Attachment 222384 Details for Bug 253453 – Raw text about native IPv6 setup

Raw text about native IPv6 setup

ipv6.txt (text/plain), 6.00 KB, created by Poul-Henning Kamp on 2021-02-12 11:30:50 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Poul-Henning Kamp

Created: 2021-02-12 11:30:50 UTC

Size: 6.00 KB

patch

obsolete

>
>Hurray! My ISP offers IPv6
>--------------------------
>
>IPv6 configuration is separated from IPv4 configuration in /etc/rc.conf
>so whatever you have there to configure IPv4 is unaffected by all this.
>
>These examples assume that your ISP connection ends with a ethernet
>plugged into interface "ed0" on your FreeBSD machine.
>
>Simple Client Configuration
>---------------------------
>
>First we will set up the machine as a simple IPv6 client, by enabling
>IPv6 and starting rtsold(8) to takes care of getting an IPv6 number
>and the routes your ISP wants you to use.
>
>    # /etc/rc.conf
>    ipv6_cpe_wanif=ed0
>    rtsold_enable=yes
>    rtsold_flags="ed0"
>    ipv6_activate_all_interfaces=yes
>
>If the lofty promises of IPv6 auto-configuration holds, a reboot should
>connect you to the Internet Of The Future (est. 1995):
>
>    $ ping6 -c 3 freebsd.org
>    PING6(56=40+8+8 bytes) 2001:db8::18ff:fe0a:74a6 --> 2610:1c1:1:606c::50:15
>    16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=0 hlim=51 time=88.404 ms
>    16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=1 hlim=51 time=88.037 ms
>    16 bytes from 2610:1c1:1:606c::50:15, icmp_seq=2 hlim=51 time=87.954 ms
>
>If you look at your ethernet interface, you will see two IPv6 addresses:
>
>    $ ifconfig ed0
>    ed0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>	options=[â¦]
>	ether [â¦]:0a:7a:a6
>	inet [â¦]
>	inet6 fe80::230:18ff:fe0a:74a6%ed0 prefixlen 64 scopeid 0x1
>	inet6 2001:db8::18ff:fe0a:74a6 prefixlen 64 autoconf
>	media: [â¦]
>	status: active
>	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
>
>The last three bytes of the interface MAC address are reused
>in the IPv6 addresses, here `0a:7a:a6`, this is part of the magic
>autoconfiguration-sauce rtsold(8) does.
>
>You will not see `2001:db8::` but whatever your ISP's IPv6 prefix
>is for your end of their network, the  `prefixlen` may also be different.
>
>The `fe80::â¦` address is an automatic "link-local" address which
>is used by the autoconfiguration protocols.
>
>You will also have a pile of IPv6 routes now:
>
>    $ netstat -rn -f inet6
>    Routing tables
>    Internet6:
>    Destination                       Gateway                       Flags     Netif Expire
>    ::/96                             ::1                           UGRS        lo0
>    default                           fe80::92e2:baff:fe37:d760%ed0 UG          ed0
>    ::1                               link#7                        UH          lo0
>    ::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
>    2001:db8::/64                     link#1                        U           ed0
>    2001:db8::18ff:fe0a:74a6          link#1                        UHS         lo0
>    fe80::/10                         ::1                           UGRS        lo0
>    fe80::%igb0/64                    link#1                        U           ed0
>    fe80::230:18ff:fe0a:74a6%ed0      link#1                        UHS         lo0
>    fe80::%lo0/64                     link#7                        U           lo0
>    fe80::1%lo0                       link#7                        UHS         lo0
>    ff02::/16                         ::1                           UGRS        lo0
>
>The important one is obviously the default route.
>
>Spreading IPv6 to your entire network
>-------------------------------------
>
>The IPv6 world has autoconfiguration methods which allow a gateway to
>distribute an ISP provided IPv6 subnet to the rest of the network, but
>not all ISPs support that.
>
>Even if your ISP support it, it has the downside that your devices will
>change IPv6 addresses if your ISP feels like it, which can mean as often
>as your gateway restarts.
>
>For normal consumers that is probably fine, but if, like me, you have
>your own servers etc, that gets old soon.
>
>Like RFC1918 addresses for IPv4, RFC4193 defines private IPv6
>networks, and if you follow the instructions and use random numbers,
>you are unlikely to ever see another network using the same addresses
>as you did.
>
>In this example we will use RFC4193 addresses internally and use NAT
>to hide everything behind the single IPv6 address we got from the ISP.
>
>First we create our very own RFC4193 address:
>
>    $ dd if=/dev/random bs=5 count=1 | hexdump -C
>    00000000 PP QQ RR SS TT      |.....|
>    00000005
>
>Your RFC4193 compliant IPv6 network then becomes:
>
>    fdPP:QQRR:SSTT::
>
>Next assign a static address to the internal interface of the gateway,
>and there is a neat trick available here:
>
>If the internal `ie0` is configured for IPv4 like this:
>
>    # /etc/rc.conf
>    ifconfig_ie0="192.168.10.102/24"
>
>We can configure it for IPv6 like that:
>
>    # /etc/rc.conf
>    ifconfig_ie0_ipv6="inet6 fdPP:QQRR:SSTT::192.168.10.102/120"
>
>Unfortunately the does not work everywhere, but here it does.
>
>The math behind `/120` is `/(128 - (32 - 24))`, in case you used
>a different netmask for you internal network.
>
>We want the machine to act as a gateway:
>
>    # /etc/rc.conf
>    ipv6_gateway_enable=yes
>
>We need to start rtadvd(8) to answer the rtsold(8) requests
>from the machines on the inside:
>
>    # /etc/rc.conf
>    rtadvd_enable=yes
>    rtadvd_interfaces="ie0"
>
>And finally we need to tell pf(4) to NAT everything onto the IPv6 address we got from our ISP:
>
>    # /etc/pf.conf
>    if_ext="ed0"
>    [â¦]
>    nat on $if_ext inet6 from !($if_ext) -> ($if_ext:0)
>
>(A bug in FreeBSD-12 prevents this from working, you will have to enter
>the actual address on your `ed0` interface, and change it if/when your
>ISP changes their address-layout.)
>
>Reboot the gateway, and then configure a test machine on the internal network:
>
>    # /etc/rc.conf
>    ifconfig_ie0_ipv6="inet6 fdPP:QQRR:SSTT::192.168.10.81/120"
>    ipv6_cpe_wanif=ie0
>    rtsold_enable=yes
>    rtsold_flags=ie0
>    ipv6_activate_all_interfaces=yes
>
>Reboot the test machine and try if "ping6 freebsd.org" works.
>
>Notice that you do not need to configure a `defaultrouter` for IPv6,
>rtadvd(8) and rtsold(8) takes care of that.
>
>Footnote:  The choice of 'ed0' and 'ie0' interface names commemorates
>the two of the most important ethernet drivers in FreeBSD, when IPv6
>was rushed into existence 25 years ago.

Actions: View

Attachments on bug 253453: 222384