Links
Freebsd.org
OpenPacket Blog
Arquivos
30/08/2005
03/09/2005
06/09/2005
09/09/2005
10/09/2005
03/10/2005
Texto sobre configurar IPV6 (Funcionou na rede local)
Introduction
Setting up a box so that you can run IPv6 may look complicated, but is quite easy and getting easier. Currently the new ifup/ifdown method of specifying interfaces doesn't work too well with IPv6, but that should be changing soon making it even easier.
First you will have to compile a kernel with IPv6 support. The process for making and installing a new kernel is well documented elsewhere. The main point for this step is to turn on experimental features then go into networking options and turn on IPv6 protocol. You can find more details in the IPv6 Howto. If you want to use the iproute tools, also configure CONFIG_NETLINK, CONFIG_RTNETLINK and CONFIG_NETLINK_DEV too.
To configure the interfaces, use the new Debian ifup/ifdown method. The reason for this is that with the newer releases the ifup/ifdown system is how you will configure all interfaces including IPv4, IPX etc. In this document we talk about ifup/ifdown, iproute and ifconfig/route methods.
Next you will have to decide whether or not to have global scope addresses on the link or not. This basically means will you have IPv6 addresses on your links that people on 6 bone can ping or not. Places like Freenet6 use global scope addresses but it is up to you.
You may want to consider running dynamic routing protocols. If you are even thinking of doing this then you must have a pretty good idea on how to run IPv6 in the first place! How to configure dynamic protocols is currently out of the scope of this page.
Getting IPv6 Addresses
You will need to get some IPv6 addresses so the rest of the world can talk to you. I assume that you want to use experimental ones and be connected to 6bone which is an experimental tunnel-based IPV6 network layed over the normal Internet. For more information about how to connect, go to 6bone's How to join 6bone page.
You can also get a tunnel from freenet. Use the freenet6 package to set it up.
There is also a DMOZ entry for IPv6 called IPng that lists IPv6 service providers and tunnel brokers.
Finally you can use 6to4 addresses, which are a great idea for dialups if you don't want to run servers. For more information about that option look at the 6to4 Setup Page.
Configuring Ethernet Interface
Most people want to run IPv6 on their local network, which usually means an Ethernet interface. The way to do this is configure your Ethernet interface for IPv4, then add an IPv6 address to it. For example, my local network IPv6 address is 2001:0db8:0005:0006::78/64, so to add this address to the interface I put the following into the interfaces file.
iface eth0 inet6 static
address 2001:0db8:0005:0006::78
netmask 64
Configuring a tunnel
OK, so you can play IPv6 locally, now to connect to the rest of the world. This is done, usually, by using a tunnel to some IPv6 provider. You need a few IP addresses to do this. First you need addresses for both ends of your tunnel. You also need the IPv4 address of the remote end.
The ip tool is kind of cute, because you can name your tunnels, so lets call it mytunl. The IP addresses we will use will be 2001:0db8:fff5:0006::100 for the remote end and 2001:0db8:fff5::101 for the local end, both addresses will be in a network of 64 significant bits. The IPv4 address of the remote host which connects us to the rest of the IPv6 world is 192.0.2.42.
The commands to build this tunnel vary depending if you want global scope addresses or not, here is the configuration with global scope addresses (2001:0db8:fff5:6::101 and 2001:0db8:fff5:6::100)
For the ifup/ifdown system, you need to edit its configuration file /etc/network/interfaces and put the following lines:
iface mytunl inet6 v4tunnel
address 2001:0db8:fff5:6::101
netmask 64
endpoint 192.0.2.42
up ip route add 2002::0/3 via 2001:0db8:fff5:6::100
up ip tunnel change mytunl ttl 64
Router Advertising - radvd
Router advertising is a bit like a DHCP server. Computers just connect to the network, wait, and get a response on what their IP address and default router are. There are two ways of running a router advertiser: radvd and zebra.
radvd is a router advertisement daemon. Put one of these on your network and your configuration problems for clients should be greatly reduced. radvd is a package within Debian, so just apt-get install it and with a little configuration you are ready to go.
Using our mythical 2001:0db8:0005:0006::/64 network, we would put in /etc/radvd.conf the following lines:
interface eth0
{
AdvSendAdvert on;
prefix 2001:0db8:0005:0006::0/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
Router Advertising - Quagga
Quagga is a fork of the older Zebra project that is a multi purpose routing program. It does many things but one of those things is router advertising. Unfortunately Quagga shares with its predecessor a set of documents that suck. To configure it, type in the following lines either at the config prompt or in the configuration file.
interface eth0
ipv6 nd send-ra
ipv6 nd prefix-advertisement 2001:0db8:0005:0006::/64
Kernel Parameters
These kernel parameters are used on hosts that are not automatically configured. If you use a host who talks to a router running radvd then you do not need to use these paramters. In fact setting some of these parameters will mean the IPv6 autoconfigation will fail.
These paramters are almost essential on a gateway or a single host that has its own tunnel.
Put the following in some startup script. If you are still using /etc/init.d/network then there is a good place.
echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/all/router_solicitations
You can also use the sysctl stuff to set kernel variables, in /etc/sysctl.conf put the following:
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.router_solicitations = 0
If you don't have a /etc/sysctl.conf file then you may not have the sysctl utility, which means you have to use the echo method.
Gotchas
Here are some things that have caught people, caused confusion and pain, brought the four men of the apocalypse or just damn well annoying . If you think something is not quite right have a look here. If something was not quite right and you fixed it, email me so we can share in your frustration.
Firewalls
Got iptables or its friends going? Are your tunnels getting dropped? You're probably firewalling the IPv6 packets. To let ipv6 through, you will need to do something like:
iptables -I INPUT -j ACCEPT --proto 41
Also if you want to do IPv6 firewalling where you inspect the IPv6 packets and not just firewall all of IPv6 (by blocking protocol 41) then you need to look at the ip6tables program.
Wierd kernel parameters
These can be another source of frustration. The parameters described above, if missing, can stop packets going through a gateway. Don't ask why (well the forwarding one is obvious but the others can do it too) just make sure they're set correctly.
Default routes bounce packets
Having a default route in Linux for IPv6 can often lead to severe hair loss as you tear whatever is remaining out. For reasons best left to the kernel hackers, using default routes just doesn't work right (ok you may be lucky). Use 2000::0/3 instead.
ping6 works but traceroute6 doesn't
IPv6 tunnels work by encapsulating ipv6 packets into ipv4 frames. The problem is, what TTL should the IPv4 packets use? By default they "inherit" their TTL from the IPv6 packet. Works great, stops routing loops and totally breaks traceroute6. To fix this, set the tunnel TTL to some fixed value, you can do this with the command:
/sbin/ip tunnel change mytunl ttl 64
This will set the TTL for packets created for the tunnel to 64 hops. You can change it to whatever you like but it should be more than the maximum expected number of hops from your node to your upstream one.
Configuring the interfaces the old way
Sometimes you are unable to use the ifup/ifdown method for configuring interfaces. This would mainly because you are running some ancient version of Debian, or something that is not Debian at all. This is the section for you then. If you have the /etc/network/interfaces file then ignore everything below here.
Ethernet Interfaces
Ethernet interfaces can be configured with either of the following commands:
ifconfig eth0 add 2001:0db8:0005:0006::78/64
or
ip addr add 2001:0db8:0005:0006::78/64 dev eth0
Tunnels
The tunnel configurations would go in a file in /etc/init.d just like the old ifconfig IPv4 commands.
ip tunnel add mytunl mode sit remote 192.0.2.42
ip link set mytunl up
ip addr add 2001:0db8:fff5:6::101/64 dev mytunl
ip route add 2000::0/3 via 2001:0db8:fff5:6::100
I usually put a ip tunnel del mytunl 2>/dev/null before that block just so I can re-run the script without too much troubles. To not use global scope addresses, change the last two lines to
ip route add 2000::0/3 via ::192.0.2.42
If you want to use the old ifconfig commands instead and not use iproute, then the commands look like
ifconfig sit0 up
ifconfig sit0 tunnel ::192.0.2.42
ifconfig sit1 up
ifconfig sit1 add 2001:0db8:fff5:0006::101/64
route -A inet6 add 2000::0/3 gw 2001:0db8:fff5:0006::100
Once again, you can use global scope IPv6 addresses or not. To not have global scope addresses on your link, change the last two lines to:
route -A inet6 add 2000::0/3 gw ::192.0.2.42
Where to put it
Next is, where to put all this stuff? For ifup/ifdown the answer is simple, put it into their configuration file /etc/network/interfaces. For the other methods I make a /etc/init.d/network-ipv6 file and put all the stuff in there. Make sure it works properly and then run update-rc.d with the command:
update-rc.d network-ipv6 start 40 S .
This runs the file at startup at level 40, which means it runs it after configuring the IPv4 interfaces.
Acknowledgements
My thanks to the folks on the debian-ipv6 mailing list for their suggestions to improving this page. You can find more information about the email list on the main page.
