Most suitable IPv6 solutions for my situation?

J

jem

Hi forum.

I want to make my first foray into the world of IPv6 for the sake of educating myself and being able to add it to my CV. I'm after some advice on the best IPv6 solutions to deploy based on the following setup:

  1. I have a dedicated FreeBSD host at a hosting provider with a public IPv4 address. The hosting provider doesn't support IPv6.
  2. I have a static IPv4 address on my home broadband connection, assigned directly to a FreeBSD host that I use as the NATing gateway for a RFC1918 LAN. The ISP doesn't support IPv6.

What I want to do is get my dedicated host and home network onto the IPv6 internet, but am confused by all the different transitional solutions available.

A colleague keeps suggesting Teredo Tunnelling, but as far as I can tell this is for tunnelling IPv6 traffic through a non-IPv6-capable router device, such as the NetGear/Linksys home routers a lot of people use. I don't think that applies to my situation as I have IPv6-capable hosts directly connected to the IPv4 Internet.

It looks like 6to4 might be what I need to give these hosts their IPv6 address. Is this correct?

Once I've given my home FreeBSD gateway its IPv6 address, how do I then extend IPv6 connectivity to the devices behind it on my home LAN?

I'm not after specific Howto instructions. I just need pointing in the right direction on what solution I use, so I don't waste time researching and setting up the wrong thing.

Many thanks for any advice.
 
jem said:
It looks like 6to4 might be what I need to give these hosts their IPv6 address. Is this correct?
Click to expand...
Yes, have a look at SixXS they have free tunnel brokers you could use.

Once I've given my home FreeBSD gateway its IPv6 address, how do I then extend IPv6 connectivity to the devices behind it on my home LAN?
Click to expand...
The simplest solution is using rtadvd(8), it's easy to set up and works for FreeBSD, OS-X and Windows clients. And, you need to enable IPv6 forwarding with ipv6_gateway_enable="YES". Nothing else would be needed for basic IPv6 connectivity.
 
I'll give the tunnelbroker suggestion a try in due course, but for now I'm looking at using 6to4 as it seems a bit more "automatic". I can't get it working though, so perhaps its not the right tool for the job.

I've read articles like this and this and as far as I can tell, I just need to properly configure a stf interface and set up a default ipv6 route to a 6to4 relay using an anycast address, and stuff should just work.

It doesn't though. Have I done or understood something wrong?

Here's what I did:

(Taking aabb:ccdd as the hex equivalent of my host's public IPv4 address)

Code: 
# sysctl net.inet6.ip6.forwarding=1
# ifconfig stf0 create
# ifconfig stf0 inet6 2002:aabb:ccdd::1/48 prefixlen 16 alias
# route add -inet6 default 2002:c058:6301::

# ping6 ipv6.test-ipv6.com
PING6(56=40+8+8 bytes) 2002:aabb:ccdd::1 --> 2001:470:1:18::2
^C
--- aaaa.test-ipv6.com ping6 statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss
 
Tried again, this time ran a tcpdump while trying to ping a test address:

Code: 
root@beastie:/root # ifconfig stf0
stf0: flags=1<UP> metric 0 mtu 1280
        inet6 2002:1fc1:84c7::1 prefixlen 16 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

root@beastie:/root # netstat -rnf inet6
Routing tables

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0 =>
default                           2002:c058:6301::              UGS        stf0
::1                               link#5                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2002::/16                         link#7                        U          stf0
2002:1fc1:84c7::1                 link#7                        UHS         lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#5                        U           lo0
fe80::1%lo0                       link#5                        UHS         lo0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%lo0/32                     ::1                           U           lo0

root@beastie:/root # ping6 ipv6.test-ipv6.com
PING6(56=40+8+8 bytes) 2002:1fc1:84c7::1 --> 2001:470:1:18::2
^C
--- aaaa.test-ipv6.com ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

