(→Firewall) |
m (→Stateless address autoconfiguration) |
||
(12 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
== What is IPv6 == | == What is IPv6 == | ||
− | IPv6 is the new Internet Protocol | + | IPv6 is the new Internet Protocol version 6 defined by RFC 2460 and set to replace the current Internet Protocol version 4 (IPv4). The address space for IPv4 is only 32 bits long, and with the proliferation of IP devices from desktop computers, tablets and smart phones to set-top boxes, VoIP telephones and air conditioners, the world is quickly running out of Internet Addresses. |
While the main objective of IPv6 is a much larger address space, IPv6 can also offer these other advantages: | While the main objective of IPv6 is a much larger address space, IPv6 can also offer these other advantages: | ||
− | * Stateless Address Auto-configuration | + | * Stateless Address Auto-configuration (SLAAC) |
* No NAT (Network Address Translation) | * No NAT (Network Address Translation) | ||
* Easy Address Renumbering | * Easy Address Renumbering | ||
Line 18: | Line 14: | ||
== IPv6 Address Formats == | == IPv6 Address Formats == | ||
− | Version 6 Internet Protocol (IP) addresses are 128 bits long and written in hexadecimal with pairs of bytes separated by colons. | + | Version 6 Internet Protocol (IP) addresses are 128 bits long and written in hexadecimal with pairs of bytes separated by colons. An IPv6 address looks like : |
− | + | 2003:42b8:2219:6400:0000:0000:0000:0001 | |
but can be shortened to | but can be shortened to | ||
− | + | 2003:42b8:2219:6400::1 | |
+ | |||
+ | by removing leading zeros and substituting zero blocks with two colons. | ||
− | |||
− | |||
== Scopes == | == Scopes == | ||
Line 49: | Line 45: | ||
The next stage is to try to configure a global address. The host will query all the routers on the subnet with a router solicitation (RS) message and ask for a list of prefixes. It then adds the prefix to Interface ID to create additional IPv6 addresses. | The next stage is to try to configure a global address. The host will query all the routers on the subnet with a router solicitation (RS) message and ask for a list of prefixes. It then adds the prefix to Interface ID to create additional IPv6 addresses. | ||
− | The host will keep | + | The host will keep listening for router advertisements (RA) and make address changes as the network dynamically changes. |
== IPv6 Router Advertisement Daemon (radvd) == | == IPv6 Router Advertisement Daemon (radvd) == | ||
− | The IPv6 Router Advertisement Daemon periodically sends router advertisement (RA) messages to a local ethernet LAN. | + | The IPv6 Router Advertisement Daemon periodically sends router advertisement (RA) messages to a local ethernet LAN advertising among other things, the prefix and router address. RA messages can also be requested on demand using a router solicitation (RS) message. |
− | + | ||
− | + | ||
The source for radvd can be downloaded from http://www.litech.org/radvd/ | The source for radvd can be downloaded from http://www.litech.org/radvd/ | ||
Line 66: | Line 60: | ||
MinRtrAdvInterval 3; | MinRtrAdvInterval 3; | ||
MaxRtrAdvInterval 10; | MaxRtrAdvInterval 10; | ||
− | prefix | + | prefix 2003:44b9:4219:6400::/64 { |
AdvOnLink on; | AdvOnLink on; | ||
AdvAutonomous on; | AdvAutonomous on; | ||
Line 126: | Line 120: | ||
ip -6 route add default dev ppp0 | ip -6 route add default dev ppp0 | ||
</PRE> | </PRE> | ||
− | |||
== IPv6 Forwarding == | == IPv6 Forwarding == | ||
Line 142: | Line 135: | ||
<PRE> | <PRE> | ||
ip6tables -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT | ip6tables -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT | ||
+ | </PRE> | ||
+ | |||
+ | == Windows 7 == | ||
+ | |||
+ | IPConfig in Windows will return something like : | ||
+ | |||
+ | <PRE> | ||
+ | Autoconfiguration Enabled . . . . : Yes | ||
+ | IPv6 Address. . . . . . . . . . . : 2001:44b8:219:6400:e8c2:8568:xxxx:xxxx(Preferred) | ||
+ | Temporary IPv6 Address. . . . . . : 2001:44b8:219:6400:edb6:e829:9a37:e5f0(Preferred) | ||
+ | Link-local IPv6 Address . . . . . : fe80::e8c2:8568:259f:3e46%10(Preferred) | ||
+ | </PRE> | ||
+ | |||
+ | Windows 7 doesn't use the IEEE EUI-64 Identifier as default for the Interface ID as per RFC 4291. If you want to use EUI-64 for the interface identifier, use | ||
+ | |||
+ | <PRE> | ||
+ | netsh interface ipv6 set global randomizeidentifiers=disabled | ||
+ | </PRE> | ||
+ | |||
+ | Additionally, Windows 7 (and Vista) creates a temporary global IPv6 address (RFC 3041). There are concerns hosts using auto-configuration will always obtain the same address and this can lead to privacy concerns. The temporary address is used for outgoing client traffic such as web browsers, and has a lifetime after which the address will expire. | ||
+ | |||
+ | The temporary IPv6 address can be disabled using | ||
+ | <PRE> | ||
+ | netsh interface ipv6 set privacy state=disable | ||
</PRE> | </PRE> |
IPv6 is the new Internet Protocol version 6 defined by RFC 2460 and set to replace the current Internet Protocol version 4 (IPv4). The address space for IPv4 is only 32 bits long, and with the proliferation of IP devices from desktop computers, tablets and smart phones to set-top boxes, VoIP telephones and air conditioners, the world is quickly running out of Internet Addresses.
While the main objective of IPv6 is a much larger address space, IPv6 can also offer these other advantages:
Version 6 Internet Protocol (IP) addresses are 128 bits long and written in hexadecimal with pairs of bytes separated by colons. An IPv6 address looks like :
2003:42b8:2219:6400:0000:0000:0000:0001
but can be shortened to
2003:42b8:2219:6400::1
by removing leading zeros and substituting zero blocks with two colons.
With IPv4, RFC 1918 "Address Allocation for Private Internets" outlined private or non route-able address spaces e.g. 192.168.0.0/16
IPv6 defines a range of scopes, some of the more common are listed below:
In addition to the above scopes, ff00::0/12 is reserved for multicast addresses.
IPv6 introduces stateless address autoconfiguration allowing a host to automatically configure an IPv6 address.
As the interface ID component of the IPv6 address is 64 bits long, auto-configuration can use the interface's MAC address to generate the Interface ID (or lower 64 bits of the IPv6 address). This is referred to as an IEEE EUI-64 Identifier and is specified under RFC 4291.
The host then creates a link-local (fe80::/64) address using the interface ID and performs duplicate address detection (DAD).
The next stage is to try to configure a global address. The host will query all the routers on the subnet with a router solicitation (RS) message and ask for a list of prefixes. It then adds the prefix to Interface ID to create additional IPv6 addresses.
The host will keep listening for router advertisements (RA) and make address changes as the network dynamically changes.
The IPv6 Router Advertisement Daemon periodically sends router advertisement (RA) messages to a local ethernet LAN advertising among other things, the prefix and router address. RA messages can also be requested on demand using a router solicitation (RS) message.
The source for radvd can be downloaded from http://www.litech.org/radvd/
A default radvd.conf file is shown below advertising an address prefix provided by Internode.
interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; prefix 2003:44b9:4219:6400::/64 { AdvOnLink on; AdvAutonomous on; }; };
Options
Before the ISP will route your allocated IPv6 subnet, a lease needs to be acquired. This can be done using DHCPv6 over the PPP interface.
The source for WIDE-DHCPv6 can be downloaded from http://sourceforge.net/projects/wide-dhcpv6/
Use the following dhcp6c.conf file :
interface ppp0 { send ia-pd 0; script "/etc/wide-dhcpv6/dhcp6c-script"; }; id-assoc pd { prefix-interface eth0 { sla-id 0; sla-len 8; }; };
dhcp6c can be started using:
dhcp6c -c /etc/wide-dhcpv6/dhcp6c.conf ppp0
Please note that once IPv6 forwarding is enabled, linux will ignore subsequent DHCPv6 messages. This prevents your prefix lease being renewed and routing will stop. To prevent this, you need to allow unsolicited UDP traffic coming in on port 546.
The routing table can be displayed using:
/sbin/ip -6 route show
To add the ppp0 interface as the default route use:
ip -6 route add default dev ppp0
IPv6 forwarding can be enabled by
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
ip6tables can be used to filter traffic, just like iptables was to IPv4.
ip6tables -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT
IPConfig in Windows will return something like :
Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:44b8:219:6400:e8c2:8568:xxxx:xxxx(Preferred) Temporary IPv6 Address. . . . . . : 2001:44b8:219:6400:edb6:e829:9a37:e5f0(Preferred) Link-local IPv6 Address . . . . . : fe80::e8c2:8568:259f:3e46%10(Preferred)
Windows 7 doesn't use the IEEE EUI-64 Identifier as default for the Interface ID as per RFC 4291. If you want to use EUI-64 for the interface identifier, use
netsh interface ipv6 set global randomizeidentifiers=disabled
Additionally, Windows 7 (and Vista) creates a temporary global IPv6 address (RFC 3041). There are concerns hosts using auto-configuration will always obtain the same address and this can lead to privacy concerns. The temporary address is used for outgoing client traffic such as web browsers, and has a lifetime after which the address will expire.
The temporary IPv6 address can be disabled using
netsh interface ipv6 set privacy state=disable