So what's this IPv6 stuff that's being bandied about the Net? It's Internet Protocol version 6, or the next generation Internet Protocol (IPng). It replaces the current IP, which is version 4. Why? Well, the most obvious reason is that IPv6 addresses are 128 bits, opposed to IPv4's 32 bits. IPv6 also mandates autoconfiguration--much like DHCP does for IPv4. Other advantages include built-in security via IPsec, enhanced multicast capabilities, and traffic labeling.
IPv6 addresses are somewhat different than those in IPv4. They're represented as 8 pairs of 16-bit hexadecimals, separated by colons. For example, 3ffe:0b80:0447:0002:0000:0000:0000:0001. Kind of bulky. There are, fortunately, conventions to reduce that bulk. Leading zeros need not appear, and a block of null pairs (zeros) can be represented with a double colon. The address now becomes 3ffe:b80:447:2::1. The double colon can only appear once, since any more is ambiguous.
IPv4's netmasks are called prefixes in IPv6. They're also represented with the familiar /SIZE style.
Because an interface can have multiple IPv6 addresses of differing types, addressing can get somewhat complex. This article only examines simple, single unicast addresses. For more information, look to the IETF's IPng working group and its associated RFCs (2373 in particular) and drafts.
IPv6 is great from many standpoints, but odds are you're not using it. The transition from IPv4 has been, and still is, a slow and somewhat painful process. IPv4 works pretty well right now, and many are reluctant to go through the effort of migration until absolutely forced to. (To many, running out of IPv4 addresses is the only thing that will force them to migrate.) There are still some open issues with IPv6. So why bother with it? First of all, if no one bothers, then migration slows to an obvious halt. Many want early experience before they are forced into using it because they have run out of IPs. Some of us just want to play with cool new technology. And some might just want to see the dancing kame at www.kame.net! (A dancing turtle that only dances when viewed via IPv6.)
On the plus side, many applications now support IPv6. From the standard ping and traceroute utilities (called ping6 and traceroute6) to OpenSSH, Apache, and Mozilla. So if you try it out, you'll have all the tools you need.
The migration of all Internet-connected hosts to IPv6 won't happen in a vacuum. To that end, the 6bone project is a testbed IPv6 network. Originally, all IPv6 connections were tunneled or encapsulated in IPv4. Slowly, however, native connections to the 6bone are appearing. Chances are, though, that you'll still need an IPv4 tunnel to get your connectivity going.
In the rest of this article, we'll discuss how to connect to the 6bone network.
You'll need to configure FreeBSD to support IPv6, get an address and a prefix. Then set up routing, DNS entries, and any other hosts on your LAN (if desired), and you're golden.
FreeBSD 4.0 and beyond contains native support for IPv6. Prior to 4.0, you can visit kame.net and install a SNAP kit--though this article only discusses the native implementation.
To enable IPv6, you'll need to make sure you have a couple of
kernel options enabled (they are by default). The most important is
options INET6. Assuming your ISP doesn't
natively support IPv6 connections, you'll also need an IP tunneling
device. There are a few available, but we'll only be working with
gif(4) tunnels--enabled via pseudo-device
gif 4.
FreeBSD 4.1 and later versions introduce minor changes to the
gif(4) IP tunneling devices. Specifically, you don't tell the kernel the
number of devices to initialize--instead, they're created on the fly
with the command ifconfig gifX create, where
X
is the device number (typically starting with 0). The devices can
also be destroyed with the command ifconfig gifX
destroy.
After confirming your kernel configuration, you'll need to make a
couple changes to /etc/rc.conf. If you're going to
run a stand-alone IPv6 host, you'll just need to add
ipv6_enable="YES". If you want your FreeBSD
box to forward IPv6 traffic, you'll also need the following lines:
ipv6_gateway_enable="YES"
rtadvd_enable="YES"The first line enables the host to forward IPv6 packets. The second
starts the router advertisement daemon--which tells your uplink about
the hosts on your network, and allows autoconfiguration of hosts
connected to your network. Be sure /etc/rtadvd.conf is
properly configured before you enable rtadvd--more on
that to come.
