(no commit message)

[ikiwiki.git] / docs / handbook / handbook-network-ipv6.mdwn

## 19.16 IPv6 



***Originally Written by Aaron Kaplan. ******Restructured and Added by Tom Rhodes. ***



IPv6 (also know as IPng ***IP next generation***) is the new version of the well known IP protocol (also know as IPv4). Like the other current *BSD systems, DragonFly includes the KAME IPv6 reference implementation. So your DragonFly system comes with all you will need to experiment with IPv6. This section focuses on getting IPv6 configured and running.



In the early 1990s, people became aware of the rapidly diminishing address space of IPv4. Given the expansion rate of the Internet there were two major concerns:




* Running out of addresses. Today this is not so much of a concern anymore since private address spaces (`10.0.0.0/8`, `192.168.0.0/24`, etc.) and Network Address Translation (NAT) are being employed.


* Router table entries were getting too large. This is still a concern today.



IPv6 deals with these and many other issues:




* 128 bit address space. In other words theoretically there are 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available. This means there are approximately 6.67 * 10^27 IPv6 addresses per square meter on our planet.


* Routers will only store network aggregation addresses in their routing tables thus reducing the average space of a routing table to 8192 entries.



There are also lots of other useful features of IPv6 such as:




* Address autoconfiguration ([RFC2462](http://www.ietf.org/rfc/rfc2462.txt))


* Anycast addresses (***one-out-of many***)


* Mandatory multicast addresses


* IPsec (IP security)


* Simplified header structure


* Mobile IP


* IPv4-to-IPv6 transition mechanisms



For more information see:




* IPv6 overview at [playground.sun.com](http://playground.sun.com/pub/ipng/html/ipng-main.html)


* [KAME.net](http://www.kame.net)


* [6bone.net](http://www.6bone.net)



### 19.16.1 Background on IPv6 Addresses 



There are different types of IPv6 addresses: Unicast, Anycast and Multicast.



Unicast addresses are the well known addresses. A packet sent to a unicast address arrives exactly at the interface belonging to the address.



Anycast addresses are syntactically indistinguishable from unicast addresses but they address a group of interfaces. The packet destined for an anycast address will arrive at the nearest (in router metric) interface. Anycast addresses may only be used by routers.



Multicast addresses identify a group of interfaces. A packet destined for a multicast address will arrive at all interfaces belonging to the multicast group.



 **Note:** The IPv4 broadcast address (usually `xxx.xxx.xxx.255`) is expressed by multicast addresses in IPv6.



 **Table 19-2. Reserved IPv6 addresses** 



[[!table  data="""
| IPv6 address | Prefixlength (Bits) | Description | Notes 
 `::` | 128 bits | unspecified | cf. `0.0.0.0` in IPv4 
 `::1` | 128 bits | loopback address | cf. `127.0.0.1` in IPv4 
 `::00:xx:xx:xx:xx` | 96 bits | embedded IPv4 | The lower 32 bits are the IPv4 address. Also called ***IPv4 compatible IPv6 address*** 
 `::ff:xx:xx:xx:xx` | 96 bits | IPv4 mapped IPv6 address | The lower 32 bits are the IPv4 address. For hosts which do not support IPv6. 
 `fe80::` - `feb::` | 10 bits | link-local | cf. loopback address in IPv4 
 `fec0::` - `fef::` | 10 bits | site-local |  
 `ff::` | 8 bits | multicast |  
 `001` (base 2) | 3 bits | global unicast | All global unicast addresses are assigned from this pool. The first 3 bits are ***001***. |

"""]]

### 19.16.2 Reading IPv6 Addresses 



The canonical form is represented as: `x:x:x:x:x:x:x:x`, each ***x*** being a 16 Bit hex value. For example `FEBC:A574:382B:23C1:AA49:4592:4EFE:9982`



Often an address will have long substrings of all zeros therefore each such substring can be abbreviated by ***::***. For example `fe80::1` corresponds to the canonical form `fe80:0000:0000:0000:0000:0000:0000:0001`.



A third form is to write the last 32 Bit part in the well known (decimal) IPv4 style with dots ***.*** as separators. For example `2002::10.0.0.1` corresponds to the (hexadecimal) canonical representation `2002:0000:0000:0000:0000:0000:0a00:0001` which in turn is equivalent to writing `2002::a00:1`.



By now the reader should be able to understand the following:



    

    # ifconfig




    rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

             inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255

             inet6 fe80::200:21ff:fe03:8e1%rl0 prefixlen 64 scopeid 0x1

             ether 00:00:21:03:08:e1

             media: Ethernet autoselect (100baseTX )

             status: active





`fe80::200:21ff:fe03:8e1%rl0` is an auto configured link-local address. It includes the scrambled Ethernet MAC as part of the auto configuration.



For further information on the structure of IPv6 addresses see [RFC3513](http://www.ietf.org/rfc/rfc3513.txt).



### 19.16.3 Getting Connected 



Currently there are five ways to connect to other IPv6 hosts and networks:



* Join the experimental 6bone (Appears to be discontinued)

* Getting an IPv6 network from your upstream provider. Talk to your Internet provider for instructions.

* Tunnel via 6-to-4

* Join [Sixxs](http://www.sixxs.net/), a free tunnel broker and use the [`net/aiccu`](http://pkgsrc.se/net/aiccu) package to set up your connection.

* Join [gogo6](http://gogonet.gogo6.com/page/freenet6-tunnelbroker), another free tunnel broker and use the [[gw6c]] package to set up your connection.


###Connect to 6bone (discontinued)


Here we will talk on how to connect to the 6bone since it currently seems to be the most popular way.


First take a look at the [6bone](http://www.6bone.net/) site and find a 6bone connection nearest to you. Write to the responsible person and with a little bit of luck you will be given instructions on how to set up your connection. Usually this involves setting up a GRE (gif) tunnel.

Here is a typical example on setting up a [gif(4)](http://leaf.dragonflybsd.org/cgi/web-man?command#gif&section4) tunnel:

    # ifconfig gif0 create

    # ifconfig gif0

    gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

    # ifconfig gif0 tunnel `***MY_IPv4_ADDR***`  `***HIS_IPv4_ADDR***`

    # ifconfig gif0 inet6 alias `***MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDR***`


Replace the capitalized words by the information you received from the upstream 6bone node.


This establishes the tunnel. Check if the tunnel is working by [ping6(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#ping6&section8) 'ing `ff02::1%gif0`. You should receive two ping replies.


 **Note:** In case you are intrigued by the address `ff02:1%gif0`, this is a multicast address. `%gif0` states that the multicast address at network interface `gif0` is to be used. Since we `ping` a multicast address the other endpoint of the tunnel should reply as well.


By now setting up a route to your 6bone uplink should be rather straightforward:


    # route add -inet6 default -interface gif0

    # ping6 -n `***MY_UPLINK***`

    # traceroute6 www.jp.FreeBSD.org

    (3ffe:505:2008:1:2a0:24ff:fe57:e561) from 3ffe:8060:100::40:2, 30 hops max, 12 byte packets

         1  atnet-meta6  14.147 ms  15.499 ms  24.319 ms

         2  6bone-gw2-ATNET-NT.ipv6.tilab.com  103.408 ms  95.072 ms *

         3  3ffe:1831:0:ffff::4  138.645 ms  134.437 ms  144.257 ms

         4  3ffe:1810:0:6:290:27ff:fe79:7677  282.975 ms  278.666 ms  292.811 ms

         5  3ffe:1800:0:ff00::4  400.131 ms  396.324 ms  394.769 ms

         6  3ffe:1800:0:3:290:27ff:fe14:cdee  394.712 ms  397.19 ms  394.102 ms


This output will differ from machine to machine. By now you should be able to reach the IPv6 site [www.kame.net](http://www.kame.net) and see the dancing tortoise -- that is if you have a IPv6 enabled browser such as [`www/mozilla`](http://pkgsrc.se/www/mozilla).

