IPv6

Differences between revisions 27 and 28
Revision 27 as of 2010-11-16 23:23:42
Size: 20358
Editor: 64-184-245-107
Comment:
Revision 28 as of 2010-11-16 23:25:25
Size: 20345
Editor: 64-184-245-107
Comment:
Deletions are marked like this. Additions are marked like this.
Line 105: Line 105:
To configure your box to give out addresses to the LAN from your /64, see [[#Configure%20your%20Ubuntu%20box%20as%20a%20IPv6%20router|Configure your Ubuntu box as an IPv6 router]]. To configure your box to give out addresses to the LAN from your /64, see [[#Configure your 0Ubuntu box as a IPv6 router|Configure your Ubuntu box as an IPv6 router]].

IPv6 Introduction

IPv6 is the new version of the well known IP protocol (also known as IPv4). Your Ubuntu system comes with all you will need to experiment with IPv6. This section focuses on getting IPv6 properly configured and running.

In the early 1990s, people became aware of the rapidly diminishing address space of IPv4. Given the expansion rate of the Internet there were two major concerns:

  • Running out of addresses. This was deferred via RFC1918 private address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) and Network Address Translation (NAT) to share a public IPv4 address with multiple computers (usually all the users connected through a DSL/Cable router). However, it is predicted that unassigned IPv4 addresses will run out sometime in 2011 or 2012, at which point multiple internet connections may have to share addresses. NAT has its own problems; there is no need for NAT in IPv6, so these problems go away.
  • Router table entries were getting too large. This is still a concern today.

IPv6 deals with these and many other issues:

  • 128 bit address space. In other words theoretically there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available. This means there are approximately 667,126,144,781,400,397 IPv6 addresses per square millimeter on our planet.
  • Each computer can have it's own (usually static) globally routable address (no more port forwarding or dmz setup!).
  • Routers will only store network aggregation addresses in their routing tables thus reducing the average space of a routing table to 8192 entries.

There are also lots of other useful features of IPv6 such as:

  • Address autoconfiguration (RFC2462)
  • Anycast addresses (“one-out-of many”)
  • Mandatory multicast addresses
  • IPsec (IP security)
  • Simplified header structure
  • Mobile IP
  • IPv6-to-IPv4 transition mechanisms

For more information see:

Background on IPv6 Addresses

There are different types of IPv6 addresses: Unicast, Anycast and Multicast.

Unicast addresses are the well known addresses. A packet sent to a unicast address arrives exactly at the interface belonging to the address.

Anycast addresses are syntactically indistinguishable from unicast addresses but they address a group of interfaces. The packet destined for an anycast address will arrive at the nearest (in router metric) interface. Anycast addresses may only be used by routers.

Multicast addresses identify a group of interfaces. A packet destined for a multicast address will arrive at all interfaces belonging to the multicast group.

Note: The IPv4 broadcast address (usually xxx.xxx.xxx.255) is expressed by multicast addresses in IPv6.

Reading IPv6 Addresses

The canonical form is represented as: x:x:x:x:x:x:x:x, each “x” being a 16 bit hex value. For example 2001:A574:382B:23C1:AA49:4592:4EFE:9982.

Often an address will have long substrings of all zeros therefore one such substring per address can be abbreviated by “::”. Also up to three leading “0”s per hexquad can be omitted. For example fe80::1 corresponds to the canonical form fe80:0000:0000:0000:0000:0000:0000:0001 and 2001:470:B:23C1:49:4592:EFE:9982 corresponds to the canonical form 2001:0470:000B:23C1:0049:4592:0EFE:9982.

A third form is to write the last 32 Bit part in the well known (decimal) IPv4 style with dots “.” as separators. For example 2002::10.0.0.1 corresponds to the (hexadecimal) canonical representation 2002:0000:0000:0000:0000:0000:0a00:0001 which in turn is equivalent to writing 2002::a00:1.

By now the reader should be able to understand the following:

# ifconfig
eth0      Link encap:Ethernet  HWaddr ee:ff:ee:ff:ee:ff  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:eeff:eeff::1/64 Scope:Global
          inet6 addr: fe80::eeff:eeff:eeff:e5a7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33785 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33768 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:23272619 (22.1 MB)  TX bytes:21928501 (20.9 MB)
          Base address:0xb800 Memory:f2000000-f2020000

fe80::eeff:eeff:eeff:e5a7 of interface eth0 is an autoconfigured link-local address. It is generated from the device's hardware (MAC) address as part of the autoconfiguration.

For further information on the structure of IPv6 addresses see RFC3513.

Special IPv6 address ranges

Address ranges are specified using a prefix. This is similar to the IPv4 concept of a network prefix and netmask, but in IPv6 we always use CIDR notation to specify the number of bits at the start of the mask that are 1. For example, the address range fe80::/10 includes all addresses that are the same as the address fe80:: in the first 10 bits, i.e., all beginning with the bit pattern 1111 1110 10. One hex digit corresponds to four bits: 1111 is f, 1110 is e. 10 is the most significant two bits of 1000 which is 8 in hex, but since this length is not a multiple of 4, the range also includes addresses with this digit set to 9 (1001), a (1010) and b (1011). Obviously a network prefix of length 128 specifies an individual address.

IPv6 address

Prefix length (bits)

Description

Notes

::

128

unspecified

cf. 0.0.0.0 in IPv4

::1

128

loopback address

cf. 127.0.0.1 in IPv4

::

96

embedded IPv4

These are IPv4 addresses rendered as 128-bit values (the top 96 bits are zero). Also called “IPv4 compatible IPv6 address”.

::ffff:0000:0000

96

IPv4 mapped IPv6 address

The lower 32 bits are the IPv4 address. For hosts which do not support IPv6.

fe80::

10

link-local

Unroutable addresses used for local autoconfiguration.

fec0::

10

site-local

Addresses used only within one local network, unroutable outside it. Cf. RFC 1918 addresses such as used in NAT.

ff::

8

multicast

2000::

3

global unicast

All global unicast addresses are assigned from this pool (starting with hex digit 2 or 3).

Getting Connected

Here you have more than one option:

At the moment there are not many IPv6 Internet Service Provider who actually provide their users with IPv6 Internet services. In the near future every user will need a IPv4/IPv6 dualstack configuration and this would increase cost for hardware and administration for the provider. The second reason is that there is not enough IPv6 capable hardware, like Cable-Modems, DSL-Routers on the market. So at the moment it seems that the easiest way to get IPv6 connectivity is tunneling the traffic over IPv4.

Get connected with Hurricane Electric

Hurricane Electric is faster than Sixxs if you want to share your IPv6 tunnel with other computers on your network because you don't have to wait for a week before getting addresses to give out to other computers on your network. First you need to register on the TunnelBroker.net Website. You will be emailed your username and password. Login and in the User Functions Box on the left side click the Create Regular Tunnel link. Put in your IPv4 address and Select a server close to you. Go to the tunnel details page. Run gksudo gedit /etc/networking/interfaces and add the following, editing as directed by the comments:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
     endpoint 216.218.226.238 #Get this address from the Server IPv4 address field on the tunnel details page
     address  2001:470:a:d29f::2 #Get this address from the Client IPv6 address field on the tunnel details page
     netmask  64
     up ip -6 route add 2001:470:b:d29f::/64 dev eth0 #This address is from the "Routed /64:" field and eth0 should be replaced with the device you connect to your local network with. This line sends IPv6 packets addressed to your network to your network instead of out to the internet through the tunnel.
     up ip -6 route add default dev he-ipv6 #anything not matching the previous rule falls through to this one, sending it to the ipv6 tunnel.
     down ip -6 route del default dev he-ipv6 #This line and the next remove routes this connection set up so they aren't in the way when you (re)start the tunnel.
     down ip -6 route del 2001:470:b:d29f::/64 dev eth0 #This address is from the "Routed /64:" field and eth0 should be replaced with the device you connect to your local network with.

Run sudo ifup he-ipv6 and you should have IPv6 connectivity.

To configure your box to give out addresses to the LAN from your /64, see Configure your Ubuntu box as an IPv6 router.

Get connected with SixXS

First you need an account on the SixXS Website. Please consider that they manually approve your information and that you should provide them with correct data about you. The system is very easy to use. For the creation of your account you are going to receive some credit points. You can then use these credits for requesting new tunnels and subnets. A tunnel costs you 15 credits. If you are able to use the requested tunnels you are going to receive 10 Credits after a week.

You need to perform the following steps:

  1. Create an account
  2. Request a tunnel 2.1. Wait for tunnel approval
  3. Request a subnet 3.1. Wait for subnet approval

The approval of your requests are done manually, so be patient. Normally you will receive the approval within the hour.

Note: If you only want to connect one computer, you can skip Step 3 and perform subsections "Synchronize with a timeserver" and "Install aiccu".

After your tunnel and the subnet are approved, you should have received an email like the following:

Dear Generic User,

The SixXS Staff have honored your request for a subnet on the following
tunnel:
-------
 PoP Name     : chzrh01 (ch.thermelec [AS20932])
 Subnet IPv6  : 2001:ffff:ffff::/48
 Routed to    : 2001:ffff:ffff:ff::2/64
 Your IPv4    : ayiya
-------

Please visit your home on the website for more information and options
regarding this subnet.

Regards,
 The SixXS tunnelrobot.

Note: The addresses suplied in this howto are fakes. Please use your addresses supplied in your e-mail. Otherwise you will not have a working network. This means replace 2001:ffff:ffff::/48 with your address!

Subnet IPv6: This is the address of your /48 subnet routed to you. We need this address later to configure the prefix of the Router Advertising daemon and for your Routers local IPv6 network address. For a local subnet only /64 subnet should be used. Because of that we configure radvd with a /64 bit prefix and also the network interface.

Routed to: This is the address of your sixxs tunnel interface. Your IPv4: If you have no static IPv4 address, ayiya should stand here. Otherwise your public IPv4 address.

Replace also eth0 with the name of the network interface connected to your local network. The command line tool ifconfig is your friend if you don't know.

Synchronize with a timeserver

If you have no ntp daemon installed to keep your time synchronised. Then install openntpd or any other ntp daemon you want. This is because we are going to install aiccu, the IPv6 auto tunneling daemon, from SixXS. The tunnel will not work if the time difference of your clock is bigger than 120 seconds.

Install aiccu

aiccu is the SixXS client application. If aiccu runs in the daemon mode, it will make sure your tunnel is always up to date.

Install aiccu:

sudo aptitude install aiccu

The installer will automatically prompt for username, password, and the tunnel_id you want to configure.

Note: If you don't know the tunnel_id then go to http://www.sixxs.net/home/ and check your tunnel information.

Note: The Tunnel id should also be in your "Tunnel Approval" email.

Configure local network interface

We also have to configure the local network interface with an IPv6 address. I prefer an easy to memorize address for my router so I choose 2001:ffff:ffff::1. According the information I got from sixxs, this is the First address I can use. Open the config file /etc/network/interfaces with an editor and add:

iface eth0 inet6 static
        address 2001:ffff:ffff::1
        netmask 64

Note: replace eth0 with the interface name you used in the /etc/radvd.conf config file.

To configure your box to give out addresses to the LAN from your /64, see Configure your Ubuntu box as an IPv6 router.

Reboot or restart services

You can simply reboot now if you want that all changes taking effect or if this is not an option because you run other services that are needed run:

  1. Restart network

sudo ifconfig eth0 down & sudo ifconfig eth0 up
  1. Let aiccu configure your tunnel

sudo /etc/init.d/aiccu restart
  1. Restart the router advertising daemon to propagate your IPv6 address space (if you set up your box as an IPv6 router)

sudo /etc/init.d/radvd restart

So thats really all. You should now be able to connect to the IPv6 internet with every IPv6 capable client automatically. See section "Conclusion" for testing.

Get connected with freenet6 / TSP

Tunnel Setup Protocol (TSP) is a signalling protocol used to negotiate tunnel setup parameters between two tunnel end-points. This protocol is most commonly used to create IPv6-In-IPv4 tunnels, allowing a person to use IPv6 on his native IPv4 network.

TSPC (client) starts an end-to-end tunnel with the TSP server(tunnel broker). After negotiation of tunnel setup parameters has been done the software goes into daemon mode and maintains the tunnel alive.

Go6.net

Like it was mentioned above, TSPC requires a TSP Server (tunnel broker) to work. The default configuration file is ready for you to use your tunnel, however, it's configured for anonymous access only, which has a few limitations.

I recommend registering on GO6.net. The rest of this page will be dedicated to those who created an account there.

TSP in Ubuntu

The client software is called tspc and is available on official repositories.

Configuring TSPC

Configuration file: /etc/tsp/tspc.conf

On this configuration file there are three things that we need to change (username, password and server).

Locate the username field and change it to the information you entered on the Go6.net website. Do the same for the password field.

As for the server, the one used by default (anon.freenet6.net) is used only for anonymous accounts. Since we registered an account we will have to use broker.freenet6.net for our tunnel to work.

Testing the tunnel

Check /var/log/tspc.log to see if any errors were reported.

For a network test using ping6 see the "Conclusion" section

Configure your Ubuntu box as a IPv6 router

  1. Edit /etc/sysctl.conf

Uncomment the line which contains net.ipv6.conf.default.forwarding=1

  1. Install radvd

sudo aptitude install radvd
  1. Edit /etc/radvd.conf (see following sample)

Note: If the computer is only routing IPv6, then only uncomment net.ipv6.conf.default.forwarding=1 and leave the IPv4 stuff unchanged.

Note: /etc/radvd.conf: This file does not exist after a fresh install. You can look at the sample configuration files in usr/share/doc/radvd/examples/ for further studies.

Sample /etc/radvd.conf:

interface eth0
{
   AdvSendAdvert on;
   prefix 2001:ffff:ffff::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
};

eth0 is the interface which is used for the Router Advertising messages (RA's). If you are not sure about the interface, check with ifconfig on the command line.

The prefix you have to take from the information given by the Sixxs or Hurricane Electric stuff.

After a restart of radvd your router should automatically send "Router Advertising Messages" to your network and your IPv6 clients should auto configure them self.

Get connected with Miredo

Ubuntu includes a package named miredo that can tunnel IPv6 through IPv4 connections. Miredo is an implementation of Teredo, which is a way to tunnel IPv6-traffic over IPv4-UDP-traffic. As IPv4-UDP will pass NAT-devices, miredo will work behind most NAT-devices. A further advantage of miredo/teredo is that you don't need to define tunnel-endpoints or tunnel-accounts: just activate miredo, and you'll have IPv6 connectivity.

Install miredo:

sudo aptitude install miredo

After this command, you should see an IPv6 address beginning with "2001:0:" in your network settings (use 'ifconfig'). If so, you're connected to the IPv6 world.

For more information, see the miredo package information.

IPv6 enabled software and services

The basic unix tools normally have ipv6 support. Network tools like "ping" or "traceroute" have a IPv6 companion like "ping6" or "traceroute6". Tools like ssh are working out of the box.

Web

Almost every web browser I know can communicate over IPv6. There are a lot of IPv6 enabled Website out there, but they are sometimes hard to find. For a start you can search with ipv6.google.com or see the dancing "Kame" on kame.net. More links are available at Go6 or SixXS.

IRC

IRSSI supports IPv6 as well as our favorite IRC network (Freenode).

IRSSI needs to be configured to prefer IPv6 to IPv4. In order to do this, please use the command /SET resolve_prefer_ipv6 ON when on IRSSI. As for Freenode, connect to ipv6.chat.freenode.net to test your new IPv6 tunnel or choose another server from their IRC Servers list

Conclusion

You should now be able to ping and surf IPv6 enabled sites like ipv6.google.com or www.kame.net. For a ping perform ping6 ipv6.google.com. It's a good idea to think about firewalling within your clients, because all clients have now a public reachable IPv6 IP. In Ubuntu this is also an very easy task with the new UbuntuFirewall (ufw or uncomplicated firewall), just edit /etc/default/ufw and set IPV6=yes to get started.

Have fun!!!

Disabling IPv6

On some connections, the ipv6 kernel module may cause significant slowdowns and fail to connect to IPv6 servers. The Ubuntu Community wiki has instructions on disabling IPv6 to fix this issue.

Copyright Notice

The IPv6 introduction was largely copied and modified from the FreeBSD Handbook. Copyright © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 The FreeBSD Documentation Project.


CategoryDocumentation

IPv6 (last edited 2016-01-26 07:16:40 by 184-105-177-106)