Now that your machine is configured to use IPv6, you'll need your address space and tunnel endpoint. There are a few ways to do this, but only one--using Freenet6--is discussed here. For more information on your other options, which are best suited for use with static IP addresses, read How to join the 6bone on the 6bone.net site
Use Freenet6
Freenet6 is a quick and easy way to get an IPv6 address and establish a tunnel. What makes it so easy is its Tunnel Setup Protocol (TSP) client. The program, available here, automatically gets your IPv6 address and establishes a tunnel with the Freenet6 servers. The program can be run without registering, but registration lets you get a /48 prefix (anonymous connections are given /64 addresses), and it lets you keep the same address, regardless of IPv4 address changes.
To get your /48 prefix, first register with Freenet6. Then download and extract the client. Run
make install target=freebsd installdir=/usr/local/freenet6
Predictably, this installs the client and all necessary files to
/usr/local/freenet6. Edit
/usr/local/freenet6/bin/tspc.conf. Change your username
and password to their appropriate values. Ensure
template=freebsd4,
and change if_prefix to your external network interface.
If you want a /48 prefix to run an IPv6 network, add the following
lines:
host_type=router
prefixlen=48To get the /48, you'll also need to have your server configured to act as an IPv6 gateway, as discussed above.
With the client configured, make sure you have your GIF device
created, if necessary. Now run ./tspc -v -c tspc.conf.
After the client runs, you're now connected to the 6bone! Try
ping6
www.6bone.net or traceroute6
post.radioactivedat
to confirm your tunnel is working. Now configure a.orgtspc
to run at startup--generally through an executable .sh
script in /usr/local/etc/rc.d/, such as
/usr/local/etc/rc.d/ipv6.sh:
#!/bin/sh
# Automatically run tspc on boot
/usr/local/freenet6/bin/tspc -c /usr/local/freenet6/bin/tspc.confOne downside--tspc doesn't reside as a daemon. So if your IPv4
address changes, you'll need to rerun the client to reconfigure your
tunnel and establish a new connection to the tunnel server. Not a
huge problem, though--an enterprising soul could hack their DHCP
client to run --tspc whenever the address changes.
|
Feel free to skip this section if you're only running IPv6 on one host.
Otherwise, make sure you got a /48 address (shown as
TSP_PREFIXLEN
48 in the output of -- tspc), and confirm your gateway is configured as such, discussed above.
First assign IPv6 addresses to your gateway interface(s). On my
home network, I run both wireless and wired networks. The wireless
interface's address is 3ffe:b80:447:77::1, while the
wired NIC is 3ffe:b80:447:2::1.
You'll now need to configure rtadvd, the router
advertisement daemon--the program that allows autoconfiguration of
your clients (a bit trickier at first, but much
easier than manual in the long run). The file is in printcap
format--you've been warned. Let's look at an example
/etc/rtadvd.conf:
#ep0:\
# :addrs#1:\
# :addr="3ffe:0b80:0447:0001::":prefixlen#64:tc=ether:
wi0:\
:addrs#1:\
:addr="3ffe:0b80:0447:0077::":prefixlen#64:tc=ether:Simple enough, really. ep0 is the external interface.
Unless you want to run BGP4+ (way beyond this article's scope), you
won't want to advertise your routes on the external interface. So we
turn to wi0, the wireless gateway device. The first
line, addrs#1, tells rtadvd that the
interface has only one IPv6 prefix. (Note that if you have more than
one prefix for the device, read rtadvd's
man page, as that's also a bit beyond this article.) The
next line's .confaddr="3ffe..." obviously specifies
what the interface's prefix is. Your prefixlen# will
almost always be 64, and tc will be ether.
