||<>|| = IPv6 Introduction = Internet Protocol version 6 (IPv6) is the successor to the well known IPv4 protocol, commonly known as ''IP''. Your Ubuntu system comes with all you will need to use IPv6. This section focuses on getting IPv6 properly configured and running. In the early 1990s, growth of the Internet led to various problems with IPv4, including: * Running out of subnets. This was deferred by conversion to ''Classless Inter-Domain Routing'' (CIDR), currently described by [[http://tools.ietf.org/html/rfc4632|RFC4632]] * Running out of addresses. This was deferred by using [[http://tools.ietf.org/html/rfc1918|RFC1918]] private address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) hiding behind Network Address Translation (NAT) devices, in which a single public IPv4 address can be shared by multiple computers, e.g. all the users connected through a DSL/Cable modem. But NAT has its [[http://tools.ietf.org/html/rfc4966|own problems]]. Besides NAT, in some cases during the transition to IPv6, multiple internet connections will share IPv4 addresses via [[http://tools.ietf.org/html/draft-ietf-softwire-dual-stack-lite-06|dual-stack-lite]]. And as of 2011, a growing number of nodes on the Internet only speak ipv6 since unassigned IPv4 addresses [[http://en.wikipedia.org/wiki/IPv4_address_exhaustion|started to run out]]. * Routing table were getting too large. This is still a concern today. IPv6 deals with these and many other issues: * 128 bit address space, with a design goal of supporting 2^40^ subnets organizing 2^50^ hosts. While theoretically there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses possible, this is unattainable in practice. IPv6 does offer multitudes of addresses per person, so we are unlikely to run out again. * Each computer can have its own globally routable address. There is no need for NAT in IPv6, returning us an architecture more similar to the peer-to-peer internet of the 1980's. * Smaller routing tables. Due to both better geographic and more hierarchical allocation strategies, IPv6 subnets currently generate only 1/7th as many routes as IPv4 subnets. As IPv4 continues to grow into old age, the IPv4 routing table will likely become less stable and less complete as it grows beyond the capacity of certain routers on the Internet. These routers will be forced to begin filtering out certain IPv4 routes believed to be redundant but there is the increasing potential for lost traffic as time goes on. There are also lots of other useful features of IPv6 such as: * Address autoconfiguration (RFC2462) * Anycast addresses (“one-out-of many”) * Mandatory multicast addresses * IPsec (IP security) * Simplified header structure * Mobile IP * IPv6-to-IPv4 transition mechanisms For more information see: * [[http://en.wikipedia.org/wiki/IPv6/|Wikipedia]] * [[http://www.kame.net|KAME.net]] == Background on IPv6 Addresses == There are different types of IPv6 addresses: Unicast, Anycast and Multicast. Unicast addresses are the well known addresses. A packet sent to a unicast address arrives exactly at the interface belonging to the address. Anycast addresses are syntactically indistinguishable from unicast addresses but they address a group of interfaces. The packet destined for an anycast address will arrive at the nearest (in router metric) interface. Anycast addresses may only be used by routers. Multicast addresses identify a group of interfaces. A packet destined for a multicast address will arrive at all interfaces belonging to the multicast group. '''Note:''' The IPv4 broadcast address (usually {{{xxx.xxx.xxx.255}}}) is expressed by multicast addresses in IPv6. == Reading IPv6 Addresses == The full form is represented as 8 ''hexquad'' parcels of 16 bits each written in lower case hexadecimal, separated by colons (:). For example {{{2001:0db8:382b:23c1:aa49:4592:4efe:9982}}}. Often an address will have long substrings of all zeros; the longest and first run of all zero hexquads is abbreviated as a double colon (“{{{::}}}”). Since :: is variable length, it can only be used once per address. Leading “0”s are also omitted, up to three per hexquad. For example, {{{fe80::1}}} is the [[http://tools.ietf.org/html/rfc5952|canonical form]] of {{{fe80:0000:0000:0000:0000:0000:0000:0001}}} and {{{2001:db8:b:23c1:49:4592:efe:9982}}} is the canonical form of {{{2001:0db8:000b:23c1:0049:4592:0efe:9982}}}. A third form is to write the last 32 bits in the well known ''dotted decimal'' IPv4 style. For example {{{2002::10.0.0.1}}} corresponds to the (hexadecimal) long representation {{{2002:0000:0000:0000:0000:0000:0a00:0001}}} with canonical form {{{2002::a00:1}}}. By now the reader should be able to understand the following: {{{ # ip addr 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:ad:2c:af:17 brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 scope global eth0 inet6 fe80::225:adff:fe2c:af17/64 scope link valid_lft forever preferred_lft forever }}} {{{fe80::225:adff:fe2c:af17}}} of interface eth0 is an autoconfigured link-local address. It is generated as an IEEE EUI-64 style identifier from the device's hardware IEEE EUI-48(MAC) address as part of the autoconfiguration. For further information on the structure of IPv6 addresses see [[http://tools.ietf.org/html/rfc3513|RFC3513]]. === Special IPv6 address ranges === Address ranges are specified using a prefix. This is similar to the IPv4 concept of a network prefix and netmask, but in IPv6 we always use CIDR notation to specify the number of bits at the start of the mask that are 1. For example, the address range {{{fe80::/10}}} includes all addresses that are the same as the address {{{fe80::}}} ''in the first 10 bits'', i.e. all beginning with the bit pattern {{{1111 1110 10}}}. One hex digit corresponds to four bits: {{{1111}}} is {{{f}}}, {{{1110}}} is {{{e}}}. {{{10}}} is the most significant two bits of {{{1000}}} which is {{{8}}} in hex, but since this length is not a multiple of 4, the range also includes addresses with this digit set to {{{9}}} ({{{1001}}}), {{{a}}} ({{{1010}}}) and {{{b}}} ({{{1011}}}). Obviously a network prefix of length 128 specifies an individual address. ||IPv6 address||||Prefix length (bits)||||Description||||Notes|| ||{{{::}}}||||128||||unspecified||||<(>Used for default route and ''router solicitations''. cf. {{{0.0.0.0}}} in IPv4|| ||{{{::1}}}||||128||||loopback address||||<(>cf. {{{127.0.0.1}}} in IPv4|| ||{{{::ffff:a.b.c.d}}}||||96||||IPv4 mapped IPv6 address||||<(>The lower 32 bits are the IPv4 address. Used in socket API's to represent IPv4 hosts.|| ||{{{fe80::}}}||||10||||link-local||||<(>Unroutable autoconfigured addresses used on a LAN, e.g. for DHCPv6|| ||{{{fc00::}}}||||7||||unique local||||<(>Addresses used only within an ''autonomous system'', unroutable globally. Cf. RFC 1918 addresses such as used in NAT.|| ||{{{ff00::}}}||||8||||<(>multicast|| ||{{{2000::}}}||||3||||global unicast||<(>All global unicast addresses currently begin with 2.|| Some IPv6 address prefixes have been deprecated, and should no longer be used. ||deprecated IPv6 address||||Prefix length (bits)||||Description||||Notes|| ||3ffe::||||16||||6bone prefix||||<(>Used 1998-2006.|| ||{{{::a.b.c.d}}}||||96||||embedded IPv4||||<(>96 zero bits followed by 32 IPv4 bits. Also called “IPv4 compatible IPv6 address”. Replaced by mapped addresses.|| ||{{{fec0::}}}||||10||||site-local||||<(>Replaced by Unique Local Addresses|| Some address prefixes are special use: ||special IPv6 address||||Prefix length (bits)||||Description||||Notes|| ||{{{2001:db8::}}}||||32||||documentation examples||||<(>Not to be routed.|| ||{{{2001:0::}}}||||32||||Teredo tunnels||||<(>the remaining bits come from a Teredo server and the client NAT device.|| ||{{{2002::}}}||||16||||6to4 tunnels||||<(>the next 32 bits are the client IPv4 address|| = Getting Connected = Here you have more than one option: == Native IPv6 connections == Contact your Internet Service Provider to see if they offer IPv6 yet. Only a few Internet Service Providers (ISP) currently offer native IPv6 service, though by 2015 probably all of them will. If your uplink involves a wifi router or broadband modem, those devices will need to support IPv6. Cable-Modems need to support DOCSIS 3.0 or 2.0+IPv6. As of 2010, very few DSL-Modems support IPv6; this will change by 2012. If your hardware or ISP does not support native IPv6, which is the best kind, you might still be able to use IPv6 tunneled over IPv4 instead. == Tunneled IPv6 == If your uplink only passes IPv4 traffic, you will need to tunnel your IPv6 traffic to a compatible relay somewhere. Most tunnels use IPv4 protocol 41 encapsulation (6in4), where the data payload is just the IPv6 packet itself. Not all firewalls and NATs can properly pass protocol 41. Alternatively providers might provide AYIYA or TSP tunnels which send their tunneled packets over UDP, which is generally accepted by most firewalls and supported by most NATs '''Note:''' ICMP is protocol 1, IGMP is protocol 2, TCP is protocol 6, UDP is protocol 17. === point to point tunnels === Various companies and organizations provide free IPv6 in IPv4 tunneling. * [[http://gogonet.gogo6.com/page/freenet6-ipv6-services|freenet6]] (TSP) * [[http://tunnelbroker.net/|Hurricane Electric]] (6in4) * [[http://www.sixxs.net|'''SixXS''']] (6in4, 6in4-heartbeat or AYIYA) === 6to4 tunnels === * Tunnel via 6to4 ([[http://www.ietf.org/rfc/rfc3068.txt|RFC3068]]). Your firewall has to pass protocol 41 (IPv6 in IP) and you need a global, public IPv4 address. The relay address is the special anycast destination 192.88.99.1 or a relay that is local; your IPv6 address uses the special 2002::/16 prefix. A good script to bring a 6to4 tunnel up or down can be found at [[http://www.anyweb.co.nz/tutorial/Linux6to4Host|anyweb]] === UDP over NAT tunnels === * AYIYA or TSP from the above providers * The Teredo protocol client is the [[https://wiki.ubuntu.com/IPv6#Get%20connected%20with%20Miredo|Miredo]] package. It can be used by dual-stack clients on private IPv4 addresses behind NAT routers or firewalls which don't pass protocol 41. Your IPv6 address uses the special 2001:0::/32 prefix. == Get connected with Hurricane Electric == First you need to register on the [[http://www.tunnelbroker.net/|TunnelBroker.net]] Website. You will be emailed your username and password. Login and in the User Functions Box on the left side click the Create Regular Tunnel link. Put in your IPv4 address and Select a server close to you. Go to the tunnel details page. Run {{{gksudo gedit /etc/network/interfaces}}} and add the following, editing as directed by the comments: {{{ auto he-ipv6 iface he-ipv6 inet6 v4tunnel address 2001:470:a:d29f::2 netmask 64 mtu 1280 local 200.200.2.183 endpoint 216.218.226.238 ttl 255 gateway 2001:470:a:d29f::1}}} Replace the endpoint setting (216.218.226.238) with the Server IPv4 address field from the tunnel details page and the address setting (2001:470:a:d29f::2) with Client IPv6 address field from the tunnel details page. Save the file. Right click on the network manager icon in the tray and click Edit Connections. Select the connection to your local network and click Edit. Go to the IPv6 Settings tab and set the Method to Manual. Click Add. For the address put the first address in your Routed 64. (In this example it would be 2001:470:b:d29f::1 -- please note that this address is in a different /64 subnet ("b") than the tunnel endpoint.) For the prefix put in 64. For the gateway, put in the address from the "Client IPv6 address" of the tunnel details page (in this example it would be 2001:470:a:d29f::2). Click apply. Run {{{sudo ifup he-ipv6}}} and you should have IPv6 connectivity. To configure your box to give out addresses to the LAN from your /64, see [[#Configure your Ubuntu box as a IPv6 router|Configure your Ubuntu box as an IPv6 router]]. == Get connected with SixXS == First you need an account on the SixXS Website. Please consider that they manually approve your information and that you should provide them with correct data about you. The system is very easy to use. For the creation of your account you are going to receive some credit points. You can then use these credits for requesting new tunnels and subnets. A tunnel costs you 15 credits. If you are able to use the requested tunnels you are going to receive 10 Credits after a week. You need to perform the following steps: 1. Create an account 2. Request a tunnel 2.1. Wait for tunnel approval 3. Request a subnet 3.1. Wait for subnet approval The approval of your requests are done manually, so be patient. Normally you will receive the approval within the hour. '''Note:''' If you only want to connect one computer, you can skip Step 3 and perform subsections "Synchronize with a timeserver" and "Install aiccu". After your tunnel and the subnet are approved, you should have received an email like the following: {{{ Dear Generic User, The SixXS Staff have honored your request for a subnet on the following tunnel: ------- PoP Name : chzrh01 (ch.thermelec [AS20932]) Subnet IPv6 : 2001:xxxx:xxxx::/48 Routed to : 2001:xxxx:xxxx:xx::2/64 Your IPv4 : ayiya ------- Please visit your home on the website for more information and options regarding this subnet. Regards, The SixXS tunnelrobot. }}} '''Note:''' The addresses suplied in this howto are fakes. Please use your addresses supplied in your e-mail. Otherwise you will not have a working network. This means replace {{{2001:xxxx:xxxx::/48}}} with your address! '''Subnet IPv6:''' This is the address of your /48 subnet routed to you. We need this address later to configure the prefix of the Router Advertising daemon and for your Routers local IPv6 network address. For a local subnet only /64 subnet should be used. Because of that we configure radvd with a /64 bit prefix and also the network interface. '''Routed to:''' This is the address of your sixxs tunnel interface. '''Your IPv4:''' If you have '''no''' static IPv4 address, ayiya should stand here. Otherwise your public IPv4 address. Replace also eth0 with the name of the network interface connected to your local network. The command line tool ip is your friend if you do not know. === Synchronize with a timeserver === If you have no ntp daemon installed to keep your time synchronised. Then install openntpd or any other ntp daemon you want. This is because we are going to install aiccu, the IPv6 auto tunneling daemon, from SixXS. The tunnel will not work if the time difference of your clock is bigger than 120 seconds. === Install aiccu === '''aiccu''' is the SixXS client application. If aiccu runs in the daemon mode, it will make sure your tunnel endpoint is always up to date due to the heartbeat protocol, this thus allows one to have a dynamic IPv4 endpoint. Note that AICCU is only needed for heartbeat and AYIYA tunnels. Static tunnels can be configured using interfaces(5). Install aiccu: {{{ sudo aptitude install aiccu }}} The installer will automatically prompt for username, password, and the tunnel_id you want to configure. '''Note:''' If you don't know the tunnel_id then go to http://www.sixxs.net/home/ and check your tunnel information. '''Note:''' The Tunnel id should also be in your "Tunnel Approval" email. === Configure local network interface === We also have to configure the local network interface with an IPv6 address. I prefer an easy to memorize address for my router so I choose {{{2001:xxxx:xxxx::1}}}. According the information I got from sixxs, this is the First address I can use. Open the config file {{{/etc/network/interfaces}}} with an editor and add: {{{ iface eth0 inet6 static address 2001:xxxx:xxxx::1 netmask 64 }}} '''Note:''' replace eth0 with the interface name you used in the {{{/etc/radvd.conf}}} config file. To configure your box to give out addresses to the LAN from your /64, see [[#Configure your Ubuntu box as a IPv6 router|Configure your Ubuntu box as an IPv6 router]]. === Reboot or restart services === You can simply reboot now if you want that all changes taking effect or if this is not an option because you run other services that are needed run: 1.#1 Restart network {{{ sudo ip link set eth0 down && sudo ip link set eth0 up }}} 1.#2 Let aiccu configure your tunnel {{{ sudo /etc/init.d/aiccu restart }}} So that's really all. You should now be able to connect to the IPv6 internet with every IPv6 capable client automatically. See section "Conclusion" for testing. == Get connected with freenet6 / TSP == Tunnel Setup Protocol (TSP) is a signalling protocol used to negotiate tunnel setup parameters between two tunnel end-points. This protocol is most commonly used to create IPv6-In-IPv4 tunnels, allowing a person to use IPv6 on his native IPv4 network. TSPC (client) starts an end-to-end tunnel with the TSP server(tunnel broker). After negotiation of tunnel setup parameters has been done the software goes into daemon mode and maintains the tunnel alive. === Gogo6 === Like it was mentioned above, TSPC requires a TSP Server (tunnel broker) to work. The default configuration file is ready for you to use your tunnel, however, it's configured for anonymous access only, which has a few limitations. I recommend registering on [[http://gogo6.com|GOGO6]]. The following sections of this page will be dedicated to those who created an account there. === TSP in Ubuntu === The client software is called '''tspc''' in Intrepid and earlier, '''gw6c''' in Karmic and Lucid, and '''gogoc''' from Maverick onwards and is available on official repositories. === Configuring TSPC === '''Configuration file: /etc/gogoc/gogoc.conf''' '''Configuration file: /etc/gw6c/gw6c.conf''' '''Configuration file: /etc/tsp/tspc.conf''' On this configuration file there are three things that we need to change (username, password and server). Locate the username field and change it to the information you entered on the Go6.net website. Do the same for the password field. As for the server, the one used by default (anon.freenet6.net) is used only for anonymous accounts. Since we registered an account we will have to use '''broker.freenet6.net''' for our tunnel to work. === Testing the tunnel === Check '''/var/log/tspc.log''' to see if any errors were reported. This will only work for '''tspc'''. For '''gogoc''' or '''gw6c''', you will need to edit the configuration file and set log_file to a value between 1 and 3, with 3 being the most verbose. The log file will then be '''/var/log/gogoc.log''' or '''/var/log/gw6c.log''' respectively. For a network test using '''ping6''' see the "Conclusion" section <> == Configure your Ubuntu box as a IPv6 router == 1.#1 Edit {{{/etc/sysctl.conf}}} Uncomment the line which contains {{{net.ipv6.conf.default.forwarding=1}}}. This is a common step to enable IPv6 routing. You can learn [[DHCPv6|how to install and enable DHCPv6 on your network here]]. Alternatively, if you want to use radvd which will advertise your prefix and let the network's systems select their own IP address: 1.#2 Install radvd {{{ sudo aptitude install radvd }}} 1.#3 Edit {{{/etc/radvd.conf}}} (see following sample) '''Note:''' If the computer is only routing IPv6, then only uncomment net.ipv6.conf.default.forwarding=1 and leave the IPv4 stuff unchanged. '''Note:''' /etc/radvd.conf: This file does not exist after a fresh install. You can look at the sample configuration files in usr/share/doc/radvd/examples/ for further studies. Sample {{{/etc/radvd.conf}}}: {{{ interface eth0 { AdvSendAdvert on; prefix 2001:xxxx:xxxx::/64 { AdvOnLink on; AdvAutonomous on; }; }; }}} '''eth0''' is the interface which is used for the Router Advertising messages (RAs). If you are not sure about the interface, check with ip addr on the command line. The '''prefix''' you have to take from the information given by SixXS or Hurricane Electric. Restart the router advertising daemon to propagate your IPv6 address space {{{ sudo /etc/init.d/radvd restart }}} Now router should automatically send "Router Advertising Messages" to your network and your IPv6 clients should auto configure them self. == Get connected with Miredo == Ubuntu includes a package named '''miredo''' that can tunnel IPv6 through IPv4 connections. Miredo is an implementation of Teredo, which is a way to tunnel IPv6-traffic over IPv4-UDP-traffic. As IPv4-UDP will pass NAT-devices, miredo will work behind most NAT-devices. A further advantage of miredo/teredo is that you don't need to define tunnel-endpoints or tunnel-accounts: just activate miredo, and you'll have IPv6 connectivity. Install miredo: {{{ sudo aptitude install miredo }}} After this command, you should see an IPv6 address beginning with "2001:0:" in your network settings (use 'ip addr'). If so, you're connected to the IPv6 world. For more information, see the [[http://packages.ubuntu.com/intrepid/miredo|miredo package information]]. = IPv6 enabled software and services = The basic unix tools normally have ipv6 support. Network tools like "ping" or "traceroute" have a IPv6 companion like "ping6" or "traceroute6". Tools like ssh are working out of the box. == Web == Almost every web browser I know can communicate over IPv6. There are a lot of IPv6 enabled Websites out there, but they are sometimes hard to find. For a start you can search with [[http://ipv6.google.com|ipv6.google.com]] or see the dancing "Kame" on [[http://www.kame.net|kame.net]]. More links are available at [[http://gogo6.com|Gogo6]], [[http://www.sixxs.net|SixXS]] or [[http://sixy.ch|sixy.ch]]. == IRC == IRSSI supports IPv6 as well as our favorite IRC network (Freenode). IRSSI needs to be configured to prefer IPv6 to IPv4. In order to do this, please use the command '''/SET resolve_prefer_ipv6 ON''' when on IRSSI. As for Freenode, connect to ipv6.chat.freenode.net to test your new IPv6 tunnel or choose another server from their [[http://freenode.net/irc_servers.shtml|IRC Servers list]] = Troubleshooting = If you get a "Not starting gogoc - no server key" error, see http://gogonet.gogo6.com/forum/topics/ubuntu-not-starting-gogoc-no or http://www.tumblr.com/tagged/gogoc = Conclusion = You should now be able to ping and surf IPv6 enabled sites like '''ipv6.google.com''' or '''www.kame.net'''. For a ping perform {{{ping6 ipv6.google.com}}}. It's a good idea to think about firewalling within your clients, because all clients have now a public reachable IPv6 IP. In Ubuntu this is also an very easy task with the new [[https://wiki.ubuntu.com/UbuntuFirewall|UbuntuFirewall]] (ufw or uncomplicated firewall), just edit '''/etc/default/ufw''' to have '''IPV6=yes''' and reload the firewall to get started. Have fun!!! == ufw and Routing == To allow routing you need to uncoment the following lines in '''/etc/ufw/sysctl.conf''' {{{ net/ipv6/conf/default/forwarding=1 net/ipv6/conf/all/forwarding=1 }}} If you only want outgoing connections you also need to change {{{ DEFAULT_FORWARD_POLICY="DROP" }}} in '''/etc/default/ufw''' and add the following lines to '''/etc/ufw/before6.rules''' {{{ -A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw6-before-forward -i eth0 -o sixxs -m conntrack --ctstate NEW -j ACCEPT }}} where eth0 is your internal interface. = IPv6 on APT Repositories = IPv6 is available on Canonical-maintained APT repositories including security.ubuntu.com and archive.ubuntu.com as of 2013 March 12. See [[https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/241305|Launchpad bug report]] and [[https://rt.ubuntu.com/Ticket/Display.html?id=2485|RT ticket]] (SSO login required). = Disabling IPv6 = The Ubuntu Community wiki [[https://help.ubuntu.com/community/WebBrowsingSlowIPv6IPv4|has instructions]] on disabling IPv6. Some people chose to do this because of primarily two issues: * DNS server dropping queries for AAAA records * Broken IPv6 connectivity. This is less of a problem with Happy Eyeballs, but nonetheless can cause problems when certain network configuration is beyond the control of the end user. Whenever possible, you should attempt to correct the source of the broken IPv6 connectivity instead of disabling IPv6. See the article for more details. = Copyright Notice = The IPv6 introduction was largely copied and modified from the FreeBSD Handbook. Copyright © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 The FreeBSD Documentation Project. ---- CategoryDocumentation