| From: James Knott via talk <talk@gtalug.org> | On 07/02/2017 10:29 AM, D. Hugh Redelmeier via talk wrote: | > I'm not sure why I don't get IPv6 from Rogers. I intend to look into | > that -- probably I've misconfigured something on my gateway (a PC | > running CentOS 7; the cable modem is running in bridge mode). | | Call Rogers. IPv6 is available to everyone, but some modems may have to | be replaced. If you use a separate router, it has to support DHCPv6-PD, | as that's how the prefix is assigned. I use a refurb computer running | pfSense. I just assume that dhclient knows how to do this. But I'll have to look into it. My service is new (a month or two) and so my modem must be up to date. I'm just using it as a modem, not a router. Anyway, my starting point is seeing if my system is doing anything wrong before I ask Rogers | BTW, when I got a new modem, a little over a year ago, it was part of a | bundle that, while providing pretty much the same service, cost me about | $50 less per month. Rogers and Bell are or were in a competitive spasm. I get a gigabit internet and modest cable TV for $100/month on a two year contract. Bell offered a similar contract but there is no Fibre To The Home in my neighbourhood. Service is limited to VDSL2 at 50 megabits. The competition seemed to have lessened at the moment. Bell offers a 2 year contract with a good price for the first year. The ads are worded misleadingly so you won't notice that the second year is twice as expensive. In any case, neither Bell nor Rogers know how to route my IP addresses into my home so I have to use a third party ISP that uses Bell's last mile. (I want two connections but only one routes my IPs.) | > My IPv4 /24 is globally assigned. That's not going to happen with | > IPv6. | | Actually it does. I have no problem reaching computers on my LAN when | I'm elsewhere. With Rogers you can have a /64 to /56 all to yourself | and they are all globally unique and reachable from anywhere in the world. By "Globally assigned" I meant "Assigned to me directly by (the precursor to) ARIN". That makes it portable: I can keep the IP addresses when I move between service providers. Globally Routable addresses are now assigned by a process like feudalism: IANA gives addresses to RIPE, ARIN, etc. Internet companies on the backbone get addresses from RIPE, ARIN, etc (depending on their geographic location). ISPs get subassignments from their upstream providers. Apply this last rule recursively. So if you, an edge user, gets IP addresses, they are not yours but are merely loaned to you by upstream. If your system has multiple internet connections and your upstreams are willing to support this, perhaps you can get your own addresses assigned (and an ASN -- something I don't have). The smallest global assignment of IPv4 addresses is /24 (256 addresses). This is to reduce the size of the routing tables in core routers. They even grumble about /24 being too small and burdensome. I don't know about IPv6. | BTW, with the Rogers modem/routers in router mode, you only get a /64. | With a separate router, you can select any prefix size, between /64 | (2^64 addresses and /56 (2^72). I did not know that. | > I think that it is even worse that we don't use DNSSec. The security | > implications of not securing DNS seem enormous. | | As I understand it, that's coming. In another thread (possibly openSUSE | list) I was discussing SMTP ports. One person was claiming only port 25 | was required, with StartTLS, but due to security concerns, the move to | full TLS & DNSSec is recommended. Secure flows require encryption AND authentication. email mostly seems to travel over encrypted paths but the authentication appears to be dodgy. My nodes just have self-signed certificates and that seems to work. DNSSec could provide better authentication, with the right convention. There surely are such conventions but I'm not versed in them. But DNSSec is able to prevent all spoofing if DNS. Except by someone who can subvert the root. | Back in the early days, it wasn't hard to get multiple addresses. Do you mean /24 from ARIN or something smaller from your upstream? | addresses. Back in the dial up days, I originally had a static address, | but one of the reasons for ISPs moving to dynamic addresses was to free | them up, when someone disconnected. Having a static IP address for an intermittent connection wasn't too important. Broadband for the masses, from Bell and Rogers, was meant for consumers. Static IP addresses were used for price discrimination: organizations that wanted static IP addresses had to pay a lot more even though it cost Bell and Rogers almost nothing. Remember: since broadband connections were essentially always on, they always used one IP address.