Probably every and each one of have already heard about IPv6. Texts like "IPv4 is over" or "IPv4 Address-space is exhausted" are flooding the internet. So, why should I even bother about moving to IPv6? What are benefits?
In this article I am going to configure OpenWRT router to use IPv6. Because my ISP don’t provide such address I’ll use Hurricane Electric (he.net) IPv6-IPv4 tunnel.
At the end I’ll configure radvd daemon (router advertisement) and perform some tests on cluster, to ensure that everything works fine.
Why should I bother?
IPv6 brings many enhancements and I was wondering which one of them do I really need?. So I tried to answer to questions presented below:
1. Do I need so large address space?
Yes and no. I am not running so many physical machines to exhaust IPv4 addr-space, but I’ll have opportunity to get rid of NAT. I have various of reasons to address a few machines globally and with my current ISP I have only one IPv4 assigned. IPv6 promise me End-to-End delivery.
2. Broadcast is gone, multicast comes in. What does it change?
As multicast requires some more overhead (joining to multicast group) than broadcast, but it seems to be a nice feature. Auto configuration without DHCP (in fact I am still using DHCP for static address assignment) via NDP makes things simpler (as long as you don’t have thousands of hosts, as described here).
Another thing is anycast support, so that two interfaces can share one anycast address. Packets will be sent to the "nearest" destination.
Evantually, I found NAT-less routing the most useful feature. Of course, "public" addresses leaves some security concerns, but that is the price.
I could also describe IPv6 in details, by describing headers, MTU, mobile IP etc. But I believe the key point of switching is explained.
There are multiple tunnel brokers, but those 2 has endpoints in many locations and offer best latency (at least for me):
I have decided to use HE, because they have location in Warsaw (which is the closest to me). In your case SixXS might be better, check it before you go on.
How does it work?
The idea is quite simple. All traffic between routers is encapsulated in IPv4 header, so that is routed to tunnelbroker endpoint. Then IPv4 header is removed.
In order to create IPv6-IPv4 tunnel, login to tunnelbroker.net and click "Create regular tunnel". Then provide your home IP address and select your endpoint location.
At first you need to install 6in4 interface software:
opkg update opkg install 6in4
Next, create and configure interface:
uci set network.henet=interface uci set network.henet.proto=6in4 uci set network.henet.peeraddr='SERVER IPv4 ADDR' uci set network.henet.ip6addr='Your IPv6 Addr e.g 2001:470:70:5ff::2/64' uci set network.henet.ip6prefix='Your IPv6 prefix e.g 2001:470:71:5ff::/64' uci set network.henet.tunnelid='YOUR TUNNEL ID' uci set network.henet.username='USERNAME' uci set network.henet.password='UPDATE_KEY_OR_PASSWORD' uci commit network
Eventually, configure firewall and restart network:
uci set firewall.@zone.network='wan henet' uci commit firewall /etc/init.d/network reload /etc/init.d/firewall reload
A bit of explanation
Let us analyse the following address:
2001:db8:1111:aaaa identifies the network,
the second half
1234:5678:9abc:def0 identifies interface id.
2001:db8:1111 is assigned by your ISP (/48) and
:aaaa (/64) identifies subnet.
In IPv6 there are three types of unicast adresses:
- Global (2000::/3) only for direct unproxied internet access
- Unique local (fc007::/7) for inter-subnet access
- Link local (fe80::/10) for everybody
If you wish to not make your interface globally accessible, you may want to use unique local (for inter-local-network) or link local address.
The Router Advertisement Daemon (radvd) is an open-source software product that implements link-local advertisements of IPv6 router addresses and IPv6 routing prefixes using the Neighbor Discovery Protocol (wikipedia).
First install radvd:
opkg update opkg install radvd
Next assign IPv6 prefix to selected network (e.g lan):
vi /etc/config/network config interface 'lan' ... option ip6addr '2001:470:71:5ff::1/64'
vim /etc/config/radvd # Change ignore to 0 option ignore 0 # Restart /etc/init.d/radvd restart # Enable forwarding in /etc/config/sysctl.conf net.ipv6.conf.all.forwarding=1
Ping ipv6.google.com on router:
root@OpenWrt:~# ping6 -c 3 ipv6.google.com PING ipv6.google.com (2a00:1450:401b:800::200e): 56 data bytes 64 bytes from 2a00:1450:401b:800::200e: seq=0 ttl=55 time=38.818 ms 64 bytes from 2a00:1450:401b:800::200e: seq=1 ttl=55 time=37.533 ms 64 bytes from 2a00:1450:401b:800::200e: seq=2 ttl=55 time=34.753 ms --- ipv6.google.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 34.753/37.034/38.818 ms
Check IPs on host (and ping again):
ip addr | grep inet6 inet6 ::1/128 scope host inet6 2001:470:71:5ff:9259:afff:fe56:b81e/64 scope global mngtmpaddr dynamic inet6 fe80::9259:afff:fe56:b81e/64 scope link
ping6 -c2 -I eth0 ff02::1 ip -6 neigh ##### EXAMPLE ##### [root@beagle ~]# ip -6 neigh fe80::acc0:25ff:fe3a:f40e dev eth0 lladdr ae:c0:25:3a:f4:0e DELAY fe80::80ca:bcff:fe0a:fe30 dev eth0 lladdr 82:ca:bc:0a:fe:30 REACHABLE fe80::80ca:bcff:fe0a:fe31 dev eth0 lladdr 82:ca:bc:0a:fe:31 REACHABLE fe80::80ca:bcff:fe0a:fe33 dev eth0 lladdr 82:ca:bc:0a:fe:33 REACHABLE