IPv6 design, deployment, standards, and best practices.
ggnf000
Member
Posts:
205
Joined:
Fri Jul 27, 2012 4:34 pm

i got a problem with uniqueness of ipv6 address when ...

Tue Nov 18, 2014 4:01 am

i got a problem with uniqueness of ipv6 address when it involves the MAC-address as a last 64 bit portion. By definition the MAC-addresses are globally unique, that is every network card manufactured have an unique ID which, when supplanted to the later 64-bit portion of the IPV6 makes it also unique. But proliferation of VMs with logical network IDs whose MAC addresses are assigned from random pool makes it not so so??

Also, when I inspect the portion of the ipv6 configured on the VMs that I installed, none of the ipv6 resembles the MAC of the interface. How come?

User avatar
eaadams
Post Whore
Posts:
2619
Joined:
Fri Mar 11, 2005 10:26 pm

Re: i got a problem with uniqueness of ipv6 address when ...

Tue Nov 18, 2014 9:31 am

Are you just speculating here, or are you actually finding duplicate IPv6 addresses across your VMs?
MAC addresses and local IPv6 Link-Local addresses are link/segment relevant only so duplicates in different networks, should they occur, shouldn't be a problem.
Using EUI-64 is just option to assign interface IPv6 address, and usually has to be configured as the method to be used. For example, MS Windows doesn't use it by default for autoconfiguration.

Aiubrey
The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. Alvin Toffler, "Future Shock" 1970

Reggle
Post Whore
Posts:
1956
Joined:
Sun May 15, 2011 4:16 pm
Certs:
CCNA Security, CCNP, CCDP

Re: i got a problem with uniqueness of ipv6 address when ...

Tue Nov 18, 2014 12:09 pm

First, two identical MACs on one VLAN will cause layer 2 issues, let alone layer 3. You'll notice MAC address flapping.
Second, after assigning an IPv6 address using EUI-64 the device performs DAD, Duplicate Address Detection, to avoid this problem. In IPv4 many (if not all) implementation ARP for their own assigned IP address to see if it already exists.
Third, the latter 64 bits of the IPv6 address are random in Windows because it performs a hashing as part of security. If it wouldn't, your computer is traceable through different networks because the last 64 bits would always be the same. Apple and Linux don't do this by default as far as I know, Linux does have a package for it.
http://reggle.wordpress.com

Otanx
Post Whore
Posts:
1261
Joined:
Wed Sep 01, 2010 3:37 pm
Certs:
CCNP, CEH

Re: i got a problem with uniqueness of ipv6 address when ...

Tue Nov 18, 2014 2:20 pm

ESX (and I would assume the other hypervisors) have ways to prevent MAC address conflicts. So unless you are running a large layer 2 domain with multiple hypervisors I wouldn't worry about that. The reason the v6 address and MAC are not the same is probably because the guest OS uses the security extentions as described by Reggle.

Side note - There is a flaw in the Windows hashing of the address (maybe other OSes as well). If I have your real MAC address, and can get your "hashed MAC" one time I can predict all future hashed addresses. So if you went to starbucks, and connected(assuming starbucks has IPv6 enabled) I can sniff the network to get your real MAC, and I will also get your current "hashed MAC" which is part of your address. Then using those two pieces of data I can generate the next "hashed MAC" and the next, etc. Till you either reinstall, or change the real MAC address.

Is this a big deal? Not now with IPv6 deployments so small, but if you are worried about someone tracking your address around the internet then you should use something more secure than the built in security of hashing your MAC address.

-Otanx
Stay networked, my friends.

ggnf000
Member
Posts:
205
Joined:
Fri Jul 27, 2012 4:34 pm

Re: i got a problem with uniqueness of ipv6 address when ...

Tue Nov 18, 2014 2:51 pm

thanks all, it is just speculation and my guessing. since i am relatively new to this stuff, i will go over and take some time to digest.

ggnf000
Member
Posts:
205
Joined:
Fri Jul 27, 2012 4:34 pm

Re: i got a problem with uniqueness of ipv6 address when ...

Wed Nov 19, 2014 1:19 am

Reggle wrote:First, two identical MACs on one VLAN will cause layer 2 issues, let alone layer 3. You'll notice MAC address flapping.
Second, after assigning an IPv6 address using EUI-64 the device performs DAD, Duplicate Address Detection, to avoid this problem. In IPv4 many (if not all) implementation ARP for their own assigned IP address to see if it already exists.
Third, the latter 64 bits of the IPv6 address are random in Windows because it performs a hashing as part of security. If it wouldn't, your computer is traceable through different networks because the last 64 bits would always be the same. Apple and Linux don't do this by default as far as I know, Linux does have a package for it.


I was trying out win7 earlier. Now I installed XP 64-bit from msdn and found that indeed on XP that mac address split into 24-bits and FFFE was inserted. So it ppears the hashing security feature were not in XP by the time or at least by default not enabled.
Thanks!

ggnf000
Member
Posts:
205
Joined:
Fri Jul 27, 2012 4:34 pm

Re: i got a problem with uniqueness of ipv6 address when ...

Wed Nov 19, 2014 5:49 pm

Loooks like I finally nailed out the hashed address issue through googling and finding following article.
https://blackundertone.wordpress.com/20 ... addresses/
I can see WIN2003 server, WIN XP does not enable it by defualt and Win7 does.
In win7, i did disable it and get what i was looking for.

User avatar
eaadams
Post Whore
Posts:
2619
Joined:
Fri Mar 11, 2005 10:26 pm

Re: i got a problem with uniqueness of ipv6 address when ...

Thu Nov 20, 2014 2:24 am

Great to see your updates and responses - so many ask a question here and then we never from them again.
The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. Alvin Toffler, "Future Shock" 1970

'

Return to IPv6

Who is online

Users browsing this forum: No registered users and 2 guests