https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-migrate-ipv6.html
There are lots of ipv6 roadblocks (cable/home internet, office network) that is ipv4 only, so we have a clustered application that runs dual stack ipv6 and ipv4.
We run a command against one of the clustered application nodes to report all the other nodes. Those come back in ipv6, but we need to interface to them via ipv4. So we'd like to be able to determine the ipv4 address from the reported ipv6 addresses.
One of the ipv4 --> ipv6 transition techniques is ipv6 addresses that have the ipv4 address embedded:
http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm
I didn't see any mention of this in AWS info, anyone know if there is a way to do this?
Related
We recently had some issues with our IPv6 acceptance which resulted in our website to be offline for all users, that have a IPv6 address. Even if these people have an IPv4 address too, they were getting an error, as IPv6 is being preferred.
Our Google Monitoring Uptime check did not trigger, as it is only checking the IPv4 connection.
Is there a way to check IPv4 AND IPv6 with Uptime check?
Thanks a lot!
Trying to create tcp socket connection between via an Ipv6 address, I get Network is unreachable (os error 101)
As a binding local address is used fe80::850***.
Probably it's because of fe80*** is local ipv6 address generated by OS. Is there a way to provide correct configuration for system to make a call via IPv6?
Short answer:
Your IPv6 connectivity is not setup correctly. This is most probably no configuration problem on your machine, but on the gateway router.
Long answer:
You get a "Network is unreachable" error because your operating system does not know how to reach the destination address. Usually it maintains a table called the routing table, where it looks up which network path leads to which ip subnet. It seems that in your case, there are several things missing.
Your interface probably has no configured non-link-local (fe80::/64) address
There is no routing table entry for the destination address range
In the IPv4 world these missing things are usually resolved by a DHCP server. In the IPv6 world, there are two possible configuration options. Either DHCPv6 is used or the IPv6 Stateless Address Autoconfiguration is used. It seems that neither is setup in your network. Note that correctly setting up one of these requires you to have administrative access to your gateway router.
As it required quite long time to find the main reason of the problem, will try to share the solution/investigation steps:
To make sure ipv6 is not configured properly just run 'ping6 ipv6.google.com'. It should return some error message like 'connect: Network is unreachable' or just stuck.
AWS ec2 instances by default are not assigned ipv6 global routable addresses(only ipv4 is assigned). Ipv6 addresses like 'fe80:*' are local routable and can't be used for global requests. To check the list of ip addresses, check eth0 config /sbin/ifconfig. Btw, AWS provides interface to generate global routable ipv6 address for ec2 instance (just check vpc/ec2 console pages - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html)
Check security group of ec2 instance and make sure that in route table ipv6 traffic is allowed.Specifically inbound and outbound rules should include '::/0' for ipv6(or one of them based on the need).
Try 'ping6 ipv6.google.com' again
Run the following command to check whether IPv6 is enabled:
ip addr
If only an IPv4 address is displayed, IPv6 is disabled. Enable it by referring to this tutorial.
If a link-local address (starting with fe80) is displayed, IPv6 is enabled but dynamic assignment of IPv6 addresses is not enabled.
If an IPv6 address other than fe80 is displayed, IPv6 is enabled and an IPv6 address has been assigned.
So I've got one dilemma with external IP
On the External IP addresses, I've got on IP that is not assigned to any of my instances, service, or whatever, but actually, this IP is pingable and got a lot of opened ports including smtp, vnc, rdp, HTTP, and so on.
How the hell I can check where this IP is used and for what purpose?
First off, the base question: how to reliably achieve IP/DNS resolution on a mixed network (Linux, Windows, Mac OS), on a common private physical network using IPV4/6, to hosted VM'S that may or may not have VPN's active and DHCP - without an internal DNS.
My Setup:
I run a Windows 10 Host machine with a static IPV4 address, which powers multiple Windows 10, and Linux VM's. Some of the VM's access VPN's, which run IPV4/6 VPN networks. Presently I use a Mac OS computer to RDP to the host system, and I use the Virtual Box GUI to access the systems from there.
I have tried using RDP (Microsoft), to access the VMs independently from my Mac OS system, however this only works through the Local IPV4 address when the VPN is not active - or the IPV6 address with the limitations noted below.
I have also tried using the IPV6 address; and while this works some of the time, I have have mixed to unpredictable results with this on reboots/IP refreshes. The IPV6 Address changes periodically, and I have to log into the router to determine the new address and update RDP entries accordingly.
What I am trying to achieve:
Mac OS system Source system, and RDP to multiple Physical/Virtual machines on the network, while maintaining connectivity through VPN connections on the VMs - Without having to manually type in/keep up with IPV6 addresses.
My hardware is all consumer grade, with a Netgear router (R6400).
While currently I use a single NIC in the VM host, I do have multiple NIC's if that will correct the connectivity issues.
MS-Windows implements RFC-4941 and RFC-7721, for security considerations, that lead to IPv6 address changes (this should not be a problem if you had DNS updates, but this is not your situation).
To avoid IPv6 changes, just use the following 4 lines on your Windows hosts:
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
You should now get predictable results.
I am trying to make a C++ program in Windows that will output all of the ip addresses on the network to a text file but I have not been able to find anything useful online for other computers on the network. I figured out how to query the registry and find the local ip but I dont even know where to start to find other ip addresses. I don't want a copy-paste cookie cutter code because I want to learn how it works so if I could just get a link or a book that will guide me in the right direction that would be great.
For what purpose do you want to gain these IPs anyway?
I suspect what you're looking for is a way to obtain all possible IPs in a given subnet, which can be done quite trivially for say, IPv4. You simply take the IP address of your machine or router, and apply the subnet mask to it using bitwise and. (eg, 192.168.1.20 & 255.255.255.0 = 192.168.1.0, called the base, or network address). The valid hosts in this network are basically all of the bits which are zero in the subnet mask (255 in the previous example). This means the range 192.168.1.0 - 192.168.1.255 (exclusive, as the network address and broadcast address are not valid IP addresses of hosts in the network) are valid IP addresses of hosts.
There's no truly reliable way for any machine on the network other than the router to obtain specific information as to which of these addresses are in use though, as the interaction between machines on a network is meant to be voluntary, not implicit. Most machines however are generally running some kind of protocol which enables them to discover each other for purposes like printer and file sharing.
You can attempt to ping each of the possible host addresses in the network, or port scan, or talk to them with some protocol they might know. Alternatively you can use the broadcast address with a known protocol to ask all machines on the network to report back to you, and if they're running some software which talks that protocol, they'll respond with their own addresses.