[afripv6-discuss] Configuring a 6to4 Relay in Linux
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Fri Jun 8 15:11:24 SAST 2007
Hi all,
This info provides the steps required in order to configure your Linux box
as a 6to4 Relay.
In order to proceed, you need to have a public IPv4 address on that box,
your own IPv6 prefix (provided by AfriNIC in this case) and IPv6 transit.
The Linux box (recommended 2.6.x or higher version) need to have IPv6
support and IPv6 routing enabled.
If you need help in order to acquire your IPv6 prefix from AfriNIC, let us
know and we can help even with the request form.
Similarly, we are able to help in making sure you have the right
configuration for IPv6 in your Linux and you can get IPv6 transit (native or
tunneling) either from your upstream, or alternatively, if that's not
possible, we will be able to provide free IPv6 transit to third party
networks.
Regards,
Jordi
Details of the example configuration
=====================================
The examples below is assuming that the public IPv4 address in the WAN
interface of the Linux is 192.1.2.3. You should replace that with the right
information for your own case, same with other data used in the example.
Also, you need to understand how to calculate the 6to4 IPv6 address for your
router. This is done using the IPv4 address and the IPv6 6to4 prefix.
The 6to4 prefix 2002::/16 is taking the first (high order) 16 bits. Then the
bits 17 to 48 are the nibble notation of your IPv4 address. So in our
example it will be:
192 = c0
1 = 01
2 = 02
3 = 03
So consequently:
2002:c001:0203::/48
We will use the first address of the prefix for the WAN interface, so
2002:c001:0203::1/128
Also, the anycast address for 6to4 is: 192.88.99.1
In the text below, both, the generic commands and example data is used.
A) Configure 6to4 tunneling using "ip" and a dedicated tunnel device
=====================================================================
Create a new tunnel device (a TTL must be specified because the default
value is 0):
# /sbin/ip tunnel add tun6to4 mode sit ttl <ttldefault> remote any local
<localipv4address>
# /sbin/ip tunnel add tun6to4 mode sit ttl 80 remote any local 192.1.2.3
Bring the interface up
# /sbin/ip link set dev tun6to4 up
Add local 6to4 address to interface (note: prefix length 16 is very
important!)
# /sbin/ip -6 addr add <local6to4address>/16 dev tun6to4
# /sbin/ip -6 addr add 2002:c001:0203::1/16 dev tun6to4
B) Display existing tunnels
============================
# /sbin/ip -6 tunnel show [<device>]
Example:
# /sbin/ip -6 tunnel show
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
sit1: ipv6/ip remote 195.226.187.50 local any ttl 64
C) Display routes to tunnels
=============================
# /sbin/route -A inet6
Example (output is filtered to display only tunnels through virtual
interface sit0):
# /sbin/route -A inet6 | grep "\Wsit0\W*$"
::/96 :: U 256 2 0 sit0
2002::/16 :: UA 256 0 0 sit0
2000::/3 ::193.113.58.75 UG 1 0 0 sit0
fe80::/10 :: UA 256 0 0 sit0
ff00::/8 :: UA 256 0 0 sit0
D) Configure 6to4 prefix route
================================
As have been seen on step C) there should be a route for the 2002::/16
prefix through the 6to4 tunnel interface.
If it this route doesn't exist, then:
# /sbin/ip -6 route add 2002::/16 dev tun6to4 metric 1
E) Configure IPv6 connectivity
================================
Because we are configuring a 6to4 relay it should have IPv6 connectivity
(either native or via a tunnel) through an IPv6 gateway (for our example we
use 2001:7f9:1::1 as GW address). After having configured an IPv6 address on
the corresponding interface, the default route should be configured:
If our IPv6 interface is interface eth0:
To configure the IPv6 address:
# /sbin/ip -6 addr add 2001:7f9:1::2/64 dev eth0
To add a default route:
# /sbin/ip -6 route add 2000::/3 via 2001:7f9:1::1 dev eth0 metric 1
F) Configure prefix advertisements
===================================
Somewhere on the Relay network, the device in charge of announcing prefixes
(typically a BGP router) should announce 2002::/16 prefix to its IPv6
peerings.
This would allow native IPv6 nodes to reach 6to4 nodes (2002::/16
addresses).
Regarding the IPv4 reachability of the Relay there are two options:
1) Configure the 6to4 anycast IPv4 address (192.88.99.1) and announce the
anycast prefix (192.88.99.0/24) to your IPv4 peerings.
2) Use another public IPv4 address.
If 1) is chosen 6to4 hosts will be able to find it automatically, with no
need for any manual configuration.
In case of choosing 2) some kind of advertisement of the IPv4 address is
needed (usually a FQDN-Fully Qualified Domain Name) in order to allow others
to configure our relay.
This will allow 6to4 nodes (2002::/16 addresses) to reach native IPv6 nodes
through our relay.
G) Making your configuration persistent
========================================
In order to make your configuration persistent a script could be used to be
executed at boot time. The idea is to have an script that executes all the
commands you need to configure everything as desired.
An example follows, it takes as argument the local host public IPv4
address:
#!/bin/sh
IPV4=$1
PARTS=`echo $IPV4 | tr . ' '`
PREFIX48=`printf "2002:%02x%02x:%02x%02x" $PARTS`
STF_IF="stf0"
STF_NET6="$PREFIX48":0000
STF_IP6="$STF_NET6"::1
ip tunnel add tun6to4 mode sit ttl 64 remote any local $IPV4
ip link set dev tun6to4 up
ip -6 addr add $STF_IP6/16 dev tun6to4
ip -6 addr add 2001:7f9:1::2/64 dev eth0
ip -6 route add 2000::/3 via 2001:7f9:1::1 dev eth0 metric 1
Also depending on the implementation some configuration could be done in
the system's network information files.
- Red Hat Distributions:
Add IPV6TO4INIT=yes to /etc/sysconfig/network-scripts/ifcfg-if for the
interface with the local IPv4 address
and add IPV6_DEFAULTDEV=tun6to4 to /etc/sysconfig/network.
You also should configure the default IPv6 route if needed.
Configuration examples may vary for other Linux distributions.
Annex A: Remove a 6to4 tunnel using "ip" and a dedicated tunnel device
=======================================================================
Remove all routes through this dedicated tunnel device
# /sbin/ip -6 route flush dev tun6to4
Shut down interface
# /sbin/ip link set dev tun6to4 down
Remove created tunnel device
# /sbin/ip tunnel del tun6to4
**********************************************
The IPv6 Portal: http://www.ipv6tf.org
Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
More information about the afripv6-discuss
mailing list