Link Original: http://people.debian.org/~csmall/ipv6/setup.html
<< InĂcio
Setting up a box so that you can run IPv6 may look complicated, but is quite easy and getting easier. Currently the new ifup/ifdown method of specifying interfaces doesn't work too well with IPv6, but that should be changing soon making it even easier.
First you will have to compile a kernel with IPv6 support. The process for making and installing a new kernel is well documented elsewhere. The main point for this step is to turn on experimental features then go into networking options and turn on IPv6 protocol. You can find more details in the IPv6 Howto. If you want to use the iproute tools, also configure CONFIG_NETLINK, CONFIG_RTNETLINK and CONFIG_NETLINK_DEV too.
To configure the interfaces, use the new Debian ifup/ifdown method. The reason for this is that with the newer releases the ifup/ifdown system is how you will configure all interfaces including IPv4, IPX etc. In this document we talk about ifup/ifdown, iproute and ifconfig/route methods.
Next you will have to decide whether or not to have global scope addresses on the link or not. This basically means will you have IPv6 addresses on your links that people on 6 bone can ping or not. Places like Freenet6 use global scope addresses but it is up to you.
You may want to consider running dynamic routing protocols. If you are even thinking of doing this then you must have a pretty good idea on how to run IPv6 in the first place! How to configure dynamic protocols is currently out of the scope of this page.
Getting IPv6 Addresses
You will need to get some IPv6 addresses so the rest of the world can talk to you. I assume that you want to use experimental ones and be connected to 6bone which is an experimental tunnel-based IPV6 network layed over the normal Internet. For more information about how to connect, go to 6bone's How to join 6bone page.
You can also get a tunnel from freenet. Use the freenet6 package to set it up.
There is also a DMOZ entry for IPv6 called IPng that lists IPv6 service providers and tunnel brokers.
Finally you can use 6to4 addresses, which are a great idea for dialups if you don't want to run servers. For more information about that option look at the 6to4 Setup Page.
Configuring Ethernet Interface
Most people want to run IPv6 on their local network, which usually means an Ethernet interface. The way to do this is configure your Ethernet interface for IPv4, then add an IPv6 address to it. For example, my local network IPv6 address is 2001:0db8:0005:0006::78/64, so to add this address to the interface I put the following into the interfaces file.
iface eth0 inet6 static
address 2001:0db8:0005:0006::78
netmask 64
Configuring a tunnel
OK, so you can play IPv6 locally, now to connect to the rest of the world. This is done, usually, by using a tunnel to some IPv6 provider. You need a few IP addresses to do this. First you need addresses for both ends of your tunnel. You also need the IPv4 address of the remote end.
The ip tool is kind of cute, because you can name your tunnels, so lets call it mytunl. The IP addresses we will use will be 2001:0db8:fff5:0006::100 for the remote end and 2001:0db8:fff5::101 for the local end, both addresses will be in a network of 64 significant bits. The IPv4 address of the remote host which connects us to the rest of the IPv6 world is 192.0.2.42.
The commands to build this tunnel vary depending if you want global scope addresses or not, here is the configuration with global scope addresses (2001:0db8:fff5:6::101 and 2001:0db8:fff5:6::100)
For the ifup/ifdown system, you need to edit its configuration file /etc/network/interfaces and put the following lines:
iface mytunl inet6 v4tunnel
address 2001:0db8:fff5:6::101
netmask 64
endpoint 192.0.2.42
up ip route add 2002::0/3 via 2001:0db8:fff5:6::100
up ip tunnel change mytunl ttl 64
Router Advertising - radvd
Router advertising is a bit like a DHCP server. Computers just connect to the network, wait, and get a response on what their IP address and default router are. There are two ways of running a router advertiser: radvd and zebra.
radvd is a router advertisement daemon. Put one of these on your network and your configuration problems for clients should be greatly reduced. radvd is a package within Debian, so just apt-get install it and with a little configuration you are ready to go.
Using our mythical 2001:0db8:0005:0006::/64 network, we would put in /etc/radvd.conf the following lines:
interface eth0
{
AdvSendAdvert on;
prefix 2001:0db8:0005:0006::0/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
Router Advertising - Quagga
Quagga is a fork of the older Zebra project that is a multi purpose routing program. It does many things but one of those things is router advertising. Unfortunately Quagga shares with its predecessor a set of documents that suck. To configure it, type in the following lines either at the config prompt or in the configuration file.
interface eth0
ipv6 nd send-ra
ipv6 nd prefix-advertisement 2001:0db8:0005:0006::/64
Kernel Parameters
These kernel parameters are used on hosts that are not automatically configured. If you use a host who talks to a router running radvd then you do not need to use these paramters. In fact setting some of these parameters will mean the IPv6 autoconfigation will fail.
