(→Routing) |
|||
Line 82: | Line 82: | ||
** AdvAutonomous: When set, indicates that this prefix can be used for autonomous address configuration as specified in RFC 4862. | ** AdvAutonomous: When set, indicates that this prefix can be used for autonomous address configuration as specified in RFC 4862. | ||
** AdvRouterAddr: When set, indicates that the address of interface is sent instead of network prefix | ** AdvRouterAddr: When set, indicates that the address of interface is sent instead of network prefix | ||
+ | |||
+ | == Wide DHCPv6 == | ||
+ | |||
+ | Before the ISP will route your allocated IPv6 subnet, a lease needs to be acquired. This can be done using DHCPv6 over the PPP interface. | ||
+ | |||
+ | The source for WIDE-DHCPv6 can be downloaded from http://sourceforge.net/projects/wide-dhcpv6/ | ||
+ | |||
+ | Use the following dhcp6c.conf file : | ||
+ | |||
+ | <PRE> | ||
+ | interface ppp0 { | ||
+ | send ia-pd 0; | ||
+ | script "/etc/wide-dhcpv6/dhcp6c-script"; | ||
+ | }; | ||
+ | |||
+ | id-assoc pd { | ||
+ | prefix-interface eth0 { | ||
+ | sla-id 0; | ||
+ | sla-len 8; | ||
+ | }; | ||
+ | }; | ||
+ | </PRE> | ||
+ | |||
+ | dhcp6c can be started using: | ||
+ | |||
+ | <PRE> | ||
+ | dhcp6c -c /etc/wide-dhcpv6/dhcp6c.conf ppp0 | ||
+ | </PRE> | ||
+ | |||
+ | Please note that once IPv6 forwarding is enabled, linux will ignore subsequent DHCPv6 messages. This prevents your prefix lease being renewed and routing will stop. To prevent this, you need to allow unsolicited UDP traffic coming in on port 546. | ||
== Routing == | == Routing == | ||
Line 99: | Line 129: | ||
== Firewall == | == Firewall == | ||
+ | ip6tables can be used to filter traffic, just like iptables was to IPv4. | ||
+ | <PRE> | ||
ip6tables -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT | ip6tables -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT | ||
+ | </PRE> |
It has been a couple of years since I last played with IPv6, and since then my ISP Internode has introduced IPv6 as a production service - dual stack, native IPv6. Hence, it is now time to get more serious and have a go implementing IPv6 on the home network.
IPv6 is the new Internet Protocol Version 6 defined by RFC 2460 and set to replace the current Internet Protocol Version 4 (IPv4). The address space for IPv4 is only 32 bits long, and with the proliferation of IP devices from desktop computers, tablets, smart phones, set-top boxes, VoIP telephones etc, the world is quickly running out of Internet Addresses.
While the main objective of IPv6 is a much larger address space, IPv6 can also offer these other advantages:
Version 6 Internet Protocol (IP) addresses are 128 bits long and written in hexadecimal with pairs of bytes separated by colons. A IPv6 address looks like :
2001:44b8:0219:6400:0000:0000:0000:0001
but can be shortened to
2001:44b8:219:6400::1
by removing leading zeros and substituting zero blocks with two colons.
With IPv4, RFC 1918 "Address Allocation for Private Internets" outlined private or non route-able address spaces e.g. 192.168.0.0/16
IPv6 defines a range of scopes, some of the more common are listed below:
In addition to the above scopes, ff00::0/12 is reserved for multicast addresses.
IPv6 introduces stateless address autoconfiguration allowing a host to automatically configure an IPv6 address.
As the interface ID component of the IPv6 address is 64 bits long, auto-configuration can use the interface's MAC address to generate the Interface ID (or lower 64 bits of the IPv6 address). This is referred to as an IEEE EUI-64 Identifier and is specified under RFC 4291.
The host then creates a link-local (fe80::/64) address using the interface ID and performs duplicate address detection (DAD).
The next stage is to try to configure a global address. The host will query all the routers on the subnet with a router solicitation (RS) message and ask for a list of prefixes. It then adds the prefix to Interface ID to create additional IPv6 addresses.
The host will keep listing for router advertisements (RA) and made address changes as the network changes.
The IPv6 Router Advertisement Daemon periodically sends router advertisement (RA) messages to a local ethernet LAN. These messages can also be requested using a router solicitation (RS) message.
RFC 2461 Neighbour Discovery for IP Version 6 (IPv6)
The source for radvd can be downloaded from http://www.litech.org/radvd/
A default radvd.conf file is shown below advertising an address prefix provided by Internode.
interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; prefix 2001:44b8:219:6400::/64 { AdvOnLink on; AdvAutonomous on; }; };
Options
Before the ISP will route your allocated IPv6 subnet, a lease needs to be acquired. This can be done using DHCPv6 over the PPP interface.
The source for WIDE-DHCPv6 can be downloaded from http://sourceforge.net/projects/wide-dhcpv6/
Use the following dhcp6c.conf file :
interface ppp0 { send ia-pd 0; script "/etc/wide-dhcpv6/dhcp6c-script"; }; id-assoc pd { prefix-interface eth0 { sla-id 0; sla-len 8; }; };
dhcp6c can be started using:
dhcp6c -c /etc/wide-dhcpv6/dhcp6c.conf ppp0
Please note that once IPv6 forwarding is enabled, linux will ignore subsequent DHCPv6 messages. This prevents your prefix lease being renewed and routing will stop. To prevent this, you need to allow unsolicited UDP traffic coming in on port 546.
The routing table can be displayed using:
/sbin/ip -6 route show
To add the ppp0 interface as the default route use:
ip -6 route add default dev ppp0
ip6tables can be used to filter traffic, just like iptables was to IPv4.
ip6tables -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT