Ipv6
Ip version 6 setup. Source here
preliminaries linux
The ip command, it is in the iproute package !
ip v6 addresses
v6 addresses are 16 bytes, 4 times bigger then the 4 byte ipv4 addresses. They can be expressed in full or compressed form, in this example the localhost address.
| address |
|---|
| 0000:0000:0000:0000:0000:0000:0000:0001 ::1
|
In short any single sequence of zeros can be shortened to :: not more than one of course because then the address becomes ambiguous.
netmask
Like ipv4, ipv6 also uses netmask's. An example of the address, network and netmask of 48 bits.
| netmask |
|---|
| 2001:0db8:100:1:2:3:4:5/48
2001:0db8:0100:0001:0002:0003:0004:0005/48
2001:0db8:0100:0000:0000:0000:0000:0000
ffff:ffff:ffff:0000:0000:0000:0000:0000
fe80:0000:0000:0000:0000:0000:0000:0000/10
fe80:
fe90:
fea0:
febf:ffff:ffff:ffff
|
Like ipv4 /24 means 24 bits (3 bytes) from the start/left , leaving 8 bits/ 1 byte as the address-space : 48 bits is 6 bytes leaving 80 bits = 10 bytes for addresses.
special addresses
Reserved by IANA as "Unique Local IPv6 unicast Addresses" :
fc00::/7 (fc00:: - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
Subnets of that range are for instance :
| address |
ipv4 |
ipv6 |
| ANY |
0.0.0.0 |
: |
| localhost |
127.0.0.1 |
::1 |
| unspecified address |
0.0.0.0 |
: |
| link local addresses |
169.254.0.0/16 (-169.254.254.255) |
fe80::/10 (-febf:ffff:ffff...) |
| site local addresses |
10.0.0.0/8 |
fc00::/7 (-fdff:ffff:ffff...) |
| global addresses |
|
2xxx: and 3xxx |
see : https://en.wikipedia.org/wiki/Reserved_IP_addresses
Link local addresses are as the name suggest local/unique to the link (interface) only. A router will not route these packets as they are not even unique to the local network. An example : the 169.254. addresses windows comes up with. In linux you only get these if no other mechanism for assigning ip (like DHCP) exists. In ipv6 however these addresses are mandatory (scope link) :
| scope link |
|---|
| inet6 addr: fe80::a00:27ff:fee8:dc1/64 Scope:Link
|
Site local addresses are local/unique to the local network, so 192.168.10.0/24 etc...
installation
On http://www.sixxs.net you can find how to install ipv6 on your server. sixxs seems to be running on a dying server lately so i will try to reconstruct it here : checking your kernel
Should give some output like :
| output |
|---|
| 2001096006ba00010220e0fffe6e0099 02 40 00 00 eth0
00000000000000000000000000000001 01 80 10 80 lo
fe800000000000000220e0fffe6e0099 02 40 20 80 eth0
|
These dump the addresses, quit readable, they only lack some :'s. If /proc/net has no if_inet6 directory, don't despair, you probably only need to load the module:
As this worked on all linuces i tried until now (of course the newer linux versions) you are on your own if it does not work ;(
routing
Like ipv4 the routing entry chosen is the 'smallest matching' entry, the smallest is the route with the largest number of netmask bits (prefix). Adding a dns name for an ipv6 name is formatted like this :
| routing |
|---|
| hostname IN AAAA 2001:960:6ba:1:211:d8ff:fe0b:e711
|
The main difference is 4-A's instead of 1 for ipv4.
interfaces
The debian way. I tested this with Vagrant, by just adding a local ipv6 address and examining the configuration afterwards. Adding the address is dead simple, just add the address like ipv4 :
| Vagrantfile |
|---|
| config.vm.define "ip1" do |ip1|
ip1.vm.box = "ubuntu/trusty64"
ip1.vm.network "private_network", ip: "192.168.55.158"
ip1.vm.network "private_network", ip: "fde4:8dba:82e1::10"
ip1.vm.network "forwarded_port", guest: 22, host: 5658, id: "ssh", auto_correct: true
end
|
: do not make the mistake of taking "fde4:8dba:82e1::1" , virtualbox takes that is the gateway!
debian flavour
It will result in this interfaces files :
| interface |
|---|
| auto lo
iface lo inet loopback
source /etc/network/interfaces.d/*.cfg
#VAGRANT-BEGIN
# The contents below are automatically generated by Vagrant. Do not modify.
auto eth1
iface eth1 inet static
address 192.168.55.158
netmask 255.255.255.0
#VAGRANT-END
#VAGRANT-BEGIN
# The contents below are automatically generated by Vagrant. Do not modify.
auto eth2
iface eth2 inet6 static
address fde4:8dba:82e1::10
netmask 64
#VAGRANT-END
|
And the routing will look like this :
| route |
|---|
| ip -6 ro
fde4:8dba:82e1::/64 dev eth2 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev eth2 proto kernel metric 256
|
Yes, it does add 4 network interfaces, they are allocated like this :
| address |
|---|
| ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:14:14:c5 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe14:14c5/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:11:bc:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.55.158/24 brd 192.168.55.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe11:bc04/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:f0:c5:5d brd ff:ff:ff:ff:ff:ff
inet6 fde4:8dba:82e1::10/64 scope global tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fef0:c55d/64 scope link
valid_lft forever preferred_lft forever
|
So loopback, the default interface for virtualbox (10.0.2.15) and two separate interfaces for ipv4 and ipv6. Now i want to ping another ipv6 VM, so i will try the same for a centos machine :
redhat flavour
| Vagrantfile |
|---|
| config.vm.define "ip2" do |ip2|
ip2.vm.box = "box-cutter/centos70"
ip2.vm.network "private_network", ip: "192.168.55.159"
ip2.vm.network "private_network", ip: "fde4:8dba:82e1::20"
ip2.vm.network "forwarded_port", guest: 22, host: 5659, id: "ssh", auto_correct: true
end
|
The files are now configured in /etc/sysconfig/network-scripts. Since this is the network layout :
| /etc/sysconfig/network-scripts |
|---|
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:0e:f7:7d brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 86078sec preferred_lft 86078sec
inet6 fe80::a00:27ff:fe0e:f77d/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:10:59:71 brd ff:ff:ff:ff:ff:ff
inet 192.168.55.159/24 brd 192.168.55.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe10:5971/64 scope link
valid_lft forever preferred_lft forever
4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:35:98:4e brd ff:ff:ff:ff:ff:ff
inet6 fde4:8dba:82e1::20/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe35:984e/64 scope link
valid_lft forever preferred_lft forever
|
It seems we need network interface 8 and 9 :
ifcfg-enp0s8
| enp0s8 |
|---|
| VAGRANT-BEGIN
# The contents below are automatically generated by Vagrant. Do not modify.
NM_CONTROLLED=no
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.55.159
NETMASK=255.255.255.0
DEVICE=enp0s8
PEERDNS=no
#VAGRANT-END
|
ifcfg-enp0s9
| enp0s9 |
|---|
| #VAGRANT-BEGIN
# The contents below are automatically generated by Vagrant. Do not modify.
NM_CONTROLLED=no
BOOTPROTO=static
ONBOOT=yes
DEVICE=enp0s9
IPV6INIT=yes
IPV6ADDR=fde4:8dba:82e1::20/64
#VAGRANT-END
|
The route is similar, and indeed we can ping back to the first VM.
| ping6 |
|---|
| ping6 fde4:8dba:82e1::10
PING fde4:8dba:82e1::10(fde4:8dba:82e1::1) 56 data bytes
64 bytes from fde4:8dba:82e1::10: icmp_seq=1 ttl=64 time=0.212 ms
64 bytes from fde4:8dba:82e1::10: icmp_seq=2 ttl=64 time=0.164 ms
64 bytes from fde4:8dba:82e1::10: icmp_seq=3 ttl=64 time=0.180 ms
64 bytes from fde4:8dba:82e1::10: icmp_seq=4 ttl=64 time=0.189 ms
64 bytes from fde4:8dba:82e1::10: icmp_seq=5 ttl=64 time=0.182 ms
|
tcpdump
One problem i encountered during setup was detecting the ping6 commands. But this was due to taking fde4:8dba:82e1::1 and fde4:8dba:82e1::2 (the first two addresses) as interface addresses. The gateway (your workstation) also has the first address.
| ifconfig |
|---|
| vboxnet6: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:06
inet 192.168.62.1 netmask 0xffffff00 broadcast 192.168.62.255
inet6 fe80::800:27ff:fe00:6%vboxnet6 prefixlen 64 scopeid 0x12
inet6 fde4:8dba:82e1::1 prefixlen 64
nd6 options=201<PERFORMNUD,DAD>
|
This means none of the ping's i sent reached the other vm, just the workstation. To detect a ping issued like above, you use this tcpdump command :
| tcpdump |
|---|
| tcpdump -t -n -i eth2 -s 512 -vv ip6 or proto ipv6
|
That is the command as advised here : http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/x805.html However this works as well :)