### Connect to gogo6

I have not been able to get NAT traversal to work with gogo6. Your machine must have a world-routable IPv4 address to connect. If you are using DSL or Cable internet, this may mean putting your DragonflyBSD machine in the DMZ.

Create an account on [gogo6](http://gogonet.gogo6.com/page/freenet6-tunnelbroker) if you want a static address or a /56 block

Compile the [[gw6c]] client

Edit /usr/local/gw6c/bin/gw6c.conf

    gwc6 can be configure for anonymous or authenticated access. Authenticated access give you a DNS name, a more stable address and optionally a /56 block of addresses (that is, 256 IPV6 addresses).
    
    #Set userid and password if you want authenticated access
    userid=myuserid
    passwd=mypasswd
    
    #Set servername to an anonymous or authenticated server
    server=montreal.freenet6.net
    #server=anon-montreal.freenet6.net
    
    #Set auth_method to anonymous or any depending on above
    auth_method=any
    #auth_method=anonymous

    #host_type should be router only if you want a full /56 block. We do in this case so we can give IPs to a jail, or example.
    host_type=router
    #host_type=host

    #prefixlen is either 64 or 56. Set to 56 if you want 256 IPv6 addresses.
    prefixlen=56
    #prefixlen=64

    #if_prefix should be set only if host_type=router. This interface should be connected to your LAN (or in this case to the only interface)
    if_prefix=re0

    #if_tunnel_v6v4 should be set to gif0 always
    if_tunnel_v6v4=gif0

    #template. We compiled gw6c as if we were on a netbsd system
    template=netbsd


Create gif0 interface

     ifconfig gif0 create 

Run gw6c

    cd /usr/local/gw6c/bin

    ./gw6c

Test
  
    # ifconfig gif0
    gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 99.23.159.141 --> 64.86.88.116
        inet6 2001:5c0:1000:b::4567 --> 2001:5c0:1000:b::4566 prefixlen 128 
        inet6 fe80::221:70ff:fef6:8ced%gif0 prefixlen 64 scopeid 0x6 

In this case we can see our address is 2001:5c0:1000:b::4567

    # ping6 ipv6.google.com
    PING6(56=40+8+8 bytes) 2001:5c0:1000:b::4567 --> 2001:4860:b002::68
    16 bytes from 2001:4860:b002::68, icmp_seq=0 hlim=53 time=79.582 ms

Ifconfig aliases
    
    If you have an authenticated connection and a /56 address block, you will see an additional IPv6 address attached to the interface defined in if_prefix= in gw6c.conf.

    #ifconfig re0 
    re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet6 fe80::221:70ff:fef6:8ced%re0 prefixlen 64 scopeid 0x1 
        inet 99.23.159.141 netmask 0xfffffffc broadcast 99.23.159.143
        inet6 2001:5c0:1105:1200::1 prefixlen 64 
        ether 00:21:70:f6:8c:ed
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

In this case, we have an IPv6 address of 2001:5c0:1105:1200::1. This is the start of the /56 block we have been assigned. 

We can bind to additional addresses in the 2001:5c0:1105:1200::1/56 range. Example:

    ifconfig re0 inet6 alias 2001:5c0:1105:1201::1

### 19.16.4 DNS in the IPv6 World 


There are two new types of DNS records for IPv6:


* AAAA records,


* A6 records



Using AAAA records is straightforward. Assign your hostname to the new IPv6 address you just got by adding:



    MYHOSTNAME           AAAA    MYIPv6ADDR



To your primary zone DNS file. In case you do not serve your own DNS zones ask your DNS provider. Current versions of  **bind**  (version 8.3 and 9) support AAAA records.



CategoryHandbook

CategoryHandbook-advancednetworking