[clug] IPv6 for home

Francis James Whittle fj.whittle at gmail.com
Sat Dec 31 19:45:28 MST 2011 

On Sun, 2012-01-01 at 12:52 +1100, Michael Still wrote:
> 
> Yeah, I think I wasn't clear here though. Is there any tangible
> advantage to going and getting a netblock assigned to my house? Is it
> exciting in some way I can't imagine to have each machine on the
> network have an permanent externally routable IP?
> 

Yes - NAT sucks.  This is the case at the ISP level *and* the
subscriber level.  The people who designed IPv6 would like NAT killed
with fire.  Any device in your home that you want to be able to talk to
the IPv6 internet ought to have an externally routable IPv6 address.


> > OK, install radvd and set up an /etc/radvd.conf file looking
> > something like this:
> > 
> > interface eth0 { AdvSendAdvert on; prefix 2001:mika:lsip:rnge::/64 
> > { AdvOnLink on; AdvAutonomous on; }; };
> > 
> > Your homework is to work out what bits to change and, possibly,
> > what I've left out.  Steve Walsh may be able to help there too :-)
> 
> For reference, the LAN netblock is provided by internode at
> https://secure.internode.on.net/myinternode/sys2/ipv6settings
> 
> So, I did this. The interface on the DNS / DHCP machine now has a
> reasonable looking IPv6 address. However, there are no IPv6 routes on
> the machine that I can see. In fact, if I ping6 the external IP for
> the DSL modem, I get told the "network is unreachable".
> 
> External brain -- please think more for me.

Two things to keep in mind:

It's important that your interface is the one you'll be serving requests
to, not your main gateway interface.  It will also need an IPv6 address,
in the range of the given prefix.

You almost certainly want to have a /64 prefix advertised there.  This
is less confusing for devices, as they generally only make up the last
64 bits of address.  (eg. I have 2407:2600:fe00::/56 but only advertise
2407:2600:fe00::/64 — and sometimes 2407:2600:fe00:1::/64 for some
virtual machines, though I really don't need to)

Final sanity check, now.  Routing.  My (non-gateway) machine:

$ ip -f inet6 route
2407:2600:fe00::/64 dev eth1  proto kernel  metric 256  expires 86366sec
fe80::/64 dev eth1  proto kernel  metric 256 
default via fe80::5ed9:98ff:fe68:4548 dev eth1  proto kernel  metric 1024  expires 1779sec

$ ip -f inet6 addr show eth1
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2407:2600:fe00:0:*:*:*:9ac3/64 scope global dynamic 
       valid_lft 86366sec preferred_lft 86366sec
    inet6 fe80::*:*:*:9ac3/64 scope link 
       valid_lft forever preferred_lft forever

Your machine should show something similar, though possibly not on eth1.

(Yes, I know I've left the link local address of my router in there,
and enough information to determine a public address;  Hackers won't
find anything there).

Protip:  You should be able to find the link local address of your
gateway with:

ping6 -I <your interface name here> ff02::2

If not, something’s not configured properly.

For posterity, here's my radvd.conf from before I bought a 6in4 capable
router:

interface wlan0 {
    AdvSendAdvert on;
    AdvLinkMTU 1280;
    prefix 2407:2600:FE00::/64
    {
	AdvOnLink on;
	AdvAutonomous on;
    };
    RDNSS 2407:2600:FE00::1 {
    };
};

This machine was statically configured at 2407:2600:FE00::1

The RDNSS clause tells autoconfiguration clients where to find a
recursive DNS server.  This turns out to not be too much use for the
time being unless you're also running NAT64 on a v6-only internal
network (I'd advise against trying this unless you're really brave).

More information about the linux mailing list