BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


IPv6, Meet FreeBSD

by Mike DeGraw-Bertsch
02/22/2002

So what's this IPv6 stuff that's being bandied about the Net? It's Internet Protocol version 6, or the next generation Internet Protocol (IPng). It replaces the current IP, which is version 4. Why? Well, the most obvious reason is that IPv6 addresses are 128 bits, opposed to IPv4's 32 bits. IPv6 also mandates autoconfiguration--much like DHCP does for IPv4. Other advantages include built-in security via IPsec, enhanced multicast capabilities, and traffic labeling.

IPv6 addresses are somewhat different than those in IPv4. They're represented as 8 pairs of 16-bit hexadecimals, separated by colons. For example, 3ffe:0b80:0447:0002:0000:0000:0000:0001. Kind of bulky. There are, fortunately, conventions to reduce that bulk. Leading zeros need not appear, and a block of null pairs (zeros) can be represented with a double colon. The address now becomes 3ffe:b80:447:2::1. The double colon can only appear once, since any more is ambiguous.

IPv4's netmasks are called prefixes in IPv6. They're also represented with the familiar /SIZE style.

Because an interface can have multiple IPv6 addresses of differing types, addressing can get somewhat complex. This article only examines simple, single unicast addresses. For more information, look to the IETF's IPng working group and its associated RFCs (2373 in particular) and drafts.

Why Use IPv6?

IPv6 is great from many standpoints, but odds are you're not using it. The transition from IPv4 has been, and still is, a slow and somewhat painful process. IPv4 works pretty well right now, and many are reluctant to go through the effort of migration until absolutely forced to. (To many, running out of IPv4 addresses is the only thing that will force them to migrate.) There are still some open issues with IPv6. So why bother with it? First of all, if no one bothers, then migration slows to an obvious halt. Many want early experience before they are forced into using it because they have run out of IPs. Some of us just want to play with cool new technology. And some might just want to see the dancing kame at www.kame.net! (A dancing turtle that only dances when viewed via IPv6.)

On the plus side, many applications now support IPv6. From the standard ping and traceroute utilities (called ping6 and traceroute6) to OpenSSH, Apache, and Mozilla. So if you try it out, you'll have all the tools you need.

The 6bone

The migration of all Internet-connected hosts to IPv6 won't happen in a vacuum. To that end, the 6bone project is a testbed IPv6 network. Originally, all IPv6 connections were tunneled or encapsulated in IPv4. Slowly, however, native connections to the 6bone are appearing. Chances are, though, that you'll still need an IPv4 tunnel to get your connectivity going.

In the rest of this article, we'll discuss how to connect to the 6bone network.

Sounds Good. What Do I Do?

You'll need to configure FreeBSD to support IPv6, get an address and a prefix. Then set up routing, DNS entries, and any other hosts on your LAN (if desired), and you're golden.

FreeBSD 4.0 and beyond contains native support for IPv6. Prior to 4.0, you can visit kame.net and install a SNAP kit--though this article only discusses the native implementation.

System Setup

To enable IPv6, you'll need to make sure you have a couple of kernel options enabled (they are by default). The most important is options INET6. Assuming your ISP doesn't natively support IPv6 connections, you'll also need an IP tunneling device. There are a few available, but we'll only be working with gif(4) tunnels--enabled via pseudo-device gif 4.

FreeBSD 4.1 and later versions introduce minor changes to the gif(4) IP tunneling devices. Specifically, you don't tell the kernel the number of devices to initialize--instead, they're created on the fly with the command ifconfig gifX create, where X is the device number (typically starting with 0). The devices can also be destroyed with the command ifconfig gifX destroy.

After confirming your kernel configuration, you'll need to make a couple changes to /etc/rc.conf. If you're going to run a stand-alone IPv6 host, you'll just need to add ipv6_enable="YES". If you want your FreeBSD box to forward IPv6 traffic, you'll also need the following lines:

ipv6_gateway_enable="YES"
rtadvd_enable="YES"

The first line enables the host to forward IPv6 packets. The second starts the router advertisement daemon--which tells your uplink about the hosts on your network, and allows autoconfiguration of hosts connected to your network. Be sure /etc/rtadvd.conf is properly configured before you enable rtadvd--more on that to come.

Get an Address and Tunnel

Now that your machine is configured to use IPv6, you'll need your address space and tunnel endpoint. There are a few ways to do this, but only one--using Freenet6--is discussed here. For more information on your other options, which are best suited for use with static IP addresses, read How to join the 6bone on the 6bone.net site

Use Freenet6

Freenet6 is a quick and easy way to get an IPv6 address and establish a tunnel. What makes it so easy is its Tunnel Setup Protocol (TSP) client. The program, available here, automatically gets your IPv6 address and establishes a tunnel with the Freenet6 servers. The program can be run without registering, but registration lets you get a /48 prefix (anonymous connections are given /64 addresses), and it lets you keep the same address, regardless of IPv4 address changes.

To get your /48 prefix, first register with Freenet6. Then download and extract the client. Run

make install target=freebsd 
installdir=/usr/local/freenet6

Predictably, this installs the client and all necessary files to /usr/local/freenet6. Edit /usr/local/freenet6/bin/tspc.conf. Change your username and password to their appropriate values. Ensure template=freebsd4, and change if_prefix to your external network interface. If you want a /48 prefix to run an IPv6 network, add the following lines:

host_type=router
prefixlen=48

To get the /48, you'll also need to have your server configured to act as an IPv6 gateway, as discussed above.

With the client configured, make sure you have your GIF device created, if necessary. Now run ./tspc -v -c tspc.conf. After the client runs, you're now connected to the 6bone! Try ping6 www.6bone.net or traceroute6 post.radioactivedata.org to confirm your tunnel is working. Now configure tspc to run at startup--generally through an executable .sh script in /usr/local/etc/rc.d/, such as /usr/local/etc/rc.d/ipv6.sh:

#!/bin/sh
# Automatically run tspc on boot
/usr/local/freenet6/bin/tspc -c /usr/local/freenet6/bin/tspc.conf

One downside--tspc doesn't reside as a daemon. So if your IPv4 address changes, you'll need to rerun the client to reconfigure your tunnel and establish a new connection to the tunnel server. Not a huge problem, though--an enterprising soul could hack their DHCP client to run --tspc whenever the address changes.

Pages: 1, 2

Next Pagearrow





Sponsored by: