Weekend Project Transition to IPv6 Linux
description
Transcript of Weekend Project Transition to IPv6 Linux
-
Skip to contentSkip to main navigationSkip to 1st columnSkip to 2nd column
Linux FoundationTrainingEvents
Linux.com
HomeNews
SoftwareApplicationsMultimediaLinuxKernelDevelopmentDeveloper
HardwareDesktopsLaptopsPeripheralsServersDrivers
Embedded / MobileMobileLinuxNetbooksMIDsPhones
Business of Open SourceGovernanceLegal
Enterprise ComputingEnterpriseBusinessCloudComputingClusteringLinuxStorageHighPerformanceNetworking
Linux CommunityEventsForumsContests and Polls
Contests2011TshirtDesignContentFinalists
Join the Linux FoundationCarry the Linux Credit CardCommunity Blogs
Learn LinuxLinux AnswersLinux Documentation
LinuxHowTosLinuxManPages
Linux TutorialsWhitepapersLinux VideosLinux New User GuidesLinux Career CenterLinux Training Program and Classes
AndroidTraining
DirectoryDownload LinuxBooksMobileComponentsPeripheralsSoftwareLinux Applications
JobsStore
Home Learn Linux Linux Tutorials Weekend Project: Transition to IPv6
Weekend Project: Transition to IPv6
Friday, 14 May 2010 08:24 Nathan Willis | Exclusive
This is our third article in the Weekend Project series. Our recent Linux.com survey results told us that you want more tutorials
on the site, so this series is running on Fridays and includes longer tutorials to provide Linux users with a fun project to
embark upon over the weekend. Please share with your friends and colleagues and have fun with it! And, as always, let us
know if it's useful and what other topics you would like to see in this series.
Transitioning to IPv6
Internet Protocol version 4 (IPv4) has certainly served the world well over the past few decades, but that's no reason to cling to
it until the bitter end. You can start using its replacement IPv6 on your Linux machines and home network today.
ShareShare
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
1 of 7 11/28/2011 07:18 PM
-
SystemsManagementCaseStudies
Featured BlogsTechnology Feature
SecuritySpecial Feature
StoriesofLinux
RSS FeedsGalleriesFriday Funnies
Know Your Protocols
If you haven't worked with IPv6 before, you might have only heard one fact about it: that its expand, 128-bit address space is
so much larger than IPv4's 32-bit space that it will never need to be expanded again. The curmudgeons may mutter, "never
say never" at that claim, but it is true that the last unreserved IPv4 address blocks are predicted to be used up by September of
2011, at which point ISPs and businesses will be forced to start using IPv6 in order to roll out new networks.
Still, if you are reading this Weekend Project, then you are connected to the Internet, so IPv4's address depletion hasn't hit
you yet. But there is a lot more to IPv6 than just its large address space. IPv6 has built-in IPSec security features that are
optional in IPv4 (and thus, rarely offered to consumers by ISPs), larger packet payloads called jumbograms that increase
network efficiency, built-in support for mobile networking devices that move from one connection point to another as they
travel, simplified routing and address autoconfiguration.
Some of those niceties are available to IPv4 networks through other means, of course. DHCP is commonly used to allow
automatic address assignment -- IPv6 builds the same functionality right into the IP protocol. Because it is a low-layer
protocol, applications (with very rare exceptions) don't care whether or not they are running on top of IPv4 or v6.
Getting started with IPv6 starts with understanding IPv6 addresses. Many of IPv6's new functions are possible because the
protocol uses the 128-bits more intelligently; essentially, there is so much space available that the protocol uses the address
to embed hierarchical information about the network, not just assign a unique string of bits to each host.
This is possible because each network interface can have multiple addresses assigned to it, with different prefixes. For
example, the prefix "fe80::" indicates that an address is link local. Routers do not forward link-local address traffic; it is valid
only on the immediate Ethernet segment (or equivalent). A device can use its link local address to broadcast requests for
site-wide or global addresses, and only the nearest router will respond, greatly simplifying configuration. The prefix "2002::"
indicates that an address is a 6to4 transition address. 6to4 is a mechanism with which IPv6 nodes can tunnel traffic through
incompatible, IPv4-only network segments. The address structure also includes other special multicast and "anycast" address
types to implement other features.
Because IPv6 addresses encapsulate routing and network information in this manner, how best to roll out IPv6 on your Linux
machine depends in part on how your network is set up -- particularly on whether or not you are only worried about a single
box, or want to set up multiple boxes -- and how you connect to the Internet upstream. Getting started, however, begins in the
same place: the kernel.
The Linux Kernel and Utilities
The Linux kernel has supported IPv6 since the very beginning, around 1996, and has adapted to keep up with the revisions
and enhancements of IPv6-related RFCs over the years. Today, virtually no Linux distribution ships a kernel that does not
include the IPv6 module compiled and loaded by default. You can test for its presence in several ways, though. The simplest
is to look inside the /proc/net/ directory; if /proc/net/if_inet6 (and other entries) are present, the IPv6 module is loaded. If not,
you can load it with modprobe ipv6.
Next up is to examine your network interfaces and see if they are configured for IPv6. Run ip -6 addr show dev eth0 (as root);
the output will list all IPv6 addresses assigned to the eth0 network interface (if you use eth1 or another interface, just substitute
it in the preceding command). You will at least see an fe80:: link-local address. If you have additional IPv6 addresses already
assigned, then you are already up and running, and the remainder of this guide will not be of much use. For everyone just
getting started, though, the link local address is likely the only one reported by ip.
The other major obstacle to an IPv6 transition is DNS lookup. While IPv6 addresses may be reachable directly, most user
programs operate on DNS records, and by default some DNS servers do not try IPv6's distinct "AAAA" records first. This was
the source of a well-publicized bug in Ubuntu several releases ago. To see whether or not you can look up IPv6 hostnames,
run host -t AAAA ipv6.google.com. You can attempt to lookup any hostname this way, but it must be one with an IPv6 record,
hence you should choose a known-to-be-on-IPv6 target. If the request fails, the easiest fix is to choose new DNS servers --
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
2 of 7 11/28/2011 07:18 PM
-
most of the free, publicly-available servers now support IPv6 lookups; you are likely to encounter trouble only if you are using
your ISP's default DNS servers.
Finally, if you are behind a firewall, be sure that it is not configured to block IPv6 packets; they are IP protocol number 41 and
are not the same as IPv4 packets. How to do this depends on the firewall that you run, however, all Linux firewalls in regular
usage support it.
Getting Around the LAN
As mentioned above, if your IPv6 network stack is running, your Ethernet or WiFi interface should automatically grab a link
local address. But to connect to other hosts, you will need an additional address. As with IPv4, you can assign an address
yourself with a command line tool like ifconfig, provided that you choose a valid address. For testing purposes, such as
between two boxes on your home network, this is an acceptable method -- even though you will want a more permanent
solution further down the road.
You can assign a unique local address (ULA) yourself without fear of colliding with another IPv6 host. They begin with the
prefix "fc00::" and are supposed to contain a randomly-generated string, although there is currently no canonical way to select
this. For testing purposes, you can assign one with ifconfig eth0 inet6 add fc00:XXXX::1/64. If you wish, you can register your
random ULA prefix with the unofficial index at SixXS.net, although this is not required.
Once you set up two or more IPv6 hosts on the same network, you can test whether they are reachable from each other using
ping6, an IPv6-only implementation of ping. Simply run ping6 fc00:XXXX::1, substituting the appropriate prefix in place of
XXXX.
You may find references to site local addresses (as opposed to link local) in some reference materials; this is a type of
address with the prefix "fec0:" and it is now deprecated; ULAs are the replacement.
Connecting to the Rest of the Internet
Two hosts on the same network being able to ping6 one another is nice, but it's nothing to write home about. Your transition
also has to account for connecting your IPv6-capable hosts to the IPv6-connected Internet writ large. How best to pursue that
depends on your network connection point.
If your machine has a static IP address, you can use a free 6to4 tunnel broker (such as Hurricane Electric or SixXS), which will
allow you to route IPv6 traffic even through uncooperative IPv4-only ISPs using 6to4 "relay routers." 6to4 addresses use the
prefix 2002: followed by the IPv4 address of the host, such as 2002:A.B.C.D:: -- it is because of this scheme that a 6to4 host
must have a reachable IPv4 address; a NAT address such as 192.168.15.1 is not unique.
Once you have registered with a 6to4 tunnel broker, setting up the tunnel is as simple as running a few configuration
commands. Start with ip tunnel add my6to4 mode sit remote any local A.B.C.D, followed by ip link set dev my6to4 up. This
creates a new virtual network interface named my6to4, then activates it. You will then need to assign the 6to4 address to the
tunnel device, with a command like ip addr add 2002:A.B.C.D::1/16 dev my6to4 -- but remember to first convert the A.B.C.D
IPv4 address to its hexadecimal form. Finally, ip -6 route add ::/0 via ::192.88.99.1 dev my6to4 metric 1026 adds the
appropriate routing information -- sending all IPv6 traffic through the my6to4 interface.
A far, far simpler solution for most basic setups is to skip 6to4 and use the Teredo protocol instead. Like 6to4, Teredo is an
official IPv4-to-IPv6 "transition mechanism," but it is entirely automatic, and better still, it works even for those hosts that do not
have a static IPv4 address (which includes most ISP customers). The downside is that Teredo grabs a new IPv6 address on
each restart, making persistent connections and running servers impossible.
The Linux implementation of the protocol is called Miredo. Most distributions package it; if yours does not you can fetch it from
the project site. Once installed, just run miredo as root; the service spawns in the background and retrieves an IPv6 address.
That's all there is to it. You can test its effectiveness by running ping6 ipv6.google.com (or ping6'ing another IPv6 host).
As simple as it sounds, most other Linux applications work fine over IPv6 with no additional steps required. You can test
whether or not Firefox or another Web browser is correctly connecting over any of the above IPv6 configurations by visiting
www.kame.net. The site responds differently depending on whether or not you reach it via IPv4 or IPv6. On IPv4, you will see a
static PNG image of a turtle at the top of the page. On IPv6, you will see an animation of the turtle swimming instead.
