Setting up IPv6 in a home network
R. Gieben
NLnet Labs
miek@nlnetlabs.nl
This document is meant as a showcase on how to add IPv6 to an existing IPv4
(home) network. The network in question is somewhat more complicated than your
average home network. It has for instance two connection to the Internet.
This documents describes the current layout of the LAN, how we added IPv6 to
it and ends with a list of problems and a conclusion.
Currently there are 5 computers in my home network. These are:
- Firewall
- Linux 2.4.x,
- Server/Desktop
- Linux 2.4.x,
- Desktop
- Windows 98SE,
- Desktop
- Windows 2000/XP,
- Laptop
- Linux 2.4.x.
All the Linux machines run Debian GNU/Linux [1], version 3.0
(Woody) or higher.
This network is now of course totally IPv4 based. I have 2 connections to
the Internet (cable (10Mb) and fiber (100Mb) ), a internal network (atoom.net,
192.168/16) and a wireless setup (wireless.atoom.net, 172.16/12). Currently all
machine are connected to the Internet via NAT. Also see figure ![[*]](crossref.png)
.
Figure:
Network layout of atoom.net
| 1#1 |
One important remark: The fiber connection does not route email (port 25). So
all email incoming and outcoming need to be routed over my cable connection.
The server ``Elektron'' handles email, web, secure pop and CVS. These ports get
destination natted from the firewall. As said, special care is taken to route
email packets back over the cable connection.
``Ufo'' is my wireless access point. This is completely firewalled off from the
rest of my network.
The goal is now to add IPv6 to this network.
By adding IPv6 to my home setup I will receive two advantages:
- No more natting (at home),
- Redundant email connection,
- Global routable addresses for my servers,
- P2P apps work.
But these are the only advantages I can think of. What is the major
pushover for people to use IPv6?
The IPv6 connectivity is provided via NLnet Labs. The ``sixgate'' is the machine
that has an actual IPv6 connection to the Internet. This machine tunnels to
my firewall. The actual setup if as follows:
| domain |
atoom.net |
nlnetlabs.nl |
| hostname |
kopje.atoom.net |
sixgate.nlnetlabs.nl |
| IPv4 |
195.169.222.38 |
213.53.69.41 |
| IPv6 |
2001:6e0:206:1002::2 |
2001:6e0:206:1002::1 |
| Interface |
eth2 |
? |
The IP range 2001:6e0:206:1003::/64 is
tunneled to my home. This gives me a lot of addresses to
play with. I only need 5 of these, but it is nice that I don't have to NAT
anymore.
Most of the things covered here are found on [4].
Ronald has done all the hard work at NLnetLabs side. I have done the following to get
it working under Linux.
- compiling the kernel with IPv6 support,
- setting up the tunnel,
- setting up radvd
- updating the DNS
- internal network
- upgrading applications
The site [3] gives a good overview on what
is currently supported under Linux. If you compile a version 2.4.x kernel
with IPv6 support, you can do all the normal IPv6 stuff. Features not
supported (yet) can also be found at [3].
For this section I have used [5]. To setup my tunnel:
ip tunnel add v6 mode sit local 195.169.222.38 remote 213.53.69.41 dev eth2
This creates a virtual interface called v6. This interface can than further be
used as a regular interface. Then we activate the interface:
ip link set dev v6 up
Next I add the endpoint IPv6 address to the tunnel:
ip addr add 2001:6e0:206:1002::2/64 dev v6
And as last we add routing:
ip route add 2000::/3 dev v6
This yields a working configuration.
root@kopje# ping6 ftp.nluug.nl
PING ftp.nluug.nl(ftp.surfnet.nl) 56 data bytes
64 bytes from ftp.surfnet.nl: icmp_seq=1 ttl=58 time=6.00 ms
64 bytes from ftp.surfnet.nl: icmp_seq=2 ttl=58 time=6.03 ms
64 bytes from ftp.surfnet.nl: icmp_seq=3 ttl=58 time=6.38 ms
The router advertisement daemon setup was really a nobrainer. Just configure the
IPv6 address delegated to you and the rest goes automaticly.
Updating the forward DNS is relatively simple, just add AAAA records
to the zones and do this for all your hosts which are IPv6 capable.
The reverse was some more work. First I've delegated the reverse to
my own firewall machine. Once that was working I was able to setup
the reverse (although you need a tool like ipv6calc to
calculate the reverse IPv6 addresses).
With the routing advertisement daemon running, all capable hosts will get an
IPv6 address from kopje. For some weird reason this does not mean I can
ping my server via IPv6...we're still still debugging this.
See the debian ipv6 site [2] for more information.
Currently i've upgraded ssh. Sendmail works out of the box with IPv6.
Further more I've installed iputils-ping and the iputils-tracepath
packages to help network trouble shouting.
Upgrading the wireless network to accomodate IPv6 is also very easy. I have not
done this however due to the routing problems.
All Linux machine run the latest stable kernel release (2.4.21-pre5), as of this
writing. But still this doesn't solve the problem of dropping routes...One
moment everything is working and I can ping my own hosts and hosts on the
Internet. The next minute everything stops working. It looks like this is
a kernel issues with Linux, but it could also be that my routing is not
correct.
While IPv6 looks to be working (to some degree) major routing problems exist.
The best course of action if to wait for 2.4.21 and a new USAGI patch [7].
- 1
- Debian homepage.
http://www.debian.org
- 2
- Debian IPv6 page.
http://debian.fabbione.net/
- 3
- Current support in Linux kernels for IPv6
http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html
- 4
- Deepspace 6: Linux IPv6 portal.
http://www.deepspace6.net
- 5
- Configuring tunnels with iproute2.
http://www.deepspace6.net/docs/iproute2tunnel-en.html
- 6
- Configuring tunnels with Debian GNU/Linux
http://debian.fabbione.net/how.html
- 7
- USAGI IPv6 for Linux
http:/www.linux-ipv6.org
Setting up IPv6 in a home network
This document was generated using the
LaTeX2HTML translator Version 2K.1beta (1.48)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -split 0 -local_icons ipv6.tex
The translation was initiated by Miek Gieben on 2003-03-27
Miek Gieben
2003-03-27