If your hosting provider gives out an entire /48 for every hosted server, your syslog may get overwhelmed with messages concerning the subnet mask:

1 Time(s): [705959.619704] IPv6 addrconf: prefix with wrong length 48

To solve this temporarily you can disable auto-configuration and router advertisements:

echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf

This seems to suppress the annoying log messages on my Ubuntu based environment. If you would like to make this persistent through reboots, add the following lines to /etc/sysctl.conf:

net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.autoconf = 0

IPv6, Linux, Networking IPv6, Linux, Networking, Ubuntu

I was recently baffled to see that when I entered configuration mode within a VLAN interface on a Catalyst access layer switch that I could not set any IPv6 options! It turns out that by default, SDM prefers what it calls the “desktop default” template. This means it is optimized for IPv4 and does not include IPv6 support. Fortunately a quick but painful fix to this is to change the prefered SDM template from “desktop default” to “dual-ipv4-and-ipv6″:

Switch>enable
Switch#config t
Switch(config)#sdm prefer dual-ipv4-and-ipv6
Switch(config)#end
Switch#reload

Unfortunately, you will need to reload (reboot) the device in order for the changes to take place, which will obviously incur annoying downtime for your users. Once the device has reloaded you can verify by issuing a show sdm prefer command which should look something like this:

Switch#show sdm  prefer
 The current template is "desktop IPv4 and IPv6 default" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  2K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    3K
    number of directly-connected IPv4 hosts:        2K
    number of indirect IPv4 routes:                 1K
  number of IPv6 multicast groups:                  1.125k
  number of directly-connected IPv6 addresses:      2K
  number of indirect IPv6 unicast routes:           1K
  number of IPv4 policy based routing aces:         0
  number of IPv4/MAC qos aces:                      0.5K
  number of IPv4/MAC security aces:                 1K
  number of IPv6 policy based routing aces:         0
  number of IPv6 qos aces:                          0.5K
  number of IPv6 security aces:                     0.5K

Now you should be able to configure IPv6 interfaces and ACLs.

Cisco, IPv6, Networking 3750, Catalyst, Cisco, IOS, IPv6, Networking

Arch Linux uses a BSD-style network interface configuration located in /etc/rc.conf, which can make exotic network configurations interesting, to say the least. The following rc.d script is meant to help remedy the situation by providing a configurable wrapper to sanely manage a 6in4 link interface.

• This script uses the route2 method; make sure that the iproute2 package is installed.

As root, write the following rc.d init script to /etc/rc.d/6in4-tunnel:

#!/bin/bash

### begin user configuration

##############################################
#                                            #
#  Stop this script before you reconfigure!  #
#                                            #
##############################################

# if_name     - interface name that is to be created for the 6in4 link
if_name=6in4

# server_ipv4 - ipv4 address of the server that is providing the 6in4 tunnel
server_ipv4=127.0.0.1

# client_ipv4 - ipv4 address of the client that is receiving the 6in4 tunnel
client_ipv4=127.0.0.1

# client_ipv6 - ipv6 address of the client 6in4 tunnel endpoint
client_ipv6=2001:feed:face:beef::2/64

# link_mtu    - set the mtu for the 6in4 link
link_mtu=1480

# tunnel_ttl  - set the ttl for the 6in4 tunnel
tunnel_ttl=64

### end user configuration

daemon_name=6in4-tunnel

. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
  start)
    stat_busy "Starting $daemon_name daemon"

    ifconfig $if_name &>/dev/null
    if [ $? -eq 0 ]; then
      stat_busy "Interface $if_name already exists"
      stat_fail
      exit 1
    fi

    ip tunnel add $if_name mode sit remote $server_ipv4 local $client_ipv4 ttl $tunnel_ttl
    ip link set $if_name up mtu $link_mtu
    ip addr add $client_ipv6 dev $if_name
    ip route add ::/0 dev $if_name

    add_daemon $daemon_name
    stat_done
    ;;

  stop)
    stat_busy "Stopping $daemon_name daemon"

    ifconfig $if_name &>/dev/null
    if [ $? -ne 0 ]; then
      stat_busy "Interface $if_name does not exist"
      stat_fail
      exit 1
    fi

    ip link set $if_name down
    ip tunnel del $if_name

    rm_daemon $daemon_name
    stat_done
    ;;

  *)
    echo "usage: $0 {start|stop}"
esac
exit 0

You will need to provide your 6in4 link configuration between the following sections of /etc/rc.d/6in4-tunnel:

### begin user configuration

### end user configuration

Once /etc/rc.d/6in4-tunnel has been configured properly, give it permission to be executed:

# chmod +x /etc/rc.d/6in4-tunnel

To create the 6in4 tunnel link and bring up the interface:

# /etc/rc.d/6in4-tunnel start

To delete the 6in4 tunnel link and remove the interface:

# /etc/rc.d/6in4-tunnel stop

The following method allows /etc/rc.d/6in4-tunnel to start automatically at system startup.

• Verify that the 6in4 tunnel link is configured and working properly before doing this!

As root, insert 6in4-tunnel right after network in the DAEMONS line of /etc/rc.conf.

After this addition, the DAEMONS line in /etc/rc.conf should look something like this:

...

#
# -----------------------------------------------------------------------
# DAEMONS
# -----------------------------------------------------------------------
#
# Daemons to start at boot-up (in this order)
#   - prefix a daemon with a ! to disable it
#   - prefix a daemon with a @ to start it up in the background
#
DAEMONS=(syslog-ng iptables ip6tables network 6in4-tunnel openntpd ...

...

IPv6, Linux, Networking 6in4, IPv6, Linux, Networking

The simplest way to create a static 6in4 tunnel in Ubuntu, or any other Debian based distro, is to edit /etc/network/interfaces.

Here is a template with the information you will need to add:

auto tun1
iface tun1 inet6 v4tunnel
        address <your IPv6 address>
        netmask 64
        ttl 64
        endpoint <remote IPv4 tunnel address>
        up ip link set mtu 1280 dev tun1
        up ip route add 2000::/3 dev tun1

Lets take a brief look at what each line does.

auto tun1 is used by the /etc/init.d/networking script. The auto parameter will instruct the script to automatically start or stop the interface. The script will get called during startup and will bring up this interface automatically. This line is entirely optional and depends on your personal preference.

iface tun1 inet6 v4tunnel starts the configuration block for a 6in4 tunnel. That is, IPv6 traffic encapsulated in IPv4 packets. This is extremely similar to how GRE works with purely IPv4 traffic.

address <your IPv6 address> is where you need to specify the IPv6 address assigned to your machine. This is typically ends in ::2.

netmask 64 specifies the subnet mask for the IPv6 address you entered above. 64 is the smallest recommended subnet (see RFC3627 for why they no longer use numbers such as 127). 64 is what you should normally expect to use.

ttl 64 specifies the Time to Live value set for packets sent by your tunnel endpoint. This only affects the IPv4 packet that is used to encapsulate your v6 traffic. It does not change the original IPv6 packet. Time to Live is a number of iterations a packet can live through before it should be discarded. This number is reduced by one on every router it passes enroute to its destination. 64 is used here because it restricts the packet to roughly the same region.

Here is a quick break down of default TTL values:

• 0 – restricted to same host
• 1 – restricted to same subnet
• 32 – restricted to same site
• 64 – restricted to same region
• 128 – restricted to same continent
• 255 – unrestricted

endpoint <remote IPv4 tunnel address> is the IPv4 address to send encapsulated IPv6 traffic to. Your IPv6 provider will provide you with their IPv4 tunnel endpoint address.

up ip link set mtu 1280 dev tun1. This statement reconfigures the interface from the default MTU to 1280 bytes. This is desirable to prevent fragmentation because of the IPv6 packet being encapsulated in an IPv4 packet.
NOTE: SixXS seems to use 1280 as their default for tunnels, other providers likely use 1480 (which is default). If you leave this line out of your configuration, it should default to 1480.

up ip route add 2000::/3 dev tun1. This last statement adds a default route for all IPv6 traffic to be sent through device tun1 which in turn would be encapsulated in an IPv4 packet and sent to the endpoint address of your IPv6 provider which would send it on its way through the IPv6 network.

After you have saved the file, the next step is to up the interface using ifup tun1 or if you decided to put in the auto tun1 line you can restart your networking services using the init script: /etc/init.d/networking restart.

One final note. You can name this tunnel interface anything you want. For example, every time tun1 was used above it could have been replaced with something more meaningful. For example, in SIXXS documentation, they usually call the interface sixxs.

IPv6, Linux 6in4, IPv6, Linux, Networking, Ubuntu

UPDATE 1/24/2009: I moved my static tunnel over to Hurricane Electric’s tunnel broker service. There are many advantages to them over SixXS and the client support seems to be a lot more friendly.

Recently, I requested a SIXXS tunnel to this box. Currently, the only IPv6 capable portion is the root domain website (onvox.net). I am unable to control the reverse DNS entry for the tunnel end-point preventing me from making e-mail IPv6 complaint as well. I will be experimenting with IPv6 connectivity, mainly for an upcoming project at work. To ensure you have accessed this site via IPv6, take a look at the bottom of the page for the “Client IP” to see the address you came from.

IPv6, Networking IPv6, Networking