Contents
Preface
As shown in the figure above, with the in-depth implementation of the "Network Power" strategy, major domestic operators have been racking their brains to recycle IPv4 public network addresses in the past two years. Take Chengdu Telecom as an example: as long as you change the package, even if you upgrade the package, the original IPv4 public network address may be gone. You must know that it was a high-level unspoken rule to retain the old configuration during the upgrade, and the IPv4 public network address package was sold at a high price (Chengdu Telecom is at least 399 packages plus 100 yuan service fee). The number of home broadbands with IPv4 public networks will only decrease, but the number of IPv6 public network addresses is increasing.
However, IPv6 and IPv4 are different after all. Even if the operator issues an IPv6 address, if the router does not support it or supports it but is not configured correctly, you still cannot enjoy this invisible benefit. So I will take the iKuai soft router I use as an example to introduce the relevant configuration of IPv6. However, since different router brands support different IPv6 functions, the specific configuration needs to be adjusted according to your actual equipment. I can only give you a sample.
In addition, the premise of the following is that the broadband operator has successfully deployed IPv6 and correctly transferred the policy to the optical modem. This is actually relatively easy to test. Just use a computer to connect directly to the optical modem to perform PPPOE dial-up, and then check whether an IPv6 address is obtained. In addition, this can also be verified with the operator. It is possible that the optical modem configuration problem causes the failure to obtain an IPv6 address. I will not go into details here, otherwise there are too many possibilities.
Prerequisite knowledge: Differences between IPv4 and IPv6 public network address allocation methods
In fact, it is essentially the difference between "one" and "a bunch":
IPv4
Operators allocate IPv4 public network addresses. They only need to allocate an IPv4 public network address to a user's optical modem (routing mode) or router's WAN port (bridge mode) (usually through Ppoe), and then all data destined for this IPv4 public network address can be sent to the user's device.
IPv6
When a carrier allocates an IPv6 public network address, it allocates a relatively large network segment to the user. Well, the term "relatively large network segment" is a bit conservative. Take the IPv6 address allocation of my home telecom as an example:
As shown in the figure above, China Telecom assigns a /60 prefix, but because IPv6 requires that all public network addresses (global unicast addresses) must have a /64 prefix in the subnet, the IPv6 address segment of the LAN1 port is actually just one of the 16 available /64 prefix segments (usually the first one). However, in an environment with multiple LAN ports, iQIYI can further subdivide the /60 prefix segment and assign it to different LAN ports:
This function is actually DHCPv6-PD, which is very useful for environments that require hierarchical deployment of IPv6 public network addresses.
Note 1: iQiyi also supports multi-line IPv6 function:
However, this function is charged. I even bought a one-month dual-line to play with it, but I found that it was useless for me because I also need a multi-LAN environment: that is, one IPv6 line can be bound to one LAN port. For home users, there is no such need for isolation, unless you have multiple LAN segments like I did before and use Huawei S5720-28P three-layer switch as the core switch of the home for more than two years. But later, because of the noise problem, I couldn't stand it anymore, so I optimized it back to one LAN segment and used TP-LINK's TL-SG2024D as the core switch, and the world was quiet in an instant. . The conclusion is that the physical topology of the home network should not be too complicated.
Note 2:
没有了IPv4公网地址并且随着1000兆下行和IPv6公网地址的普及,以前以扩展上、下行带宽和获得多个IPv4公网地址为目的的多重拨号技术会彻底退出历史的舞台,而传统的端口映射也只是适合IPv4公网地址—>IPv4私有地址这种场景,端口转发技术在某些特殊场景中(比如内网中,路由器接口IPv6公网地址—>内网其他设备IPv6公网地址,或者路由器接口IPv6公网地址—>内网其他设备IPv4私有地址)会成为代替传统端口映射的技术,遗憾的是,目前爱快并不支持IPv6的端口转发,openwrt胜出:可以通过安装socat或者lucky之类的软件来间接实现,不过这么比也有点不公平,因为这也算不上是openwrt的自带功能。。
Note 3:
A network segment with a /60 prefix can be divided in the following ways: 1 /60 segment; 2 /61 segments; 4 /62 segments; 8 /63 segments, and 16 /64 segments. This is because 64-60=4, 2^4=16. Just get a general idea of this. The specific IPv6 is too complicated, and it’s painful to think about it. Fortunately, I only used IPv4 when I was working on the network. . . However, when I was working on application delivery, I did not escape the wave of IPv6 transformation in the financial industry around 2020. All kinds of strange problems made me very painful. . .
Back to the question above, why do I say that allocating a "large network segment" is conservative? How big is this network segment? Take the prefix /64 as an example, what is 2^64 equal to? I don't even know how to read that number. So IPv6 is really not kidding when it claims that it can allocate a public network address to every grain of sand in the world. /64 is only allocated to households. Unfortunately, I can't even get 100 devices with IPv6 public network addresses. What a waste.
iFast Enable IPv6
The IPv6 related settings of iKuai are set under "Network Settings" - "IPv6":
Just follow these steps:
1. External network configuration
In "IPv6 Settings", in "External Network Configuration", click "Add" in the red box on the right:
After selecting "External Network Interface", keep the default values for "Access Method" and "Request Prefix Length", and then click "Save" in the red box below:
If normal (the operator has configured the relevant environment), the external network opening can obtain an IPv6 public network address:
2. Intranet configuration
In "IPv6 Settings", in "Intranet Configuration", click "Add" in the red box on the right:
Select the LAN port that needs an IPv6 address (normal people have one LAN port) and the external network line that needs to be bound (the external network port I selected earlier is adsl3, so I also choose this here), keep the other default values, and finally click "Save" in the red box below:
If everything is normal, the intranet interface has obtained the IPv6 public address:
At the same time, you can confirm whether the public network address has been successfully obtained on the device that has IPv6 enabled in the intranet, such as my MacBook:
My win11 virtual machine:
Other features of iFastIPv6
iFastIPv6 also supports separate statistics of IPv6 line data:
Prefix static allocation:
DHCPv6 blacklist and whitelist:
View the DHCPv6 terminal:
View the list of neighbors:
The statistical function is still very strong.
Built-in dynamic domain name client
In fact, even if you have an IPv6 public network address, you are embarrassed to give it to others directly. Why? Please imagine the following scenario (Note: the last 12345 is the port number):
This picture is so beautiful that I dare not look at it. Therefore, the IPv6 public network address must be combined with the dynamic domain name to be normally accessed. Of course, the premise is that the visitor also has an IPv6 address.
iKuai's built-in dynamic domain name client is very powerful. In addition to supporting multiple domain name providers:
It also supports multiple parsing options:
The external network line is resolved to the IPv6 address of the wan port; the terminal MAC is the IPv6 address of the device corresponding to a certain internal MAC address; the terminal DUIO is the DHCP unique identifier in the previous DHCPv6 terminal interface:
The complete dynamic domain name interface is as follows, taking my cloudflare domain name as an example:
Let’s take a look at some of my domain name resolutions:
To be honest, in my 3-way environment, I don’t know what to do without iQuick’s dynamic domain name client, so iQuick is definitely one of the core components of my home data center.
In addition, AiKuai's IPv6-related help is also easy to understand and contains many examples. This is something I always like. It reminds me of the previous Netscreen firewall, where the help documentation was really well done and people who didn't understand it could follow along step by step with the help manual.
In addition: In fact, if you have a registered domain name, it is most cost-effective to use a domestic CDN supplier with an IPv6 public network address to build a website. I will have the opportunity to write an article specifically about this later.
Summarize
In fact, the IPv6 configuration logic of AiKuai is very clear and easy to understand. Some peripheral functions are also well done, especially the dynamic domain name part, which is my favorite. I rely on it to complete the dynamic domain name resolution of cloudflare, Tencent Cloud, and Alibaba Cloud. The free version is also very stable and has never crashed, including when I was running a virtual machine before. Not to mention the packet capture function, port mirroring, UDPXY, authentication and billing, VPN, behavior management, flow control and other functions. . There is no end to it. Except for not supporting scientific related functions, I personally think it is perfect.
There are many other devices that support ipv6 now, such as my ASUS AC86U:
It still has the necessary functions, and its main feature is simplicity. Many years ago, I also used an ASUS router to run IPv6 for a while, because other routers did not support IPv6 well at that time, and ASUS was the only one that stood out (the concept of soft routing had not yet emerged at that time).
In short, everyone should first look at the equipment they have. Reusing old equipment is always the priority, and only consider replacing the equipment if it really doesn’t work.
