IPv6

Differences between revisions 3 and 4
Revision 3 as of 2008-05-18 14:23:57
Size: 14191
Editor: 11
Comment: added wiki content TSPC
Revision 4 as of 2008-05-18 21:06:03
Size: 14982
Editor: 19-230
Comment:
Deletions are marked like this. Additions are marked like this.
Line 40: Line 40:
{{{Note: The IPv4 broadcast address (usually xxx.xxx.xxx.255) is expressed by multicast addresses in IPv6.}}} '''Note:''' The IPv4 broadcast address (usually {{{xxx.xxx.xxx.255}}}) is expressed by multicast addresses in IPv6.
Line 43: Line 43:
{{{
IPv6 address  Prefixlength (Bits) Description   Notes
:: 128 bits  unspecified   cf. 0.0.0.0 in IPv4
::1 128 bits  loopback address  cf. 127.0.0.1 in IPv4
::00:xx:xx:xx:xx 96 bits   embedded IPv4   The lower 32 bits are the IPv4 address. Also called “IPv4 compatible IPv6 address”
::ff:xx:xx:xx:xx 96 bits   IPv4 mapped IPv6 address The lower 32 bits are the IPv4 address. For hosts which do not support IPv6.
fe80:: - feb::  10 bits link-local   cf. loopback address in IPv4
fec0:: - fef::  10 bits site-local  
ff:: 8 bits   multicast  
001 (base 2)  3 bits   global unicast   All global unicast addresses are assigned from this pool. The first 3 bits are “001”.
}}}
||IPv6 address||||Prefixlength (Bits)||||Description||||Notes||
||::||||128 bits||||unspecified||||cf. 0.0.0.0 in IPv4||
||::1||||128 bits||||loopback address||||cf. 127.0.0.1 in IPv4||
||::00:xx:xx:xx:xx||||96 bits||||embedded IPv4||||The lower 32 bits are the IPv4 address. Also called “IPv4 compatible IPv6 address”||
||::ff:xx:xx:xx:xx||||96 bits||||IPv4 mapped IPv6 address||||The lower 32 bits are the IPv4 address. For hosts which do not support IPv6.||
||fe80:: - feb::||||10 bits||||link-local||||cf. loopback address in IPv4||
||fec0:: - fef::||||10 bits||||site-local||
||ff::||||8 bits||||multicast||
||001 (base 2)||||3 bits||||global unicast||All global unicast addresses are assigned from this pool. The first 3 bits are “001”.||
Line 56: Line 54:
The canonical form is represented as: x:x:x:x:x:x:x:x, each “x” being a 16 Bit hex value. For example FEBC:A574:382B:23C1:AA49:4592:4EFE:9982

Often an address will have long substrings of all zeros therefore one such substring per address can be abbreviated by “::”. Also up to three leading “0”s per hexquad can be omitted. For example fe80::1 corresponds to the canonical form fe80:0000:0000:0000:0000:0000:0000:0001.

A third form is to write the last 32 Bit part in the well known (decimal) IPv4 style with dots “.” as separators. For example 2002::10.0.0.1 corresponds to the (hexadecimal) canonical representation 2002:0000:0000:0000:0000:0000:0a00:0001 which in turn is equivalent to writing 2002::a00:1.
The canonical form is represented as: x:x:x:x:x:x:x:x, each “x” being a 16 Bit hex value. For example {{{FEBC:A574:382B:23C1:AA49:4592:4EFE:9982}}}

Often an address will have long substrings of all zeros therefore one such substring per address can be abbreviated by “{{{::}}}”. Also up to three leading “0”s per hexquad can be omitted. For example {{{fe80::1}}} corresponds to the canonical form {{{fe80:0000:0000:0000:0000:0000:0000:0001}}}.

A third form is to write the last 32 Bit part in the well known (decimal) IPv4 style with dots “.” as separators. For example {{{2002::10.0.0.1}}} corresponds to the (hexadecimal) canonical representation {{{2002:0000:0000:0000:0000:0000:0a00:0001}}} which in turn is equivalent to writing {{{2002::a00:1}}}.
Line 78: Line 76:
fe80::eeff:eeff:eeff:e5a7 of interface eth0 is an auto configured link-local address. It is generated from the MAC address as part of the auto configuration. {{{fe80::eeff:eeff:eeff:e5a7}}} of interface eth0 is an auto configured link-local address. It is generated from the MAC address as part of the auto configuration.
Line 94: Line 92:
Step by step you need to perform the following steps: You need to perform the following steps:
Line 105: Line 103:
After your tunnel and the subnet are approved, you should have received an email like this: After your tunnel and the subnet are approved, you should have received an email like the following:
Line 125: Line 123:
'''Note:''' The addresses suplied in this howto are fake's. Please use your addresses suplied in your e-mail. Else you will not have a working network. This means replce 2001:ffff:ffff::/48 with your address!!! '''Note:''' The addresses suplied in this howto are fake's. Please use your addresses suplied in your e-mail. Else you will not have a working network. This means replce {{{2001:ffff:ffff::/48}}} with your address!!!
Line 130: Line 128:
Your IPv4: If you have no static address, use ayiya. If you have a static address, your public IPv4 address should stand here. '''Your IPv4:''' If you have '''no''' static IPv4 address, ayiya should stand here. Otherwise your public IPv4 address.
Line 161: Line 159:
 1. In /etc/sysctl.conf uncomment net.ipv6.conf.default.forwarding=1
 2. Install radvd
 2.1 If you have a simple network you want to give IPv6 connectivity, then edit /etc/radvd.conf with your favorite editor
 1.#1 Edit {{{/etc/sysctl.conf}}}
Uncomment the line which contains {{{net.ipv6.conf.default.forwarding=1}}}
 1.#2 Install radvd
{{{
sudo aptitude install radvd
}}}
 1.#3 Edit {{{/etc/radvd.conf}}} (see following sample)
Line 191: Line 193:
 1.#1 Restart network
Line 194: Line 197:
for the network restart

 1.#2 Let aiccu configure your tunnel
Line 199: Line 202:
for the tunnel

 1.#3 Restart the router advertising daemon to propagate your IPv6 address space
Line 204: Line 207:
for the advertising service

So thats really all. You should now be able to connect to the IPv6 internet with every IPv6 capable client automatically.

So thats really all. You should now be able to connect to the IPv6 internet with every IPv6 capable client automatically. See section "Conclusion" for testing.
Line 234: Line 236:
Using '''ping6''' try {{{ping6 6bone.net}}} or {{{ping6.google.com}}}. If you get a reply, it's working!

= IPv6 capable Software =
For a network test using '''ping6''' see the "Conclusion" section

= IPv6 enabled software and services =
The basic unix tools normally have ipv6 support. Network tools like "ping" or "traceroute" have a IPv6 companion like "ping6" or "traceroute6". Tools like ssh are working out of the box.

== Web ==
Almost every web browser I know can communicate over IPv6. There are a lot of IPv6 enabled Website out there, but they are sometimes hard to find. For a start you can search with [http://ipv6.google.com ipv6.google.com]
or see the dancing "Kame" on [http://kame.net kame.net]. More links are available at [http://go6.net Go6] or [http://www.sixxs.net SixXS].
 
Line 244: Line 252:

Have fun!!!

IPv6 Introduction

IPv6 (also known as IPng “IP next generation”) is the new version of the well known IP protocol (also known as IPv4). Your Ubuntu system comes with all you will need to experiment with IPv6. This section focuses on getting IPv6 properly configured and running.

In the early 1990s, people became aware of the rapidly diminishing address space of IPv4. Given the expansion rate of the Internet there were two major concerns:

Running out of addresses. Today this is not so much of a concern anymore since RFC1918 private address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) and Network Address Translation (NAT) are being employed.

Router table entries were getting too large. This is still a concern today.

IPv6 deals with these and many other issues:

  • 128 bit address space. In other words theoretically there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available. This means there are approximately 6.67 * 10^27 IPv6 addresses per square meter on our planet.
  • Routers will only store network aggregation addresses in their routing tables thus reducing the average space of a routing table to 8192 entries.

There are also lots of other useful features of IPv6 such as:

  • Address autoconfiguration (RFC2462)
  • Anycast addresses (“one-out-of many”)
  • Mandatory multicast addresses
  • IPsec (IP security)
  • Simplified header structure
  • Mobile IP
  • IPv6-to-IPv4 transition mechanisms

For more information see:

  • IPv6 overview at playground.sun.com
  • KAME.net

Background on IPv6 Addresses

There are different types of IPv6 addresses: Unicast, Anycast and Multicast.

Unicast addresses are the well known addresses. A packet sent to a unicast address arrives exactly at the interface belonging to the address.

Anycast addresses are syntactically indistinguishable from unicast addresses but they address a group of interfaces. The packet destined for an anycast address will arrive at the nearest (in router metric) interface. Anycast addresses may only be used by routers.

Multicast addresses identify a group of interfaces. A packet destined for a multicast address will arrive at all interfaces belonging to the multicast group.

Note: The IPv4 broadcast address (usually xxx.xxx.xxx.255) is expressed by multicast addresses in IPv6.

Reserved IPv6 addresses

IPv6 address

Prefixlength (Bits)

Description

Notes

::

128 bits

unspecified

cf. 0.0.0.0 in IPv4

::1

128 bits

loopback address

cf. 127.0.0.1 in IPv4

::00:xx:xx:xx:xx

96 bits

embedded IPv4

The lower 32 bits are the IPv4 address. Also called “IPv4 compatible IPv6 address”

::ff:xx:xx:xx:xx

96 bits

IPv4 mapped IPv6 address

The lower 32 bits are the IPv4 address. For hosts which do not support IPv6.

fe80:: - feb::

10 bits

link-local

cf. loopback address in IPv4

fec0:: - fef::

10 bits

site-local

ff::

8 bits

multicast

001 (base 2)

3 bits

global unicast

All global unicast addresses are assigned from this pool. The first 3 bits are “001”.

Reading IPv6 Addresses

The canonical form is represented as: x:x:x:x:x:x:x:x, each “x” being a 16 Bit hex value. For example FEBC:A574:382B:23C1:AA49:4592:4EFE:9982

Often an address will have long substrings of all zeros therefore one such substring per address can be abbreviated by “::”. Also up to three leading “0”s per hexquad can be omitted. For example fe80::1 corresponds to the canonical form fe80:0000:0000:0000:0000:0000:0000:0001.

A third form is to write the last 32 Bit part in the well known (decimal) IPv4 style with dots “.” as separators. For example 2002::10.0.0.1 corresponds to the (hexadecimal) canonical representation 2002:0000:0000:0000:0000:0000:0a00:0001 which in turn is equivalent to writing 2002::a00:1.

By now the reader should be able to understand the following:

# ifconfig

eth0      Link encap:Ethernet  HWaddr ee:ff:ee:ff:ee:ff  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:eeff:eeff::1/64 Scope:Global
          inet6 addr: fe80::eeff:eeff:eeff:e5a7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33785 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33768 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:23272619 (22.1 MB)  TX bytes:21928501 (20.9 MB)
          Base address:0xb800 Memory:f2000000-f2020000

fe80::eeff:eeff:eeff:e5a7 of interface eth0 is an auto configured link-local address. It is generated from the MAC address as part of the auto configuration.

For further information on the structure of IPv6 addresses see [http://www.ietf.org/rfc/rfc3513.txt RFC3513].

Getting Connected

Here you have more than one option:

At the moment there are not many IPv6 Internet Service Provider who actually provide their users with IPv6 Internet services. In the near future every user need a IPv4/IPv6 dualstack configuration and this would increase cost for hardware and administration for the provider. The second reason is that there is not enough IPv6 capable hardware, like Cable-Modems, DSL-Routers on the market. So at the moment it seems that the easiest way to get IPv6 connectivity is tunneling the traffic over IPv4.

Get connected with SixXS

First you need an account on the SixXS Website. Please consider that they manually approve your information and that you should provide them with correct data about you. The system is very easy to use. For the creation of your account you are goint to receive some credit point. You can then use these credits for requesting new tunnels and subnets. A tunnel costs you 15 credits. If you are able to use the requested tunnels you are going to receive 10 Credits after a week.

You need to perform the following steps:

  1. Create an account
  2. Request a tunnel 2.1 Wait for tunnel approval
  3. Request a subnet 3.1 Wait for subnet approval

The approval of your requests are done manually, so be patient. Normally you will receive the approval within one our.

Note: If you only want to connect one computer, you can skip Step 3 and perform subsections "Synchronize with a timeserver" and "Install aiccu".

After your tunnel and the subnet are approved, you should have received an email like the following:

Dear Generic User,

The SixXS Staff have honored your request for a subnet on the following
tunnel:
-------
 PoP Name     : chzrh01 (ch.thermelec [AS20932])
 Subnet IPv6  : 2001:ffff:ffff::/48
 Routed to    : 2001:ffff:ffff:ff::2/64
 Your IPv4    : ayiya
-------

Please visit your home on the website for more information and options
regarding this subnet.

Regards,
 The SixXS tunnelrobot.

Note: The addresses suplied in this howto are fake's. Please use your addresses suplied in your e-mail. Else you will not have a working network. This means replce 2001:ffff:ffff::/48 with your address!!!

Subnet IPv6: This is the address of your /48 subnet routed to you. We need this address later to configure the preffix of the Router Advertising daemon and for your Routers local IPv6 network address. For a local subnet only /64 subnet should be used. Because of that we configure radvd with a /64 bit prefix and also the network interface.

Routed to: This is the address of your sixxs tunnel interface. Your IPv4: If you have no static IPv4 address, ayiya should stand here. Otherwise your public IPv4 address.

Replace also eth0 with the name of the network interface connected to your local network. The command line tool ifconfig is your friend if you don't know.

Synchronize with a timeserver

If you have no ntp daemon installed to keep your time synchronised. Then install openntpd or any other ntp daemon you want. This is because we are going to install aiccu, the IPv6 auto tunneling daemon, from SixXS. The tunnel will not work if the time difference of your clock is bigger than 120 seconds.

Install aiccu

aiccu is the SixXS client application. If aiccu runs in the daemon mode, it will make sure your tunnel is always up to date.

Install aiccu:

sudo aptitude install aiccu

The installer will automatically prompt for username, password, and the tunnel_id you want to configure.

Note: If you don't know the tunnel_id then go to http://www.sixxs.net/home/ and check your tunnel information.

Note: The Tunnel id should also be in your "Tunnel Approval" email.

Configure local network interface

We also have to configure the local network interface with an IPv6 address. I prefer an easy to memorize address for my router so I choose 2001:ffff:ffff::1. According the information I got from sixxs, this is the First address I can use. Open the config file /etc/network/interfaces with an editor and add:

iface eth0 inet6 static
        address 2001:ffff:ffff::1
        netmask 64

Note: replace eth0 widt the interface name you used in the /etc/radvd.conf config file.

Configure your Ubuntu box as a IPv6 router

  1. Edit /etc/sysctl.conf

Uncomment the line which contains net.ipv6.conf.default.forwarding=1

  1. Install radvd

sudo aptitude install radvd
  1. Edit /etc/radvd.conf (see following sample)

Note: If the computer is only routing IPv6, then only uncomment net.ipv6.conf.default.forwarding=1 and leave the IPv4 stuff unchanged.

Note: /etc/radvd.conf: This file does not exist after a fresh install. You can look at the sample configuration files in usr/share/doc/radvd/examples/ for further studies.

Sample /etc/radvd.conf:

interface eth0
{
   AdvSendAdvert on;
   prefix 2001:ffff:ffff::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
};

eth0 is the interface which is used for the Router Advertising messages (RA's). If you are not sure about the interface, check with ifconfig on the command line.

The prefix you have to take from the information given by the sixxs stuff.

After a restart of radvd your router should automatically send "Router Advertising Messages" to your network and your IPv6 clients should auto configure them self.

Reboot or restart services

You can simply reboot now if you want that all changes taking effect or if this is not an option because you run other services that are needed run:

  1. Restart network

sudo ifconfig eth0 down & sudo ifconfig eth0 up
  1. Let aiccu configure your tunnel

sudo /etc/init.d/aiccu restart
  1. Restart the router advertising daemon to propagate your IPv6 address space

sudo /etc/init.d/radvd restart

So thats really all. You should now be able to connect to the IPv6 internet with every IPv6 capable client automatically. See section "Conclusion" for testing.

Get connected with freenet6 / TSP

Tunnel Setup Protocol (TSP) is a signalling protocol used to negotiate tunnel setup parameters between two tunnel end-points. This protocol is most commonly used to create IPv6-In-IPv4 tunnels, allowing a person to use IPv6 on his native IPv4 network.

TSPC (client) starts an end-to-end tunnel with the TSP server(tunnel broker). After negotiation of tunnel setup parameters has been done the software goes into daemon mode and maintains the tunnel alive.

Go6.net

Like it was mentioned above, TSPC requires a TSP Server (tunnel broker) to work. The default configuration file is ready for you to use your tunnel, however, it's configured for anonymous access only, which has a few limitations.

I recommend registering on [http://go6.net GO6.net]. The rest of this page will be dedicated to those who created an account there.

TSP in Ubuntu

The client software is called tspc and is available on official repositories.

Configuring TSPC

Configuration file: /etc/tsp/tspc.conf

On this configuration file there are three things that we need to change (username, password and server).

Locate the username field and change it to the information you entered on the Go6.net website. Do the same for the password field.

As for the server, the one used by default (anon.freenet6.net) is used only for anonymous accounts. Since we registered an account we will have to use broker.freenet6.net for our tunnel to work.

Testing the tunnel

Check /var/log/tspc.log to see if any errors were reported.

For a network test using ping6 see the "Conclusion" section

IPv6 enabled software and services

The basic unix tools normally have ipv6 support. Network tools like "ping" or "traceroute" have a IPv6 companion like "ping6" or "traceroute6". Tools like ssh are working out of the box.

Web

Almost every web browser I know can communicate over IPv6. There are a lot of IPv6 enabled Website out there, but they are sometimes hard to find. For a start you can search with [http://ipv6.google.com ipv6.google.com] or see the dancing "Kame" on [http://kame.net kame.net]. More links are available at [http://go6.net Go6] or [http://www.sixxs.net SixXS].

IRC

IRSSI supports IPv6 as well as our favorite IRC network (Freenode).

IRSSI needs to be configured to prefer IPv6 to IPv4. In order to do this, please use the command /SET resolve_prefer_ipv6 ON when on IRSSI. As for Freenode, connect to ipv6.chat.freenode.net to test your new IPv6 tunnel or choose another server from their [http://freenode.net/irc_servers.shtml IRC Servers list]

Conclusion

You should now be able to ping and surf IPv6 enabled sites like ipv6.google.com or kame.net. For a ping perform ping6 ipv6.google.com. It's a good idea to think about firewalling whitin your clients, because all clients have now a public reachable IPv6 IP. In ubuntu this is also an very easy task with the new ufw (uncomplicated firewall).

Have fun!!!

Copyright Notice

The IPv6 introduction was largely copied and modified from the FreeBSD Handbook. Copyright © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 The FreeBSD Documentation Project.


CategoryDocumentation

IPv6 (last edited 2016-01-26 07:16:40 by 184-105-177-106)