Constructing an IPv6-enabled home network to be proud of!
Embarking on the IPv6 Learning Path
Training is typically one of the early phases of an IPv6 adoption project. Everyone learning a new technology has to start somewhere and that typically means cracking open a book on the topic or leveraging an Internet search. Virtually all people in the IT department will need to learn about IPv6 to some extent. Some people may attend classes, or some may prefer the self-paced online learning approach. Regardless of whether you prefer MOOCs, an in-person class/conference, or the feel of a hard-bound book and a comfortable chair, the important part is to not delay your IPv6 journey.
Building Your Lab
You might enjoy reading Rick Graziani’s book “IPv6 Fundamentals” and it will teach you a lot about the protocol. However, there is a significant step between doing some initial learning about IPv6 and being ready to deploy IPv6 in production. Obtaining some hands-on experience really complements book-learning. Therefore, having an IPv6 proof-of-concept lab you can learn with is valuable. Some might want to start with some simple GNS3 router simulations or buy Cisco’s Virtual Internet Routing Lab (VIRL) to jump start their learning. Even assembling a set of Raspberry Pis or laptops may help get you started. Regardless, you wouldn’t just want to start to make IPv6 configurations on production devices, services, and software without having some hands-on experience with IPv6.
If your company does not provide any lab resources or IPv6 connectivity, then you might want to start learning about IPv6 in your home environment. Working to achieve IPv6 Internet access at your home is a great way to gain hands-on practical learning with IPv6. Striving for this measureable and realistic goal will keep you motivated and doing this activity at home will be convenient and require very little, if any, money. Jeff Carrell has shared his guidance on how to assemble a functional IPv6 home lab environment and he has even taught classes and workshops on this topic to help people get going. Furthermore, at the end of this endeavor, you will enjoy the benefits of possessing dual-protocol Internet connectivity.
IPv6 Internet Connectivity
The first step in this home networking endeavor is to evaluate your current upstream Internet connectivity. You will quickly discover if your ISP has IPv6-enabled Internet services. You might be lucky enough to have Comcast IPv6 service and pleasantly discover that they already have IPv6 ready for you. Obtaining dual-protocol Internet connectivity should not be a problem for you if you subscribe to Verizon FiOS, AT&T U-verse, or any one of many other IPv6-capable broadband Internet providers. However, if your service provider is lacking IPv6 service details on their web site, it might just be a matter of getting connected to the right customer service representative or network engineer to enable IPv6 connectivity.
If your current ISP lacks any form of IPv6 connectivity (rare in 2016), you can use a tunnel between your home equipment and a tunnel service connected to the IPv6 Internet. Tunnel brokers (RFC 3053) are organizations that provide, often for free, a manually or dynamically configured tunnel that encapsulates your IPv6 packets within IPv4 packets. The IPv6 packets at your home are encapsulated into IPv4 packets and sent across the IPv4-only ISP network to the tunnel broker service. When those packets reach the tunnel broker, they are decapsulated and the IPv6 packets are forwarded to the IPv6 Internet. This method can use a traditional GRE tunnel, an IPv4 protocol 41 tunnel, or might leverage the Tunnel Setup Protocol (TSP) (RFC 5572). Examples of tunnel services include: Hurricane Electric (HE.net), Freenet6 (from GoGo6), and XS26.
Upgrade Your Kit
Even if you have IPv6-capable upstream Internet connectivity, your modem and hardware may be older and unable to support IPv6. Sometimes you can simply upgrade the firmware on a router and it might gain some IPv6 capabilities. Other times you may need to forklift upgrade (albeit a small forklift) your DSL or Cable Modem or router. When it comes to upgrading your router, you might also want to upgrade to a wireless router that supports IEEE 802.11ac. Today, many of the higher-end consumer-grade routers that support 802.11ac also have solid IPv6 features.
Now that you have your network equipment upgraded and you are assured that your upstream connectivity support IPv6, you can connect it all together, power it on, and discovery if you have obtained a global IPv6 address. Your home router will receive an ICMPv6 Router Advertisement (RA) message from the upstream ISP network indicating that your CPE should proceed to use DHCPv6 to obtain its single external IPv6 address. The ISP likely operates a high-availability DHCPv6 service that receives the DHCPv6 Solicit messages from subscribers CPE and then determines the IPv6 addresses to allocate. After that step is complete, your CPE will also send a subsequent DHCPv6 Prefix Delegation (PD) (RFC 3633) request to obtain an IPv6 prefix (typically a /64) to be used for the internal home LAN. It is important to remember that this IPv6 address block is Provider Assigned (PA) and not Provider Independent (PI) and thus, non-portable between ISPs. If you switch ISPs, then you will need to renumber any statically-assigned systems. However, the new ISP will provide you a new IPv6 prefix from their block and the dynamically-assigned systems in your house should transition smoothly to the new address space.
When you reach this stage, your internal home network will likely use a single flat /64 IPv6 global prefix for the home LAN. Unlike IPv4, your home router will not need to perform NAT on the IPv6 packets flowing in the outbound direction. The internal home LAN devices will use the global (i.e. public) IPv6 addresses that the service provider allocated to your home as the source addresses for the outbound connections. It may be difficult for some people to trust a router without NAT, but it is not needed for IPv6 (see RFC 4864, Local Network Protection for IPv6). The return traffic will return to the home CPE device, which should statefully track those connections. It is the statefulness of the connections flowing through the CPE that provides security and that CPE should prevent unauthorized externally-originated connections. The IETF RFC 6092, Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Resident..., often referred to as “Simple Security” provides the recommendations for a home CPE device that operates securely. Vendors that support RFC 6092 should be preferentially purchased over those that lack IPv6 security features.
Going Big & Going Home
It is ski season in the Rocky Mountains and you can often hear the words “Go Big or Go Home” uttered while standing on the lip of the cornice above the mountainside. However, when it comes to IPv6 home networking, it is possible to do both simultaneously. When you are building out a more complex home network, IPv6 can scale. If you want to “take it to the next level” and really build the ultimate dual-protocol Internet “man-cave” or “she-shed”, then you will need to have a home network that scales beyond a single LAN with a /64 prefix. There are a couple of solutions if you want to receive a larger block of IPv6 addresses from your service provider.
You could obtain a larger allocation from your current residential broadband ISP by simply calling technical support and asking. You might be able to receive a statically-assigned /60, /56 or even /48 prefix for use within your home. (See RFC 6177/BCP 157)
One option would be to upgrade to a business-class broadband Internet connection. This will typically have a more expensive monthly service price, but many service providers will then allocate you a single /48 global prefix to use at your location.
The drawback to having a bigger topology is that you need to have networking equipment in your home that is capable of dynamic routing and forwarding traffic across multiple LANs, VLANs, each with its own /64 prefix network. However, if you want to construct a home lab and really get into learning IPv6, this is something that you will likely need to have experience with when you help your company transition to IPv6.
Larger and Simpler Home Networks
There are emerging options for those who have larger home networks, but still desire simplicity of configuration. Many residential subscribers would certainly want to avoid configuring network devices manually as well as configuring dynamic routing protocols. Many people in IT end up acting as IT tech support for their families when they go home and may prefer simpler technology options for their less-technically-inclined family members. Imagine trying to explain to a parent or grandparent how to configure an IPv6 dynamic routing protocol like OSPFv3 or MP-BGP!
The IETF has formed a Homenet working group to determine how to scale home networks without requiring the resident to have a CCIE-equivalent certification to establish connectivity. This Homenet working group has published “IPv6 Home Networking Architecture Principles” (RFC 7368) that describes the challenges with large home networks and IPv6. Jari Arkko and Mark Townsley created a presentation titled “Thoughts on Home Networking Architecture” for IETF 81 that covers some of these issues for larger IPv6 home networks. This work was a precursor to RFC 7368). Mark Townsley also delivered a presentation titled “Routing IPv6 in the Homenet” for APNIC 36, and again at RIPE 67, that covered the issues and possible solutions.
The process of dynamically and automatically determining which /64 prefix within a /56 prefix to allocate to the various home networks can be complex and difficult for most subscribers. The Homenet working group also published “Distributed Prefix Assignment Algorithm” (RFC 7695) that describes the methods that a larger IPv6 prefix will be divided up for the various internal home networks, each with a single /64.
Once the /64 prefixes are allocated to the various LAN segments within the home, routing will need to take place to facilitate reachability between the different networks within the home and externally to the Internet. Using OSPFv3, IS-IS, or MP-BGP would likely be too difficult for most subscribers to manage on their own.
Options for using a self-configuring dynamic routing protocol, take a page from the IoT and mesh networking fields as well as traditional IP routing protocols. Examples of these types of routing protocols that might be suitable for home networks include use of OSPFv3 (zOSPF). Another example of an IoT routing protocol that could be used in Homenet situations would be “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks” (RFC 6550).
There are many resources available to those who want to learn about IPv6 and start to experiment with systems, network devices, and software that uses IPv6. There are free and low-cost options to build up your IPv6 lab and you can do much of this at your home. Establishing IPv6 connectivity to your home requires some newer CPE and an IPv6-capable ISP, but each year those become more readily available. It is becoming easier to receive a single global /64 prefix on your home LAN. There are options for creating a larger IPv6 lab environment, but those become more costly and require more of a time commitment. Someday, the work the IETF and CableLabs will make larger home networking simpler. However, today those activities are still in the research stages. For those who want to create larger home networks, more networking expertise to make it functional may be necessary. But if your goal is to learn about multi-subnet IPv6 routing and prepare yourself for an eventual deployment in production, this self-paced learning will pay dividends and make the company deployment go much more smoothly.