Setting up IPv6 in a home network - Take 2

R. Gieben

NLnet Labs

miek@nlnetlabs.nl

Update

Thanks to the help of Pim van Pelt I currently run an IPv6 enabled home. There were some minor nits which were wrong in the previous IPv6 configuration attempt. They were probably the cause of the non working IPv6 situation at my home.

However, the major error in my previous setup was not identified. I believe I was overzealous with setting up IPv6 interfaces, which caused the routing to fail, but this is not confirmed.

Since my last IPv6 experiment my network has undergone some important changes. Most important is the switch to Linux kernel version 2.6.x (with it's better support for IPv6).

I'm now updating this case study to reflect the current, working situation.

Miek Gieben - 26 April 2004

Introduction

This document is meant as a showcase on how to add IPv6 to an existing IPv4 (home) network. The network in question is somewhat more complicated than your average home network. It has for instance two connection to the Internet. This documents describes the current layout of the LAN, how we added IPv6 to it and ends with a list of problems and a conclusion.

Current setup

Currently there are 5 computers in my home network. These are:

Firewall: Linux 2.6.x,
Server/Desktop: Linux 2.6.x,
Laptop: Linux 2.6.x,
Desktop: Windows 2000/XP.

All the Linux machines run Debian GNU/Linux [2], version Sarge (Testing). This network is totally IPv4 based. I have 2 connections to the Internet (cable (10Mb) and fiber (100Mb) ), a internal network (atoom.net, 192.168/16) and a wireless setup (wireless.atoom.net, 172.16/12). Currently all machine are connected to the Internet via NAT. Also see figure 1.

**Figure 1:** Network layout of atoom.net
$\includegraphics[width=12cm]{atoomnet}$

One remark: The fiber connection does not route email (port 25). So all email incoming and out coming need to be routed over my cable connection. The server ``Elektron'' handles email, web, secure pop. These ports get destination natted from the firewall. As said, special care is taken to route email packets back over the cable connection.

``Ufo'' is my wireless access point. This is completely firewalled off from the rest of my network.

The goal is now to add IPv6 to this network.

Adding IPv6

By adding IPv6 to my home setup I will receive two advantages:

No more natting,
Redundant email connection,
Global routable addresses for my servers,
P2P apps work.

The IPv6 connectivity is provided via sixxs.net [1]. Via this tunnel broker I'm connected to the brave new world of IPv6. The actual setup if as follows:

domain atoom.net sixxs.net

hostname kopje.atoom.net gw-201.ede-01.nl.sixxs.net

IPv4 195.169.222.38 N/A

IPv6 2001:7b8:2ff:c8::2 2001:7b8:2ff:c8::1

This the tunnel runs from 2001:7b8:2ff:c8::1 (sixxs' end) to 2001:7b8:2ff:c8::2 (my end). Over the tunnel 2001:7b8:32a::/48 is routed. This means I have 80 bits of addressing for my home network.

Setting up the tunnel

Pim has done all the hard work at sixxs.net's side. I have done the following to get it working under Linux.

compiling the kernel with IPv6 support,
setting up the tunnel,
setting up radvd
updating the DNS
updating internal network
upgrading applications

Compiling Linux with IPv6 support

The site [4] gives a good overview on what is currently supported under Linux. If you compile a version 2.6.x kernel with IPv6 support, you can do all the normal IPv6 stuff. Features not supported (yet) can also be found at [4].

Setting up the tunnel

This has changed. I'm using Debian's why of configuring stuff now.
Enabling the tunnel was done by adding to code below to /etc/network/interfaces:

# IPV6
auto sixxs

iface sixxs inet6 v4tunnel
	address 2001:7b8:2ff:c8::2
	netmask 64
	endpoint 193.109.122.244
	up ip route add 2000::/3 via 2001:7b8:2ff:c8::1
	up ip link set dev sixxs mtu 1280 
	up ip tunnel change sixxs ttl 64

The tunnel gets the interface name sixxs and has 2001:7b8:2ff:c8::1 as its endpoint.

Note: previously the last command looked like: up ip tunnel change sixxs ttl inherit This causes the IPv4 tunnel packets to inherit the TTL of the IPv6 packets, which, unfortunately, can lead to disaster:

Suppose the IPv6 packets needs 2 hops to reach the Internet and also assume the IPv4 packets need 6 hops to reach the Internet. This is roughly the situation at my home: IPv4 packets need more hops than the IPv6 ones. Now we are traceroute6-ing the IPv6 endpoint. Those packets start of with a low TTL. Because the IPv4 packets inherit this low TTL, they get dropped by the first router that sees a TTL of zero. So be looking at the IPv6 packets you get no glue on why nothing reaches the endpoint, because the IPv4 tunnel packets are the ones being dropped. Setting inherit to 64 restores normal behavior.

But after these tweaks the endpoint was pingeable and tracerouteable:

% ping6 2001:7b8:2ff:c8::1
PING 2001:7b8:2ff:c8::1(2001:7b8:2ff:c8::1) 56 data bytes
64 bytes from 2001:7b8:2ff:c8::1: icmp_seq=1 ttl=64 time=4.18 ms
64 bytes from 2001:7b8:2ff:c8::1: icmp_seq=2 ttl=64 time=3.80 ms
64 bytes from 2001:7b8:2ff:c8::1: icmp_seq=3 ttl=64 time=3.94 ms

Setting up radvd

The router advertisement daemon setup was really a nobrainer. Just configure the IPv6 address space delegated to you and the rest goes automatically. I've added the following:

Note: atoom is my internal interface and wireless is my wireless interface. (Under Linux you can rename your interfaces with a nice tool called nameif [See: man 8 nameif]).

This radvd.conf creates two subnets :0 and :1 for internal use.

# atoom.net internal
interface atoom {
   AdvSendAdvert on;
   AdvHomeAgentFlag off;

# recommended values from ronald
   MinRtrAdvInterval 30;
   MaxRtrAdvInterval 90;

   prefix 2001:7b8:32a:0::/64 {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
   };
};

interface wireless {
   AdvSendAdvert on;
   AdvHomeAgentFlag off;

# recommended values from ronald
   MinRtrAdvInterval 30;
   MaxRtrAdvInterval 90;

   prefix 2001:7b8:32a:1::/64 {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
   };
};

Updating the DNS

Updating the forward DNS is relatively simple, just add AAAA records to the zones and do this for all your hosts which are IPv6 capable.

With sixxs.net you can add your own reverse nameserver. Once this was added the actual setup was not that difficult, although you need a tool like ipv6calc to calculate the reverse IPv6 addresses.

Internal network

With the routing advertisement daemon running, all capable hosts will get an IPv6 address from my firewall. And this indeed works as advertised. My server configured itself in a matter of seconds (after radvd was started). Also my wireless network is now fully IPv6 capable.

Upgrading applications

See the Debian IPv6 site [3] for more information. Ssh, sendmail and apache2 work out of the box with IPv6. Further more I've installed iputils-ping and the iputils-tracepath packages to help network trouble shooting.

Problems

I've been running this new setup for almost a week now and I haven't experienced any problems what so ever. Everything seems to work. Also having routable addresses on my network is just great!

Conclusion

With a plain Linux 2.6.x kernel and some knowledge (thanks Pim!), setting up IPv6 is easy. Even in more sophisticated home networks it just works. Why it didn't work the first time around is still a mystery. Too many things have changed (new kernels, new software) to properly debug the previous setup. So it will probably remain a mystery why it didn't work before.

Bibliography

1: Sixxs, Six access homepage. http://www.sixxs.net
2: Debian homepage. http://www.debian.org
3: Debian IPv6 page. http://debian.fabbione.net/
4: Current support in Linux kernels for IPv6 http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html
5: Deepspace 6: Linux IPv6 portal. http://www.deepspace6.net
6: Configuring tunnels with iproute2. http://www.deepspace6.net/docs/iproute2tunnel-en.html
7: Configuring tunnels with Debian GNU/Linux http://debian.fabbione.net/how.html
8: USAGI IPv6 for Linux http:/www.linux-ipv6.org

About this document ...

Setting up IPv6 in a home network - Take 2

This document was generated using the LaTeX2HTML translator Version 2002-2-1 (1.70)

The command line arguments were:
latex2html -split 0 -local_icons ipv6-take2.tex

The translation was initiated by Miek Gieben on 2004-04-26

Miek Gieben 2004-04-26

domain	atoom.net	sixxs.net
hostname	kopje.atoom.net	gw-201.ede-01.nl.sixxs.net
IPv4	195.169.222.38	N/A
IPv6	2001:7b8:2ff:c8::2	2001:7b8:2ff:c8::1