Using IPv6 and ULA for greater resilience

Discussion:

(too old to reply)

Daniel Pocock

2017-05-13 07:40:01 UTC

For a home network or a small office, what is the best practice for
using ULA in parallel with the prefix from an ISP?

Consider the following:

- router (OpenWRT or Debian) receives prefix delegation from ISP and
shares it, and also a ULA prefix, over the LAN with DHCPv6

- there is a small server or NAS running Debian on the LAN

- the router is also the local DNS and it is synchronized with the
DHCPv6 leases (e.g. the default OpenWRT odhcpd/dnsmasq setup)

- the aim is that if either the router or server stop working,
everything else (e.g. local DNS, communication between other local
machines) keeps working using the ULA prefix. Example: if the router
stops working, the local workstations need to be able to resolve the
hostname of the server and contact it using the ULA addresses.

Looking around online, I've found various suggestions but nothing that
appears to be a complete and concise solution. For example, one blog
suggested using two ULA prefixes, one for devices with static addresses
(the server) and another for devices with dynamic addresses (e.g.
workstations, laptops). It appeared a bit overcomplicated and didn't
cover the DNS.

An easy solution might involve putting static addresses on everything
and putting the server's ULA address in every hosts file but it would be
nice to find a solution that is entirely dynamic with only the router
and server having any static configuration entries.

Which solution would be suggested for synchronizing the DHCPv6 leases
and DNS entries between both router and server? OpenWRT ships odhcpd
and dnsmasq, Debian has the ISC equivalents as well. Which solutions
are people using?

Regards,

Daniel

Henri Wahl

2017-05-13 08:40:01 UTC

Permalink

With dhcpy6d you can hand out multiple addresses to your clients -
static ULAs and random GUAs for example. DNS synchronisation works well
with ISC Bind.

See https://dhcpy6d.ifw-dresden.de for details.

Regards
--
Henri Wahl

IT Department
Leibniz-Institut fuer Festkoerper- u.
Werkstoffforschung Dresden

tel: +49 (3 51) 46 59 - 797
email: ***@ifw-dresden.de
https://www.ifw-dresden.de

Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de

DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de

S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem
PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc

IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Manfred Hennecke, Dr. Doreen Kirmse

Dan Ritter

2017-05-13 12:00:02 UTC

Permalink

Post by Daniel Pocock
- the aim is that if either the router or server stop working,
everything else (e.g. local DNS, communication between other local
machines) keeps working using the ULA prefix. Example: if the router
stops working, the local workstations need to be able to resolve the
hostname of the server and contact it using the ULA addresses.

To a first approximation, it sounds like what you really want
is multicast DNS, aka ZeroConf.

Or, in another direction, perhaps you want a failover DHCP and
DNS setup.

(And you can do both if you feel like it.)

If you do mDNS, every host will need to support it in order to
be reachable. They each act as a tiny DNS server, listening to
the multicast address in order to supply their own records (A,
AAAA, CNAME, whatever) and querying the multicast address for
either service discovery of a DNS server or the answer for their
request.

Failover DHCP is relatively easy, although less resilient
because you only need to disable all the participants to stop
your address assignment. Redundant DNS servers are nearly
trivial.

At home, I run failover DHCP and redundant DNS with my router
and my main server as the participants, both being Debian boxes.
I'm looking into mDNS, but only half-heartedly.

-dsr-

Michael Richardson

2017-05-14 21:20:01 UTC

Permalink

Post by Daniel Pocock
For a home network or a small office, what is the best practice for
using ULA in parallel with the prefix from an ISP?
- router (OpenWRT or Debian) receives prefix delegation from ISP and
shares it, and also a ULA prefix, over the LAN with DHCPv6
- there is a small server or NAS running Debian on the LAN

So, this is all outlined in RFC7084 (replacing RFC6204), and post-CC
OpenWRT/LEDE do a very good job of doing exactly what you describe.

Also, the HOMENET WG has done work to make this work when you have multiple
uplinks, and multiple routers with-in the "home", and do this in a zerotouch
way.

There are many opportunities to contribute to this effort.

--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] ***@sandelman.ca http://www.sandelman.ca/ | ruby on rails [

Daniel Pocock

2017-06-22 15:10:03 UTC

Permalink

Post by Michael Richardson

Post by Daniel Pocock
For a home network or a small office, what is the best practice
for using ULA in parallel with the prefix from an ISP?
- router (OpenWRT or Debian) receives prefix delegation from ISP
and shares it, and also a ULA prefix, over the LAN with DHCPv6
- there is a small server or NAS running Debian on the LAN

Is there any practical guide explaining what needs to be configured in
Debian to work with this if the router runs OpenWRT and the server is
Debian?

Regards,

Daniel

Matthew Hall

2017-06-22 18:20:02 UTC

Permalink

I just made a similar setup this week.

In my case I just used a router / firewall with NAT66 support.

I generated the ULA using one of the online ULA generators.

Then configured the firewall in NAT4 and NAT6. You can assign static addresses in the ULA subnet for the key hosts and let the more transient hosts just use the DHCPv4 and DHCPv6 or SLAAC.

Setup is working great so far for me.

Matthew Hall

Post by Daniel Pocock
Is there any practical guide explaining what needs to be configured in
Debian to work with this if the router runs OpenWRT and the server is
Debian?
Regards,
Daniel