For a home network or a small office, what is the best practice for
using ULA in parallel with the prefix from an ISP?

Consider the following:

- router (OpenWRT or Debian) receives prefix delegation from ISP and
shares it, and also a ULA prefix, over the LAN with DHCPv6

- there is a small server or NAS running Debian on the LAN

- the router is also the local DNS and it is synchronized with the
DHCPv6 leases (e.g. the default OpenWRT odhcpd/dnsmasq setup)

- the aim is that if either the router or server stop working,
everything else (e.g. local DNS, communication between other local
machines) keeps working using the ULA prefix. Example: if the router
stops working, the local workstations need to be able to resolve the
hostname of the server and contact it using the ULA addresses.


Looking around online, I've found various suggestions but nothing that
appears to be a complete and concise solution. For example, one blog
suggested using two ULA prefixes, one for devices with static addresses
(the server) and another for devices with dynamic addresses (e.g.
workstations, laptops). It appeared a bit overcomplicated and didn't
cover the DNS.

An easy solution might involve putting static addresses on everything
and putting the server's ULA address in every hosts file but it would be
nice to find a solution that is entirely dynamic with only the router
and server having any static configuration entries.

Which solution would be suggested for synchronizing the DHCPv6 leases
and DNS entries between both router and server? OpenWRT ships odhcpd
and dnsmasq, Debian has the ISC equivalents as well. Which solutions
are people using?

Regards,

Daniel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, May 13, 2017 at 09:34:28AM +0200, Daniel Pocock wrote:

- the aim is that if either the router or server stop working,
everything else (e.g. local DNS, communication between other local
machines) keeps working using the ULA prefix. Example: if the router
stops working, the local workstations need to be able to resolve the
hostname of the server and contact it using the ULA addresses.

To a first approximation, it sounds like what you really want
is multicast DNS, aka ZeroConf.

Or, in another direction, perhaps you want a failover DHCP and
DNS setup.

(And you can do both if you feel like it.)

If you do mDNS, every host will need to support it in order to
be reachable. They each act as a tiny DNS server, listening to
the multicast address in order to supply their own records (A,
AAAA, CNAME, whatever) and querying the multicast address for
either service discovery of a DNS server or the answer for their
request.

Failover DHCP is relatively easy, although less resilient
because you only need to disable all the participants to stop
your address assignment. Redundant DNS servers are nearly
trivial.

At home, I run failover DHCP and redundant DNS with my router
and my main server as the participants, both being Debian boxes.
I'm looking into mDNS, but only half-heartedly.

-dsr-

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Daniel Pocock <daniel@pocock.pro> wrote:
> For a home network or a small office, what is the best practice for
> using ULA in parallel with the prefix from an ISP?

> Consider the following:

> - router (OpenWRT or Debian) receives prefix delegation from ISP and
> shares it, and also a ULA prefix, over the LAN with DHCPv6

> - there is a small server or NAS running Debian on the LAN

So, this is all outlined in RFC7084 (replacing RFC6204), and post-CC OpenWRT/LEDE do a very good job of doing exactly what you describe.

Also, the HOMENET WG has done work to make this work when you have multiple uplinks, and multiple routers with-in the "home", and do this in a zerotouch way.

There are many opportunities to contribute to this effort.

--
] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlkYxysACgkQgItw+93Q 3WWy7wf/VJuTqKYjCDEoakutGcd+jTngoV80MX1iXVV9yKviQ++PKqNiHi2pIXZK YJJYZOfAIcKQO24QfZGSVB4UevaZLcCLLjO0OdYDQUdNnR7yqN6yn8ShpkgPBYVa GPbYSlofMZbGr0fSadTvbDbBLWHcgF+W26NocZXvWTsrbBq4DL+B0iijObG2JjhU bRXlARd2swtfKO2LC3w0ZED8JdUbm7WPgsN2a7sRV7Sgl3j+2nE5BM+yDTfKhIro SP5WSRveOmnWfVtHaPZSNDMhoLsb8KxaXrn+ShA5iobn4SG8Ja2NZkQuROe1xx+T DG61S4UcECUk1nBe/egDa8mzQSTnLg==
=M5+7
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wOBOVNdp7Qe4JPOjuPvhHA9CCmpnIuP6O
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

With dhcpy6d you can hand out multiple addresses to your clients -
static ULAs and random GUAs for example. DNS synchronisation works well
with ISC Bind.

See https://dhcpy6d.ifw-dresden.de for details.

Regards


--
Henri Wahl

IT Department
Leibniz-Institut fuer Festkoerper- u.
Werkstoffforschung Dresden

tel: +49 (3 51) 46 59 - 797
email: h.wahl@ifw-dresden.de
https://www.ifw-dresden.de

Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de

DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de

S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem
PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc

IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Manfred Hennecke, Dr. Doreen Kirmse


--wOBOVNdp7Qe4JPOjuPvhHA9CCmpnIuP6O--

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF0EARECAB0FAlkWwwEWHGgud2FobEBpZnctZHJlc2Rlbi5kZQAKCRCeZvc2H7oJ QnE8AJ4wze6E5beFF6PHkvTNG3IZY4OGTgCffsASDbds8qyJiRlRuXwtnaJo/Co=
=lSV5
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14/05/17 23:07, Michael Richardson wrote:

Daniel Pocock <daniel@pocock.pro> wrote:

For a home network or a small office, what is the best practice
for using ULA in parallel with the prefix from an ISP?

Consider the following:

- router (OpenWRT or Debian) receives prefix delegation from ISP
and shares it, and also a ULA prefix, over the LAN with DHCPv6

- there is a small server or NAS running Debian on the LAN

So, this is all outlined in RFC7084 (replacing RFC6204), and
post-CC OpenWRT/LEDE do a very good job of doing exactly what you
describe.

Also, the HOMENET WG has done work to make this work when you have
multiple uplinks, and multiple routers with-in the "home", and do
this in a zerotouch way.

There are many opportunities to contribute to this effort.

Is there any practical guide explaining what needs to be configured in
Debian to work with this if the router runs OpenWRT and the server is
Debian?

Regards,

Daniel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I just made a similar setup this week.

In my case I just used a router / firewall with NAT66 support.

I generated the ULA using one of the online ULA generators.

Then configured the firewall in NAT4 and NAT6. You can assign static addresses in the ULA subnet for the key hosts and let the more transient hosts just use the DHCPv4 and DHCPv6 or SLAAC.

Setup is working great so far for me.

Matthew Hall

On Jun 22, 2017, at 8:00 AM, Daniel Pocock <daniel@pocock.pro> wrote:

Is there any practical guide explaining what needs to be configured in
Debian to work with this if the router runs OpenWRT and the server is
Debian?

Regards,

Daniel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)