"I’m not going to name sites accessible only via IPv4, because if I do, those sites will add IPv6 half an hour after this book reaches the printer."
@mwlucas, maybe you should have mentioned :-D.

*sigh* this would have saved me many an hour:
"IPv6 dies without ICMPv6, as IPv6 doesn’t support packet fragmentation. If you use IPv6, never block ICMPv6 as a whole. Blocking parts of ICMPv6 without destroying your network requires careful research and testing."

Show thread

@mwlucas @evilham that many of us benefited from. So thanks !

@e1e0 kinda X-D. I don't usually like "tech books", but it looks like reading @mwlucas is just right for me.
Just wish I had read these books a few years back and learned the lessons the easy way X'D.

@evilham @mwlucas While I can't say it would saved me *many* an hour, it would certainly have saved me an hour or two plus the time of some helpful soul on IRC who disabused me of my errant PF ruleset issues.

@evilham @mwlucas Whew, now I'm glad I learned IPv6 on a university network! No ICMP blocked. Once I learned it was essential, I made sure to include that in my teaching ... learning it the hard way sounds ... unpleasant.

@mwlucas @evilham I really hope my now-graduated students remember that. I did say ICMPv6 was absolutely required, but I wasn't funny, so I'm not sure if the message were memorable. I was almost funny talking about multicast - they should remember that!, but you can't get to multicast until the underlying network works.

@nethope @evilham @mwlucas I'm glad to know I wasn't the one one who learned it the hard way.

As it turns out, similar problems can happen on IPv4 as they well but it's not as visible. I think it generally causes performance problems and not just outright connection drops?

ICMP (neither 4 nor 6) shouldn't ever be blocked.

@evilham Which book's this from? Networking for Systems Administrators? I don't remember it and didn't immediately find it on skip re-reading the obvious bits.

(Finding N4SA a very useful book, BTW. The earlier bits on the various protocols filled in a few gaps in my knowledge but the later bits on the various tools has been a great introduction; I hadn't tackled tcpdump before but with the knowledge there it doesn't look so bad.)



That's the funny thing: it's Absolute FreeBSD by @mwlucas.

I kind of expected it to be a tad too basic for me these days, but actually it's super well written and it helps deepen understanding of... pretty much everything.
There are also a few great pointers to things I didn't know existed.

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community