IPv6Guide

From FedoraProject

Revision as of 22:16, 25 February 2014 by Ilmostro (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

IPv6

Outdated.png
This wiki page is outdated
Please update this wiki page to reflect recent events or newly available information.

This guide explains how to setup IPv6 on a Fedora Core system since version #6. This includes some basic DNS configurations and clients configuration for IPv6 addresses.

Kernel

All kernels available in Fedora Core support IPv6 connections.

In case you need custom kernel configuration, there is a list of important kernel options related to IPv6:

Networking ---> Networking options ---> <M> The IPv6 protocol
[*]      IPv6: Privacy Extensions support
[*]  IPv6: Router Preference (RFC 4191) support
[*]        IPv6: Route Information (RFC 4191) support (EXPERIMENTAL)
<M>     IPv6: AH transformation
<M>     IPv6: ESP transformation
<M>     IPv6: IPComp transformation
<M>   IPv6: IPv6-in-IPv6 tunnel

Networking ---> Networking options ---> Network packet filtering --> IPv6: Netfilter configuration --->
(Options related to filtering of IPv6 packets)

Device drivers --> Network device support --> Universal TUN/TAP device driver support
(Option is only required if you are using for 6to4 conversion)
Clear.png
The content appearing below may require cleanup
Please improve this article if you can, and move or remove this notice if appropriate.

IPv6 Specific Packages

There are some packages which deal with IPv6.

Package Description
ipv6calc Converts an IPv6 address to a compressed format
iptables-ipv6 Contains IPv6 support for iptables

/etc/sysconfig/ip6tables-config is provided w/latest iptables pkg.

radvd Router advertisement daemon for IPv6
dhcpv6_client Client for DHCPv6 protocol (RFC 3315)
dhcpv6 DHCP server and client for IPv6
ip6sic Tool for stress-tesing on IPv6 network stack

IPv6 Router

If we want to use our system as a router for other clients which want to connect to the outside world. We need to enable forwarding of IPv6 packets. We can do it this way:


There are two ways, how IPv6 specification deals with assigning of IPv6 addresses to clients.

  • Stateful assignment uses the dynamic host configuration protocol which is well known from IPv4 world. It is called "stateful" because the server keeps a state of the clients who have requested IPs and received them.
  • Stateless assignment is a new feature in IPv6 which uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called "stateless" because there is no record of IPs assigned and the host they are assigned to.

Stateless configuration

Stateless configuration is easy realized with radvd(Router Advertisement Daemon). Just put one of these on your network and your configuration problems for clients should be greatly reduced.

First we need is to install it:

sudo yum install radvd

After then we set up radvd configuration file /etc/radvd.conf. It's necessary to adjust the prefix and interface at least. Here is a sample radvd.conf:

interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

};

More informations about radvd setting are available in man radvd.conf

At the end we start radvd and let it start at boot time.

sudo systemctl enable radvd.service 
sudo systemctl start radvd.service 

Stateful configuration

Stateful configuration is provided by dhcpv6. So we install it at first:


Then we must configure the DHCPv6 server by editing /etc/dhcp6s.conf

option dns_server 2003::6:1 ibm.com;
prefer-life-time 10000;
valid-life-time 20000;
renew-time 5000;
rebind-time 8000;
interface eth1 {
link AAA {
allow unicast;
send unicast;
allow rapid-commit;
send server-preference 5;
renew-time 1000;
rebind-time 2400;
prefer-life-time 2000;
valid-life-time 3000;
range 3ffe:ffff:100::10 to 3ffe:ffff:100::110/64;
prefix 3ffe:ffef:104::/64;
pool {
prefer-life-time 3600;
valid-life-time 7200;
range fec0:ffff::10 to fec0:ffff::110/64;
prefix fec0:fffe::/48;
};
};
};

And at the end we start dhcpv6 and let it start at boot time too.


IPv6 Client

Clients behind radvd router should be connected immediately, after we bring their interface up. We only need to have the network configuration set up properly. Sample /etc/sysconfig/network:

NETWORKING=yes
HOSTNAME=localhost.localdomain
NETWORKING_IPV6=yes

If the router is set up to use DHCPv6, our clients will need to have the dhcpv6_client package installed.


After having done this, we need to configure client by editing /etc/dhcp6c.conf.

interface eth0 {
send rapid-commit;
request prefix-delegation;
request domain-name-servers;
request temp-address;
iaid 11111;
address {
3ffe:10::10/64;
prefer-life-time 6000;
valid-life-time 8000;
};
renew-time 11000;
rebind-time 21000;
};

Also, the config file for the particular interface needs to be set up. Adding the line IPV6INIT=yes to /etc/sysconfig/network-scripts/ifcfg-<interface> will enable IPv6 initialization.


Don't forget to restart the network service after everything is set up correctly.


The easiest way how to test our connection is to use ping6 command and ping an IPv6 host.

PING www.kame.net(orange.kame.net) 56 data bytes
64 bytes from orange.kame.net: icmp_seq=1 ttl=52 time=300 ms
64 bytes from orange.kame.net: icmp_seq=2 ttl=52 time=285 ms

or visit www.kame.net and see the turtle. If it's dancing, your IPv6 connection is alright :-).

DNS

Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. For reverse DNS, the INT standard is deprecated but still widely supported, therefore we describe ARPA format here.

BIND include excellent IPv6 support since version 9.x. So the first thing we need to do(after we install it) is to add entries for both forward and reverse DNS zone files in /etc/named.conf.

/* We allow bind to listen to IPv6 addresses. *
options {
[...] 
listen-on-v6 { any; }
[...] 
};

/* Provide the forward DNS for the domain 'ipv6-rules.com' */
zone "ipv6-rules.com" IN {
type master;
file "ipv6-rules.com";
};

/* This format for reverse DNS is "bitwise." It's done by taking the IPv6 prefix,
reversing the order of the numbers and putting a period between each number.
We can use ipv6calc to calculate it */
zone "6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa" {
type master;
file "rev-ipv6-rules.com.arpa";
};

Now we must create those zone files and add entries for all of our hosts. Zone files are usually located under /var/named. Here are some samples of ipv6-rules.com

$TTL    2h
@       IN      SOA     ipv6-rules.com. webmaster.ipv6-rules.com.  (
2003052501 ; Serial
28800      ; Refresh
14400      ; Retry
3600000    ; Expire
86400 )    ; Minimum
NS      ns1.ipv6-rules.com

IN      AAAA    2001:470:1f00:296::1 ; address for ipv6-rules.com
host1   IN      AAAA    2001:470:1f00:296::2 ; address for host1.ipv6-rules.com
host2   IN      AAAA    2001:470:1f00:296::3:3 ; address for host2.ipv6-rules.com

and rev-ipv6-rules.com.arpa.

$TTL 3d ; Default TTL (bind 8 needs this, bind 9 ignores it)
@       IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. (
2003052501      ; Serial number (YYYYMMdd)
24h             ; Refresh time
30m             ; Retry time
2d              ; Expire time
3d )            ; Default TTL
IN      NS     ns1.ipv6-rules.com.
; IPv6 PTR entries
$ORIGIN 6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN      PTR     ipv6-rules.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN      PTR     host1.ipv6-rules.com.
3.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0 IN      PTR     host2.ipv6-rules.com.

Tunnel Configuration

Most ISPs still do not offer any native IPv6 connections. To get around this limitation, there are several "tunnel brokers" around the globe that offer free IPv6 tunnels. This will allow you to tunnel all your IPv6 connections through an IPv4 connection.

Some tunnel brokers:

Another way to get IPv6 connection is to use IPv6 automatic tunnelling ("6to4"). It's a method designed to ease the introduction of IPv6 into existing IPv4 networks. The designers of IPv6 created a special prefix, 2002, under which the entire IPv4 address space can be mapped, with enough address bits left over for 65,536 subnets behind the IPv4 address. A 6to4 host tunnels IPv6 packets over IPv4 to a special anycast prefix, which selects the closest IPv6 router, thus providing seamless connectivity to the IPv6 universe. No special setup required at the ISP at all.

This method is not usable, if you are located behind a NAT-device.

Configuration is very simple.Enable IPv6 and set 6to4 pseudo-interface as default gateway in /etc/sysconfig/network:

echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network
echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network

and edit your outbound (Internet) interface configuration. This can be e.g. ippp0, ppp0, eth0, or the like. eth0 is used here.

echo "IPV6INIT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "IPV6TO4INIT=yes">> /etc/sysconfig/network-scripts/ifcfg-eth0

More info about tunneling is available in files:
/usr/share/doc/initscripts-*/ipv6-6to4.howto
/usr/share/doc/initscripts-*/ipv6-tunnel.howto

Other Resources

Some other sources with useful information: