Installing IPv6 protocol using 6to4 tunnels

-- by TailGunner?
well, in this page i'll explain in detail the steps to set up a test 6to4 connection, that allows you to surf on the IPv6 network, this is intended for connecting a pc that doesn't acts as a router. (single host) but is no more difficult to set it up as a IPv6 router. This is a first release of this page. If you have some questions, please contact me at tailgunner75_at_no-spamemaildotit

---

concepts

the IPv6 protocol, is relatively new, his principal goal is to supply low number of IPv4 public addresses, in fact, the IPv4 address space is 32 bit, 2^32 addressess, corresponding to 4.294.967.296 addresses. The IPv6 address space is 128 bit 2^128 corresponding teoretically up to 3,40x10^38 addresses, a mostrous number, pratically unlimited ip addresses, they would be sufficient for an entire galaxy :) (really, some addresses are reserved, eg 10.x.x.x, 172.16.x.x to 172.32.x.x, and 192.168.x.x for IPv4 private classess, or fe8x::/16 for IPv6 link-local and fecx::/16 for site-local, etc. so the real number of available public ip addresses is lower)

there are others new implementations, and corrections in IPv6 vs IPv4, eg the IPv6 header is fixed to 48 bytes (IPv4 header basically is 20 bytes, but can grow with options), there are no more broadcasts in IPv6, (only multicast and a new special "anycast" addresses) etc....

Since most of ISPs actually don't provide native IPv6 access, we'll go to configure a tunnel, in wich will'be encapsulated IPv6 packets,

(IPv4 header (IPv6 header (tcp or udp or icmpv6 ecc ))) 

                          |.....upper level payload...|			    	
	  |............IPv6 packet (prot id 41).........|
|.....................6to4 tunnel packet......................|

in this mode an IPv6 packet will be encapsulated in a IPv4, and routed through internet to a special gateway, which remove the IPv4 headers, and then forward the IPv6 packet to his destination on the IPv6 network. When the remote host on IPv6 network send his reply, his packet, the 6to4 router look for IPv6 destination address (our public IPv6 address) then encapsulate again the packet in IPv4 and send it across internet to us.

the IPv6 public address is calculated from the IPv4 pubblic address, so this makes anything possible.
In this page we'll use a public router, (there are many in rhe world, for testing purposes) there are however a lot of ISPs that are beginning to provide 6to4 services, (such as sixxs.org for example)

---

prerequisites

in order to successfully connect to IPv6 network your pc must have the following requisites:

• a working internet connection (static or dynamic IPv4 address)

• a kernel supporting IPv6 protocol (if you don't, you must enable it and recompile)

• iproute package installed.

You also should read the linux IPv6 howto, it can be found on http://www.bieringer.de/linux/IPv6/ (available in most languages) in order to take familiarity with IPv6 concepts.

---

setting up the tunnel

• let's to calculate the our IPv6 public prefix from IPv4 address:

to obtain IPv6 access from a standard internet connection, we must use a particular IPv6 prefix, composed by a fixed part, (2002) indicating that we are accessing through a tunnel, plus a hexadecimal value corrensponding to the our assigned IPv4 address

example,
we have 82.45.148.209 assigned public IPv4 address, (in decimal), if we convert it in hexadecimal the result is: 52.2d.94.d1

well our IPv6 public prefix will be:
2002:522d:94d1::/48

note how we constructed the IPv6 address prefix, the first field, 2002 is fixed, and is reserved for 6to4 public tunnels, any IPv6 address beginning with 2002 is a host connected via 6to4 public tunnel. There are also other ISPs that offers 6to4 tunnels, if you are using one of them, the first field may change (generally the ISP use a subnet of it's assigned production ipv6 prefix for 6to4 tunnels a subnet of it's assigned production ipv6 prefix, in this case the first address could be 2001. but read documentation on your ISP's website for specific information...) the others two fields, are the hexadecimal value of the IPv4 public address.

well, this means that our first address will be:

2002:522d:94d1::1/48

and our last ip address will be:

2002:522d:94d1:ffff:ffff:ffff:ffff:fffe/48

Obiouvsly if we'll use a prefix of 64 instead of 48 we'll obtain ffff (65535) different networks

network 0:
2002:522d:94d1::/64

first address: 2002:522d:94d1::1
last address: 2002:522d:94d1::ffff:ffff:ffff:fffe

network 1:
2002:522d:94d1:1::/64

first address: 2002:522d:94d1:1::1
last address: 2002:522d:94d1:1:ffff:ffff:ffff:fffe

etc.....

(a very indecent number of public IPv6 addresses :D )

WARNING!!! the IPv4 address in this sample is a real existing ip address, i used it casually and just for sample, never use it in a real case!!

• enable the IPv6 on linux box:

if the IPv6 protocol isn't already running on your pc, then simply enter (as root)

# modprobe IPv6

then look if module has been loaded, (lsmod) and see if the IPv6 protocol is working:

# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:EE:0C:5F
          inet addr:192.168.0.34  Bcast:192.168.0.255  Mask:255.255.255.0
     ---> inet6 addr: fe80::20c:29ff:feee:c5f/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:439908 errors:0 dropped:0 overruns:0 frame:0
          TX packets:177230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:145093186 (138.3 Mb)  TX bytes:243822354 (232.5 Mb)
          Interrupt:18 Base address:0x1080

excellent, the IPv6 protocol has started and the IPv6 link-local address has been assigned, let's try to ping it:

# ping6 -I eth0 -c4 fe80::20c:29ff:feee:c5f
PING fe80::20c:29ff:feee:c5f(fe80::20c:29ff:feee:c5f) from ::1 eth0: 56 data bytes
64 bytes from fe80::20c:29ff:feee:c5f: icmp_seq=1 ttl=64 time=2.99 ms
64 bytes from fe80::20c:29ff:feee:c5f: icmp_seq=2 ttl=64 time=0.194 ms
64 bytes from fe80::20c:29ff:feee:c5f: icmp_seq=3 ttl=64 time=0.078 ms
64 bytes from fe80::20c:29ff:feee:c5f: icmp_seq=4 ttl=64 time=0.068 ms

(note: for link-local address we must specify the interface in ping command)

well, at this point we're ready to set up the tunnel: on the prompt shell, as root enter the commands:

# ip tunnel add name sit1 mode sit remote any local ::82.45.148.209 ttl 64
# ip link set dev sit1 up

then enter one of the the IPv6 public address previously calculated:

# ip -6 addr add 2002:522d:94d1::1/64 dev sit1

ok, let's to see what's happened:

# ifconfig

......
......

sit1      Link encap:IPv6-in-IPv4
          inet6 addr: 2002:522d:94d1::1/64 Scope:Global
          inet6 addr: ::82.45.148.209/128 Scope:Compat
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:455 errors:0 dropped:0 overruns:0 frame:0
          TX packets:352 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0 Kb)  TX bytes:0 (0 Kb)

......
......

ok, as final step, we must set the default route for the IPv6 protocol...

ip -6 route add 2000::/3 via ::192.88.99.1 dev sit1 metric 1

the public IPv4 address (192.88.99.1) used in this route, (in its IPv6 compat form) is a special anycast address, as described in RFC 3068, which point at the nearest 6to4 relay router

# ip -6 route ls

::/96 via :: dev sit1  metric 256  mtu 1480 advmss 1420
2002:522d:94d1::/64 dev sit1  metric 256  mtu 1480 advmss 1420
2000::/3 via ::192.88.99.1 dev sit1  metric 1  mtu 1480 advmss 1420 <--- default gateway
fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440
fe80::/64 dev sit1  metric 256  mtu 1480 advmss 1420
ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440
ff00::/8 dev sit1  metric 256  mtu 1480 advmss 1420

well done. now we must try if we are able to reach others sites on IPv6 net:

# traceroute6 www.kame.net

traceroute to orange.kame.net (2001:200:0:8002:203:47ff:fea5:3085) from 2002:522d:94d1::1, 30 hops max, 16 byte packets
 1  swiix1.switch.ch (2001:620:0:c000::9)  93.448 ms  78.944 ms  79.673 ms
 2  swizh2-g2-6.switch.ch (2001:620:0:c015::2)  79.609 ms  79.174 ms  79.708 ms
 3  swice3-10ge-1-1.switch.ch (2001:620:0:c027::1)  79.653 ms  79.168 ms  79.74 ms
...........
...........
..........
17  hitachi1.otemachi.wide.ad.jp (2001:200:0:1800::9c4:2)  335.419 ms  334.792 ms  335.612 ms
18  pc3.yagami.wide.ad.jp (2001:200:0:1c04::1000:2000)  335.586 ms  334.861 ms  335.491 ms
19  gr2000.k2c.wide.ad.jp (2001:200:0:4819::2000:1)  335.584 ms  350.219 ms  335.671 ms
20  orange.kame.net (2001:200:0:8002:203:47ff:fea5:3085)  335.605 ms  335.987 ms  335.674 ms

ok, that's fine! it works..... now try to surf on www.kame.net website, if you see the dancing-turtle, it means that you are connected through IPv6 protocol (at bottom of the page you'll see your ipv6 public address reported) congratulations!!

---

warnings

• if you are using Eagle-usb based modem (eg Sagem F@st 800 or US Robotics) on a gateway, you should use at least1.9.9 or 2.0.0 driver version in order to fix a mss-mtu problem (see Dev:TailGunner (interwiki) for details)

• if you are using an external router that does nat, you MUST configure it for redirect ipv6 traffic (protocol id 41) on the private ip address used by your linux box

---

links

• http://www.bieringer.de/linux/IPv6/ [most languages]

The linux ipv6 howto

• http://www.ipv6.org [en]

Official info about ipv6, contain a list of IPv6 Ready websites

• http://www.6bone.net [en]

The 6bone project homepage

• http://www.pluto.it [it]

The pluto project home page

---