next_inactive up previous


Setting up IPv6 in a home network

R. Gieben
NLnet Labs
miek@nlnetlabs.nl


Contents

Introduction

This document is meant as a showcase on how to add IPv6 to an existing IPv4 (home) network. The network in question is somewhat more complicated than your average home network. It has for instance two connection to the Internet. This documents describes the current layout of the LAN, how we added IPv6 to it and ends with a list of problems and a conclusion.

Current setup

Currently there are 5 computers in my home network. These are:
Firewall
Linux 2.4.x,
Server/Desktop
Linux 2.4.x,
Desktop
Windows 98SE,
Desktop
Windows 2000/XP,
Laptop
Linux 2.4.x.

All the Linux machines run Debian GNU/Linux [1], version 3.0 (Woody) or higher. This network is now of course totally IPv4 based. I have 2 connections to the Internet (cable (10Mb) and fiber (100Mb) ), a internal network (atoom.net, 192.168/16) and a wireless setup (wireless.atoom.net, 172.16/12). Currently all machine are connected to the Internet via NAT. Also see figure [*].

Figure: Network layout of atoom.net
1#1

One important remark: The fiber connection does not route email (port 25). So all email incoming and outcoming need to be routed over my cable connection. The server ``Elektron'' handles email, web, secure pop and CVS. These ports get destination natted from the firewall. As said, special care is taken to route email packets back over the cable connection.

``Ufo'' is my wireless access point. This is completely firewalled off from the rest of my network.

The goal is now to add IPv6 to this network.

Adding IPv6

By adding IPv6 to my home setup I will receive two advantages:
  1. No more natting (at home),
  2. Redundant email connection,
  3. Global routable addresses for my servers,
  4. P2P apps work.
But these are the only advantages I can think of. What is the major pushover for people to use IPv6? The IPv6 connectivity is provided via NLnet Labs. The ``sixgate'' is the machine that has an actual IPv6 connection to the Internet. This machine tunnels to my firewall. The actual setup if as follows:

domain atoom.net nlnetlabs.nl
hostname kopje.atoom.net sixgate.nlnetlabs.nl
IPv4 195.169.222.38 213.53.69.41
IPv6 2001:6e0:206:1002::2 2001:6e0:206:1002::1
Interface eth2 ?

The IP range 2001:6e0:206:1003::/64 is tunneled to my home. This gives me a lot of addresses to play with. I only need 5 of these, but it is nice that I don't have to NAT anymore. Most of the things covered here are found on [4].

Setting up the tunnel

Ronald has done all the hard work at NLnetLabs side. I have done the following to get it working under Linux.
  1. compiling the kernel with IPv6 support,
  2. setting up the tunnel,
  3. setting up radvd
  4. updating the DNS
  5. internal network
  6. upgrading applications

Compiling Linux with IPv6 support

The site [3] gives a good overview on what is currently supported under Linux. If you compile a version 2.4.x kernel with IPv6 support, you can do all the normal IPv6 stuff. Features not supported (yet) can also be found at [3].

Setting up the tunnel

For this section I have used [5]. To setup my tunnel:
ip tunnel add v6 mode sit local 195.169.222.38 remote 213.53.69.41 dev eth2
This creates a virtual interface called v6. This interface can than further be used as a regular interface. Then we activate the interface:
ip link set dev v6 up
Next I add the endpoint IPv6 address to the tunnel:
ip addr add 2001:6e0:206:1002::2/64 dev v6
And as last we add routing:
ip route add 2000::/3 dev v6
This yields a working configuration.

root@kopje# ping6 ftp.nluug.nl
PING ftp.nluug.nl(ftp.surfnet.nl) 56 data bytes
64 bytes from ftp.surfnet.nl: icmp_seq=1 ttl=58 time=6.00 ms
64 bytes from ftp.surfnet.nl: icmp_seq=2 ttl=58 time=6.03 ms
64 bytes from ftp.surfnet.nl: icmp_seq=3 ttl=58 time=6.38 ms

Setting up radvd

The router advertisement daemon setup was really a nobrainer. Just configure the IPv6 address delegated to you and the rest goes automaticly.

Updating the DNS

Updating the forward DNS is relatively simple, just add AAAA records to the zones and do this for all your hosts which are IPv6 capable. The reverse was some more work. First I've delegated the reverse to my own firewall machine. Once that was working I was able to setup the reverse (although you need a tool like ipv6calc to calculate the reverse IPv6 addresses).

Internal network

With the routing advertisement daemon running, all capable hosts will get an IPv6 address from kopje. For some weird reason this does not mean I can ping my server via IPv6...we're still still debugging this.

Upgrading applications

See the debian ipv6 site [2] for more information. Currently i've upgraded ssh. Sendmail works out of the box with IPv6. Further more I've installed iputils-ping and the iputils-tracepath packages to help network trouble shouting.

Wireless network

Upgrading the wireless network to accomodate IPv6 is also very easy. I have not done this however due to the routing problems.

Problems

All Linux machine run the latest stable kernel release (2.4.21-pre5), as of this writing. But still this doesn't solve the problem of dropping routes...One moment everything is working and I can ping my own hosts and hosts on the Internet. The next minute everything stops working. It looks like this is a kernel issues with Linux, but it could also be that my routing is not correct.

Conclusion

While IPv6 looks to be working (to some degree) major routing problems exist. The best course of action if to wait for 2.4.21 and a new USAGI patch [7].

Bibliography

1
Debian homepage. http://www.debian.org

2
Debian IPv6 page. http://debian.fabbione.net/

3
Current support in Linux kernels for IPv6 http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html

4
Deepspace 6: Linux IPv6 portal. http://www.deepspace6.net

5
Configuring tunnels with iproute2. http://www.deepspace6.net/docs/iproute2tunnel-en.html

6
Configuring tunnels with Debian GNU/Linux http://debian.fabbione.net/how.html

7
USAGI IPv6 for Linux http:/www.linux-ipv6.org

About this document ...

Setting up IPv6 in a home network

This document was generated using the LaTeX2HTML translator Version 2K.1beta (1.48)

Copyright © 1993, 1994, 1995, 1996, Nikos Drakos, Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999, Ross Moore, Mathematics Department, Macquarie University, Sydney.

The command line arguments were:
latex2html -split 0 -local_icons ipv6.tex

The translation was initiated by Miek Gieben on 2003-03-27


next_inactive up previous
Miek Gieben 2003-03-27