Table of Contents
ipv6
prefix length is first 64 bits
VT is
2001:468:c80::/48
Global is
2000::/3
IPv6to4 is
2002::/16
IPv6to4 for VT is
2002:80ad::/32 2002:c652::/32
if these 2002 addresses appear, it could cause it to search 40 hops away. Turn off IPv6to4
Link LocalL
fe80::/10
Multicast:
ff00:/8
All node Multicast:
ff01::
Multicast on link local
ff02::
loopback
::1
Good firefox plugin: showIP
host.dept.ip6.vt.edu → AAAA
host.dept.vt.edu → A
host4.dept.vt.edu used for ip4 addresses only
Common problems
2002:… addresses are for IPv6to4 gateways
If only fe80::, maybe router discovery is off
SixXS Subnet
http://www.ipv4.sixxs.net/wiki/Installing_a_Subnet
independence ~ # cat /etc/radvd.conf
interface eth0
{
AdvSendAdvert on;
prefix 2001:4978:215::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
for independence:
ip addr add 2001:4978:215::1/64 dev eth0 /etc/init.d/radvd start
Hostname: uschi02.sixxs.net
This PoP provides tunnels from the following prefixes:
- 2001:4978:f::/48 of size /64
Subnets are allocated out of:
- 2001:4978:100::/40 of size /48
- 2001:4978:200::/40 of size /48
address for independence as reported by ssh login from independence to riccioli:
cl-734.chi-02.us.sixxs.net
for thinkpad-steve as reported by ssh login to riccioli:
2001:4978:215:0:218:deff:fe4b:2569
sixxs 2001:4978:f:2dd::1 gw-734.chi-02.us.sixxs.net independence sixxs external 2001:4978:f:2dd::2 cl-734.chi-02.us.sixxs.net independence eth0 internal 2001:4978:215::1 thinkpad wlan0 2001:4978:215:0:218:deff:fe4b:2569 bacchus 2001:468:c80:610c:230:48ff:fe8f:77dd/64 chernabog.cc.ipv6.vt.edu 2001:0468:0c80:2105:0000:025e:42da:ffc7 (tried to connect using SPT=80) inbound.smtp.vt.edu 2001:468:c80:2106:0:240:5040:1614 hephaistos 2001:468:c80:610c:24f:4eff:fe0f:fd4a/64
crash course
discover link local addresses
ff02::1 is short for ff02:0:0:0:0:0:0:1, which is a special link-local multicast address for discovering all link-local hosts
$ ping6 -c4 -I eth0 ff02::1
IPv6 neighbor table
ip -6 neigh show
nud reachable means the network unreachability detection status is reachable
Ping the addresses
ping6 -c4 -I eth0 fe80::(rest of address)
/etc/hosts file of each PC:
fe80::20b:6aff:feef:7e8d fatfreddy fe80::221:97ff:feed:ef01 phineas fe80::3f1:4baf:a7dd:ba4f franklin
Now you can ping6 by hostname:
$ ping6 -I eth0 phineas
This is how you establish an SSH session:
ssh phineas@fe80::221:97ff:feed:ef01%eth0
Again, you must specify the network interface name on your PC, and you must do it as shown, appended with a percent sign and no spaces. scp has its own fiendish syntax quirks:
$ scp test.txt phineas@\[fe80::221:97ff:feed:ef01%eth0\]: phineas@fe80::221:97ff:feed: ef01%eth0's password: test.txt 100% 19 0.0KB/s 00:00
The IPv6 address must be enclosed in square braces, including the interface name, and the braces must be escaped.
Let's fake one up for practice and assign it to a network interface:
# ip -6 addr add 2001::1/64 dev eth0
Now let's check our work:
$ ifconfig eth0 |grep "inet6 addr:"
inet6 addr: 2001::1/64 Scope:Global
inet6 addr: fe80::20b:6aff:feef:7e8d/64 Scope:Link
If you need to remove it, use the del command with the ip utility:
# ip -6 addr del 2001::1/64 dev eth0
these iptables rule block all IPv6 traffic from entering or leaving your LAN:
ip6tables -P output drop ip6tables -p input drop ip6tables -p forward drop
2001:db8:0000:0000:0000:0000:0000:0001 _____________|____|___________________ network ID subnet interface ID
Routing (quoted directly from the article)
Your router must support IPv6, of course. If you're using a Linux PC as your test machine you're in business. First start IPv6 forwarding:
# sysctl -w net.ipv6.conf.all.forwarding=1
Verify forwarding is enabled:
# cat /proc/sys/net/ipv6/conf/eth0/forwarding 1
A return value of 1 means it is enabled, 0 means it is not. Now install radvd, the router advertiser daemon. Then create /etc/radvd.conf with this simple configuration:
interface eth0
{
AdvSendAdvert on;
prefix 2001:db8::/64
{
};
};
Copy it exactly, changing only the interface name if necessary. Now create an IPv6 address on your router, or PC acting as your router, and set an IPv6 route:
# ip address add 2001:db8::1a/64 dev eth0 # ip route add 2001:db8::/64 dev eth0
Check your work by running ifconfig and ip -6 route show. Your ip output should look similar to this:
2001:db8::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 2001:db8::/64 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
Finally, start up the radvd daemon:
# etc/init.d/radvd start
You should now be able to ping the router from another PC. Note that unlike our link-local addresses, we don't need to specify the network interface:
$ ping6 2001:0db8::1a
All of the computers on the same switch as your IPv6 router should have new addresses in the 2001:0db8::/64 range. You can look these up and go on a ping6 frenzy. A default gateway (for connecting to other networks) is the IPv6 address of your router:
# ip -6 route add default via 2001:db8::1a
Of course it's less work to configure it in radvd.conf and have it advertised automatically by adding these lines:
route ::/0
{
};
Then when you run ip -6 route show you'll see this:
default via 2001:db8::1a dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 0
What if you don't want radvd blasting IPv6 addresses all over your network? No worries, for you can limit its clients by listing their IPv6 link-local addresses like this:
interface eth0
{
AdvSendAdvert on;
prefix 2001:db8::/64
{
AdvOnLink on;
AdvAutonomous on;
};
route ::/0
{
};
clients
{
fe80::20d:b9ff:fe05:25b4;
fe80::20b:6aff:feef:7e8d;
fe80::221:97ff:feed:ef01;
};
};
Mind your braces and semi-colons!