Check out this blog post on the j2blog. Be sure and subscribe over there.
Categories
Tag: ipv6
Categories
Vultr, Mikrotik and IPV6
Categories
Packet Pushers – IPV6 address Planning
Categories
IPV6 point-to-point subnets
Become a Patron to see this content
Unlock with Patreon
Categories
Basic IPV6 Mikrotik Firewall
Below is a basic IPV6 firewall fillter for your Mikrotik CPE devices. This is a good start for customer-facing CPE.
/ipv6 firewall filter add chain=forward comment="allow forwarding established, related" connection state=established,related add chain=forward comment="allow forward lan->wan" in-interface=lan out-interface=wan add chain=forward comment="allow ICMPv6 forwarding" in-interface=wan protocol=icmpv6 add action=reject chain=forward comment="reject every other forwarding request" reject-with=icmp-port-unreachable add chain=input comment="accept established, related" connection-state=established,related add chain=input comment="allow ICMPv6" in-interface=wan protocol=icmpv6 add chain=input comment="allow DHCPv6 renew" dst-address=fc00::/6 dst-port=546 in-interface=wan protocol=udp src-address=fc00::/6 add chain=input comment="allow lan" in-interface=lan add action=reject chain=input comment="reject everything else" reject-with=icmp-port-unreachable
Categories
IPV6 Firewall rules for Mikrotik
Some basic IPV6 Firewall Rules for Mikrotik. Replace in-interface=”” with your appropriate interface.
/ipv6 firewall filter
add chain=input protocol=icmpv6
add chain=input connection-state=established,related
add chain=input dst-port=546 in-interface=ether1-wan protocol=udp src-port=547
add action=drop chain=input connection-state=invalid
add action=drop chain=input connection-state=new in-interface=ether1-wan
add chain=forward protocol=icmpv6
add chain=forward connection-state=established,related
add chain=forward connection-state=new in-interface=!ether1-wan
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-state=new in-interface=ether1-wan
Categories
Interesting Mikrotik GUI behavior
While bringing up a BGP session for a client I kept trying to add our side of a /126. It kept reverting to the network address. The video shows what happens when I tried to add ::12/126 to the IPV6 addresses.
After some second-guessing and then some Facebook chatting I decided to do a terminal /ipv6 address print. Sure enough the proper IP shows up. Must be a GUI bug.
Categories
Netflix, IPv6, and queing
While trying to get my Playstation to download the latest “No Man’s Sky” download quicker I figured I would share a little torch action. This is showing my wife’s Ipad talking to Netflix while she is watching a streaming TV show. Keep in mind this is just an Ipad, not some 4k TV.
Some things to note as you watch this (no sound).
1.Uncapped the connection bursts to 50-60+ megs.
2.The slower your que the connection the more time it spends downloading data. At slower ques the bursts last longer.
3.If you are handing out IPv6 to customers you should be queing them as well.
Just something to quick and dirty to keep in mind.
Categories
Arin announces new fee schedule
https://www.arin.net/fees/2016_fee_schedule.html
| Service Category | Fee | IPv4 Block Size | IPv6 Block Size |
|---|---|---|---|
| 3X-Small * | $250 | /24 or smaller | /40 or smaller |
| 2X-Small | $500 | Larger than /24, up to and including /22 |
Larger than /40, up to and including /36 |
| X-Small | $1,000 | Larger than /22, up to and including /20 |
Larger than /36, up to and including /32 |
| Small | $2,000 | Larger than /20, up to and including /18 |
Larger than /32, up to and including /28 |
| Medium | $4,000 | Larger than /18, up to and including /16 |
Larger than /28, up to and including /24 |
| Large | $8,000 | Larger than /16, up to and including /14 |
Larger than /24, up to and including /20 |
| X-Large | $16,000 | Larger than /14, up to and including /12 |
Larger than /20, up to and including /16 |
| 2X-Large | $32,000 | Larger than /12, up to and including /10 |
Larger than /16, up to and including /12 |
| 3X-Large | $64,000 | Larger than /10, up to and including /8 |
Larger than /12, up to and including /8 |
| 4X-Large | $128,000 | Larger than /8, up to and including /6 |
Larger than /8, up to and including /4 |
| 5X-Large | $256,000 | Larger than /6 | Larger than /4 |
Categories
Mac GeekLet for Network Info
As a network person running a Mac I find it hand to know what IP my various connections have, in addition to some other info. In order to do this, I use a program called Geektool . Once you have GeekTool up and going you can add the following code into a new Geeklet.
!/bin/bash
varSSID1=`system_profiler SPAirPortDataType | grep -A 2 -e "Current Network Information:" | tr '\n' ' ' | tr ':' ' ' | awk '{print $4}'`
varCHAN1=`system_profiler SPAirPortDataType | grep -e "Channel: " | awk '{print $2}'`
varEXTERNAL1=`curl --connect-timeout 5 -s http://checkip.dyndns.org/ | grep "Current IP Address" | awk '{print $6}' | cut -f 1 -d "<"`
varEXTERNALv6=`curl --connect-timeout 5 -s http://checkipv6.dyndns.org/ | grep "Current IP Address" | awk '{print $6}' | cut -f 1 -d "<"`
varWIRED1=`ifconfig en0 | grep "inet " | grep -v 127.0.0.1 | awk '{print $2}'`
varWIREDv6=`ifconfig en0 | grep "inet6 " | grep -v 127.0.0.1 | awk '{print $2}'`
varWIRELESS1=`ifconfig en1 | grep "inet " | grep -v 127.0.0.1 | awk '{print $2}'`
varWIRELESSv6=`ifconfig en1 | grep "inet6 " | grep -v 127.0.0.1 | awk '{print $2}'`
varSSL1=`ifconfig jnc0 | grep "inet " | grep -v 127.0.0.1 | awk '{print $2}'`
if [ “$varEXTERNAL1” != “” ]
then
echo “External : $varEXTERNAL1”
else
echo “External : INACTIVE”
fi
if [ “$varEXTERNALv6” != “” ]
then
echo “External : $varEXTERNALv6”
else
echo “External : INACTIVE”
fi
if [ “$varWIRED1” != “” ]
then
echo “Wired : $varWIRED1”
else
echo “Wired : INACTIVE”
fi
if [ “$varWIREDv6” != “” ]
then
echo “WiredV6 : $varWIREDv6”
else
echo “WiredV6 : INACTIVE”
fi
if [ “$varWIRELESS1” != “” ]
then
echo “AirPort : $varWIRELESS1 SSID: $varSSID1”
else
echo “Airport : INACTIVE”
fi
if [ “$varWIRELESSv6” != “” ]
then
echo “AirPortV6 : $varWIRELESSv6”
else
echo “AirportV6 : INACTIVE”
fi
As you can see in the above screenshot it displays IP addresses (both IPv4 IPv6),external IP, and the Wireless SSID.
You must be logged in to post a comment.