08 September 2012

Commonwealth Bank DNS Weirdness

Whenever I try to login to netbank, I get this error after submitting my authentication details:
https://www2.my.commbank.com.au/netbank/Portfolio/Home/Home.aspx
...
Error 7 (net::ERR_TIMED_OUT): The operation timed out.

30 August 2012

Link: ISC Diary on Addressing Mechanisms

A good article over at the ISC Diary today regarding IPv6 addressing mechanisms:


  1. "Other" and "Managed" flag cleared, but the DHCP server is still running and the systems had a DHCP address prior to the last rebootWindows 8 and OS X will still use the DHCP server.
    Linux and Window 7 will only use the RA provided address
  2. "Managed" flag set, DHCP server running
    all operating systems tested will use RA and DHCP provided addresses
  3. "Managed" and "Other" flag set, but the DHCP server is not runningall operating systems tested will just use the RA provided addresses
  4. "Managed" and "Other" flag set (and DHCP Server running
    This test was a bit tricky. In a first round, all operating systems ignored the RA, and only used the DHCP address. In a second round, they accepted all.

Visit the ICS Diary to see the full details:
http://isc.sans.edu/diary.html?storyid=13978

29 May 2012

Managed IPv6

In the IPv4 world that many of us grew up in, we had 2 quite simple options for configuring hosts; Static Addressing and DHCP. On (very) small networks, and for servers, we would explicitly configure one or more IPv4 addresses on a host that would be there (in theory) no matter what. No dependence on external resources to have an address configured. You didn't even need to have a physical network cable plugged in! (Although that would somewhat defeat the purpose in most situations)

As you would expect, things are a little different in IPv6..! In my not-so-humble opinion, this is the biggest "problem" facing IPv6 adoption, but the whole arrangement is still undergoing refinement.

We now have 3 methods for configuring addressing under IPv6:

  1. Static Addressing
  2. DHCPv6 (Also called "Stateful Autoconfiguration")
  3. Stateless Address Autoconfiguration ("Autoconf")
This article will go briefly through each option and how it applies when trying to manage a network.

23 March 2012

Firewalling IPv6

Basic firewalling of IPv6 isn't a whole lot different to how we managed firewalls for IPv4.

19 March 2012

DHCP is required for Internode Native IPv6

Part of the way Internode have setup their internal network means that you must use DHCPv6 on your gateway to request prefix delegation, even if you have a static assignment.

From discussions with Internode staff, the DHCPv6 PD request notifies their routing systems "where" you are. Unless you do this, your IPv6 traffic will be aggregate routed to a null route in Los Angles (LAX).

Cisco default null route of IPv6

Upstream IPv6 connectivity comes to our network as Native IPv6 from ISP Internode, via a Cisco 887 router.

While installing the Cisco 887, I came across a bug in the IPv6 support of Cisco IOS and the way it handles DHCPv6 and null-routes vs static routes.

Windows 2008 R2 obtains address via DHCP, but is configured with Static Address

We currently have 3 Windows servers in our organization:
  1. Legacy 2003 Domain Controller ear-marked for retirement (not part of my IPv6 implementation).
  2. Windows 2008 R2 Domain Controller (FSMO Master)
  3. Windows 2008 R2 Application Server
Server #3 above recently had some interesting addressing issues with IPv6.

Introduction

I am the ICT Manager for a "small" manufacturing business (approx $100m annual revenue) in Australia.

I am also the entire ICT Department so my daily tasks range from printer jams and "I lost this document" to Systems Security and Strategic Planning for our ICT resources.

One aspect of company ICT direction is implementing a full IPv4/IPv6 dual-stack layer. I thought it would be useful to myself, and hopefully to others, to document the progress, problems and solutions as I go.