Experience setting up IPv6 via 6to4 for Debian networks
Hi all,
I recently managed to get IPv6 and global addressing via 6to4 working
nicely on all my Debian machines and networks. I thought I'd share how
I did it because it's a little different from existing documentation,
though pretty simple and the practical advice may help others who are
still struggling. I also welcome feedback in case I have overlooked
anything.
First of all to get IPv6 support ready in the kernel, I simply added
the line 'ipv6' to each machine's /etc/modules. I'm using the various
kernel-image-2.4* packages.
Next, I designated one host having a global IPv4 address on each of my
IPv4-separated networks to be a 6to4 gateway. For each 6to4 gateway, I
computed a 6to4 address based on the host's global IPv4 address using
the instructions found here:
http://people.debian.org/~csmall/ipv6/setup624.html
For example, the 6to4 address for 209.126.142.251 became
2002:d17e:8efb::1. For convenience I will refer to these below as
$ADDR_IPV4 and $ADDR_6TO4 respectively.
Then, for each 6to4 gateway I configured the tunnel interface using the
/etc/network/interfaces mechanism by adding the following stanza:
# IPv6 6to4 tunnel interface
auto stf
iface stf inet6 v4tunnel
address $ADDR_6TO4
netmask 16
endpoint any local $ADDR_IPV4 ttl 64
up ip -6 route add 2000::/3 via ::192.88.99.1 dev stf
metric 1
down ip -6 route flush dev stf
(The $ADDR_6TO4 and $ADDR_IPV4 should be replaced with their respective
literal addresses.) N.B. the 'iproute' package is required for the 'ip'
command.
There are a couple of interesting things to note about this. The
'endpoint' line is a bit of a hack to add some additional necessary
options to the 'ip tunnel' command run by 'ifup'. The other thing to
note is the default route destination: 192.88.99.1 is the official 6to4
Relay anycast address sanctioned by RFC 3068 to reach the nearest 6to4
Relay Router.
After bringing the tunnel interface up ('ifup stf' or reboot) this is
sufficient for global IPv6 connectivity on each 6to4 gateway.
Next, to establish IPv6 connectivity on the internal networks behind
each gateway, I installed the 'radvd' package on the 6to4
gateway/router machines. I assigned a global network prefix to each
network based on the gateway's 6to4 address. For example, I assigned
2002:d17e:8efb:1::/64 to the network behind 2002:d17e:8efb::1. I also
assigned a unique site-local network prefix to each network, for
example fec0:0:0:1::/64. In the following example I refer to these as
$GLOBAL_PREFIX and $SITE_PREFIX respectively. (The use of a
$SITE_PREFIX is optional.)
In the following example $INTERNAL_IFACE is the name of the internal
network interface (e.g. eth1). I configured 'radvd' on each 6to4
gateway/router machine in /etc/radvd.conf as follows:
interface $INTERNAL_IFACE
{
AdvSendAdvert on;
prefix $SITE_PREFIX
{
};
prefix $GLOBAL_PREFIX
{
};
};
I didn't find it necessary to add any other options; the defaults work.
After 'radvd' is reloaded with this configuration, the internal
IPv6-enabled machines behind the gateway automatically receive their
global and site-local IPv6 addresses.
Unfortunately 'radvd' doesn't seem to advertise to itself; each host
running 'radvd' doesn't automatically obtain global/site-local IPv6
addresses for its own internal interface. To fix this, I added some
additional lines to /etc/network/interfaces for the internal interface
stanza on each router/gateway:
# iface $INTERNAL_IFACE inet static
# address 10.0.0.1
# ... etc. IPv4 configuration
up ip -6 addr add $SITE_PREFIX::1/64 dev $INTERNAL_IFACE
up ip -6 addr add $GLOBAL_PREFIX::1/64 dev $INTERNAL_IFACE
down ip -6 addr del $GLOBAL_PREFIX::1/64 dev $INTERNAL_IFACE
down ip -6 addr del $SITE_PREFIX::1/64 dev $INTERNAL_IFACE
For example in one of my cases I've assigned fec0:0:0:1::1 as the
site-local address and 2002:d17e:8efb:1::1 as the global address for
the internal interface. (N.B. I've twisted my $*_PREFIX notation here a
little to add the host identifier while keeping the net mask.)
This is also somewhat of a hack because I'm not aware of a way to
configure an interface simultaneously as 'inet' and 'inet6' using this
file's syntax. If your internal network is 100% IPv6, you can probably
just use an 'inet6' stanza for the internal interface.
To make site-local addresses work across network boundaries, it's
necessary to add some static routes. (If you aren't bothering with
site-local addresses, you can ignore this part.) I did this by adding
more statements to the 6to4 tunnel interface stanza of
/etc/network/interfaces:
up ip -6 route add $SITE_PREFIX via ::$ADDR_IPV4
down ip -6 route del $SITE_PREFIX via ::$ADDR_IPV4
These should complement the prefix for the network connected to the
router. For example, the router with site-local address fec0:0:0:1::1
adds routes to reach fec0:0:0:2::/64 (via fec0:0:0:2::1's IPv4-mapped
address), and vice versa.
That's it! All machines now have full, global and site-local IPv6
connectivity.
Summary:
All machines:
Debian packages
kernel-image-2.4*
iproute
Configuration
Add 'ipv6' to /etc/modules
6to4 gateway machines (machines with global IPv4 addresses):
Configuration
Add 6to4 tunnel stanza to /etc/network/interfaces
Router machines (6to4 gateways for internal networks):
Debian packages
radvd
Configuration
Configure /etc/radvd.conf with IPv6 network prefixes
Configure /etc/network/interfaces with internal IPv6 addresses
Add static routes for site-local networks to
/etc/network/interfaces
Cheers,
--
Rob Leslie
rob@mars.org
Reply to: