IPv6, Meet FreeBSDby Mike DeGraw-Bertsch
So what's this IPv6 stuff that's being bandied about the Net? It's Internet Protocol version 6, or the next generation Internet Protocol (IPng). It replaces the current IP, which is version 4. Why? Well, the most obvious reason is that IPv6 addresses are 128 bits, opposed to IPv4's 32 bits. IPv6 also mandates autoconfiguration--much like DHCP does for IPv4. Other advantages include built-in security via IPsec, enhanced multicast capabilities, and traffic labeling.
IPv6 addresses are somewhat different than those in IPv4. They're represented as 8 pairs of 16-bit hexadecimals, separated by colons. For example, 3ffe:0b80:0447:0002:0000:0000:0000:0001. Kind of bulky. There are, fortunately, conventions to reduce that bulk. Leading zeros need not appear, and a block of null pairs (zeros) can be represented with a double colon. The address now becomes 3ffe:b80:447:2::1. The double colon can only appear once, since any more is ambiguous.
IPv4's netmasks are called prefixes in IPv6. They're also represented with the familiar /SIZE style.
Because an interface can have multiple IPv6 addresses of differing types, addressing can get somewhat complex. This article only examines simple, single unicast addresses. For more information, look to the IETF's IPng working group and its associated RFCs (2373 in particular) and drafts.
Why Use IPv6?
IPv6 is great from many standpoints, but odds are you're not using it. The transition from IPv4 has been, and still is, a slow and somewhat painful process. IPv4 works pretty well right now, and many are reluctant to go through the effort of migration until absolutely forced to. (To many, running out of IPv4 addresses is the only thing that will force them to migrate.) There are still some open issues with IPv6. So why bother with it? First of all, if no one bothers, then migration slows to an obvious halt. Many want early experience before they are forced into using it because they have run out of IPs. Some of us just want to play with cool new technology. And some might just want to see the dancing kame at www.kame.net! (A dancing turtle that only dances when viewed via IPv6.)
On the plus side, many applications now support IPv6. From the standard ping and traceroute utilities (called ping6 and traceroute6) to OpenSSH, Apache, and Mozilla. So if you try it out, you'll have all the tools you need.
The migration of all Internet-connected hosts to IPv6 won't happen in a vacuum. To that end, the 6bone project is a testbed IPv6 network. Originally, all IPv6 connections were tunneled or encapsulated in IPv4. Slowly, however, native connections to the 6bone are appearing. Chances are, though, that you'll still need an IPv4 tunnel to get your connectivity going.
In the rest of this article, we'll discuss how to connect to the 6bone network.
Sounds Good. What Do I Do?
You'll need to configure FreeBSD to support IPv6, get an address and a prefix. Then set up routing, DNS entries, and any other hosts on your LAN (if desired), and you're golden.
FreeBSD 4.0 and beyond contains native support for IPv6. Prior to 4.0, you can visit kame.net and install a SNAP kit--though this article only discusses the native implementation.
To enable IPv6, you'll need to make sure you have a couple of
kernel options enabled (they are by default). The most important is
options INET6. Assuming your ISP doesn't
natively support IPv6 connections, you'll also need an IP tunneling
device. There are a few available, but we'll only be working with
gif(4) tunnels--enabled via
FreeBSD 4.1 and later versions introduce minor changes to the
gif(4) IP tunneling devices. Specifically, you don't tell the kernel the
number of devices to initialize--instead, they're created on the fly
with the command
ifconfig gifX create, where
is the device number (typically starting with 0). The devices can
also be destroyed with the command
After confirming your kernel configuration, you'll need to make a
couple changes to
/etc/rc.conf. If you're going to
run a stand-alone IPv6 host, you'll just need to add
ipv6_enable="YES". If you want your FreeBSD
box to forward IPv6 traffic, you'll also need the following lines:
The first line enables the host to forward IPv6 packets. The second
starts the router advertisement daemon--which tells your uplink about
the hosts on your network, and allows autoconfiguration of hosts
connected to your network. Be sure
properly configured before you enable
that to come.
Get an Address and Tunnel
Now that your machine is configured to use IPv6, you'll need your address space and tunnel endpoint. There are a few ways to do this, but only one--using Freenet6--is discussed here. For more information on your other options, which are best suited for use with static IP addresses, read How to join the 6bone on the 6bone.net site
Freenet6 is a quick and easy way to get an IPv6 address and establish a tunnel. What makes it so easy is its Tunnel Setup Protocol (TSP) client. The program, available here, automatically gets your IPv6 address and establishes a tunnel with the Freenet6 servers. The program can be run without registering, but registration lets you get a /48 prefix (anonymous connections are given /64 addresses), and it lets you keep the same address, regardless of IPv4 address changes.
To get your /48 prefix, first register with Freenet6. Then download and extract the client. Run
make install target=freebsd installdir=/usr/local/freenet6
Predictably, this installs the client and all necessary files to
/usr/local/freenet6/bin/tspc.conf. Change your username
and password to their appropriate values. Ensure
if_prefix to your external network interface.
If you want a /48 prefix to run an IPv6 network, add the following
To get the /48, you'll also need to have your server configured to act as an IPv6 gateway, as discussed above.
With the client configured, make sure you have your GIF device
created, if necessary. Now run
./tspc -v -c tspc.conf.
After the client runs, you're now connected to the 6bone! Try
to confirm your tunnel is working. Now configure
to run at startup--generally through an executable
/usr/local/etc/rc.d/, such as
#!/bin/sh # Automatically run tspc on boot /usr/local/freenet6/bin/tspc -c /usr/local/freenet6/bin/tspc.conf
tspc doesn't reside as a daemon. So if your IPv4
address changes, you'll need to rerun the client to reconfigure your
tunnel and establish a new connection to the tunnel server. Not a
huge problem, though--an enterprising soul could hack their DHCP
client to run --
tspc whenever the address changes.
Pages: 1, 2