More options and details are discussed in the rtadvd.conf
man page.
|
Related Reading DNS and BIND |
Add a line for each interface on which you want to advertise routes. Check and double-check your configuration, and start daemon. In the command line, specify the interfaces that should advertise routes--for the above example:
rtadvd -d wi0At this point, you should make some changes to your
rc.conf
file, to keep your changes around after a reboot. A quick look at
the new settings:
ifconfig_wi0_alias0="inet6 3ffe:b80:447:77::1 prefixlen
64"
ifconfig_ep0_alias0="inet6 3ffe:b80:447:1::1 prefixlen 64"Thanks to the route advertisement daemon running on your gateway,
client configuration is a cinch. Simply add the following lines to
your rc.conf file:
ipv6_enable="YES"
ipv6_network_interfaces="auto"Bada-bing, you're client is ready to use IPv6. Reboot, and you're on
your way. If you already have IPv6 enabled on the client, but the
interface isn't configured, don't reboot--just run rtsol
[interface_id].
|
Related Articles: IPv6: An Interview with Itojun -- Hubert Feyrer interviews Jun-ichiro "itojun" Hagino, one of the core IPv6 developers involved with the KAME project. Introduction to IPv6 -- You have been told the Internet is running out of IP addresses and all your friends say NAT is the answer, but what is IPv6 and how is it different from what you are using now? |
The last topic, and a biggie. If you run a DNS server, you'll likely want to add forward and reverse lookups for your IPv6 address space.
Forward lookups are, of course, the simplest. Just add
AAAA
records for your IPv6 addresses in the appropriate zone files. For
example, in my radioactivedata.org zone file, I can simply add an
AAAA record for my new IPv6 gateway:
post IN AAAA
3ffe:b80:447:1::1Setting up reverse DNS is a bit more complicated. You need create and load a new zone file. Demonstrated is the zone file, named reverse-3ffe-b80-447.ip6.int, for the 3ffe:b80:447/48 prefix:
;
; IPv6 reverse zone
; Prefix 3ffe:b80:447/48
$TTL 1D
@ IN SOA ipv6.radioactivedata.org. root.radioactivedata.org. (
2001122601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.radioactivedata.org.
; Our host address
; 3ffe:0b80:0447:0001:0000:0000:0000:0001
; Origin prefix, 48 bits
$ORIGIN 7.4.4.0.0.8.b.0.e.f.f.3.ip6.int.
; Hosts section
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0 in ptr post.ipv6.radioactivedata.or
Bind must then be configured to use serve the new zone, by adding the
following lines to named.conf:
zone "7.4.4.0.0.8.b.0.e.f.f.3.ip6.int" {
type master;
file "reverse-3ffe-b80-447.ip6.int";
};Now it's just the small matter of adding the following line to your tspc.conf file, to get Freenet6 to delegate the reverse lookups to your DNS server:
dns_server=ns1.radioactivedata.org:ns2.radioactivedata.orgThe client is then rerun, and after a few minutes, reverse lookups for the 3ffe:b80:447/48 prefix are delegated to ns1.radioactivedata.org.
To check for proper deligation, do a reverse lookup:
dig 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.7.4.4.0.0.8.b.0.e.f.f.3.ip6.int ptr
Yep, it's a bit lengthy (it would be on all one line), but you hopefully won't have to do that manually too frequently.
To apply this example to your prefix, simply change the IP addresses, hostnames, and the zone filename, and follow the outlined steps.
Rerun the client, wait a few minutes, and perform a reverse lookup. You'll be happy to see that you're now serving IPv6 forward and reverse lookups!
Congratulations! Having worked through the steps outlined above, you're now connected to the ultra-cool IPv6 testbed network! You're an early adopter, a pioneer in the new Internet. Enjoy it.
Shortly, I'll follow up this article with an article on how to set up an IPv6-only network--yep, no IPv4 needed! I'm writing this article on a laptop with no IPv4 address, and it's pretty cool.
Mike DeGraw-Bertsch is a security and Unix system administration consultant in the Boston, Mass. area. When he's not at a job, writing, hacking with Perl, or playing with his wireless network, he can usually be found playing goal in ice hockey.
Return to the BSD DevCenter.
Copyright © 2009 O'Reilly Media, Inc.