest ISPs support IPv6 except for one which delegates /64s via (crappy) 6rd tunnels.
Happy IPv6 to everyone!
https://preview.redd.it/kcv076bsacz71.png?width=1152&format=png&auto=webp&s=e8ad0f2dc73db2aecf653f601a77717e8f079c03
Hello,
I have a Dedicated server at Hetzner running Proxmox, now I have a problem.
My VMs don't have access to the internet, and I want to also have access to the VMs from the internet.
My goal is that the Host system (Dedicated server) and all VMs share the same IPv4, as I only have one ATM.
I already tried multiple things I found trough google searches, but they don't seem to get me there (The best they were doing is to lock me out (unreachable SSH and Proxmox GUI) so that I had to boot into the rescue system, mount the ZFS Raid, change the interfaces file back to the last working configuration, unmount the ZFS and then use the KVM command and VNC to import the ZFS raid into the Proxmox install and reboot).
My /etc/network/interfaces file looks like this (Host system works fine, only VMs are inaccessible and also can't access the internet).
https://preview.redd.it/uzqo6w55id781.png?width=665&format=png&auto=webp&s=fa37fad20d5df81cc7d30b49c697564269d5c3d3
Thanks in advance.
And merry Christmas!
EDIT:
I got it working, if anybody has the same problem this will probably be your solution:
auto lo
iface lo inet loopback
iface enp2s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 95.xxx.xx.xxx/26
gateway 95.xxx.xx.65
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.0.0.1/24
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr0/proxy_arp
post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.0.0.101:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.0.0.101:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.0.0.101:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.0.0.101:443
Enp2s0 is your physical interface.
95.xxx.xx.xxx/26 is your public IP.
95.xxx.xx.65 is the gateway provided by your host (in my case, Hetzner).
And the PREROUTING rules are kinda port forwarding the first p
... keep reading on reddit β‘Greetings,
I recently joined a mid-size company that has handful of public IPv4 addresses from two ISPs. I am thinking of getting us IPv4 addresses as we are planning to move to a new location and didn't want to get us tied to the ISPs. I wonder how to start the process and your suggestion on whether I should sweat to get us IPv4 addresses or not.
We have a hybrid network with presence in all three public cloud providers, and planning to go to SD-WAN soon.
Thanks,
Hi,
Is there a possibility to get IPV4 DNS Address for Additional Profiles? . I have a TV that I want to have on a separate profile than my router, and the only option is to use IPV4 DNS address (instead of IPV6, DNS Over TLS, DNS Over HTTPS).
Thank You!
My vlan1 is ipv6 stateless and a ping google.com pings the ipv6 address.My vlan51 is ipv6 stateful and a ping to google.com pings the ipv4 address, a ping to ipv6.google.com pings the ipv6 address correctly.
Not sure why my stateful setup does not prefer ipv6 over ipv4 on windows and ubuntu installs.
On my vlan 51 I had trouble using the link local ipv6 address to route traffic to the internet so I setup the fdda:bfe4:378:51::1 address on the router interface.
It would be nice if a ping to google.com assumed I wanted ipv6.
Hello k8s folks; I have been studying networking in k8s for a while and came to know about the latest improvement by having Dual-stack support in kubernetes.
While I'm well aware of the differences between IPv4 & IPv6, I came across a KubeCon keynote which had a comment that caught my interest. It read:
" Dual-stack Kubernetes is a terrible idea. You should focus on making "IPv6 only inside K8s" a reality while providing tools/addons to interop with the outside IPv4 world. "
As per my understanding, use of both IPv4 and IPv6 should be an advantage over having only one, but here it speaks of focusing on IPv6. Can anyone please explain?
It says Redirect A records via IPv6 resolver and vice versa., not sure what that means. Could you explain what it does?
It's a profile option, you can see it when editing the default profile for example.
I currently have an iPhone 11 Pro on iOS 15.2 and a MacBook Air M1 on macOS Monterey 12.1 but Iβve noticed this issue throughout the years with various iPhone, Mac and iOS/macOS versions.
Iβm able to connect to my iPhoneβs Personal Hotspot and get on the IPv6 Internet fine. But my computer isnβt given any sort of IPv4 address. Resolving IPv4-only host names with DNS works flawlessly, but without IPv4 Iβm unable to actually connect to those servers.
I run a handful of websites and always make sure to enable IPv6 on them. More specifically, today I opened up my computer to pull some code from GitHub and push a branch to one of my servers. The problem is I canβt connect to GitHub without IPv4.
Is anyone aware of what UNIX package(s) if any the iPhone uses for this? As the problem seems to occur regardless of iPhone, Mac, iOS/macOS and even carrier it doesnβt seem like Apple is ever going to fix this.
carrying on from here
next get 0.0.140.0