These paramters are almost essential on a gateway or a single host that has its own tunnel.
Put the following in some startup script. If you are still using /etc/init.d/network then there is a good place.
echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/all/router_solicitations
You can also use the sysctl stuff to set kernel variables, in /etc/sysctl.conf put the following:
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.router_solicitations = 0
If you don't have a /etc/sysctl.conf file then you may not have the sysctl utility, which means you have to use the echo method.
Gotchas
Here are some things that have caught people, caused confusion and pain, brought the four men of the apocalypse or just damn well annoying . If you think something is not quite right have a look here. If something was not quite right and you fixed it, email me so we can share in your frustration.
Firewalls
Got iptables or its friends going? Are your tunnels getting dropped? You're probably firewalling the IPv6 packets. To let ipv6 through, you will need to do something like:
iptables -I INPUT -j ACCEPT --proto 41
Also if you want to do IPv6 firewalling where you inspect the IPv6 packets and not just firewall all of IPv6 (by blocking protocol 41) then you need to look at the ip6tables program.
Wierd kernel parameters
These can be another source of frustration. The parameters described above, if missing, can stop packets going through a gateway. Don't ask why (well the forwarding one is obvious but the others can do it too) just make sure they're set correctly.
Default routes bounce packets
Having a default route in Linux for IPv6 can often lead to severe hair loss as you tear whatever is remaining out. For reasons best left to the kernel hackers, using default routes just doesn't work right (ok you may be lucky). Use 2000::0/3 instead.
ping6 works but traceroute6 doesn't
IPv6 tunnels work by encapsulating ipv6 packets into ipv4 frames. The problem is, what TTL should the IPv4 packets use? By default they "inherit" their TTL from the IPv6 packet. Works great, stops routing loops and totally breaks traceroute6. To fix this, set the tunnel TTL to some fixed value, you can do this with the command:
/sbin/ip tunnel change mytunl ttl 64
This will set the TTL for packets created for the tunnel to 64 hops. You can change it to whatever you like but it should be more than the maximum expected number of hops from your node to your upstream one.
Configuring the interfaces the old way
Sometimes you are unable to use the ifup/ifdown method for configuring interfaces. This would mainly because you are running some ancient version of Debian, or something that is not Debian at all. This is the section for you then. If you have the /etc/network/interfaces file then ignore everything below here.
Ethernet Interfaces
Ethernet interfaces can be configured with either of the following commands:
ifconfig eth0 add 2001:0db8:0005:0006::78/64
or
ip addr add 2001:0db8:0005:0006::78/64 dev eth0
Tunnels
The tunnel configurations would go in a file in /etc/init.d just like the old ifconfig IPv4 commands.
ip tunnel add mytunl mode sit remote 192.0.2.42
ip link set mytunl up
ip addr add 2001:0db8:fff5:6::101/64 dev mytunl
ip route add 2000::0/3 via 2001:0db8:fff5:6::100
I usually put a ip tunnel del mytunl 2>/dev/null before that block just so I can re-run the script without too much troubles. To not use global scope addresses, change the last two lines to
ip route add 2000::0/3 via ::192.0.2.42
If you want to use the old ifconfig commands instead and not use iproute, then the commands look like
ifconfig sit0 up
ifconfig sit0 tunnel ::192.0.2.42
ifconfig sit1 up
ifconfig sit1 add 2001:0db8:fff5:0006::101/64
route -A inet6 add 2000::0/3 gw 2001:0db8:fff5:0006::100
Once again, you can use global scope IPv6 addresses or not. To not have global scope addresses on your link, change the last two lines to:
route -A inet6 add 2000::0/3 gw ::192.0.2.42
Where to put it
Next is, where to put all this stuff? For ifup/ifdown the answer is simple, put it into their configuration file /etc/network/interfaces. For the other methods I make a /etc/init.d/network-ipv6 file and put all the stuff in there. Make sure it works properly and then run update-rc.d with the command:
update-rc.d network-ipv6 start 40 S .
This runs the file at startup at level 40, which means it runs it after configuring the IPv4 interfaces.
Acknowledgements
My thanks to the folks on the debian-ipv6 mailing list for their suggestions to improving this page. You can find more information about the email list on the main page.
Link Original: http://people.debian.org/~csmall/ipv6/setup.html
<< InĂcio
