Intro

Probably every and each one of have already heard about IPv6. Texts like "IPv4 is over" or "IPv4 Address-space is exhausted" are flooding the internet. So, why should I even bother about moving to IPv6? What are benefits?

Goal

In this article I am going to configure OpenWRT router to use IPv6. Because my ISP don’t provide such address I’ll use Hurricane Electric (he.net) IPv6-IPv4 tunnel.

At the end I’ll configure radvd daemon (router advertisement) and perform some tests on cluster, to ensure that everything works fine.

Why should I bother?

IPv6 brings many enhancements and I was wondering which one of them do I really need?. So I tried to answer to questions presented below:

1. Do I need so large address space?

Yes and no. I am not running so many physical machines to exhaust IPv4 addr-space, but I’ll have opportunity to get rid of NAT. I have various of reasons to address a few machines globally and with my current ISP I have only one IPv4 assigned. IPv6 promise me End-to-End delivery.

2. Broadcast is gone, multicast comes in. What does it change?

As multicast requires some more overhead (joining to multicast group) than broadcast, but it seems to be a nice feature. Auto configuration without DHCP (in fact I am still using DHCP for static address assignment) via NDP makes things simpler (as long as you don’t have thousands of hosts, as described here).

Another thing is anycast support, so that two interfaces can share one anycast address. Packets will be sent to the "nearest" destination.

Evantually, I found NAT-less routing the most useful feature. Of course, "public" addresses leaves some security concerns, but that is the price.

I could also describe IPv6 in details, by describing headers, MTU, mobile IP etc. But I believe the key point of switching is explained.

Tunnelbroker

There are multiple tunnel brokers, but those 2 has endpoints in many locations and offer best latency (at least for me):

I have decided to use HE, because they have location in Warsaw (which is the closest to me). In your case SixXS might be better, check it before you go on.

How does it work?



The idea is quite simple. All traffic between routers is encapsulated in IPv4 header, so that is routed to tunnelbroker endpoint. Then IPv4 header is removed.

In order to create IPv6-IPv4 tunnel, login to tunnelbroker.net and click "Create regular tunnel". Then provide your home IP address and select your endpoint location.

Openwrt configuration

At first you need to install 6in4 interface software:

opkg update opkg install 6in4

Next, create and configure interface:

uci set network.henet=interface uci set network.henet.proto=6in4 uci set network.henet.peeraddr='SERVER IPv4 ADDR' uci set network.henet.ip6addr='Your IPv6 Addr e.g 2001:470:70:5ff::2/64' uci set network.henet.ip6prefix='Your IPv6 prefix e.g 2001:470:71:5ff::/64' uci set network.henet.tunnelid='YOUR TUNNEL ID' uci set network.henet.username='USERNAME' uci set network.henet.password='UPDATE_KEY_OR_PASSWORD' uci commit network

Eventually, configure firewall and restart network:

uci set [email protected][1].network='wan henet' uci commit firewall /etc/init.d/network reload /etc/init.d/firewall reload

A bit of explanation

Let us analyse the following address: 2001:db8:1111:aaaa:1234:5678:9abc:def0

First half 2001:db8:1111:aaaa identifies the network,

the second half 1234:5678:9abc:def0 identifies interface id.

2001:db8:1111 is assigned by your ISP (/48) and :aaaa (/64) identifies subnet.

In IPv6 there are three types of unicast adresses:

Global (2000::/3) only for direct unproxied internet access

Unique local (fc007::/7) for inter-subnet access

Link local (fe80::/10) for everybody

If you wish to not make your interface globally accessible, you may want to use unique local (for inter-local-network) or link local address.

radvd

The Router Advertisement Daemon (radvd) is an open-source software product that implements link-local advertisements of IPv6 router addresses and IPv6 routing prefixes using the Neighbor Discovery Protocol (wikipedia).

First install radvd:

opkg update opkg install radvd

Next assign IPv6 prefix to selected network (e.g lan):

vi /etc/config/network config interface 'lan' ... option ip6addr '2001:470:71:5ff::1/64'

Configure radvd:

vim /etc/config/radvd # Change ignore to 0 option ignore 0 # Restart /etc/init.d/radvd restart # Enable forwarding in /etc/config/sysctl.conf net.ipv6.conf.all.forwarding=1

Testing

Ping ipv6.google.com on router:

[email protected]:~# ping6 -c 3 ipv6.google.com PING ipv6.google.com (2a00:1450:401b:800::200e): 56 data bytes 64 bytes from 2a00:1450:401b:800::200e: seq=0 ttl=55 time=38.818 ms 64 bytes from 2a00:1450:401b:800::200e: seq=1 ttl=55 time=37.533 ms 64 bytes from 2a00:1450:401b:800::200e: seq=2 ttl=55 time=34.753 ms --- ipv6.google.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 34.753/37.034/38.818 ms

Check IPs on host (and ping again):

ip addr | grep inet6 inet6 ::1/128 scope host inet6 2001:470:71:5ff:9259:afff:fe56:b81e/64 scope global mngtmpaddr dynamic inet6 fe80::9259:afff:fe56:b81e/64 scope link

Check neighbors