Ipv6 routing in linux

IPv6 router guide

This guide provides details on setting up IPv6 routing on a Gentoo Linux system.

• 1 Installation
  • 1.1 Kernel
  • 1.2 Emerge
    • 1.2.1 Additional software
    • 2.1 Obtaining an address and prefix
    • 2.2 Enable forwarding
    • 2.3 Stateless configuration
    • 2.4 Stateful configuration
    • 2.5 Service
      • 2.5.1 OpenRC
      • 3.1 IPv6 and DNS
      • 3.2 BIND configuration
      • 3.3 DJBDNS configuration
      • 4.1 Using radvd
      • 5.1 Package is missing IPv6 support

      Installation

      Kernel

      Any kernels version v2.6.0 or higher can support IPv6.

      [*] Networking support ---> Networking options ---> The IPv6 protocol --->

      Emerge

      Tip
      The ipv6 USE variable may need to be enabled for some packages, and can be added to /etc/portage/make.conf .

      Additional software

      There are a few packages which specifically deal with IPv6 items. Most of these are located in the net-misc category.

      Package	Description
      net-misc/radvd	Router advertisement daemon
      net-misc/dhcpd	ISC DHCP server, DHCPv4 and DHCPv6 capability
      net-misc/dibbler	DHCPv6 server
      net-misc/ipv6calc	Converts an IPv6 address to a compressed format
      dev-perl/Socket6	IPv6 related part of the C socket.h defines and structure manipulators

      Confirming IPv6 status

      If IPv6 is enabled, the loopback device should show an IPv6 address:

      1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet6 ::1/128 scope host valid_lft forever preferred_lft forever

      Configuration

      Obtaining an address and prefix

      dhcpcd can be used to obtain a single /128 address for the WAN interface, and a /64 prefix for the LAN interface:

      FILE /etc/dhcpcd.conf Request a prefix for eth0.lan to be routed publicly with eth0.wan.

      # Disable router solicitations for all interfaces, enable only for selected ones noipv6rs # Interface configuration for the wan vlan on the eth0 interface interface eth0.wan # Enable router solicitation for this interface ipv6rs # Request a normal address usins iaid 1 for interface eth0.wan ia_na 1 # Request a prefix using iaid 2 and assign it to the eth0.lan interface using sla_id 0 ia_pd 2 eth0.lan/0

      Warning
      rfc6177 is barely seen as a recommendation by residential ISPs, Prefix Delegation may not work.

      Enable forwarding

      IPv6 packet forwarding must be enabled in kernel before a system can function as a router, this can be done using sysctl :

      Important
      The radvd init script used later enables (and disables) forwarding, making the next step unnecessary.

      To assign IPv6 addresses to clients, the IPv6 specification allows for both stateless and stateful IP assignment. Stateless assignment uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called «stateless» because there is no record of IPs assigned and the host they are assigned to. Stateful assignment is handled by DHCPv6. It is «stateful» because the server keeps a state of the clients who have requested IPs and received them.

      Note
      Stateless IP assignment is designed for routing and connectivity, DHCPv6 is required to assign addresses, and information such as DNS servers.

      Stateless configuration

      Stateless configuration is easily accomplished using the Router Advertisement Daemon, or radvd :

      /etc/radvd.conf is used to configure radvd , and is not created by default. This sample used the prefix assigned by the tunnel broker.

      Important
      Make sure the specified interface is correct, so that router advertisements are broadcasted on the correct interface. This interface should be the inner interface.

      Stateful configuration

      To have a stateful configuration, install and configure net-misc/dibbler.

      Configure the dibbler client by editing /etc/dibbler/client.conf .

      Now start the dibbler client, and configure it to start at boot:

      Service

      OpenRC

      To start radvd and start it on boot:

      DNS setup

      IPv6 and DNS

      Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. (This is because IPv4 is an address space of 2^32 while IPv6 is an address space of 2^128). For reverse DNS, the INT standard is deprecated but still widely supported. ARPA is the latest standard. Support for the ARPA format will be described here.

      BIND configuration

      Recent versions of BIND include excellent IPv6 support. This section will assume at least minimal knowledge about the configuration and use of BIND. We will assume that bind is not running in a chroot. If this assumption is wrong, simply append the chroot prefix to most of the paths in the following section.

      First add entries for both forward and reverse DNS zone files in /etc/bind/named.conf .

      ## (We allow bind to listen to IPv6 addresses. ## Using 'any' is the only way to do it prior to bind-9.3) options < [. ] listen-on-v6 < any; >[. ] >; ## (This will provide the forward DNS for the domain 'ipv6-rules.com':) zone "ipv6-rules.com" IN < type master; file "pri/ipv6-rules.com"; >; ## (This format for reverse DNS is "bitwise." It's done by taking the IPv6 prefix, ## reversing the order of the numbers and putting a period between each number) zone "6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa" < type master; file "pri/rev-ipv6-rules.com.arpa"; >;

      Now zone files and entries will need added for all hosts:

      $TTL 2h @ IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. ( 2003052501 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum NS ns1.ipv6-rules.com IN AAAA 2001:470:1f00:296::1 ; address for ipv6-rules.com host1 IN AAAA 2001:470:1f00:296::2 ; address for host1.ipv6-rules.com host2 IN AAAA 2001:470:1f00:296::3:3 ; address for host2.ipv6-rules.com

      $TTL 3d ; Default TTL (bind 8 needs this, bind 9 ignores it) @ IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. ( 2003052501 ; Serial number (YYYYMMdd) 24h ; Refresh time 30m ; Retry time 2d ; Expire time 3d ) ; Default TTL IN NS ns1.ipv6-rules.com. ; IPv6 PTR entries $ORIGIN 6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ipv6-rules.com. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host1.ipv6-rules.com. 3.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0 IN PTR host2.ipv6-rules.com.

      DJBDNS configuration

      There are currently some third-party patches available to the net-dns/djbdns package that allow it to do IPv6 name serving. DJBDNS can be installed with these patches by emerging it with ipv6 in the USE variable.

      Warning
      Not all record types are support yet with these patches. In particular, NS and MX records are not supported.

      After djbdns is installed, it can be setup by running tinydns-setup and answering a few questions about which IP addresses to bind to, where to install tinydns, etc.

      Assuming tinydns has been installed into /var/tinydns , edit /var/tinydns/root/data . This file will contain all the data needed to get tinydns handling DNS for the IPv6 delegation.

      ## (*.ipv6-rules.com is authoritatively handled by 192.168.0.1) .ipv6-rules.com:192.168.0.1:a:259200 ## (Authoritative reverse DNS for 2001:470:1f00:296::/64) .6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa:192.168.0.1:a ## (Specify the IPs for host1 and host2) 6host1.ipv6-rules.com:200104701f0002960000000000000001:86400 6host2.ipv6-rules.com:200104701f0002960000000000000002:86400 ## (Point www to host1) 3www.ipv6-rules.com:200104701f0002960000000000000002:86400

      Lines prefixed with a 6 will have both an AAAA and a PTR record created. Those prefixed with a 3 will only have an AAAA record created. Besides manually editing the data file, it is possible to use the scripts add-host6 and add-alias6 to add new entries. After changes are made to the data file, simply run make from /var/tinydns/root . This will create /var/tinydns/root/data.cfb , which tinydns will use as its source of information for DNS requests.

      IPv6 clients

      Using radvd

      Clients behind this router should now be able to connect to the rest of the net via IPv6. If using radvd, configuring hosts should be as easy as bringing the interface up. (This is probably already done by the net.ethX init scripts).

      1: eth0: mtu 1400 qdisc pfifo_fast qlen 1000 link/ether 00:01:03:2f:27:89 brd ff:ff:ff:ff:ff:ff inet6 2001:470:1f00:296:209:6bff:fe06:b7b4/128 scope global valid_lft forever preferred_lft forever inet6 fe80::209:6bff:fe06:b7b4/64 scope link valid_lft forever preferred_lft forever inet6 ff02::1/128 scope global valid_lft forever preferred_lft forever

      Should this not work ensure that the IPv6 firewall is allowing ICMPv6 packets through:

      Troubleshooting

      Package is missing IPv6 support

      Packages will typically emerge with the ipv6 USE flag, but if IPv6 is not working on a specific program, checking that it is built with that is a good first step.

      Note
      There is no issue adding USE=»ipv6″ to /etc/portage/make.conf , but this is often unnecessary.

      Note
      Some packages (erroneously) detect IPv6 support automatically and hence have no ipv6 USE flag. Thus not all packages, which should support IPv6, will support it if they have not been compiled with an IPv6 enabled kernel.

      See Also

      External resources

      There are many excellent resources online pertaining to IPv6.

      • www.ipv6.org — General IPv6 information
      • www.linux-ipv6.org/ — USAGI project
      • www.deepspace6.net — Linux/IPv6 site
      • www.kame.net — *BSD implementation

      On IRC, try the #ipv6 ( webchat ) channel on Libera.Chat. Connect to the Libera.Chat servers using an IPv6 enabled client by connecting to irc.ipv6.libera.chat.

      This page is based on a document formerly found on our main website gentoo.org.
      The following people contributed to the original document: Peter Johanson, Jorge Paulo, Camille Huot, Pasi Valminen, , Markos Chandras (Hwoarang)
      They are listed here because wiki history does not allow for any external attribution. If you edit the wiki article, please do not add yourself here; your contributions are recorded on each article’s associated history page.

      Источник

      Linux IPv6 Route

      IPv6 is the future. Knowing how to add a Linux IPv6 route is an important skill. Not everybody is using IPv6 on their network. Often times people may not even be familiar with basic operations even though they are completely OK with IPv4.

      We are going to use eth0 as the device name in most of our examples. The interface may be named differently. It could look something like this: enp0s25.

      

      Showing Linux IPv6 Routes

      There are a few different ways to view existing IPv6 routes on a Linux system.

      You can show all IPv6 routes on your Linux system like this:

      If you want to show your IPv6 routes them for a specific interface, for example eth0, you can specify it like this:

      You can also do this using the route command.

      If you want to filter based on a specific interface, you can grep for that interface name.

       route -A inet6 |grep -w "eth0" 

      Add and Removing a Linux IPv6 Route

      NOTE — Unless you are running as root, you will probably want to run these commands with sudo.

      

       sudo ip -6 route add 2000::/3 via 2001:0db8:0:f101::1 sudo route -A inet6 add 2000::/3 gw 2001:0db8:0:f101::1 

       sudo ip -6 route add 2001:db8:0:1::0/64 dev eth0 sudo ip -6 route add 2000::/3 dev eth0 metric 1 sudo route -A inet6 add 2000::/3 dev eth0 

       sudo ip -6 route del 2000::/3 via 2001:0db8:0:f101::1 sudo route -A inet6 del 2000::/3 gw 2001:0db8:0:f101::1 

       sudo ip -6 route del 2001:db8:0:1::0/64 dev eth0 sudo ip -6 route del 2000::/3 dev eth0 sudo route -A inet6 del 2000::/3 dev eth0 

      

      References

      Источник

      Читайте также:  Unifi network application linux