IPv6

Discuss Networking
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

IPv6

Post by Void Main » Fri Jan 07, 2011 10:50 pm

If you don't know it now you need to learn it. The sooner the better.

User avatar
Basher52
guru
guru
Posts: 925
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Re: IPv6

Post by Basher52 » Mon Jan 10, 2011 8:21 am

What's the really big difference between IPv4 and IPv6?
I do know that IPv6 is built differently and I've used it at my last job but is there more to it than that?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 10, 2011 9:52 am

I'm not very versed in IPv6 myself yet so I would suggest searching Google for now. I do need to become proficient in IPv6 soon however.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 10, 2011 2:43 pm


User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 10, 2011 8:47 pm

Well, I just manually set an IPv6 address on my laptop and on my OpenWrt router and added the IPv6 addresses to my dnsmasq configuration and can ping each other by name. I guess that's step #1 in learning this stuff. :)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 10, 2011 9:26 pm

I have an IPv6 address on two linux boxes and my gateway and added the addresses to my dnsmasq conf and can not only ping each of the devices but can connect from my firefox browser to apache on the 2nd linux box using the ipv6 address and ipv6 name I set up in DNS. Now to get a better understanding of addressing, subnetting, routing, dual stack, tunneling, etc, etc, etc. I am excited about getting the basics working though.

This was very helpful in getting this far:
http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Sat Jan 22, 2011 3:43 pm

Well, got my new modem installed and working and was able to get my tunnel from Hurricane Electric. Now I just need to figure out how to set it up. :)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Sat Jan 22, 2011 6:06 pm

I got my Hurricane Electric tunnel up on my OpenWrt router and can ping6 and traceroute6 to IPv6 addresses out on the internet (e.g. ipv6.google.com). Before setting up the tunnel I had made up IPv6 addresses and configured several of my machines with them and was able to ping between them. Now I have to figure out how to get them legit IPv6 addresses and how to get them to route through my tunnel that I set up on my OpenWrt router. I am such a n00b. :)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Sun Jan 23, 2011 9:30 am

Looks like this thread might have the nuggets I need to get my clients talking:

http://www.tunnelbroker.net/forums/inde ... pic=1345.0

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Sun Jan 23, 2011 6:27 pm

Woohoo!! I got it all working! I configured radvd on my OpenWrt firewall with my routed /64 network, configured my lan interface on the firewall with an address on that network but for some reason was having trouble getting Fedora 14 configured to assign itself an address via stateless auto-configuration (from radvd running on the OpenWrt router). This page had some good info:

http://www.killsudo.info/?cat=3

However, it was as simple as putting these two lines in your device config file (e.g. /etc/sysconfig/network-scripts/ifcfg-eth0):

Code: Select all

IPV6INIT=yes
IPV6_AUTOCONF=yes
I restarted my network service and bingo! I could then ping6 and traceroute6 to ipv6 names/addresses out on the Internet. Here's my test-ipv6.com results:

Image

(Click to enlarge)

The only ding I got was something about my ISP's DNS server.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 24, 2011 12:49 am

So far I've made it through the professional cert with a score so far of 585. To get there I had to set up my tunnel, prove I had IPv6 connectivity to the world, configure DNS entries (AAAA, PTR, MX), a web server, and a mail server and they all had to work. The next step in the cert process is "guru" and I believe I have to create subdomains, etc. What a great program, and it's free!!

I have one little problem yet to figure out that isn't really related to the Hurricane Electric cert process. I got a /48 route-able network and I peeled off a /64 from it hoping to use that in my DMZ. I configured radvd to issue addresses on my DMZ interface on my firewall in addition to the LAN interface but have yet been able to get my DMZ boxes to auto-configure an address. It's gotta be something with my shorewall configuration on my router but I can't quite pin it down.

Oh, I also created a script to update my tunnel end point on HE and bring up my tunnel after starting shorewall.

he.sh:

Code: Select all

#!/bin/sh

IPV4ADDR=`cat /var/run/shorewall.ip | tr -d '\n'`
MD5PASS="xxxxxxxxxxxxxxxxxxxxxxxx"
USERID="yyyyyyyyyyyyyyyyyyyyyyyy"
GTUNID="xxxxxx"
wget --no-check-certificate -O - "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=$IPV4ADDR&pass=$MD5PASS&user_id=$USERID&tunnel_id=$GTUNID" 2> /dev/null   > /tmp/he.net

ip tunnel add he-ipv6 mode sit remote 209.51.181.2 local $IPV4ADDR ttl 255
ip link set he-ipv6 up
ip addr add 2001:a:b:c::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
Go here for explanation of the variables:

https://ipv4.tunnelbroker.net/ipv4_end.php

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 24, 2011 10:36 pm

Well, I passed the "Guru" cert with 805 points and only have one level left to go (Sage). All I have to do to get that cert is get IPv6 glue records in the TLD for my domain.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Mon Jan 24, 2011 11:28 pm

I had trouble getting IPv6 connectivity on my KVM guests. After some searching I found that you have to make sure this line is in your KVM host's ip6tables:

Code: Select all

-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
Works fine now.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Thu Jan 27, 2011 8:40 pm

Got a 10/10 on the IPv6 test after pointing to a different DNS server:

Image

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Re: IPv6

Post by Void Main » Sat Mar 19, 2011 7:16 am

More on iptables being applied to the bridge by default (which causes problems with radvd automatic address assignment on kvm guests):

http://wiki.libvirt.org/page/Networking

To disable iptables on the bridge (as it should be) add this to /etc/sysctl.conf on the kvm host:

Code: Select all

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
To put it in motion without rebooting:

Code: Select all

# sysctl -p

Post Reply