Prep for Tomorrow with an IPv6 Testbed

Sooner or later IPv6 is coming. With our quick guide to building your own Linux-based IPv6 testbed, you can learn some of the ins and outs of the Internet's next generation protocol before it's time to implement it across your network.

By Carla Schroder | Posted Sep 22, 2004
Page 1 of 2
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Yes, friends, I am afraid you do have to start paying attention to IPv6 (Internet Protocol version 6) (define). It's on its way, it's inevitable, and us ace network admins must learn to use it.

At this point, at least in the United States, it's a novelty along the the lines of the talking dog. It's not that it talks well, but that it talks at all; in other words, implementation here is very limited. IPv6 is not an extension to IPv4, but a whole new protocol. So the transition to IPv6 means building devices, like network cards, phones, and routers, that support both, and running them side-by-side as the entire freakin' Internet makes the changeover. And it means updating all manner of software. Some say it will take 10-20 years.

Security implications are largely unknown at this point, so it's best to test this on a little test network, and not with your real-life production machines.
Doubtless there will be lonely hermits lodged in mountain caves who will hold on to IPv4 to the bitter end. But much of the world is pressing for fast adoption. Japan is the leader in implementation, with China, most of Europe, and India not far behind. They are especially motivated because the United States hogs — I mean "has been allocated the largest share of" — IPv4 addresses, so they are already facing shortages.

IPv6 offers more than just a larger addressing space. It also features a number of significant improvements, such as standardized QoS (Quality of Service) (define), built-in security, speed, and simplified routing tables. For more background information, please visit the links in Resources. In this article we will look at getting connected to an IPv6 backbone via an IPv6-over-IPv4 tunnel, and setting up a local subnet (define) to play with.

Are You Already IPv6-ed?

It may be that your service provider has already rolled out IPv6. You can check by visiting any of these sites:

If you are connecting over IPv6, you'll see animated logos at the top of the first two sites. SixXS merely displays a dignified text report. Most likely you're not, but it doesn't hurt to look.

Does Your Kernel Support IPv6

The thorny part is making sure your Linux kernel supports IPv6. Linux kernels since 2.2 have supported IPv6 via loadable kernel modules, but not all distributions ship IPv6-enabled kernels. Fedora comes ready to rock; most of the others don't. The easy way to check is look at your /boot/config-* file. If you see this:
# CONFIG_IPV6 is not set

Too bad so sad, you need to add the modules to your kernel (See Resources). This is what it looks like in Fedora:

$ cat config-2.6.5-1.386 | grep -i ipv6
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_TUNNEL=m
# IPV6: Netfilter Configuration
CONFIG_IPV6_NF_MATCH_IPV6HEADER=m

Also check for the existence of /proc/sys/net/ipv6.

IPv6 Network Utilities

Your old reliable friends ping and traceroute may not be IPv6-clueful, if they are too old. The latest iputils RPM supports both IPv4 and IPv6. On Debian, get the packages iputils-ping and iputils-tracepath.

Getting IPv6-ed

The fine folks at Hexago host a free service to allow us to play with real live IPv6. (This used to be on freenet6.net, for you oldtimers.) You need a static, routable IP address on your Internet gateway. First sign up for an account. Then download and install the client software, tspc-2.1-src.tgz. Stick it any directory you like:

$ mkdir -m 755 ~/tspc
$ cd ~/tspc
$ tar zxvf tspc-2.1-src.tgz
$ cd tspc2
$ make all target=linux

Then go to /tspc2/bin. Open tspc.conf.sample, and add the login and password for your Hexagon/Freenet6 account. Then comment out "server=anon.freenet6.net", and uncomment "server=broker.freenet6.net." Change the filename to tspc.conf.

Next, while you're still in /tspc2/bin, su to root, and start up your IPv6-over-IPv4 tunnel:

# ./tspc
tspc - Tunnel Setup Protocol Client v2.1
Initializing (use -h for help)

Connecting to server with reliable UDP
Got tunnel parameters from server, setting up local tunnel
Going daemon, check tspc.log for tunnel creation status

Well, OK! The connection is successful. Forget reading boring old logs — fire up a Web browser and connect to any of the sites listed above in "Are You Already IPv6-ed?" The KAME site will display an arthritic dancing turtle. Aerasec's main logo will do gentle gyrations. Have some patience, because tunneling IPv6-over-IPv4 is slow.

Take a look at the output from /sbin/ifconfig, you'll have a new section:

tun
Link encap:Point-to Point Protocol
inet6 addr: 2001:5c0:8fff:fffe::373/128 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280  Metric:1
RX packets:271 errors:0 dropped:0 overruns:0 frame:0
TX packets:304 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:10
RX bytes:192396 (187.8 KB)  TX bytes:42300 (41.2 KB)

Continued on page 2: Dealing with Problems

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter