ONLamp.com
oreilly.comSafari Books Online.Conferences.

advertisement


Getting Connected with 6to4
Pages: 1, 2, 3

6to4 setup

The following commands are valid for RedHat Linux 7.0 and NetBSD 1.5, but because they don't use any "magic" variables from the OS-specific startup system, this should be widely usable. In short, the steps performed here are:



  1. Configure interface
  2. Set default route
  3. Setup router advertisement, if necessary

The first step in setting up 6to4 is assigning an IPv6 number to the 6to4 interface. This is achieved with the ifconfig(8) command. Assuming the example configuration above, the command for NetBSD is:

ifconfig stf0 inet6 2002:3ee0:3972:1::1 prefixlen 16 alias # local address

On Linux, two steps are needed to configure the v4 and v6 "layers" of the SIT (Simple Internet Transition) device:

ifconfig sit0 tunnel ::194.95.108.191 up (v4 layer, remote address)
ifconfig sit1 tunnel 2002:3ee0:3972:1::1/64 (v6 layer, local address)

After configuring the 6to4 device with these commands, routing needs to be setup, to forward all IPv6 traffic to the 6to4 (uplink) gateway. The best way to do this is by setting a default route, the command to do so is, for NetBSD:

route add -inet6 default 2002:cdb2:5ac2::1 (remote)

and for Linux:

route -A inet6 add default gw ::194.95.108.191 (remove v4)

Note that the BSD/KAME stf(4) device determines the IPv4-number of the 6to4 uplink from the routing table. Using this feature, it is easy to setup your own 6to4 (uplink) gateway if you have a v6 uplink, for example, via 6Bone.

After these commands, you are connected to the IPv6-enabled world -- Congratulations! Assuming name resolution is still done via IPv4, you can now ping a v6-site like KAME.net or www6.netbsd.org. Note that the syntax for v6-ready ping(8) is different for Linux and BSD. For NetBSD, it is

/sbin/ping6 www.kame.net

while Linux uses

/usr/ipv6/bin/ping -A inet6 www.kame.net

As a final step in setting up IPv6 via 6to4, you will want to setup router advertisement if you have several hosts on your network. While it is possible to setup 6to4 on each node, doing so will result in very expensive routing from one node to the other -- packets will be sent to the remote 6to4 gateway, which will then route the packets back to the neighbor node. Instead, setting up 6to4 on one machine and talking native IPv6 locally is the preferred method of handling things.

The first step is to assign a IPv6-address to your Ethernet. In the following example, we will assume subnet "2" of the IPv6-net is used for the local Ethernet and the MAC address of the Ethernet interface is 12:34:56:78:9a:bc, which means your local gateway's Ethernet interface's IP address will be 2002:3ee0:3972:2:1234:56ff:fe78:9abc. Assign this address to your Ethernet interface:

ifconfig ne0 inet6 alias 2002:3ee0:3972:2:1234:56ff:fe78:9abc

Here, ne0 is an example for your Ethernet card interface. This will most likely be different for your setup, depending on what kind of card is used. On Linux, the Ethernet interface is usually eth0.

To setup router advertisement on BSD, the file /etc/rtadvd.conf needs to be checked. It allows configuration of many things, but usually the default configuration of not containing any data is OK. With that default, IPv6 addresses found on all of the router's network interfaces will be advertised.

On Linux, the same file is called /etc/radvd.conf, an example is:

interface eth0
{  AdvSendAdvert on;

  prefix 2002:3ee0:3972:2::/64
  { AdvOnLink on;
    AdvRouterAddr on;
  };
};

Next thing that needs to be ensured to set up the router is that it will actually forward packets from the local 6to4 device to the Ethernet device and back. To enable IPv6 packet-forwarding, set "ip6mode=router" in NetBSD's /etc/rc.conf, which will result in the net.inet6.ip6.forwarding sysctl being set to "1" -- this works the same on all BSD flavors. On Linux, make sure that /proc/sys/net/ipv6/ip_forward is set to "1":

BSD:   sysctl -w net.inet6.ip6.forwarding=1
Linux: echo 1 >/proc/sys/net/ipv6/ip_forward

Enabling packet forwarding is needed for a 6to4 router.
You must enable packet-forwarding if you are using a 6to4 router.

After checking that the router advertisement configuration is correct and IPv6 forwarding is turned on, the daemon handling it can be started. Under NetBSD, it is called rtadvd, in Linux it's called radvd. Start it up either manually (for testing it the first time) or via the system's startup scripts, and see all your local nodes automagically configure the advertised subnet address in addition to their already-existing link local address.

Known 6to4 gateway

There are not many public 6to4 gateways available today, and from the few available, you will want to choose the one closest to you, netwise. A list of known working 6to4 gateways is available at http://www.kfu.com/~nsayer/6to4/. In tests, only 6to4.kfu.com and 6to4.ipv6.microsoft.com were found working. Cisco has another one that you have to register to before using it, see http://www.cisco.com/ipv6/.

There's also an experimental 6to4 server located in Germany, 6to4.ipv6.fh-regensburg.de. This server runs under NetBSD 1.5 and was setup using the configuration steps described above. The complete configuration of the machine can be seen here.

Conclusion and further reading

Compared to where IPv4 is today, IPv6 is still in its early steps. It is working, there are all sort of services and clients available, only the user base is missing. I hope the information provided here will help you better understand what IPv6 is, and to start playing with it.

A few links should be mentioned here for further reading:

  • An example script to set up 6to4 on BSD-based machines is available at the net/6to4 home page. The script determines your v6 address and sets up 6to4 and (if wanted) router advertising. It was designed to work in dial-up setups with changing IPv4 addresses.

  • Given that there isn't a standard for IPv6 in Linux land today, there are different setup instructions for most distributions. The setup of IPv6 on Debian Linux can be found at the Debian IPv6 Project page.

  • The BSD Unix implementations have their own independent IPv6 documentation, interesting pages are found at netbsd.org for NetBSD, freebsd.org for FreeBSD, and pages 61 and 62 of the BSD/OS Administrator's Guide.

  • If you're working on implementing IPv6 protocol stacks for free Unix-like operating systems such as KAME for BSD and USAGI for Linux, information can be found at KAME.net and linux-ipv6.org. A list of host and router implementations can be found on playground.sun.com.

  • Besides the official RFC archive at ftp.isi.edu, information on IPv6 can be found at several web sites. First and foremost, the 6Bone's web page must be mentioned. 6Bone was started as the testbed for IPv6, and is now an important part of the v6-connected world. Other web pages that contain IPv6-related contents include ipv6.org/, playground.sun.com, and ipv6forum.com. Most of these sites carry further links -- be sure to have a look!

References

RFC2401
Security Architecture for the Internet Protocol. S. Kent, R. Atkinson. November 1998. (Format: TXT=168162 bytes) (Obsoletes RFC1825) (Status: PROPOSED STANDARD)

RFC2411
IP Security Document Roadmap. R. Thayer, N. Doraswamy, R. Glenn. November 1998. (Format: TXT=22983 bytes) (Status: INFORMATIONAL)

RFC2529
Transmission of IPv6 over IPv4 Domains without Explicit Tunnels. B. Carpenter, C. Jung. March 1999. (Format: TXT=21049 bytes) (Status: PROPOSED STANDARD)

RFC3024
Reverse Tunneling for Mobile IP, revised. G. Montenegro, Editor. January 2001. (Format: TXT=63929 bytes) (Obsoletes RFC2344) (Status: PROPOSED STANDARD)

RFC3027
Protocol Complications with the IP Network Address Translator. M. Holdrege, P. Srisuresh. January 2001. (Format: TXT=48662 bytes) (Status: INFORMATIONAL)

RFC3056
Connection of IPv6 Domains via IPv4 Clouds. B. Carpenter, K. Moore. February 2001. (Format: TXT=54902 bytes) (Status: PROPOSED STANDARD)

Hubert Feyrer works on operating systems, databases, and artificial intelligence at the Fachhochschule Regensburg.


Return to ONLamp.com.



Sponsored by: