Wednesday, July 23, 2008

IPv6

I've been playing with IPv6 a bit in the last couple of days and by playing I mean:

- Setup IPv6 tunnel with Hurricane Electric
- Configured Cisco 2811 for Iv6 tunnels (both ends)
- Subnetted (is that a word?) our /48 from HE
- Configured tunnels in Linux with iproute2
- Used radvd in Linux
- Setup AAAAs for services
- Added/enabled IPv6 in AstLinux
- Played with ip6tables
- Worked on my super-secret IPv6 project (more on that later)

Yep, it's been an IPv6 week. As of right now I've got a main IPv6 tunnel from HE (in Dallas) coming into my 2811 in Tampa. I have a /48 routing down that to other tunnels providing multiple /64s to several locations. I'm setup for providing more IPv6 tunnels and /64s in the future from my 2811 (with or without connectivity to the IPv6 net at large).

I've got IPv6 in the datacenter. I've got IPv6 in the office. I've got IPv6 at home. I've got IPv6 everywhere and a TON of IP addresses to boot. It's really pretty cool and other than my funky tunnel configuration (which I actually kind of like) it's pretty easy. Once I've setup the tunnels I just route the appropriate /64s down to each PtP address for each tunnel at each location. It's a bit of a hub and spoke configuration but it works very well so far. Of course it helps when your tunnel gateway (my 2811) has seven upstream IPv4 carriers.

I've also added IPv6 to AstLinux:

- Kernel (IPv6, mobile IPv6, "41" tunnels, netfilter, etc)
- C library (uClibc)
- Busybox (apps in general, ping6, etc)
- mini_httpd
- OpenSSH
- ntpd
- stunnel
- rsync
- php
- libpcap
- tcpdump
- dnsmasq (needs testing)
- nmap
- radvd
- and more

The IPv6 kernel module alias is disabled by default. Anyone that wants to use IPv6 in AstLinux will have to enable it via (you guessed it) rc.conf. It could use some more testing (hint, hint) but so far it looks pretty good.

There was one more thing I was going to talk about... Of yeah, my "super-secret IPv6 project"... I'll have another post for that soon...

2 comments:

tonfa said...

Why are you not using 6to4, you just need a static IPv4 address. It works very well :)

Kristian Kielhofner said...

I did this for experience with IPv6, not just for connectivity!