S5E7: "SIT Tunnels? How Sixy!"

Posted 2020-05-25 23:59
Modified 2020-05-25 23:50
Comments 0

In this episode, we talk a LOT about IPv6 and, primarily, Hurricane Electric’s tunnelbroker service. We go off the rails/off-topic a LOT in this one, though. I think the ‘rona lockdowns are giving us all cabin fever.

• Just the Tip
• Notes
• 15 Clams
• Errata
• Music

Just the Tip

• GPG needs to use the right pinentry program!
  • In Debian and Ubuntu, you’ll want to use the Alternatives system like so.
  • But if you’re on something like Arch, you can do this instead.
    • This may not be sane on DEB systems.

Notes

Starts at 20m57s.

I was drinking water. Paden was drinking Carlos Serres Crianza. Jthan was drinking Busch.

• IPv6 and SIT tunneling!
  • Specifically, Hurricane Electric’s Tunnelbroker.net.
  • It allows you to have an IPv6 range allocation for an IPv4-only ISP connection.
  • Your router/firewall/etc. needs to be able to use Protocol 41.
  • It requires some manual setup, but I’m working on a script to automate things.
  • Paden asks two interesting questions about IPv6. I don’t offer any answers because I can’t gauge what’s going on in the minds of other people in either case.
    • “Why hasn’t IPv6 been pushed harder?”
    • “Why are some people so fanatic about it?”
  • Jthan notes about Nginx’s ipv6only directive in a listen block.
    • It was introduced in release 0.7.42, and is set to on by default since 1.3.4.
    • It specifically manages the IPV6_V6ONLY socket option, which is why it’s a boolean. I can’t recall why it’s on by default now though.
  • The statistics that Paden references can be found on the right-hand side on tunnelbroker.net.
  • I talk a bit about:
    • SLAAC (RFC 2462, RFC 4862, RFC 8064)
    • DHCPv6 (RFC 3315, RFC 3646, RFC 4649, RFC 8415)
    • Router Advertisements (“RAs”) (RFC 4861, RFC 5175, RFC 6104, RFC 7772)
      • Relevant to RAs, but I didn’t mention them, are DNSSL (RFC 6106, RFC 8106) and RDNSS (RFC 5006, RFC 6106, RFC 8106).
    • Privacy Extensions (RFC 4941)
  • IPv6 usable address space is huge. Huge.
  • Also in IPv6? There’s only a single loopback address, ::1 (RFC 4291 § 2.5.3).
  • Also in IPv6, there’s no real broadcast per se, just link-local (RFC 7404).
  • Netflix does not work through tunnelbroker.net, and presumably they aren’t the only one.
    • But there are some workarounds.
  • Make sure you take Hurricane Electric’s IPv6 certification course, it’s free!

15 Clams

In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)

Starts at 51m13s.

Jthan learned a very, very difficult lesson about Spanning Tree Protocol (STP), and why you probably very most definitely should not disable it on your school’s network kit.

I also explain token-ring networking and the difference between a hub and a switch using a postal worker analogy. I suppose a better analogy for token-ring would be neighbors delivering mail to their next-door neighbors, but meh.

Errata

• The “We’re on page five” comment at the beginning is a joke that the show is scripted. The idea that we follow any cohesive structure, script included, is laughable to me.
• Jthan referenced Lakeside, CO.
  • I referenced Bosco the Dog, but there are others.
• I said IPv6 was around for 10 years in the intro, and that’s wrong…
  • It’s actually either 22 years old or 25 years old, depending on how you consider RFC spec authority.
  • You COULD make the argument it’s only three years old but that’d be a silly claim.
• I reference RFC 1918, and specifically talk about 10.0.0.0/8 which is defined in RFC 1918 § 3.
• IPv4+ is a real proposed draft and it is super dumb.
  • SERIOUSLY, JUST USE IPv6 ALREADY.
• AND some really dumb ideas have been proposed.
  • WHY WOULD YOU EVER MAKE 0.0.0.0 A USABLE ADDRESS.
    • Seriously, dude. This is a very not good idea.
• Red wine IS good for you, Jthan.
  • But it’s ALSO a neurotoxin.
• I helped Jthan fix his RPi4 display issue in Arch Linux ARM.
  • Specifically, he was trying to get 4K working at 60Hz with a proper aspect ratio/resolution display.
  • We found that you have to put in your /boot/config.txt:
    • disable_overscan=1
    • hdmi_enable_4kp60=1
• I mention there’s NO need for DHCPv6. That’s not entirely true; if you need to do something like pass NTP servers or use PXE, you need DHCPv6 but you can configure SLAAC to instruct clients to look for DHCPv6 servers on the network by enabling the “O” flag (in the MO flags as mentioned in RFC 4861 § 4.2). I explain this in a little more detail in the sample configuration file for the script I mentioned above.
• I am almost positive Jthan’s router that he bought in 2017 did support IPv6 and he just didn’t look hard enough. Consumer shit was supporting it since like 2010.
• Android does NOT support DHCPv6 confirmed.
• I mistakenly refer to it as “token-ring ethernet” at one point, oops. Token-ring is a precursor to Ethernet.
• Yes, that sound at the end is Jthan urinating. It seriously lasted about three minutes before I started the recording of it. Paden and I couldn’t stop laughing because it sounded like he brought the microphone into the bathroom with him. That boy needs to wear a diaper or have a piss bucket or something, because holding it for that long is a good way to get a UTI. At least he’s well hydrated.

Music

Author r00t^2
Categories Season Five