Page 1 of 1
Ipv4 and ipv6
Posted: Thu Oct 06, 2016 8:12 pm
by ProCon
Hello
I was wondering if it was possible to have a private ipv4 network and issue public ipv6 addresses.
Sent from my HTC6535LVW using Tapatalk
Re: Ipv4 and ipv6
Posted: Thu Oct 06, 2016 9:31 pm
by savage
Seeing that there's pretty much no such thing as "private" IPv6 addresses, yes... IPv4 numbering has nothing to do with IPv6 numbering.
Re: Ipv4 and ipv6
Posted: Thu Oct 06, 2016 9:36 pm
by ZeroByte
Even though they're both named 'IP' - they're pretty much parallel universes. You could even have a single LAN with two routers - one is IPv4 only and one is IPv6 only. The two topologies don't have to mirror each other at all. (although it makes sense to keep them close to the same, obviously)
Re: RE: Re: Ipv4 and ipv6
Posted: Thu Oct 06, 2016 10:07 pm
by ProCon
Even though they're both named 'IP' - they're pretty much parallel universes. You could even have a single LAN with two routers - one is IPv4 only and one is IPv6 only. The two topologies don't have to mirror each other at all. (although it makes sense to keep them close to the same, obviously)
So,
Is there any way to connect the two. Currently we have a private 10.1.1.x range and would like to issue public ipv6 addresses to certain items in the network. Is that possible or do I need to make it a complete ipv6 network to do so?
Sent from my HTC6535LVW using Tapatalk
Re: Ipv4 and ipv6
Posted: Thu Oct 06, 2016 10:16 pm
by ZeroByte
You can easily put both protocols onto the same devices at the same time - this is called "dual stack."
When I say they can't connect, what I mean is that there's no general-purpose way to make a v4-only host knowingly communicate directly with a v6-only host.
A dual-stack host can talk to another dual-stack host on either protocol w/o any trouble at all.
A dual-stack host can talk to a v4-only host using v4, and a v6-only host using v6.
Sorry if I confused you - I was just trying to illustrate that IPv6 is independent of IPv4.
The practical side is that many services (e.g. YouTube) have both IPv4 and IPV6 addresses you can connect to in order to access their service.
The client decides which protocol it wants to use by the way it asks for DNS records.
It can ask for the AAAA address of youtube.com, which returns: 2607:f8b0:4002:c09::5b
It can ask for the A address of youtube.com, which returns: 74.125.138.91 , 74.125.138.93 , 74.125.138.190 , 74.125.138.136
Or it can ask for both of the above and use either/or.
Now on the other hand, if you ask for cnn.com AAAA, you get NXDOMAIN --- in other words, CNN does not offer their service via IPv6. A dual-stacked host would simply ask for the A record, and connect to 157.166.226.26 - while a v6-only host could not connect to CNN at all. (without some form of gateway that can silently make and return the IPv4 request on behalf of the v6-only host)
Re: RE: Re: Ipv4 and ipv6
Posted: Thu Oct 06, 2016 10:22 pm
by ProCon
You can easily put both protocols onto the same devices at the same time - this is called "dual stack."
When I say they can't connect, what I mean is that there's no general-purpose way to make a v4-only host knowingly communicate directly with a v6-only host.
A dual-stack host can talk to another dual-stack host on either protocol w/o any trouble at all.
A dual-stack host can talk to a v4-only host using v4, and a v6-only host using v6.
Sorry if I confused you - I was just trying to illustrate that IPv6 is independent of IPv4.
The practical side is that many services (e.g. YouTube) have both IPv4 and IPV6 addresses you can connect to in order to access their service.
The client decides which protocol it wants to use by the way it asks for DNS records.
It can ask for the AAAA address of youtube.com, which returns: 2607:f8b0:4002:c09::5b
It can ask for the A address of youtube.com, which returns: 74.125.138.91 , 74.125.138.93 , 74.125.138.190 , 74.125.138.136
Or it can ask for both of the above and use either/or.
Now on the other hand, if you ask for cnn.com AAAA, you get NXDOMAIN --- in other words, CNN does not offer their service via IPv6. A dual-stacked host would simply ask for the A record, and connect to 157.166.226.26 - while a v6-only host could not connect to CNN at all. (without some form of gateway that can silently make and return the IPv4 request on behalf of the v6-only host)
Alright thank you so much for that explanation. Let's say I have a mikrotik as my gateway which currently has public ipv6 and a public ipv4. And let's say I have a device on my network that is addressed as 10.1.1.233. Is there a way to make my mikrotik hand that device an ipv6 address and keep the rest of my network ipv4?
Sent from my HTC6535LVW using Tapatalk
Re: Ipv4 and ipv6
Posted: Thu Oct 06, 2016 10:36 pm
by ZeroByte
Yep. Just put IPv6 on it, and then only enable IPv6 on the client devices you want speaking IPv6.
Be sure to configure your IPv6 firewall rules because as your first post mentions - the addresses are now all public, so you need to make sure to have some protection in place.
Re: RE: Re: Ipv4 and ipv6
Posted: Mon Oct 10, 2016 2:38 pm
by ProCon
Yep. Just put IPv6 on it, and then only enable IPv6 on the client devices you want speaking IPv6.
Be sure to configure your IPv6 firewall rules because as your first post mentions - the addresses are now all public, so you need to make sure to have some protection in place.
ZeroByte thank you.
So if I had a ipv6 network with ipv6 public ips. Would that mean clients that have an IPv4 like CNN I wouldn't be able to connect or OT would still interpret ipv4s a record?
Sent from my HTC6535LVW using Tapatalk
Re: RE: Re: Ipv4 and ipv6
Posted: Mon Oct 10, 2016 4:22 pm
by ZeroByte
So if I had a ipv6 network with ipv6 public ips. Would that mean clients that have an IPv4 like CNN I wouldn't be able to connect or OT would still interpret ipv4s a record?
The Mikrotik will have nothing to do with this. If your computer sends an IPv6 packet, the router will forward it according to its IPv6 configuration. If your computer sends an IPv4 packet, the router will forward it according to its IPv4 configuration.
A dual-stack host will do a dns lookup for cnn.com, which will only return an IPv4 address, so the dual-stack host will have no choice but to make an IPv4 connection. Note that it's the computers which choose the protocol - NOT the router. The router simply forwards packets, and when you enable IPv6 in your router, it basically now offers two choices for clients instead of just one. (Para espaƱol, marquez ocho.)
Routers _can_ play a part in interoperability - just not really Mikrotik since it doesn't support protocol translation nat (nat64) or dns64. (look those up if you're interested)
Mikrotik also does not have the ability to give you Internet access with a private IPv6 range internally (NAT66 / prefix translation).