Prep for Tomorrow with an IPv6 Testbed
Sooner or later IPv6 is coming. With our quick guide to building your own Linux-based IPv6 testbed, you can learn some of the ins and outs of the Internet's next generation protocol before it's time to implement it across your network.
Yes, friends, I am afraid you do have to start paying attention to IPv6 (Internet Protocol version 6) (define). It's on its way, it's inevitable, and us ace network admins must learn to use it.
At this point, at least in the United States, it's a novelty along the the lines of the talking dog. It's not that it talks well, but that it talks at all; in other words, implementation here is very limited. IPv6 is not an extension to IPv4, but a whole new protocol. So the transition to IPv6 means building devices, like network cards, phones, and routers, that support both, and running them side-by-side as the entire freakin' Internet makes the changeover. And it means updating all manner of software. Some say it will take 10-20 years.
IPv6 offers more than just a larger addressing space. It also features a number of significant improvements, such as standardized QoS (Quality of Service) (define), built-in security, speed, and simplified routing tables. For more background information, please visit the links in Resources. In this article we will look at getting connected to an IPv6 backbone via an IPv6-over-IPv4 tunnel, and setting up a local subnet (define) to play with.
Are You Already IPv6-ed?It may be that your service provider has already rolled out IPv6. You can check by visiting any of these sites:
If you are connecting over IPv6, you'll see animated logos at the top of the first two sites. SixXS merely displays a dignified text report. Most likely you're not, but it doesn't hurt to look.
Does Your Kernel Support IPv6The thorny part is making sure your Linux kernel supports IPv6. Linux kernels since 2.2 have supported IPv6 via loadable kernel modules, but not all distributions ship IPv6-enabled kernels. Fedora comes ready to rock; most of the others don't. The easy way to check is look at your /boot/config-* file. If you see this:
# CONFIG_IPV6 is not set
Too bad so sad, you need to add the modules to your kernel (See Resources). This is what it looks like in Fedora:
$ cat config-2.6.5-1.386 | grep -i ipv6 CONFIG_IPV6=m CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_TUNNEL=m # IPV6: Netfilter Configuration CONFIG_IPV6_NF_MATCH_IPV6HEADER=m
Also check for the existence of /proc/sys/net/ipv6.
IPv6 Network Utilities
Your old reliable friends ping and traceroute may not be IPv6-clueful, if they are too old. The latest iputils RPM supports both IPv4 and IPv6. On Debian, get the packages iputils-ping and iputils-tracepath.
The fine folks at Hexago host a free service to allow us to play with real live IPv6. (This used to be on freenet6.net, for you oldtimers.) You need a static, routable IP address on your Internet gateway. First sign up for an account. Then download and install the client software, tspc-2.1-src.tgz. Stick it any directory you like:
$ mkdir -m 755 ~/tspc $ cd ~/tspc $ tar zxvf tspc-2.1-src.tgz $ cd tspc2 $ make all target=linux
Then go to /tspc2/bin. Open tspc.conf.sample, and add the login and password for your Hexagon/Freenet6 account. Then comment out "server=anon.freenet6.net", and uncomment "server=broker.freenet6.net." Change the filename to tspc.conf.
Next, while you're still in /tspc2/bin, su to root, and start up your IPv6-over-IPv4 tunnel:
# ./tspc tspc - Tunnel Setup Protocol Client v2.1 Initializing (use -h for help) Connecting to server with reliable UDP Got tunnel parameters from server, setting up local tunnel Going daemon, check tspc.log for tunnel creation status
Well, OK! The connection is successful. Forget reading boring old logs — fire up a Web browser and connect to any of the sites listed above in "Are You Already IPv6-ed?" The KAME site will display an arthritic dancing turtle. Aerasec's main logo will do gentle gyrations. Have some patience, because tunneling IPv6-over-IPv4 is slow.
Take a look at the output from /sbin/ifconfig, you'll have a new section:
tun Link encap:Point-to Point Protocol inet6 addr: 2001:5c0:8fff:fffe::373/128 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:271 errors:0 dropped:0 overruns:0 frame:0 TX packets:304 errors:0 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:10 RX bytes:192396 (187.8 KB) TX bytes:42300 (41.2 KB)