Review at amazon: IPv6 Security

World IPv6 day is now one week ago and still many participants announce their websites with AAAA records.
But what does this mean? -> IPv6 is already around us - and it is time (ok, it is a little bit late, but hopefully not too late ;-) to dive deep...

One book which you dive through is:

Here some phrases of the summary:

IPv6 Security Protection measures for the next Internet Protocol As the
world's networks migrate to the IPv6 protocol, networking professionals
need a clearer understanding of the security risks, threats, and
challenges this transition presents.

In IPv6 Security, two of the
world's leading Internet security practitioners review each potential
security issue introduced by IPv6 networking and present today's best
solutions.

IPv6 Security offers guidance for avoiding security problems
prior to widespread IPv6 deployment.

The book covers every component of
today's networks, identifying specific security deficiencies that occur
within IPv6 environments and demonstrating how to combat them.

The
authors describe best practices for identifying and resolving weaknesses
as you maintain a dual stack network.

Then they describe the security
mechanisms you need to implement as you migrate to an IPv6-only network.

This book is one of the best IPv6 books on the market. In contrast to IPv6 for Enterprise Networks every topic is well introduced and then explained with really good figures and commented configurations. Even if you are just looking for the commands on different operating systems: chapter 7 is your candidate - Windows, Linux, BSD, Solaris... If you want to build a firewall: chapter 5 contains a list of subnets you should block and what else is important for ipv6 firewalls...
You are interested in transition mechanisms? Read chapter 10 (for the next years this will be an important chapter...)

If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).

World IPv6 Day: The Future is forever!

The Internet Society has announced the world IPv6 day:

On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations
that will offer their content over IPv6 for a 24-hour “test flight”.
The goal of the Test Flight Day is to motivate organizations across the
industry – Internet service providers, hardware makers, operating system
vendors and web companies – to prepare their services for IPv6 to
ensure a successful transition as IPv4 addresses run out.

My company has decided to take part in this initiative. The AAAA record is announced, so www.gip.com is translated into 2002:d58b:8be3:2000::2

$ dig www.gip.com AAAA +short
2002:d58b:8be3:2000::2

If you have native ipv6 connectivity or if you are using 6to4 or other transition mechanism:
You can get our website via

If you are using IPv4 only, than you should expirience nothing...

There a many other companies, which will anounce their domain with AAAA-records tomorrow. Up to now 65% of the participating companies are already reachable via IPv6 (for online chart click the image).

Google publishes a nice statistic, which shows the IPv6 traffic to their site:

Tomorrow this graph should reach 1%? 10%? 50%? Let's wait for the results....

Review at amazon: IPv6 for Enterprise Networks

I was looking for books talking about IPv6. One book i found was:

The summary sounds quite good:

Four leading Cisco IPv6 experts present a practical approach to organizing and executing your large-scale IPv6 implementation. They show how IPv6 affects existing network designs, describe common IPv4/IPv6 coexistence mechanisms, guide you in planning, and present validated configuration examples for building labs, pilots, and production networks.
[...]
Finally, they translate IPv6 concepts into usable configurations. Up-to-date and practical, IPv6 for Enterprise Networks is an indispensable resource for every network engineer, architect, manager, and consultant who must evaluate, plan, migrate to, or manage IPv6 networks.

Some chapters are really informative and cover some really nice aspects. But the main chapter (chapter 6) is unclear and confusing:

• Many Cisco configurations without explanations
• Many Topics without any grouping and structure

If you have the time to implement the configurations in your lab, then this book might be helpful. But if you only want to read, you should look for an alternative.
If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).

IPv6: Statless autoconfiguration not working on wireless networks...

If you are running a AVM FritzBox, you can easily enable IPv6 support on this FritzBox (take a look at this posting). But this is only half the way ;-).
I checked the following clients:

• Ubuntu: autoconfiguration works just out of the box...
• On windows client you have to enable IPv6 support and after that everything works fine...
• Debian: there are no router solicitation (ra) messages sent... ;-(
  [and of course no ipv6-connectivity...]
  

After some checks it was obvious, that the wpa_supplicant-mechanism is the problem. The initialization of wpa needs up to 10s and the ra messages are sent at a time, when the wpa encryption is not set up and the kernel does not resend them.

But there is an easy workaround to resend this messages:

rdisc6 eth1
hades:/etc/network# rdisc6 eth1
Soliciting ff02::2 (ff02::2) on eth1...

Hop limit                 :          255 (      0xff)
Stateful address conf.    :           No
Stateful other conf.      :          Yes
Router preference         :       medium
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
 Prefix                   : 2002:5ed5:8422::/64
  Valid time              :         7200 (0x00001c20) seconds
  Pref. time              :         3600 (0x00000e10) seconds
 Recursive DNS server     : fd00::21c:55ff:fe1a:2632
  DNS server lifetime     :         1200 (0x000004b0) seconds
 MTU                      :         1280 bytes (valid)
 Source link-layer address: 00:1C:55:1A:26:32
 from fe80::21c:55ff:fe1a:2632

After that ifconfig shows a auto configured ipv6 address:

inet6-Adresse: 2002:5dd2:84d3:0:210:ff:fe0d:1244/64 Gültigkeitsbereich:Global

and the routes are set like they should:

2002:5dd2:84d3:0:210:ff:fe0d:1244/128 ::                         Un    0    1    351 lo
2002:5dd2:84d3::/64                   ::                         UAe   256  0      4 eth1
::/0                                  fe80::21c:55ff:fe1a:2632   UGDAe 1024 0     42 eth1
...

Just open http://test-ipv6.com:

Fritz!Box: New firmwares with IPv6-support!

Last week AVM released some new firmwares including IPv6-support. After running the online update my Fritz!Box 7270 showed the following version:

[54.04.86]

But how to activate IPv6? After some clicks i found the this tab:

Per default the IPv6-support is switched off:

After activating this checkbox the following options are shown:

That's all.
Now you can use IPv6 for your lan at home and first check is opening the Fritz!Box webinterface via IPv6: