{"id":1064,"date":"2014-08-01T22:03:18","date_gmt":"2014-08-02T03:03:18","guid":{"rendered":"http:\/\/www.nathanhunstad.com\/blog\/?p=1064"},"modified":"2014-08-01T22:05:43","modified_gmt":"2014-08-02T03:05:43","slug":"adventures-in-networking-part-6-ipv6","status":"publish","type":"post","link":"http:\/\/www.nathanhunstad.com\/blog\/2014\/08\/adventures-in-networking-part-6-ipv6\/","title":{"rendered":"Adventures in Networking, Part 6: IPv6"},"content":{"rendered":"

This is finally the end of my series on setting up my EdgeRouter and all the fun I had with it. This part was the hardest part, but it was also quite the learning experience: getting IPv6 up an running on my router. It took a lot of work, muddling around with configs, and reading a lot of articles, but in the end I passed the IPV6 Test<\/a> with a score of 100%, which is something that I never could have done before. So read more to see the (current) conclusion of this endeavor.<\/p>\n

<\/p>\n

As I said early on<\/a>, I was really disappointed that my old setup would not allow me to access IPv6. I knew that my version of DD-WRT did not have IPv6 stack support, but I also knew that I didn\u2019t have access to IPv6, so it was a moot point. However, one day a couple of years ago, I decided to hook up my computer directly to my cable modem to see if Comcast was handing out IPv6 addresses in my area, bypassing my wireless router. Much to my surprise, it was, but of course I could not give up my Linksys router. Thus, I had to keep my current setup, now knowing that I was missing out on the future of the internet.<\/p>\n

My purchase of the EdgeRouter was driven partially by that IPv6 support. After I got everything else up and running, the last thing to do was to get IPv6 running. This, however, was far from easy. The first thing I did was search the EdgeOS forum for information, and found several posts. This one<\/a> was by far the most helpful, as it got me 90% of the way there. That last 10%, though, I had to figure out on my own.<\/p>\n

One big piece was properly configuring dhcp6c.conf. The file provided in that forum post was close, but left out a couple of key configuration settings. I spent a lot of time reading this online man page<\/a> for dhcp6.conf, figuring out that I was missing that darn prefix tag, and configuring the interfaces properly. Compared to that, the configuration of the interfaces themselves in EdgeOS was pretty easy.<\/p>\n

It still didn\u2019t work, though, which is when all of that Splunking<\/a> came in very handy. DHCP on IPv6 is different from IPv4, and there are crazy new things in IPv6 such as \u201cNeighbor Discovery\u201d and \u201cRouter Advertisement\u201d, which needed to run on the EdgeRouter configured via radvd.conf to announce to connected clients that an IPv6 address was available. I started reading RFCs like RFC 4861<\/a> (for Neighbor Discovery) and RFC 5175<\/a> (for Router Advertisements) which actually came in handy. Through trial and error, and changing firewall rules, I did finally get an IPv6 address and a \/64 prefix on my EdgeRouter, but it still wasn\u2019t getting to my attached client, namely the CentOS box I had on the wired LAN.<\/p>\n

Finally, I came across this page<\/a> on setting up SLAAC on RedHat Enterprise Linux, which CentOS is essentially based on. By setting IPV6_AUTOCONF=YES<\/span> and making sure the right firewall rules were in place, I received a publicly routable IPv6 address and finally passed that test with flying colors.<\/p>\n

About those firewall rules: just like the zone firewall rules set up in Part 4<\/a>, zone rules for IPv6 need to be set up for every source and destination zone pair. I took the firewall rule names that I started with (like LAN-WAN<\/span>) and simply added a \u20136 to the end to get LAN-WAN-6<\/span> as the naming convention for all of my rules. Thinking back on it now, it probably would be easier for Splunk field extraction to have used a \u20134 prefix for IPv4 rules to match the IPv6 rules, but it doesn\u2019t make much difference in the end. As for the rules themselves, they are pretty much copies of the IPv4 rules, with ports updated for things like DHCPv6.<\/p>\n

Although IPv6 is working for me, I am running using that \/64 prefix, which means one subnet for all of my devices. Comcast will allegedly provide a \/60 if you request one, which is something I have not been able to get working yet. Perhaps that will be the next thing I try.<\/p>\n

As for my current config, my dhcp6.conf file looks like this:<\/p>\n

 <\/p>\n

[codesyntax lang=”javascript”]<\/p>\n

# Default dhpc6c configuration: it assumes the address is autoconfigured using \r\n# router advertisements. \r\n# Comcast IPv6 PD\r\n\r\ninterface eth2 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 send rapid-commit; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 send ia-pd 1; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 send ia-na 1; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 request domain-name-servers; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 request domain-name; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 script \"\/etc\/wide-dhcpv6\/dhcp6c-script\"; \r\n}; \r\nid-assoc pd 1 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 prefix ::\/64 infinity; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 prefix-interface eth0 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sla-id 0; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sla-len 0; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 prefix-interface eth1 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sla-id 0; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sla-len 0; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }; \r\n}; \r\nid-assoc na 1 { \r\n};<\/pre>\n
[\/codesyntax]<\/p>\n
 <\/p>\n
My full, updated interface configuration looks like this:<\/p>\n
[codesyntax lang=”javascript”]<\/span><\/p>\n
interfaces { \r\n\u00a0\u00a0\u00a0 ethernet eth0 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address 192.168.2.254\/24 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description \"Wired LAN\" \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 duplex auto \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ipv6 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dup-addr-detect-transmits 1 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 router-advert { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cur-hop-limit 64 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 link-mtu 0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 managed-flag false \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 max-interval 60 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 other-config-flag false \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 prefix ::\/64 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 autonomous-flag true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 on-link-flag true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 valid-lifetime 86400 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 reachable-time 0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 retrans-timer 0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 send-advert true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 speed auto \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 ethernet eth1 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address 192.168.1.254\/24 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description \"Wireless LAN\" \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 duplex auto \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ipv6 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dup-addr-detect-transmits 1 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 router-advert { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cur-hop-limit 64 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 link-mtu 0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 managed-flag false \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 max-interval 600 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 other-config-flag false \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 prefix ::\/64 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 autonomous-flag true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 on-link-flag true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 valid-lifetime 86400 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 reachable-time 0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 retrans-timer 0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 send-advert true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 speed auto \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 ethernet eth2 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address dhcp \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address dhcpv6 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description WAN \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 duplex auto \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 firewall { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 local { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ipv6 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dup-addr-detect-transmits 1 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 speed auto \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 loopback lo { \r\n\u00a0\u00a0\u00a0 } \r\n}<\/pre>\n
[\/codesyntax]<\/span><\/p>\n
For the wide-dhcpv6-client<\/span> file in \/etc\/default<\/span>, I simply set INTERFACES=\u201deth2\u201d<\/span> as that is my WAN interface that DHCPv6 needs to run on. The start-dhcpv6-client<\/span> file in \/config\/scripts\/post-config.d<\/span> is the same as in the link:<\/p>\n
[codesyntax lang=”javascript”]<\/span><\/p>\n
#!\/bin\/bash \r\necho 1 > \/proc\/sys\/net\/ipv6\/conf\/all\/forwarding \r\necho 2 > \/proc\/sys\/net\/ipv6\/conf\/eth0\/accept_ra \r\n\/etc\/init.d\/wide-dhcpv6-client start \r\n\/etc\/init.d\/radvd restart<\/pre>\n
[\/codesyntax]<\/span><\/p>\n
And that\u2019s all! My last post tomorrow will be a summary and full config file for those who want to see how it is running.<\/p>\n","protected":false},"excerpt":{"rendered":"
This is finally the end of my series on setting up my EdgeRouter and all the fun I had with it. This part was the hardest part, but it was also quite the learning experience: getting IPv6 up an running on my router. It took a lot of work, muddling around with configs, and reading… Continue reading Adventures in Networking, Part 6: IPv6<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[113,251,255,249,250],"class_list":["post-1064","post","type-post","status-publish","format-standard","hentry","category-tech-2","tag-computer","tag-edgeos","tag-ipv6","tag-networking","tag-router","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/comments?post=1064"}],"version-history":[{"count":2,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1064\/revisions"}],"predecessor-version":[{"id":1066,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1064\/revisions\/1066"}],"wp:attachment":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/media?parent=1064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/categories?post=1064"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/tags?post=1064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}