Home networking: fun with addresses

The setup

My home network is unusual, I'll grant you that. Hundreds of connected machines, servers, tablets, gadgets made me switch at some point to a /23 to push the limits to 500 entries on my LAN. In my defense, I have a lot of multi-port routers, managed switches, and machines that have both wired and wireless connections. Those things tend to add up quickly. Nowadays I managed to reduce it back to 200 entries and go back to a /24 but it is just a question of time until I run out of IPv4 addresses again.

There is one property I have been very careful with: assigning fixed IPv4 addresses to all hosts on my LAN. I just like to know that my printer will always be reachable as printer, my NAS as NAS, and my router as router. Memorizing addresses for the main hosts saved me several times when the DNS gets lazy, but also mostly when I just finished installing another OS and it didn't pick the DNS servers correctly. Call me maniac but I like to know where things are, and I want to know when there are unknown hosts on my LAN (thanks arpwatch).

Doing that on an IPv4 LAN is really easy: I configured a single DHCP server on the LAN with fixed leases for all known machines, done. I went one step further and declared LAN hosts to my local DNS (AdGuardHome). For my own administration I maintain a single file containing all information: MAC address, LAN address, and host name, and a short home-made script that manages to copy all relevant information where it should be. Since I tend to try out a lot of various DHCP and DNS servers, that script has grown to support multiple file formats. But after all it's just all variations around printf, nothing to be happy about.

You might have read in previous blog posts about my sorry adventures in the world of IPv6, trying to wrap my head around how to make it work on my home network. I got several steps further down the line of enabling IPv6 and got to the conclusion that it was never designed for networks such as my own. Let me elaborate.

Objective: have my printer available as printer on my LAN, on IPv6.

Fixed addresses with DHCPv6

I tried to replicate what I did for IPv4 and tried to use a DHCPv6 server. Assigning fixed addresses proved to be a lot harder than maintaining a list of MAC/IP/name triplets. IPv6 does not rely on Ethernet MAC addresses to identify DHCPv6 clients but on something called a DUID (Device Unique ID), which is a random bit string pulled out of a horror movie, maybe sometimes during OS install, or maybe when the NIC first connected to a network. Who knows? Those things seem to have a life of their own. On Linux I ended up browsing (a lot of) source code to understand who generated a DUID for that particular machine, and how to make sure it won't change when I next reboot or change something else. Turned out that on Debian it mostly depends on which piece of software handles your DHCP client. Since there are multiple standard pieces of software to do that, I had to become an expert in Debian DHCP clients over the ages.

Anyway, DHCPv6 is hated by a not-so-small part of the IPv6 community and there is apparently no way to have a rational conversation about it. Android does not support DHCPv6 and only wants SLAAC self-assigned addresses. This won't change until the guy in charge at Google gets fired or retires so don't hold your breath.

So I activated dual DHCPv6/SLAAC address assignment on my router. Now all Android devices work but everything else is messed up. Next task: figure out how to tell all the various operating systems on my home network to not use SLAAC if they have DHCP. Debian's multiple standard network management tools all have different ideas about how to do that, so back to discovering Debian DHCP clients over the ages.

Self-assigned addresses with SLAAC

Ok you know what? Forget about memorizable addresses. Let's go full SLAAC. As long as all my machines keep having the same name, I am happy. It requires the DNS to be always up though, so might be a good time to think about adding a second one for redundancy.

SLAAC is an address assignment method where the DHCP server (a router in IPv6 speak) only provides a common prefix to the whole LAN. Every machine takes that 64-bit prefix and adds its own 64-bit made up bits to generate a hopefully unique address. Et voilà: you have unique 128-bit IPv6 addresses for everybody! Now how would I link those self-generated addresses to DNS entries?

Easy: you go to each machine on your LAN and patiently collect their monstrous IPv6 self-generated addresses, then write them down somewhere for your DNS to digest. Could be done with a dozen machines or so, but for 200 hosts that's a whole week-end down the drain. Life is too short.

Another solution would be to use mDNS, a magic protocol that allows machines to announce themselves with their name and the services they offer. This is well supported on Mac OS (which calls it Bonjour) but that's about it. On Linux you need to install and run avahi-daemon which has a friendly XML configuration file well-hidden somewhere in /etc and strictly no human-readable error messages when you mess it up. I configured those service files once and hope I will never have to do it again.

Best part: once I was done configuring mDNS on Debian machines, I found out Tasmota does not support mDNS (because reasons) and there is no chance it ever will. Good grief! That pretty much kills any attempt at having my connected plugs to work by name on IPv6. To be honest, Tasmota does not work too well with IPv6 anyway, and I cannot blame them. Time to think about something else.

Manual IPv6 addresses where I care, IPv4 everywhere

The solution I settled on was to switch everything back to an IPv4 home network, with fixed addresses and names as I have always done. If it ain't broken, don't fix it.

I still want to enjoy IPv6 on phone, tablets, and servers I want to be reachable from outside. The solution I found is rather simple:

• Set up the local router to be pure SLAAC, so pure client machines work, including Android.
• Disable IPv6 on all machines that don't need it. One less thing to worry about.
• Use my newly-acquired knowledge about Debian network configuration to manually assign static IPv6 addresses to servers I want to make reachable from the outside world. That means hardcoding addresses in /etc/network/interfaces and maintain them.

That is somewhat dirty, I know, but it works. For now. Until my ISP decides to change my delegated IPv6 prefix, or I change ISPs. This happens more often than I would like: whenever my landline dies, I connect my phone and its very generous monthly data allowance so my whole LAN is connected again with an IPv6 prefix that changes every time I reconnect the phone. For now I just gave up on having my home servers being reachable from the outside world during those short periods.

Conclusion

Running IPv6 on my home network involved a lot more work than I ever anticipated. If all hosts on your LAN are stupid smart phones and tablets, let your ISP-provided router disaster run things for you and forget about it. If you really want to get into IPv6 because it is cool and you think you may need it for your job, I would recommend finding another job.

There is no place like 127.0.0.1.