| Revision History | ||
|---|---|---|
| Revision Release 0.43 | 2003-06-05 | Revised by: PB |
| See revision history for more | ||
| Revision Release 0.42 | 2003-05-09 | Revised by: PB |
| See revision history for more | ||
| Revision Release 0.41 | 2003-03-22 | Revised by: PB |
| See revision history for more | ||
Information about available translations you will find in section Translations.
This Linux IPv6 HOWTO is published under GNU GPL version 2:
The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems.
Copyright (C) 2001-2003 Peter Bieringer
This documentation is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
1993: I got in contact with the Internet using console based e-mail and news client (e.g. look for "e91abier" on groups.google.com, that's me).
1996: I got a request for designing a course on IPv6, including a workshop with the Linux operating system.
1997: Started writing a guide on how to install, configure and use IPv6 on Linux systems, called IPv6 & Linux - HowTo (see IPv6 & Linux - HowTo/History for more information).
2001: Started writing this new Linux IPv6 HOWTO.
The author can be contacted via e-mail at <pb at bieringer dot de> and also via his homepage.
He's currently living in Munich [northern part of Schwabing] / Bavaria / Germany (south) / Europe (middle) / Earth (surface/mainland).
2001-11-30: Starting to design new HOWTO.
2002-01-02: A lot of content completed, first public release of chapter 1 (version 0.10).
2002-01-14: More completed, some reviews, public release of the whole document (version 0.14).
2002-08-16: Polish translation is in progress
2002-10-31: Chinese translation is available (see Translations for more)
2002-11-10: German translation is in progress
2003-02-10: German translation is available
2003-04-09: French translation is in progress
2003-05-09: French translation is available
Translations always have to contain the URL, version number and copyright of the original document (but yours, too). Pls. don't translate the original changelog, this is not very useful. Looks like the document's change frequency is mostly less than once per month. Since version 0.27 it looks like that most of the content contributed by me has been written. Translations always have to use the English version as source.
A Taiwanese translation by Burma Chen <expns at yahoo dot com> (announced to me at 2002-10-31) can be found on the CLDP: http://cldp.linuxforum.net/Linux-IPv6-HOWTO.html. It's a snapshot translation, don't know whether kept up-to-date.
Since 2002-08-16 a Polish translation was started and is still in progress by Lukasz Jokiel <Lukasz dot Jokiel at klonex dot com dot pl>. Taken source: CVS-version 1.29 of LyX file, which was source for howto version 0.27.
With 2002-11-10 a German translation was started by Georg Käfer <gkaefer at gmx dot at> and the first public version was published 2003-02-10. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-de/. This version will stay up-to-date as much as possible.
With 2003-04-09 a French translation was started by Michel Boucey <mboucey at free dot fr> and the first public version was published 2003-05-09. It's originally available on Deep Space 6 at http://mirrors.deepspace6.net/Linux+IPv6-HOWTO-fr/.
This HOWTO is currently written with LyX version 1.2.0 on a Red Hat Linux 7.3 system with template SGML (DocBook book). It's available on TLDP-CVS / users / Peter-Bieringer for contribution.
Code line wrapping is done using selfmade utility "lyxcodelinewrapper.pl", you can get it from CVS for your own usage: TLDP-CVS / users / Peter-Bieringer
SGML is generated using export function in LyX.
Also some fixes are have to be made to create proper SGML code (see also here for the Perl programs TLDP-CVS / users / Peter-Bieringer):
Export of LyX table does not create proper "colspan" tags - tool for fixing: "sgmllyxtabletagfix.pl" (fixed since LyX 1.2.0)
LyX sometimes uses special left/right entities for quotes instead the normal one, which will still exist in generated HTML. Some browsers don't parse this very well (known: Opera 6 TP 2 or Konqueror) - tool for fixing: "sgmllyxquotefix.pl"
Because the HTML pages are generated out of the SGML file, the HTML filenames turn out to be quite random. However, some pages are tagged in LyX, resulting in static names. These tags are useful for references and shouldn't be changed in the future.
If you think that I have forgotten a tag, please let me know, and I will add it.
Some things first:
Including this, there are three (3) HOWTO documents available. Apologies, if that is too many ;-)
The first IPv6 related document was written by Eric Osborne and called Linux IPv6 FAQ/HOWTO (please use it only for historical issues). Latest version was 3.2.1 released July, 14 1997.
Please help: if someone knows the date of birth of this HOWTO, please send me an e-mail (information will be needed in "history").
There exists a second version called IPv6 & Linux - HowTo written by me (Peter Bieringer) in pure HTML. It was born April 1997 and the first English version was published in June 1997. I will continue to maintain it, but it will slowly fade (but not full) in favour of the Linux IPv6 HOWTO you are currently reading.
Because the IPv6 & Linux - HowTo is written in pure HTML it's not really compatible with the The Linux Documentation Project (TLDP). I (Peter Bieringer) got a request in late November 2001 to rewrite the IPv6 & Linux - HowTo in SGML. However, because of the discontinuation of that HOWTO (Future of IPv6 & Linux - HowTo), and as IPv6 is becoming more and more standard, I decided to write a new document covering basic and advanced issues which will remain important over the next few years. More dynamic and some advanced content will be still found further on in the second HOWTO (IPv6 & Linux - HowTo).
Well known decimal number system, represent any value with digit 0-9.
Usually used in lower and higher programming languages, known also as hexadecimal number system, represent any value with digit 0-9 and char A-F (case insensitive).
Representation of a value with 85 different digits/chars, this can lead to shorter strings but never seen in the wild.
Smallest storage unit, on/true (1) or off/false (0)
Mostly a collection of 8 (but not really a must - see older computer systems) bits
Here, hardware of network connection, see also NIC
A dual homed host is a node with two network (physical or virtual) interfaces on two different links, but does not forward any packets between the interfaces.
Generally a single homed host on a link. Normally it has only one active network interface, e.g. Ethernet or (not and) PPP.
Mostly same as "device", see also NIC
Header of an IP packet (each network packet has a header, kind of is depending on network layer)
A link is a layer 2 network packet transport medium, examples are Ethernet, Token Ring, PPP, SLIP, ATM, ISDN, Frame Relay,...
A node is a host or a router.
A collection of 8 real bits, today also similar to "byte".
Information for the TCP/UDP dispatcher (layer 4) to transport information to upper layers
Each network layer contains mostly a protocol field to make life easier on dispatching transported information to upper layer, seen in layer 2 (MAC) and 3 (IP)
A router is a node with two or more network (physical or virtual) interfaces, capable of forwarding packets between the interfaces.
An IP socket is defined by source and destination IP addresses and Ports and (binding)
Network related a collection of layers
IP networks uses bit masks to separate local networks from remote ones
A tunnel is typically a point-to-point connection over which packets are exchanged which carry the data of another protocol, e.g. an IPv6-in-IPv4 tunnel.
