Hi all, just wondering if anyone has implemented any IPv6? We are faced with the lack of public IPv4 from our bandwidth supplier as we assign a public IP to our customer device. We have done this so we can easily know if any customers are doing anything they should not be doing and if the authorities come a knocking. Our supplier offers IPv6 addresses but not sure if we can implement this with epmp… any advice/insight?
If your ePMP radios are set up in bridge mode then its just L2 so there is nothing specific you need to do for IPv6. If you are using the ePMP SM as a router, then I can’t advise as I haven’t tried that before. I have used IPv6 from routers over ePMP L2 network with no issues in terms of actual IPv6 delegation.
Just re-read this.
I reckon this would need to be handled via radius db or external DB. PPPoE or Dotx etc… Basically if IPv6 addresses are handed out you need to know which user it was handed out to at that time if you are asked to do so by the authorities. I haven’t needed to do this, but you’re right, its around the corner.
could you tell me a couple of words about your connection schema and routing?
For sure IPv6 stands for simplifying connection schema and avoid NAT usage.
So as it was said if you assign IPv6 to your customer you can use SM in bridge mode. There is nothing special.
I suggest to wait for stable 4.7.0. It will have a bunch of improvements and bug fixes regarding IPv6. Also proper acceleration in NSS. It is related to all protocols working over IPv6.
From my ePMP support experience IPv6 is still not common for WISPs around the world. So I would like to stay in touch and keep an eye on your IPv6 implementation process.
when is epmp going to be ipv6 addressable? Deploying ipv6 to the customer is fine and all but the hardware we use should be able to be addressed in IPv6 as well.
I’m curious who wants to implement ipv6 for radio management purposes? Why? What problem(s) does ipv6 solve in this regard?
I’m all ears. I don’t get why anyone would want publicly-addressable space assigned to radios, but that is my biggest issue with the idea.
how about being able to just use one protocol stack which means more cpu cycles for dealing with customer traffic. One protocol stack also means that you only need to do your configs once and not twice (ipv4 and ipv6 are configured separately for everything) and reducing management overhead by only keeping track of one set of addresses.
IPv6 addresses are not all routable, proper network planning and security implementation will prevent management traffic from being leaked to the world.
Now tell me why I should not want a homogeneous address protocol stack?
Yes, I use IPv6, but not for clients’ networks, that’s not common for our place.
I use NDP and SLAAC- based IPv6 to get control of ePMPs only.
So I don’t need to DNAT ports to local IPv4 addresses, don’t see any scans and can protect my devices by firewal allowing only my special IPv6 prefix to get in.
@iBound thank you for your reply. Basically we have private IPv4 addresses dhcp server handed out to our customers device, ie router, our epmp radios as well. Then we are just 1:1 NATing the private IPv4 address to a public IPv4 address, which are hard to come by, so that if I get a letter or contacted by authorities stating IP address X has been doing such and such then I can cross reference with customer database and we have fulfilled our obligation… Currently using Mikrotik routers, which supports IPv6 but if there is a solution to continue in our current setup, I would be happy lol.
Yeah IPv6 is the tricky one to implement outside of AAA server that hands out IPv6 from its own pool. Hypothetically, if you did authenticate your users then the info would be in the session DB. Would require bespoke Freeradius scripting… When users authenticate, write that IP to another table. Then all you do is see when the IP was last handed out and that time would be any time between when (or if) another customer gets the same IP. You’d need to track dual-stack as well because I don’t think IPv6 to IPv4 NAT’ing is possible or widely supported.
EAP-TTLS from Freeradius and a SQL database does this already, the IP address can be statically assigned using AV pairs or you can use AV pairs to set the correct DHCP server to contact and use the lease logs to provide traceability. Freeradius also logs the transactions and this can easily be scripted to be parsed into a traceability log. Nothing really bespoke as this functionality is already in Freeradius 3.0 and newer.