By and large, the rest of the Internet will not seem more special or magical on IPv6; you can access Google's IPv6-only search
engine, which might be faster, and some users who run their own web and mail servers report drastically lower incidents of
spammers and denial-of-service attacks, but the real fun is found in the improved routing and autoconfiguration; it's easy to
get used to.
Further Work
Both of the tunneling techniques described above (6to4 and Teredo) work well for single machines, but if you intend to run an
IPv6 network at home or in your office, neither is ideal. For that, your best option is to set up one host or router on your network
as the local endpoint of a 6to4 tunnel, and use IPv6's stateless autoconfiguration for all of the other computers.
For this, you will need to designate one machine as a "router advertiser" (presumably the gateway). This machine will listen
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
3 of 7 11/28/2011 07:18 PM
-
Set as favoriteShare ThisEmail this
+0
+0
-1
for router solicitation requests broadcast over the local network by IPv6 clients using their link local addresses, then respond
to each of them, assigning unique address. This is akin to the behavior of a DHCP server with IPv4.
On Linux, the preferred package to perform this task is the router advertisement daemon, radvd. Setup is not complicated, but
there are a few options, such as working with or without 6to4. If you segment your network, you may also need to take special
steps to ensure that clients on one link can reach the radvd server -- remember, the clients use link local addresses to try and
discover the server, so they must be on the same network segment. This could even affect WiFi clients, if the router in question
keeps the WiFi and wired sides of the LAN separate.
Once you've gotten familiar with basic radvd, though, there is still more in IPv6 to learn -- we have not even touched on Mobile
IPv6 or IPSec, both of which are interesting topics in their own right. If you're interested in a Weekend Project tutorial on
Mobile IPv6 or IPSec vote with your comments in the section below!
Nathan Willis
Comments (4)Subscribe to this comment's feed
Show/hide comments
Inaccurate Articlewritten by Denis Lemire, May 14, 2010The article mentions registering with a 6to4 tunnel broker. If you're using 6to4you DON'T need a tunnel broker. EIther use a tunnel broker or use 6to4 they arealternative solutions that are completely unrelated to each other.
marcinwritten by 15zer, May 16, 2010It`s work!
Non-generic commandswritten by Mark Elkins, June 07, 2010Fair but the "ip" command is not available in every distribution - you perhapsshould have used generic commands... Linux != Debian/Ubunto (I run Gentoo)I really don't want to sound discouraging - we need more tutorials on IPv6 - but if somepeople don't have the same command structure - they may become discouraged.
Not sure on all the tunnel commands using 'ip' (I run IPv6 natively) - butip -6 addr show dev eth0 *can become* ifconfig eth0
...written by Nathan Willis, June 07, 2010Mark,
I was under the impression that ip was available on Gentoo; it certainly turned up in myresearch: http://www.gentoo.org/doc/en/ipv6.xml
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
4 of 7 11/28/2011 07:18 PM
-
+1
Is that doc mistaken?
Write commentShow/hide comment form
You must be logged in to post a comment. Please register if you do not have an accountyet.
Latest Tutorials
Dnsmasq For Easy LAN Name Services1.
NewsBlur: The Open Source Feed Reader with Brains2.
Weekend Project: Control Your Configuration with Etckeeper3.
openSUSE 12.1 Arrives: What's New and What Happened to 12.0?4.
Managing Live and Offline Migrations with Linux's KVM5.
Latest Software News
More Fun with Vimscript1.
Free Tools for Getting Started with the Mighty GIMP Graphics Editor2.
The Automotive Linux Summit Marks Linux's Bright Future in Vehicles3.
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
5 of 7 11/28/2011 07:18 PM
-
Early Previews of Next Versions of Firefox Are Ready for Poke-Arounds4.
5 Resources for Getting Much More Out of VLC Media Player5.
Linux Jobs
Senior Java/J2EE Developer JAVA, J2EE...
iStaff, Atlanta, GA
Software Engineer - Java/Linux - Trad...
Total Resource Solutions, Sydney, Sydney, Australia
Automotive Software Specialist - Nure...
Novate IT Ltd, Nrnberg, Bayern, Germany
LINUX INTEGRATION ENGINEER
Request Technology, LLC, Chicago, IL
Linux Administrator I - Emerging Supp...
Rackspace, San Antonio, TX
More jobs | Post a job
Powered by
Who we are ?
The Linux Foundationis a non-profitconsortium dedicatedto the growth ofLinux.
More About thefoundation...
Frequent Questions
Join / Linux Training /Board
Explore
Answers
Blogs
Forums
Directory
Stay Current
Netbooks
Cloud Computing
Enterprise
Embedded & Mobile
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
6 of 7 11/28/2011 07:18 PM
-
About Linux.com
How to Participate
Contact / About
Advertise
Privacy / Terms /Editorial Policy
The LinuxFoundation
Copyright 2011 Linux.com. All Rights Reserved.
Linux.com.
Weekend Project: Transition to IPv6 | Linux.com https://www.linux.com/learn/tutorials/308738-we...
7 of 7 11/28/2011 07:18 PM