Your Linux Data Center Experts

Another of the things on my list to play around with this holiday is IPv6. Luckily one of my providers, comcast, is doing a ipv6 trial setup, so it was possible to give it a quick whirl. Read on for how to set things up and issues I ran into.

My firewall box is a bit more complex of a setup than most people would have: it's got a connection to comcast, another to a dsl provider, a test network for test machines, a internal network, and a wireless network. This setup made playing with ipv6 a bit anoying, but I got things (somewhat) working in the end.

First, some links with good info: Comcast has a ipv6 info center with the info you need to set things up. Also, a excellent guide for ubuntu and comcast is available here, on linux.com.

Looking at the current options, I decided to go with the 6rd setup. Basically this sets up your machine to tunnel it's ipv6 traffic to comcasts 6rd border router. All your ipv6 traffic then passes through that border router. This is slightly better than the normal 6to4 setup people have been using, as that routes your traffic to a gateway that's likely to be much more remote (6rd has to be in your ISP), but it's otherwise just a superset of 6to4.

On the firewall I followed the instructions from the ubuntu link/script. Its pretty much exactly the same commands in Fedora. I ran into an issue at first where my 6rdtun device was sending things out with my DSL ip address, which was of course not working, but managed to get that fixed and everything came up. I was able to go out from my firewall just fine, and back to it from an external ipv6 enabled host.

At this point I was careful to setup ip6tables on my firewall. Happily this is just the same as any normal iptables setup in Fedora, so I had a simple firewall in no time. It's important to get that in place when you are using ipv6, as there's no nating that would protect internal machines. They are all on the net.

Next up was getting the other machines here enabled. For this I used radvd. I set it up for my internal network first and that was very easy to get going based on the instructions above. Putting my laptop on that network got me (transparently) a ipv6 address, and ipv6.google.com and similar sites came right up. Oddly, my main mail host (which is a libvirt kvm guest on a bridged host in that network) did not pick up the ipv6 address. I can only assume somehow the radvd advertisements didn't pass over the libvirt bridge correctly. I will look more at fixing that at some point, ideas welcome.

With the internal network working, I looked at setting up the test network. Unfortunately, I couldn't figure out how to do this. Comcast seems to be giving out /64 subnets with 6rd, and with radvd you can't subnet more than that, so I would have to setup some static ipv6 ips for all the machines here, which seems a waste. If anyone can see how to do this with multiple nets and avoid static ips, let me know.

So, it's nice to have some ipv6 enabled machines to test things with, given ipv6's ramping up hype. I doubt I will do too much more with it at this time, but it's nice that getting it setup with 6rd was pretty easy. It might make it possible for folks to start really moving to it. I look forward to comcasts increasing plans for migration.

comments powered by Disqus

Join our other satisfied clients. Contact us today.