IPv6 on Linux

E. Frank Ball III

www.FrankB.us

NBLUG - North Bay Linux Users Group

IPv4 VS. IPv6

• IPv4 runs out in a "few" more years
• IPv4 is 32 bits = 4.3x10⁹ addresses
• World population = 6.8x10⁹
• IPv6 is 128 bits = 3.4x10³⁸ addresses
• IPv6/population = 5x10²⁸ addresses/person

IPv6 format

• 128 bits = 32 Hex characters
• 2001:0db8:0000:0000:0000:0000:0000:0005
• short form: 2001:db8::5
• only one :: per address
• Web address: http://[2001:db8::5]
• NO NAT (network address translation)
• Smallest allocated networks are 64 bits: 1.8x10¹⁹ addresses

Special addresses

• ::1 loopback
• fe80::/10 Link-Local for neighbor discovery protocol
• ff00::/8 Multicast
• 2001:db8::/32 Documentation
• 2001::/32 (2001:0000::) Teredo Tunnel
• 2002::/16 6to4 Tunnel
• fc00::/7 (fc00:: & fd00::) Unique local addresses (ULAs)
  include a 40-bit pseudorandom number in the prefix:
  fdxx:xxxx:xxxx::/48 (65536 64-bit networks)

EUI-64

• isc-dhcp-server cannot do both IPv4 & IPv6
• EUI: Extended Unique Identifier
• EUI-64 address = 64-bit prefix + 64-bit EUI-64
• MAC address is 48 bits
• 1st 24 bits of MAC + fffe + last 24 bits of MAC
• MAC: e0:cb:4e:d8:95:6b
• IPv6 address: 2001:db8::e0cb:4eff:fed8:956b
• radvd: router advertisement daemon for IPv6

radvd

• Router Advertisement Daemon
• /etc/radvd.conf

interface br0
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  prefix 2001:db8::/64
  {
  };
};
	

Static IPv4 + IPv6 network setup

• no IPv6 broadcast address to be configured
• /etc/network/interfaces

iface eth0 inet static
   address 172.17.0.17
   gateway 172.17.0.1
   netmask 255.255.255.0
   broadcast 172.17.0.255

iface eth0 inet6 static
   address 2001:db8::efb
   gateway 2001:db8::1
   netmask 112

Tunnels

• IPv6 packets transmitted over an IPv4 network
• Teredo (apt-get install miredo)
• 6to4 (he.net, Comcast, SixXS)
• 6rd
• 6in4
• 6over4

HE 6to4 tunnel setup

• Hurricane Electric: http://tunnelbroker.net/
• HE delegates rDNS, 5 free tunnels /64 or /48
• /etc/network/interfaces

iface he-ipv6 inet6 v4tunnel
  address  2001:db8:a::2
  gateway  2001:db8:a::1
  netmask  64
  endpoint 72.52.104.74
  local    <my IPv4 address>
  mtu      1480
  up ip -6 addr add 2001:db8:b::efb3/64 dev he-ipv6
  down ip -6 addr del 2001:db8:b::efb3/64 dev he-ipv6
	

Comcast 6to4 tunnel setup

• http://www.comcast6.net/6to4-config.php
• automatic, /64, no rDNS
• ipv6calc --ipv4_to_6to4addr <my IPv4>
• 6to4 address calculator

iface 6to4 inet6 v4tunnel
  address 2002:xxxx:yyyy::1
  gateway ::192.88.99.1
  netmask 16
  endpoint any
  local <my IPv4>
  up ip -6 addr add 2002:xxxx:yyyy::1/64 dev eth1
   

IPv4 / IPv6 preference

• By default Linux will prefer to use IPv6
• To set default to IPv6 edit /etc/gai.conf and uncomment:

precedence ::ffff:0:0/96 100
• This file exists (all comments) in Debian/Ubuntu
• RHEL 5: /usr/share/doc/glibc-common-2.5/gai.conf

Postfix MTA

• Default is IPv4 only
• in /etc/postfix/main.cf:
• inet_protocols = ipv4, ipv6
• mynetworks = 127.0.0.0/8 [::1]/128
• smtp_bind_address6 = 2001:db8::17

NSD name server daemon

• authoritative only DNS
• in /etc/nsd3/nsd.conf
• If no ip-address are given NSD listens to all IP addresses.
• ip-address: 172.17.0.17
• ip-address: ::1
• ip-address: 2001:db8::17
• 8 ip-address lines maximum

Unbound

• recursive only DNS
• unbound.conf
• interface: 0.0.0.0
• interface: ::0

inetd

• /etc/inetd.conf
• time stream tcp4 nowait nobody internal
• time stream tcp6 nowait nobody internal

Services that just work

• ssh
• thttpd
• ntp

DNS

• zone file:

hostname IN A 172.17.0.17
hostname IN AAAA 2001:db8::17
• PTR (rDNS) for /64 tunnel:

zonefile: 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa

7.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR hostname.domain.invalid

Random apps

• IPv4 / IPv6
• ping / ping6
• fping / fping6
• traceroute / traceroute6
• netcat / nc6
• iptables / ip6tables
• shorewall / shorewall6
• route / route -6

More Information

• Hurricane Electric tunnel: http://tunnelbroker.net/
  5 free /64 and /48 6to4 tunnels with rDNS
• Comcast: http://www.comcast6.net/
• Comcast 6to4 tunnel:
  http://www.comcast6.net/6to4-config.php
• SixXS http://www.sixxs.net/ 6to4 tunnels
• tb-tun http://code.google.com/p/tb-tun/
  for 6to4 tunnel on OpenVZ VPS
• Debian IPv6 wiki http://wiki.debian.org/DebianIPv6
• man ipv6calc or 6to4 address calculator