Access Control List
Application Programming Interface
Application Specified Integrated Circuit
Berkeley Software Distribution
Controller Area Network Bus (physical bus system)
Project - a joint effort of six companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) stack for BSD variants to the world www.kame.net
Network Interface Card
Request For Comments - set of technical and organizational notes about the Internet
UniverSAl playGround for Ipv6 Project - works to deliver the production quality IPv6 protocol stack for the Linux system.
The special character "¬" is used for signaling that this code line is wrapped for better viewing in PDF and PS files.
You should be familiar with the major Unix tools e.g. grep, awk, find, ... , and know about their most commonly used command-line options.
You should know about layers, protocols, addresses, cables, plugs, etc. If you are new to this field, here is one good starting point for you: linuxports/howto/intro_to_networking
You should definitely have some experience in IPv4 configuration, otherwise it will be hard for you to understand what is really going on.
IPv6 is a new layer 3 protocol (see linuxports/howto/intro_to_networking/ISO - OSI Model) which will supersede IPv4 (also known as IP). IPv4 was designed long time ago (RFC 760 / Internet Protocol from January 1980) and since its inception, there have been many requests for more addresses and enhanced capabilities. Latest RFC is RFC 2460 / Internet Protocol Version 6 Specification. Major changes in IPv6 are the redesign of the header, including the increase of address size from 32 bits to 128 bits. Because layer 3 is responsible for end-to-end packet transport using packet routing based on addresses, it must include the new IPv6 addresses (source and destination), like IPv4.
For more information about the IPv6 history take a look at older IPv6 related RFCs listed e.g. at SWITCH IPv6 Pilot / References.
The years 1992, 1993 and 1994 of the IPv6 History (in general) are covered by following document: IPv6 or IPng (IP next generation).
To-do: better time-line, more content...
The first IPv6 related network code was added to the Linux kernel 2.1.8 in November 1996 by Pedro Roque. It was based on the BSD API:
diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h ¬ linux/include/linux/in6.h --- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970 +++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996 @@ -0,0 +1,99 @@ +/* + * Types and definitions for AF_INET6 + * Linux INET6 implementation + * + * Authors: + * Pedro Roque <******> + * + * Source: + * IPv6 Program Interfaces for BSD Systems + * <draft-ietf-ipngwg-bsd-api-05.txt> |
The shown lines were copied from patch-2.1.8 (e-mail address was blanked on copy&paste).
Because of lack of manpower, the IPv6 implementation in the kernel was unable to follow the discussed drafts or newly released RFCs. In October 2000, a project was started in Japan, called USAGI, whose aim was to implement all missing, or outdated IPv6 support in Linux. It tracks the current IPv6 implementation in FreeBSD made by the KAME project. From time to time they create snapshots against current vanilla Linux kernel sources.
Unfortunately, the USAGI patch is so big, that current Linux networking maintainers are unable to include it in the production source of the Linux kernel 2.4.x series. Therefore the 2.4.x series is missing some (many) extensions and also does not confirm to all current drafts and RFCs (see IP Version 6 Working Group (ipv6) Charter). This can cause some interoperability problems with other operating systems.
USAGI is now making use of the new Linux kernel development series 2.5.x to insert all of their current extensions into this development release. Hopefully the 2.6.x kernel series will contain a true and up-to-date IPv6 implementation.
As previously mentioned, IPv6 addresses are 128 bits long. This number of bits generates very high decimal numbers with up to 39 digits:
2^128-1: 340282366920938463463374607431768211455 |
Such numbers are not really addresses that can be memorized. Also the IPv6 address schema is bitwise orientated (just like IPv4, but that's not often recognized). Therefore a better notation of such big numbers is hexadecimal. In hexadecimal, 4 bits (also known as "nibble") are represented by a digit or character from 0-9 and a-f (10-15). This format reduces the length of the IPv6 address to 32 characters.
2^128-1: 0xffffffffffffffffffffffffffffffff |
This representation is still not very convenient (possible mix-up or loss of single hexadecimal digits), so the designers of IPv6 chose a hexadecimal format with a colon as separator after each block of 16 bits. In addition, the leading "0x" (a signifier for hexadecimal values used in programming languages) is removed:
2^128-1: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff |
A usable address (see address types later) is e.g.:
3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 |
For simplifications, leading zeros of each 16 bit block can be omitted:
3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 -> ¬ 3ffe:ffff:100:f101:210:a4ff:fee3:9566 |
One sequence of 16 bit blocks containing only zeroes can be replaced with "::". But not more than one at a time, otherwise it is no longer a unique representation.
3ffe:ffff:100:f101:0:0:0:1 -> 3ffe:ffff:100:f101::1 |
The biggest reduction is seen by the IPv6 localhost address:
0000:0000:0000:0000:0000:0000:0000:0001 -> ::1 |
There is also a so-called compact (base85 coded) representation defined RFC 1924 / A Compact Representation of IPv6 Addresses (published on 1. April 1996), never seen in the wild, probably an April fool's joke, but here is an example:
# ipv6calc --addr_to_base85 3ffe:ffff:0100:f101:0210:a4ff:fee3:9566 Itu&-ZQ82s>J%s99FJXT |
Info: ipv6calc is an IPv6 address format calculator and converter program and can be found here: ipv6calc
On any IP header, the first 4 bits are reserved for protocol version. So theoretically a protocol number between 0 and 15 is possible:
4: is already used for IPv4
5: is reserved for the Stream Protocol (STP, RFC 1819 / Internet Stream Protocol Version 2) (which never really made it to the public)
The next free number was 6. Hence IPv6 was born!
During the design of IPv4, people thought that 32 bits were enough for the world. Looking back into the past, 32 bits were enough until now and will perhaps be enough for another few years. However, 32 bits are not enough to provide each network device with a global address in the future. Think about mobile phones, cars (including electronic devices on its CAN-bus), toasters, refrigerators, light switches, and so on...
So designers have chosen 128 bits, 4 times more in length and 2^96 greater in size than in IPv4 today.
The usable size is smaller than it may appear however. This is because in the currently defined address schema, 64 bits are used for interface identifiers. The other 64 bits are used for routing. Assuming the current strict levels of aggregation (/48, /35, ...), it is still possible to "run out" of space, but hopefully not in the near future.
See also for more information RFC 1715 / The H Ratio for Address Assignment Efficiency and RFC 3194 / The Host-Density Ratio for Address Assignment Efficiency.
While, there are (possibly) some people (only know about Jim Fleming...) on the Internet who are thinking about IPv8 and IPv16, their design is far away from acceptance and implementation. In the meantime 128 bits was the best choice regarding header overhead and data transport. Consider the minimum Maximum Transfer Unit (MTU) in IPv4 (576 octets) and in IPv6 (1280 octets), the header length in IPv4 is 20 octets (minimum, can increase to 60 octets with IPv4 options) and in IPv6 is 48 octets (fixed). This is 3.4 % of MTU in IPv4 and 3.8 % of MTU in IPv6. This means the header overhead is almost equal. More bits for addresses would require bigger headers and therefore more overhead. Also, consider the maximum MTU on normal links (like Ethernet today): it's 1500 octets (in special cases: 9k octets using Jumbo frames). Ultimately, it wouldn't be a proper design if 10 % or 20 % of transported data in a Layer-3 packet were used for addresses and not for payload.
Like IPv4, IPv6 addresses can be split into network and host parts using subnet masks.
IPv4 has shown that sometimes it would be nice, if more than one IP address can be assigned to an interface, each for a different purpose (aliases, multi-cast). To remain extensible in the future, IPv6 is going further and allows more than one IPv6 address to be assigned to an interface. There is currently no limit defined by an RFC, only in the implementation of the IPv6 stack (to prevent DoS attacks).
Using this large number of bits for addresses, IPv6 defines address types based on some leading bits, which are hopefully never going to be broken in the future (unlike IPv4 today and the history of class A, B, and C).
Also the number of bits are separated into a network part (upper 64 bits) and a host part (lower 64 bits), to facilitate auto-configuration. BTW: a good URL for displaying a given IPv6 address in detail is the Advanced Network Management Laboratory / IPv6 Address Oracle.
This is a special address for the loopback interface, similiar to IPv4 with its "127.0.0.1". With IPv6, the localhost address is:
0000:0000:0000:0000:0000:0000:0000:0001 |
or compressed:
::1 |
Packets with this address as source or destination should never leave the sending host.
This is a special address like "any" or "0.0.0.0" in IPv4 . For IPv6 it's:
0000:0000:0000:0000:0000:0000:0000:0000 |
or:
:: |
These addresses are mostly used/seen in socket binding (to any IPv6 address) or routing tables.
Note: the unspecified address cannot be used as destination address.
There are two addresses which contain an IPv4 address.
IPv4-only IPv6-compatible addresses are sometimes used/shown for sockets created by an IPv6-enabled daemon, but only binding to an IPv4 address.
These addresses are defined with a special prefix of length 96 (a.b.c.d is the IPv4 address):
0:0:0:0:0:ffff:a.b.c.d/96
|
or in compressed format
::ffff:a.b.c.d/96
|
For example, the IPv4 address 1.2.3.4 looks like this:
::ffff:1.2.3.4
|
Used for automatic tunneling (RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers), which is being replaced by 6to4 tunneling.
0:0:0:0:0:0:a.b.c.d/96
|
or in compressed format
::a.b.c.d/96
|
Designers defined some address types and left a lot of scope for future definitions as currently unknown requirements arise. RFC 2373 [July 1998] / IP Version 6 Addressing Architecture defines the current addressing scheme but there is already a new draft available: draft-ietf-ipngwg-addr-arch-*.txt.
Now lets take a look at the different types of prefixes (and therefore address types):
These are special addresses which will only be valid on a link of an interface. Using this address as destination the packet would never pass through a router. It's used for link communications such as:
anyone else here on this link?
anyone here with a special address (e.g. looking for a router)?
They begin with ( where "x" is any hex character, normally "0")
fe8x: <- currently the only one in use. fe9x: feax: febx: |
An address with this prefix is found on each IPv6-enabled interface after stateless auto-configuration (which is normally always the case).
These are addresses similar to the RFC 1918 / Address Allocation for Private Internets in IPv4 today, with the added advantage that everyone who use this address type has the capability to use the given 16 bits for a maximum number of 65536 subnets. Comparable with the 10.0.0.0/8 in IPv4 today.
Another advantage: because it's possible to assign more than one address to an interface with IPv6, you can also assign such a site local address in addition to a global one.
It begins with:
fecx: <- most commonly used. fedx: feex: fefx: |
(where "x" is any hex character, normally "0")
Today, there is one global address type defined (the first design, called "provider based," was thrown away some years ago RFC 1884 / IP Version 6 Addressing Architecture [obsolete], you will find some remains in older Linux kernel sources).
It begins with (x are hex characters)
2xxx: 3xxx: |
Note: the prefix "aggregatable" is thrown away in current drafts. There are some further subtypes defined, see below:
These were the first global addresses which were defined and in use. They all start with
3ffe:
|
Example:
3ffe:ffff:100:f102::1
|
A special 6bone test address which will be never be globally unique begins with
3ffe:ffff:
|
and is mostly shown in examples, because if real addresses are shown, its possible for someone to do a copy & paste to their configuration files. Thus inadvertently causing duplicates on a globally unique address. This would cause serious problems for the original host (e.g. getting answer packets for request that were never sent). You can still apply for one of these prefixes, see here How to join 6bone. Also some tunnel brokers still distribute 6bone test address prefixes.
These addresses, designed for a special tunneling mechanism [RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds and RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers], encode a given IPv4 address and a possible subnet and begin with
2002:
|
For example, representing 192.168.1.1/5:
2002:c0a8:0101:5::1
|
A small shell command line can help you generating such address out of a given IPv4 one:
ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4
¬ | tr "." " "` $sla
|
See also tunneling using 6to4 and information about 6to4 relay routers.
These addresses are delegated to Internet service providers (ISP) and begin with
2001:
|
Prefixes to major (backbone owning) ISPs are delegated by local registries and currently they assign to them a prefix with length 35.
Major ISPs normally delegate to minor ISPs a prefix with length 48.
Multicast addresses are used for related services.
They alway start with (xx is the scope value)
ffxy: |
They are split into scopes and types:
Multicast scope is a parameter to specify the maximum distance a multicast packet can travel from the sending entity.
Currently, the following regions (scopes) are defined:
ffx1: node-local, packets never leave the node.
ffx2: link-local, packets are never forwarded by routers, so they never leave the specified link.
ffx5: site-local, packets never leave the site.
ffx8: organization-local, packets never leave the organization (not so easy to implement, must be covered by routing protocol).
ffxe: global scope.
others are reserved
There are many types already defined/reserved (see RFC 2373 / IP Version 6 Addressing Architecture for details). Some examples are:
All Nodes Address: ID = 1h, addresses all hosts on the local node (ff01:0:0:0:0:0:0:1) or the connected link (ff02:0:0:0:0:0:0:1).
All Routers Address: ID = 2h, addresses all routers on the local node (ff01:0:0:0:0:0:0:2), on the connected link (ff02:0:0:0:0:0:0:2), or on the local site (ff05:0:0:0:0:0:0:2)
Special multicast address used as destination address in neighborhood discovery, because unlike in IPv4, ARP no longer exists in IPv6.
An example of this address looks like
ff02::1:ff00:1234
|
Used prefix shows that this is a link-local multicast address. The suffix is generated from the destination address. In this example, a packet should be sent to address "fe80::1234", but the network stack doesn't know the current layer 2 MAC address. It replaces the upper 104 bits with "ff02:0:0:0:0:1:ff00::/104" and leaves the lower 24 bits untouched. This address is now used `on-link' to find the corresponding node which has to send a reply containing its layer 2 MAC address.
Anycast addresses are special addresses and are used to cover things like nearest DNS server, nearest DHCP server, or similar dynamic groups. Addresses are taken out of the unicast address space (aggregatable global or site-local at the moment). The anycast mechanism (client view) will be handled by dynamic routing protocols.
Note: Anycast addresses cannot be used as source addresses, they are only used as destination addresses.
A simple example for an anycast address is the subnet-router anycast address. Assuming that a node has the following global assigned IPv6 address:
3ffe:ffff:100:f101:210:a4ff:fee3:9566/64 <- Node's address
|
The subnet-router anycast address will be created blanking the suffix (least significant 64 bits) completely:
3ffe:ffff:100:f101::/64 <- subnet-router anycast address
|
For auto-configuration and mobility issues, it was decided to use the lower 64 bits as host part of the address in most of the current address types. Therefore each single subnet can hold a large amount of addresses.
This host part can be inspected differently:
With auto-configuration, the host part of the address is computed by converting the MAC address of an interface (if available), with the EUI-64 method, to a unique IPv6 address. If no MAC address is available for this device (happens e.g. on virtual devices), something else (like the IPv4 address or the MAC address of a physical interface) is used instead.
Consider again the first example
3ffe:ffff:100:f101:210:a4ff:fee3:9566 |
here,
210:a4ff:fee3:9566 |
is the host part and computed from the NIC's MAC address
00:10:A4:E3:95:66 |
using the IEEE-Tutorial EUI-64 design for EUI-48 identifiers.
Because the "automatically computed" host part is globally unique (except when a vendor of a NIC uses the same MAC address on more than one NIC), client tracking is possible on the host when not using a proxy of any kind.
This is a known problem, and a solution was defined: privacy extension, defined in RFC 3041 / Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (there is also already a newer draft available: draft-ietf-ipngwg-temp-addresses-*.txt). Using a random and a static value a new suffix is generated from time to time. Note: this is only reasonable for outgoing client connections and isn't really useful for well-known servers.
For servers it's probably easier to remember simpler addresses, this can also be accommodated. It is possible to assign an additional IPv6 address to an interface, e.g.
3ffe:ffff:100:f101::1 |
For manual suffixes like "::1" shown in the above example it's required that the 6th most significant bit is set to 0 (the universal/local bit of the automatically generated identifier). Also some other (otherwise unchosen ) bit combinations are reserved for anycast addresses, too.
In the early design phase it was planned to use a fully hierarchical routing approach to reduce the size of the routing tables maximally. The reasoning behind this approach were the number of current IPv4 routing entries in core routers (> 104 thousand in May 2001), reducing the need of memory in hardware routers (ASIC "Application Specified Integrated Circuit" driven) to hold the routing table and increase speed (fewer entries hopefully result in faster lookups).
Todays view is that routing will be mostly hierarchically designed for networks with only one service provider. With more than one ISP connections, this is not possible, and subject to an issue named multi-homing (infos on multi-homing: Procider-Internal Aggregation based on Geography to Support Multihoming in IPv6; GAPI: A Geographically Aggregatable Provider Independent Address Space to Support Multihoming in IPv6; Extension Header for Site-Multi-homing support; IPv6 Multihoming Solutions)
Similar to IPv4, the routable network path for routing to take place. Because standard netmask notation for 128 bits doesn't look nice, designers employed the IPv4 Classless Inter Domain Routing (CIDR, RFC 1519 / Classless Inter-Domain Routing) scheme, which specifies the number of bits of the IP address to be used for routing. It is also called the "slash" notation.
An example:
3ffe:ffff:100:1:2:3:4:5/48 |
This notation will be expanded:
Network:
3ffe:ffff:0100:0000:0000:0000:0000:0000 |
Netmask:
ffff:ffff:ffff:0000:0000:0000:0000:0000 |
Under normal circumstances (no QoS) a lookup in a routing table results in the route with the most significant number of address bits means the route with the biggest prefix length matches first.
For example if a routing table shows following entries (list is not complete):
3ffe:ffff:100::/48 :: U 1 0 0 sit1 2000::/3 ::192.88.99.1 UG 1 0 0 tun6to4 |
Shown destination addresses of IPv6 packets will be routed through shown device
3ffe:ffff:100:1:2:3:4:5/48 -> routed through device sit1 3ffe:ffff:200:1:2:3:4:5/48 -> routed through device tun6to4 |
Before you can start using IPv6 on a Linux host, you have to test, whether your system is IPv6-ready. You may have to do some work to enable it first.
Modern Linux distributions already contain IPv6-ready kernels, the IPv6 capability is generally compiled as a module, but it's possible that this module is not loaded automatically on startup.
See IPv6+Linux-Status-Distribution page for most up-to-date information.
Note: you shouldn't anymore use kernel series 2.2.x, because it's not IPv6-up-to-date anymore.
To check, whether your current running kernel supports IPv6, take a look into your /proc-file-system. Following entry must exists:
/proc/net/if_inet6 |
A short automatical test looks like:
# test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready" |
If this fails, it is quite likely, that the IPv6 module is not loaded.
You can try to load the IPv6 module executing
# modprobe ipv6 |
If this is successful, this module should be listed, testable with following auto-magically line:
# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded" |
And the check shown above should now run successfully.
Note: unloading the module is currently not supported and can result, under some circumstances, in a kernel crash.
Its possible to automatically load the IPv6 module on demand. You only have to add following line in the configuration file of the kernel module loader (normally /etc/modules.conf or /etc/conf.modules):
alias net-pf-10 ipv6 # automatically load IPv6 module on demand
|
It's also possible to disable automatically loading of the IPv6 module using following line
alias net-pf-10 off # disable automatically load of IPv6 module on demand
|
Additional note: in future kernels (newer 2.5 series and above), the module loader mechanism was changed. The new configuration file has to be named /etc/modprobe.conf instead of /etc/modules.conf but there is a translate-script available. For further details see module-init-tool.
If both above shown results were negative and your kernel has no IP6 support, than you have the following options:
Update your distribution to a current one which supports IPv6 out-of-the-box (recommended for newbies), see here again: IPv6+Linux-Status-Distribution
Compile a new vanilla kernel (easy, if you know which options you needed)
Recompile kernel sources given by your Linux distribution (sometimes not so easy)
Compile a kernel with USAGI extensions
If you decide to compile a kernel, you should have previous experience in kernel compiling and read the Linux Kernel HOWTO.
A mostly up-to-time comparison between vanilla and USAGI extended kernels is available on IPv6+Linux-Status-Kernel.
More detailed hints about compiling an IPv6-enabled kernel can be found e.g. on IPv6-HOWTO-2#kernel.
Note: you should use whenever possible kernel series 2.4.x or above, because the IPv6 support in series 2.2.x is not so in current state and needs some patches for ICMPv6 and 6to4 support (can be found on kernel series 2.2.x IPv6 patches).
Same as for vanilla kernel, only recommend for advanced users, which are already familiar with IPv6 and kernel compilation. See also USAGI project / FAQ and Obtaining the best IPv6 support with Linux (Article).
Not all existing network devices have already (or ever) the capability to transport IPv6 packets. A current status can be found at IPv6+Linux-status-kernel.html#transport.
A major issue is that because of the network layer structure of kernel implementation an IPv6 packet isn't really recognized by it's IP header number (6 instead of 4). It's recognized by the protocol number of the Layer 2 transport protocol. Therefore any transport protocol which doesn't use such protocol number cannot dispatch IPv6 packets. Note: the packet is still transported over the link, but on receivers side, the dispatching won't work (you can see this e.g. using tcpdump).
Serial Line IP (SLIP, RFC 1055 / SLIP), should be better called now to SLIPv4, device named: slX
Parallel Line IP (PLIP), same like SLIP, device names: plipX
ISDN with encapsulation rawip, device names: isdnX
You wont get very far, if you are running an IPv6-ready kernel, but have no tools to configure IPv6. There are several packages in existence which can configure IPv6.
The net-tool package includes some tools like ifconfig and route, which helps you to configure IPv6 on an interface. Look at the output of ifconfig -? or route -?, if something is shown like IPv6 or inet6, then the tool is IPv6-ready.
Auto-magically check:
# /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is ¬ IPv6-ready" |
Same check can be done for route:
# /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-ready" |
Alexey N. Kuznetsov (current a maintainer of the Linux networking code) created a tool-set which configures networks through the netlink device. Using this tool-set you have more functionality than net-tools provides, but its not very well documented and isn't for the faint of heart.
# /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready" |
If the program /sbin/ip isn't found, then I strongly recommend you install the iproute package.
You can get it from your Linux distribution (if contained)
You can download the tar-ball and recompile it: Original FTP source and mirror (missing)
You're able to look for a proper RPM package at RPMfind/iproute (sometimes rebuilding of a SRPMS package is recommended)
After you have prepared your system for IPv6, you now want to use IPv6 for network communications. First you should learn how to examine IPv6 packets with a sniffer program. This is strongly recommended because for debugging/troubleshooting issues this can aide in providing a diagnosis very quickly.
This program is normally included in package iputils. It is designed for simple transport tests sending ICMPv6 echo-request packets and wait for ICMPv6 echo-reply packets.
Usage
# ping6 <hostwithipv6address> # ping6 <ipv6address> # ping6 [-I <device>] <link-local-ipv6address> |
Example
# ping6 -c 1 ::1 PING ::1(::1) from ::1 : 56 data bytes 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec --- ::1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms |
Hint: ping6 needs raw access to socket and therefore root permissions. So if non-root users cannot use ping6 then there are two possible problems:
ping6 is not in users path (probably, because ping6 is generally stored in /usr/sbin -> add path (not really recommended)
ping6 doesn't execute properly, generally because of missing root permissions -> chmod u+s /usr/sbin/ping6
Using link-local addresses for an IPv6 ping, the kernel does not know through which (physically or virtual) device it must send the packet - each device has a link-local address. A try will result in following error message:
# ping6 fe80::212:34ff:fe12:3456
connect: Invalid argument
|
In this case you have to specify the interface additionally like shown here:
# ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205
PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from
¬ fe80::212:34ff:fe12:3478 eth0: 56 data bytes
64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec
--- fe80::2e0:18ff:fe90:9205 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss round-trip
¬ min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
|
An interesting mechanism to detect IPv6-active hosts on a link is to ping6 to the link-local all-node multicast address:
# ping6 -I eth0 ff02::1 PING ff02::1(ff02::1) from fe80:::2ab:cdff:feef:0123
¬ eth0: 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from fe80::212:34ff:fe12:3450: icmp_seq=1 ttl=64 time=0.549 ms (DUP!)
|
Unlike in IPv4, where replies to a ping on the broadcast address can be disabled, in IPv6 currently this behavior cannot be disable except by local IPv6 firewalling.
This program is normally included in package iputils. It's a program similar to IPv4 traceroute. Below you will see an example:
# traceroute6 www.6bone.net traceroute to 6bone.net (3ffe:b00:c18:1::10) from 3ffe:ffff:0000:f101::2, 30 ¬ hops max, 16 byte packets 1 localipv6gateway (3ffe:ffff:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms 2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms 3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms 4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms 5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms 6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms |
Note: unlike some modern versions of IPv4 traceroute, which can use ICMPv4 echo-request packets as well as UDP packets (default), current IPv6-traceroute is only able to send UDP packets. As you perhaps already know, ICMP echo-request packets are more accepted by firewalls or ACLs on routers inbetween than UDP packets.
This program is normally included in package iputils. It's a program like traceroute6 and traces the path to a given destination discovering the MTU along this path. Below you will see an example:
# tracepath6 www.6bone.net 1?: [LOCALHOST] pmtu 1480 1: 3ffe:401::2c0:33ff:fe02:14 150.705ms 2: 3ffe:b00:c18::5 267.864ms 3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 3: 3ffe:3900:5::2 asymm 4 346.632ms 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms 5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms 6: 3ffe:3800::1:1 asymm 4 578.126ms !N Resume: pmtu 1280 |
On Linux, tcpdump is the major tool for packet capturing. Below you find some examples. IPv6 support is normally built-in in current releases of version 3.6.
tcpdump uses expressions for filtering packets to minimize the noise:
icmp6: filters native ICMPv6 traffic
ip6: filters native IPv6 traffic (including ICMPv6)
proto ipv6: filters tunneled IPv6-in-IPv4 traffic
not port ssh: to suppress displaying SSH packets for running tcpdump in a remote SSH session
Also some command line options are very useful to catch and print more information in a packet, mostly interesting for digging into ICMPv6 packets:
"-s 512": increase the snap length during capturing of a packet to 512 bytes
"-vv": really verbose output
"-n": don't resolve addresses to names, useful if reverse DNS resolving isn't working proper
# tcpdump -t -n -i eth0 -s 512 -vv ip6 or proto ipv6
tcpdump: listening on eth0
3ffe:ffff:100:f101:2e0:18ff:fe90:9205 > 3ffe:ffff:100:f101::1: icmp6: echo
¬ request (len 64, hlim 64)
3ffe:ffff:100:f101::1 > 3ffe:ffff:100:f101:2e0:18ff:fe90:9205: icmp6: echo
¬ reply (len 64, hlim 64)
|
1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples)
# tcpdump -t -n -i ppp0 -s 512 -vv ip6 or proto ipv6
tcpdump: listening on ppp0
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request
¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
¬ 64, hlim 61) (ttl 23, id 29887, len 124)
1.2.3.4 > 5.6.7.8: 2002:ffff:f5f8::1 > 3ffe:ffff:100::1: icmp6: echo request
¬ (len 64, hlim 64) (DF) (ttl 64, id 0, len 124)
5.6.7.8 > 1.2.3.4: 3ffe:ffff:100::1 > 2002:ffff:f5f8::1: icmp6: echo reply (len
¬ 64, hlim 61) (ttl 23, id 29919, len 124)
|
Current distributions already contain the most needed IPv6 enabled client and servers. See first on IPv6+Linux-Status-Distribution. If still not included, you can check IPv6 & Linux - Current Status - Applications whether the program is already ported to IPv6 and usable with Linux. For common used programs there are some hints available at IPv6 & Linux - HowTo - Part 3 and IPv6 & Linux - HowTo - Part 4.
To run the following shown tests, it's required that your system is IPv6 enabled, and some examples show addresses which only can be reached if a connection to the 6bone is available.
Because of security updates in the last years every Domain Name System (DNS) server should run newer software which already understands the (intermediate) IPv6 address-type AAAA (the newer one named A6 isn't still common at the moment because only supported using BIND9 and newer and also the non-existent support of root domain IP6.ARPA). A simple test whether the used system can resolve IPv6 addresses is
# host -t AAAA www.join.uni-muenster.de |
and should show something like following:
www.join.uni-muenster.de. is an alias for ns.join.uni-muenster.de. ns.join.uni-muenster.de. has AAAA address 3ffe:400:10:100:201:2ff:feb5:3806 |
IPv6-ready telnet clients are available. A simple test can be done with
$ telnet 3ffe:400:100::1 80 Trying 3ffe:400:100::1... Connected to 3ffe:400:100::1. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Sun, 16 Dec 2001 16:07:21 GMT Server: Apache/2.0.28 (Unix) Last-Modified: Wed, 01 Aug 2001 21:34:42 GMT ETag: "3f02-a4d-b1b3e080" Accept-Ranges: bytes Content-Length: 2637 Connection: close Content-Type: text/html; charset=ISO-8859-1 Connection closed by foreign host. |
If the telnet client don't understand the IPv6 address and says something like "cannot resolve hostname", then it's not IPv6-enabled.
Current versions of openssh are IPv6-ready. Depending on configuring before compiling it has two behavior.
--without-ipv4-default: the client tries an IPv6 connect first automatically and fall back to IPv4 if not working
--with-ipv4-default: default connection is IPv4, IPv6 connection must be force like following example shows
$ ssh -6 ::1
user@::1's password: ******
[user@ipv6host user]$
|
If your ssh client doesn't understand the option "-6" then it's not IPv6-enabled, like most ssh version 1 packages.
A current status of IPv6 enabled web browsers is available at IPv6+Linux-status-apps.html#HTTP.
Most of them have unresolved problems at the moment
If using an IPv4 only proxy in the settings, IPv6 requests will be sent to the proxy, but the proxy will fail to understand the request and the request fails. Solution: update proxy software (see later).
Automatic proxy settings (*.pac) cannot be extended to handle IPv6 requests differently (e.g. don't use proxy) because of their nature (written in Java-script and well hard coded in source like to be seen in Maxilla source code).
Also older versions don't understand an URL with IPv6 encoded addresses like http://[3ffe:400:100::1]/ (this given URL only works with an IPv6-enabled browser!).
A short test is to try shown URL with a given browser and using no proxy.
A good starting point for browsing using IPv6 is http://www.kame.net/. If the turtle on this page is animated, the connection is via IPv6, otherwise the turtle is static.
In this part of this HOWTO, more client specific issues are mentioned. Therefore hints for IPv6-ready servers like sshd, httpd, telnetd, etc. are shown below in Hints for IPv6-enabled daemons.
Error message: "connect: Invalid argument"
Kernel doesn't know, which physical or virtual link you want to use to send such ICMPv6 packets. Therefore it displays this error message.
Solution: Specify interface like: "ping6 -I eth0 fe80::2e0:18ff:fe90:9205", see also program ping6 usage.
Error message: "icmp socket: Operation not permitted"
These utilities create special ICMPv6 packets and send them out. This is done by using raw sockets in the kernel. But raw sockets can only be used by the "root" user. Therefore normal users get such error message.
Solution: If it's really needed that all users should be able to use these utilities, you can add the "suid" bit using "chmod u+s /path/to/program", see also program ping6 usage. If not all users should be able to, you can change the group of the program to e.g. "wheel", add these power users to this group and remove the execution bit for other users using "chmod o-rwx /path/to/program". Or configure "sudo" to enable your security policy.
On a node, there exist different network devices. They can be collected in classes
Physically bounded, like eth0, tr0
Virtually existing, like ppp0, tun0, tap0, sit0, isdn0, ippp0
Physically bounded interfaces like Ethernet or Token-Ring are normal ones and need no special treatment.
Virtually bounded interfaces always need special support
These interfaces are normally named sitx. The name sit is a shortcut for Simple Internet Transition. This device has the capability to encapsulate IPv6 packets into IPv4 ones and tunnel them to a foreign endpoint.
sit0 has a special meaning and cannot be used for dedicated tunnels.
IPv6 capability for HDLC with encapsulation ip is already built-in in the kernel
ISDN PPP interfaces (ippp) aren't IPv6 enabled by kernel. Also there are also no plans to do that because in kernel 2.5.+ they will be replaced by a more generic ppp interface layer.
Like mentioned earlier, this interfaces don't support IPv6 transport (sending is OK, but dispatching on receiving don't work).
There are different ways to configure an IPv6 address on an interface. You can use use "ifconfig" or "ip".
First you should check, whether and which IPv6 addresses are already configured (perhaps auto-magically during stateless auto-configuration).
Usage:
# /sbin/ip -6 addr show dev <interface> |
Example for a static configured host:
# /sbin/ip -6 addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_ fast qlen 100 inet6 fe80::210:a4ff:fee3:9566/10 scope link inet6 3ffe:ffff:0:f101::1/64 scope global inet6 fec0:0:0:f101::1/64 scope site |
Example for a host which is auto-configured
Here you see some auto-magically configured IPv6 addresses and their lifetime.