Code: 
# tcpdump -ni bce0 host 192.88.99.1
13:43:22.802676 IP 31.193.132.199 > 192.88.99.1: IP6 2002:1fc1:84c7::1 > 2001:470:1:18::2: ICMP6, echo request, seq 18, length 16
13:43:22.991577 IP 192.88.99.1 > 31.193.132.199: IP6 2001:470:1:18::2 > 2002:1fc1:84c7::1: ICMP6, echo reply, seq 18, length 16
13:43:23.802698 IP 31.193.132.199 > 192.88.99.1: IP6 2002:1fc1:84c7::1 > 2001:470:1:18::2: ICMP6, echo request, seq 19, length 16
13:43:23.983612 IP 192.88.99.1 > 31.193.132.199: IP6 2001:470:1:18::2 > 2002:1fc1:84c7::1: ICMP6, echo reply, seq 19, length 16
13:43:24.802666 IP 31.193.132.199 > 192.88.99.1: IP6 2002:1fc1:84c7::1 > 2001:470:1:18::2: ICMP6, echo request, seq 20, length 16
13:43:24.986706 IP 192.88.99.1 > 31.193.132.199: IP6 2001:470:1:18::2 > 2002:1fc1:84c7::1: ICMP6, echo reply, seq 20, length 16
13:43:25.802698 IP 31.193.132.199 > 192.88.99.1: IP6 2002:1fc1:84c7::1 > 2001:470:1:18::2: ICMP6, echo request, seq 21, length 16
13:43:25.990048 IP 192.88.99.1 > 31.193.132.199: IP6 2001:470:1:18::2 > 2002:1fc1:84c7::1: ICMP6, echo reply, seq 21, length 16

Something is responding to the IPv6 ping, but ping itself doesn't seem to think so.
 
To be honest I have no experience with stf(4). I have used gif(4) to my ISP's tunnelbroker (before they supported IPv6 natively). I believe SixXS uses a similar set up. You can think of gif(4) as a form of VPN. It simply tunnels the IPv6 traffic over IPv4 to the tunnelbroker. The tunnelbroker will then send the IPv6 traffic onto the internet.
 
ahem.... firewall.

Code: 
14:24:53.043218 rule 0..16777216/0(match): block in on stf0: 2001:1900:2254:206a::50:0 > 2002:1fc1:84c7::: ICMP6, echo reply, seq 0, length 16

and now, having rectified that:

Code: 
root@beastie:/root # ping6 www.freebsd.org
PING6(56=40+8+8 bytes) 2002:1fc1:84c7:: --> 2001:1900:2254:206a::50:0
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=100 hlim=61 time=164.023 ms
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=101 hlim=61 time=163.943 ms
 
To learn IPv6, I used freenet6 tunnelbroker with gogo6 client installed on an old low-spec PC running BSDRP. But the remote endpoint had noticeable downtime and the client sometimes died. Then I found he.net tunnelbroker and configured it on a Cisco router with dynamic updates when its public IPv4 address changes.
 
So I got 6to4 connectivity working on both my hosted server and my home gateway, with the following config:

Hosted box:

Code: 
root@beastie:/root # ifconfig stf0
stf0: flags=1<UP> metric 0 mtu 1280
        inet6 2002:1fc1:84c7:: prefixlen 16 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

root@beastie:/root # netstat -rnf inet6
Routing tables

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0 =>
default                           2002:c058:6301::              UGS        stf0
::1                               link#5                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2002::/16                         link#7                        U          stf0
2002:1fc1:84c7::                  link#7                        UHS         lo0
<other interface routes omitted>

root@beastie:/root # ping6 -c 1 www.freebsd.org
PING6(56=40+8+8 bytes) 2002:1fc1:84c7:: --> 2001:1900:2254:206a::50:0
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=0 hlim=61 time=163.646 ms

--- wfe0.ysv.freebsd.org ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 163.646/163.646/163.646/0.000 ms

Home gateway:

Code: 
root@atom:/root # ifconfig stf0
stf0: flags=1<UP> metric 0 mtu 1280
        inet6 2002:5ec0:e831:: prefixlen 16 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

root@atom:/root # netstat -rnf inet6
Routing tables

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0 =>
default                           2002:c058:6301::              UGS        stf0
::1                               link#8                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
2002::/16                         link#10                       U          stf0
2002:5ec0:e831::                  link#10                       UHS         lo0
<other interface routes omitted>

root@atom:/root # ping6 -c 1 www.freebsd.org
PING6(56=40+8+8 bytes) 2002:5ec0:e831:: --> 2001:1900:2254:206a::50:0
16 bytes from 2001:1900:2254:206a::50:0, icmp_seq=0 hlim=61 time=152.525 ms

--- wfe0.ysv.freebsd.org ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 152.525/152.525/152.525/0.000 ms

The problem I have now is that these two machines can't talk to eachother. I think this is due to them having addresses inside the same ipv6 subnet (2002::/16), but being on physically separate networks.

I tried to fix this by changing the prefix from /16 to /48, but at that point I couldn't ping http://www.freebsd.org any more.

Any suggestions?
 
You must log in or register to reply here.
Back
Top