[lacnog] Wifi Hotspot with IPv6 support
Mike Burns
mike en iptrading.com
Lun Mayo 27 11:34:41 -03 2019
Hi Fernando,
The mikrotik hotspot works the same way with IPv6 as with ipv4. There Are Rules which inspect the packets on an interface regardless of protocol and Mark those packets in a way that allows access only to the sign up or login page. That page is accessed first by reference to the internal DNS records on the mikrotik, which could be theoretically be quad-a records.
The actual authorization query to a separate radius server might be in ipv4, but once the username and password are correct, then packets for either protocol on that interface from the same Mac address will be allowed to pass to the internet.
I haven't set one up, but I don't think there are significant issues theoretically anyway.
Regards,
Mike
---- On Mon, 27 May 2019 10:28:15 -0400 fhfrediani en gmail.com wrote ----
Hello guys
Thanks all for the reply about your experiences.
However the main point of my message is to know if someone has solved the issue about IPv6 and Hotspot systems.
Normally on these systems before the users authenticates in a kind of web form the Internet connectivity is blocked, with exceptions to certain destinations as DNS and payment gateways sometimes and afterwards released for navigation. This relies heavily on NAT and redirection techniques so why I would like to find out how it can be adapted when IPv6 is present in such scenarios.
Thanks
Regards
Fernando Frediani
On 25/05/2019 16:34, JORDI PALET MARTINEZ via LACNOG wrote:
Today it doesn’t make sense at all to deploy dual-stack WAN links.
Dual-stack in the LANs (WiFi) is fine, but this should be done using any of the IPv6 and IPv4-as-a-Service mechanisms as described in RFC8585.
I also suggest to read:
https://datatracker.ietf.org/doc/draft-ietf-v6ops-nat64-deployment/
(hopefully soon to become an RFC as well)
Unfortunately, at the time being, MikroTik is the WORST platform in the world for IPv6 deployment, unless you use dual-stack all the way thru, again totally anachronic and expensive way of doing it, as it forces you to have sufficient IPv4 addresses or CGN, or even worst, both of them.
Re-flash your MikroTik’s with OpenWRT and you’re done!
Regards,
Jordi
El 25/5/19 17:31, "LACNOG en nombre de Mike Burns" <lacnog-bounces en lacnic.net en nombre de mike en iptrading.com> escribió:
Hi, the authentication process is independent of the IP address protocol, it is based upon the router interface. Mikrotik used to not include their IPv6 package by default, and we had problems running IPv6 to ipv4 tunnels effectively. We wanted to do Transit with the IPv6 not just management although that would have been easier.
But the problem I explained, which is that nobody has asked for it, is the same reason why IpV6 is not more widely deployed. It will cost me time and effort to do the deployment and if there is no reward, then there is little incentive. I thought there might be a public relations benefit to announcing that our system is fully dual stacked, but my customers who are mostly temporary don't really seem to care one way or the other.
It would be easier for us if each of the upstream isps at all of our Wi-Fi locations was offering IPv6. But normally hotspot providers do not run their own backbones but rely on others and just distribute the internet over the last few hundred feet to the customers.
I am not sure if there would need to be more customer support with a dual stack offering, but hotspot clients as I said are temporary, and it's difficult and expensive to try to offer them in-depth technical support. So I think hotspot providers try to keep it simple as a rule.
Finally, we began deploying our Network devices more than 12 years ago and some of them are not firmware upgradeable to handle IPv6.
Regards,
Mike
---- On Sat, 25 May 2019 09:39:09 -0400 fhfrediani en gmail.com wrote ----
Hello Mike
Thanks for you reply.
What do you mean by very limited ipv6 support ? Do clients navigate over it or is it just for management of the wireless routers ?
If there is navigation I wanted to undertand better how the authentication process works in order to release the Internet conection in both v4 and v6 afterwards and also the logging of the address was given to a end user.
The point about customers asking for it I have the view that's not really a point in order to provide IPv6 specially in a Hotspot system where de end user knows nothing about it.
Regards
Fernando
On Sat, 25 May 2019, 07:25 Mike Burns, <mike en iptrading.com> wrote:
We run a network up Wi-Fi hotspots in American RV parks. We use microtik routers to handle the hotspot sign up and setup and these routers have very limited ipv6 support. In addition because we have various internet connections throughout the country, some of whom do not offer ipv6, we had to use tunnels back to our colo center from where we advertise our ipv6 block. Since no customers ever asked for ipv6 we never deployed it.
Regards,
Mike Burns
---- On Sat, 25 May 2019 05:59:05 -0400 fhfrediani en gmail.com wrote ----
Hello all
Has anyone ever seen a Wifi Hotspot system with IPv6 support ?
Apparentlly these systems rely heavly on NAT and so it has been a barier for IPv6 support.
Has anyone seen any scenario where this has been possible or even have a theoric idea how would it been possible to add IPv6 to such systems ?
Thanks
Regards
Fernando Frediani
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________ LACNOG mailing list LACNOG en lacnic.net https://mail.lacnic.net/mailman/listinfo/lacnog Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20190527/6ee02445/attachment-0001.html>
Más información sobre la lista de distribución LACNOG