# /sbin/ip -6 addr show dev eth0 3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen ¬ 100 inet6 2002:d950:f5f8:f101:2e0:18ff:fe90:9205/64 scope global dynamic valid_lft 16sec preferred_lft 6sec inet6 3ffe:400:100:f101:2e0:18ff:fe90:9205/64 scope global dynamic valid_lft 2591997sec preferred_lft 604797sec inet6 fe80::2e0:18ff:fe90:9205/10 ¬ scope link |
Usage:
# /sbin/ifconfig <interface> |
Example (output filtered with grep to display only IPv6 addresses). Here you see different IPv6 addresses with different scopes.
# /sbin/ifconfig eth0 |grep "inet6 addr:" inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link inet6 addr: 3ffe:ffff:0:f101::1/64 Scope:Global inet6 addr: fec0:0:0:f101::1/64 Scope:Site |
Adding an IPv6 address is similar to the mechanism of "IP ALIAS" addresses in Linux IPv4 addressed interfaces.
Not so often needed, be carefully with removing non existent IPv6 address, sometimes using older kernels it results in a crash.
If you want to leave your link and want to send packets in the world wide IPv6-Internet, you need routing. If there is already an IPv6 enabled router on your link, it's possible enough to add IPv6 routes.
Also here there are different ways to configure an IPv6 address on an interface. You can use use "ifconfig" or "ip"
First you should check, whether and which IPv6 addresses are already configured (perhaps auto-magically during auto-configuration).
Usage:
# /sbin/ip -6 route show [dev <device>] |
Example:
# /sbin/ip -6 route show dev eth0 3ffe:ffff:0:f101::/64 proto kernel metric 256 mtu 1500 advmss 1440 fe80::/10 proto kernel metric 256 mtu 1500 advmss 1440 ff00::/8 proto kernel metric 256 mtu 1500 advmss 1440 default proto kernel metric 256 mtu 1500 advmss 1440 |
Usage:
# /sbin/route -A inet6 |
Example (output is filtered for interface eth0). Here you see different IPv6 routes for different addresses on a single interface.
# /sbin/route -A inet6 |grep -w "eth0" 3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global ¬ address fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local ¬ address ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast ¬ addresses ::/0 :: UDA 256 0 0 eth0 <- Automatic default route |
Mostly needed to reach the outside with IPv6 using an IPv6-enabled router on your link.
Usage:
# /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address> ¬ [dev <device>] |
Example:
# /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1 |
Usage:
# /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw ¬ <ipv6address> [dev <device>] |
A device can be needed, too, if the IPv6 address of the gateway is a link local one.
Following shown example adds a route for all currently global addresses (2000::/3) through gateway 3ffe:ffff:0:f101::1
# /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1 |
Not so often needed manually, mostly done by network configure scripts on shutdown (full or per interface)
Not often needed, sometimes in cases of dedicated point-to-point links.
Not so often needed to use by hand, configuration scripts will use such on shutdown.
One idea of IPv6 was a hierachical routing, therefore only less routing entries are needed in routers.
There are some issues in current Linux kernels:
Client can setup a default route like prefix "::/0", they also learn such route on autoconfiguration e.g. using radvd on the link like following example shows:
# ip -6 route show | grep ^default
default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires
¬ 29sec mtu 1500 advmss 1440
|
Current mainstream Linux kernel (at least <= 2.4.17) don't support default routes. You can set them up, but the route lookup fails when a packet should be forwarded (normal intention of a router).
Therefore at this time "default routing" can be setup using the currently only global address prefix "2000::/3".
The USAGI project already supports this in their extension with a hack.
Note: take care about default routing without address filtering on edge routers. Otherwise unwanted multicast or site-local traffic leave the edge.
Neighbor discovery was the IPv6 successor for the ARP (Address Resolution Protocol) in IPv4. You can retrieve information about the current neighbors, in addition you can set and delete entries. The kernel keeps tracking of successful neighbor detection (like ARP in IPv4). You can dig into the learnt table using "ip".
With following command you can display the learnt or configured IPv6 neighbors
# ip -6 neigh show [dev <device>] |
The following example shows one neighbor, which is a reachable router
# ip -6 neigh show fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable |
With following command you are able to manually add an entry
# ip -6 neigh add <IPv6 address> lladdr <link-layer address> dev <device> |
Example:
# ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0 |
Like adding also an entry can be deleted:
# ip -6 neigh del <IPv6 address> lladdr <link-layer address> dev <device> |
Example:
# ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0 |
The tool "ip" is less documentated, but very strong. See online "help" for more:
# ip -6 neigh help
Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]
[ nud { permanent | noarp | stale | reachable } ]
| proxy ADDR } [ dev DEV ]
ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]
|
Looks like some options are only for IPv4...if you can contribute information about flags and advanced usage, pls. send.
If you want to leave your link you have no IPv6 capable network around you, you need IPv6-in-IPv4 tunneling to reach the world wide IPv6-Internet.
There are some kind of tunnel mechanism and also some possibilities to setup tunnels.
There are more than one possibility to tunnel IPv6 packets over IPv4-only links.
A point-to-point tunnel is a dedicated tunnel to an endpoint, which knows about your IPv6 network (for backward routing) and the IPv4 address of your tunnel endpoint and defined in RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers. Requirements:
IPv4 address of your local tunnel endpoint must be static, global unique and reachable from the foreign tunnel endpoint
A global IPv6 prefix assigned to you (see 6bone registry)
A foreign tunnel endpoint which is capable to route your IPv6 prefix to your local tunnel endpoint (mostly remote manual configuration required)
Automatic tunneling occurs, when a node directly connects another node gotten the IPv4 address of the other node before.
6to4 tunneling (RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds) uses a simple mechanism to create automatic tunnels. Each node with a global unique IPv4 address is able to be a 6to4 tunnel endpoint (if no IPv4 firewall prohibits traffic). 6to4 tunneling is mostly not a one-to-one tunnel. This case of tunneling can be divided into upstream and downstream tunneling. Also, a special IPv6 address indicates that this node will use 6to4 tunneling for connecting the world-wide IPv6 network
The 6to4 address is defined like following (schema is taken from RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds):
| 3+13 | 32 | 16 | 64 bits |
+---+------+-----------+--------+--------------------------------+
| FP+TLA | V4ADDR | SLA ID | Interface ID |
| 0x2002 | | | |
+---+------+-----------+--------+--------------------------------+
|
FP and TLA together (16 bits) have the value 0x2002. V4ADDR is the node's global unique IPv4 address (in hexadecimal notation). SLA is the subnet identifier (65536 local subnets possible) and are usable to represent your local network structure.
For gateways, such prefix is generated by normally using SLA "0000" and suffix "::1" and assigned to the 6to4 tunnel interface.
The node has to know to which foreign tunnel endpoint its in IPv4 packed IPv6 packets should be send to. In "early" days of 6to4 tunneling, dedicated upstream accepting routers were defined. See NSayer's 6to4 information for a list of routers.
Nowadays, 6to4 upstream routers can be found auto-magically using the anycast address 192.88.99.1. In the background routing protocols handle this, see RFC 3068 / An Anycast Prefix for 6to4 Relay Routers for details.
The downstream (6bone -> your 6to4 enabled node) is not really fix and can vary from foreign host which originated packets were send to. There exist two possibilities:
Foreign host uses 6to4 and sends packet direct back to your node (see below)
Foreign host sends packets back to the world-wide IPv6 network and depending on the dynamic routing a relay router create a automatic tunnel back to your node.
Usage:
# /sbin/ip -6 tunnel show [<device>] |
Example:
# /sbin/ip -6 tunnel show sit0: ipv6/ip remote any local any ttl 64 nopmtudisc sit1: ipv6/ip remote 195.226.187.50 local any ttl 64 |
Usage:
# /sbin/route -A inet6 |
Example (output is filtered to display only tunnels through virtual interface sit0):
# /sbin/route -A inet6 | grep "\Wsit0\W*$" ::/96 :: U 256 2 0 sit0 2002::/16 :: UA 256 0 0 sit0 2000::/3 ::193.113.58.75 UG 1 0 0 sit0 fe80::/10 :: UA 256 0 0 sit0 ff00::/8 :: UA 256 0 0 sit0 |
There are 3 possibilities to add or remove point-to-point tunnels.
A good additional information about tunnel setup using "ip" is Configuring tunnels with iproute2 (article).
Common method at the moment for a small amount of tunnels.
Usage for creating a tunnel device (but it's not up afterward, also a TTL must be specified because the default value is 0).
# /sbin/ip tunnel add <device> mode sit ttl <ttldefault> remote
¬ <ipv4addressofforeigntunnel> local <ipv4addresslocal>
|
Usage (generic example for three tunnels):
# /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote
¬ <ipv4addressofforeigntunnel1> local <ipv4addresslocal>
# /sbin/ip link set dev sit1 up
# /sbin/ip -6 route add <prefixtoroute1> dev sit1 metric 1
# /sbin/ip tunnel add sit2 mode sit ttl <ttldefault>
¬ <ipv4addressofforeigntunnel2> local <ipv4addresslocal>
# /sbin/ip link set dev sit2 up
# /sbin/ip -6 route add <prefixtoroute2> dev sit2 metric 1
# /sbin/ip tunnel add sit3 mode sit ttl <ttldefault>
¬ <ipv4addressofforeigntunnel3> local <ipv4addresslocal>
# /sbin/ip link set dev sit3 up
# /sbin/ip -6 route add <prefixtoroute3> dev sit3 metric 1
|
This not very recommended way to add a tunnel because it's a little bit strange. No problem if adding only one, but if you setup more than one, you cannot easy shutdown the first ones and leave the others running.
Usage (generic example for three tunnels):
# /sbin/ifconfig sit0 up
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel1>
# /sbin/ifconfig sit1 up
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel2>
# /sbin/ifconfig sit2 up
# /sbin/route -A inet6 add <prefixtoroute2> dev sit2
# /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel3>
# /sbin/ifconfig sit3 up
# /sbin/route -A inet6 add <prefixtoroute3> dev sit3
|
Important: DON'T USE THIS, because this setup implicit enable "automatic tunneling" from anywhere in the Internet, this is a risk, and it should not be advocated.
It's also possible to setup tunnels in Non Broadcast Multiple Access (NBMA) style, it's a easy way to add many tunnels at once. But none of the tunnel can be numbered (which is a not required feature).
Usage (generic example for three tunnels):
# /sbin/ifconfig sit0 up
# /sbin/route -A inet6 add <prefixtoroute1> gw
¬ ::<ipv4addressofforeigntunnel1> dev sit0
# /sbin/route -A inet6 add <prefixtoroute2> gw
¬ ::<ipv4addressofforeigntunnel2> dev sit0
# /sbin/route -A inet6 add <prefixtoroute3> gw
¬ ::<ipv4addressofforeigntunnel3> dev sit0
|
Important: DON'T USE THIS, because this setup implicit enable "automatic tunneling" from anywhere in the Internet, this is a risk, and it should not be advocated.
Manually not so often needed, but used by scripts for clean shutdown or restart of IPv6 configuration.
Usage for removing a tunnel device:
# /sbin/ip tunnel del <device>
|
Usage (generic example for three tunnels):
# /sbin/ip -6 route del <prefixtoroute1> dev sit1
# /sbin/ip link set sit1 down
# /sbin/ip tunnel del sit1
# /sbin/ip -6 route del <prefixtoroute2> dev sit2
# /sbin/ip link set sit2 down
# /sbin/ip tunnel del sit2
# /sbin/ip -6 route del <prefixtoroute3> dev sit3
# /sbin/ip link set sit3 down
# /sbin/ip tunnel del sit3
|
Not only the creation is strange, the shutdown also...you have to remove the tunnels in backorder, means the latest created must be removed first.
Usage (generic example for three tunnels):
# /sbin/route -A inet6 del <prefixtoroute3> dev sit3
# /sbin/ifconfig sit3 down
# /sbin/route -A inet6 del <prefixtoroute2> dev sit2
# /sbin/ifconfig sit2 down
# /sbin/route -A inet6 add <prefixtoroute1> dev sit1
# /sbin/ifconfig sit1 down
# /sbin/ifconfig sit0 down
|
This is like removing normal IPv6 routes.
Usage (generic example for three tunnels):
# /sbin/route -A inet6 del <prefixtoroute1> gw
¬ ::<ipv4addressofforeigntunnel1> dev sit0
# /sbin/route -A inet6 del <prefixtoroute2> gw
¬ ::<ipv4addressofforeigntunnel2> dev sit0
# /sbin/route -A inet6 del <prefixtoroute3> gw
¬ ::<ipv4addressofforeigntunnel3> dev sit0
# /sbin/ifconfig sit0 down
|
Sometimes it's needed to configure a point-to-point tunnel with IPv6 addresses like in IPv4 today. This is only possible with the first (ifconfig+route - deprecated) and third (ip+route) tunnel setup. In such cases, you can add the IPv6 address to the tunnel interface like shown on interface configuration.
Pay attention that the support of 6to4 tunnels currently lacks on vanilla kernel series 2.2.x (see systemcheck/kernel for more information). Also note that that the prefix length for a 6to4 address is 16 because of from network point of view, all other 6to4 enabled hosts are on the same layer 2.