IPv6 host configuration

Port Elizabeth, South Africa 2005

János Mohácsi
NIIF/HUNGARNET

Copy …Rights
• This slide set is the ownership of the 6DISS project via its
partners

• The Powerpoint version of this material may be reused and

modified only with written authorization

• Using part of this material must mention 6DISS courtesy

• PDF files are available from www.6diss.org

1
 Contributions
• Main authors
– János Mohácsi, NIIF/HUNGARNET - Hungary
• Contributors
– Jérôme Durand, Renater, France
– Gunter van de Velde, Cisco, Belgium

IPv6 Support – Operating Systems

IPv6
Vendor Versions More Info
Support
XP and .NET server
Microsoft YES 2003, CE .NET http://www.microsoft.com/ipv6
Pocket PC 2003
Sun YES Solaris 8, 9 and 10 http://wwws.sun.com/software/solaris/ipv6/
z/OS Rel. 1.4, AIX 4.3
IBM YES http://www-3.ibm.com/software/os/zseries/ipv6/
OS/390 V2R6 eNCS
FreeBSD 4.0
OpenBSD 2.7, NetBSD http://www.kame.net/
BSD YES
1.5
BSD/OS 4.2
http://www.bieringer.de/linux/IPv6/status/IPv6+
RH 6.2, Mandrake 8.0,
Linux YES Linux-status-distributions.html
SuSE 7.1, Debian 2.2
HP-UX 11i
http://h18000.www1.hp.com/ipv6/next_gen.htm
HP/Compaq YES Tru64 UNIX V5.1
l
OpenVMS V5.1
http://www.novell.com/documentation/lg/nw65/
Novell YES Netware 6.1 index.html?page=/documentation/lg/nw65/read
me/data/ajzlp6r.html
Apple YES MAC OS X 10.2 http://developer.apple.com/macosx/

2
 IPv6 on Windows
• Full support
– Windows XP SP 1 and later (Adv Net or SP2 recommended)
– Windows Server 2003 (no full application support)
• Technology preview
– Windows XP with no SP
– Windows 2000 (no compatible with SP2 or later)
• Developer Edition
– Windows NT 4.0 (source was available)
• No official support but third party products available
– Windows 95/98/ME
• Supported features:
– autoconfiguration, IPv4 tunnel, 6to4 tunnel, 6to4 relay, ISATAP
tunnel, IPSec (manual keying)

IPv6 in Windows XP
• Not installed by default, and installation varies on
service packs
• SP1 additions:
– vendor support
– GUI installation
– configuration via netsh command
• SP2 additions
– Teredo client
– host-specific relay support
– IPv6 firewall

3
IPv6 installation in Windows XP
• No service packs
– type ipv6 install from the command prompt
• SP1
– install protocol “Microsoft IPv6 Developer Edition”
from Connection Properties window
• SP2
– install protocol “Microsoft TCP/IP version 6” from
Connection Properties window

Windows XP configuration/1
• Command for IPv6 configuration
– netsh interface ipv6
– ipv6 (will be discontinued, not present in Windows
Server 2003)
• Autoconfiguration is working
– netsh interface ipv6 4
– interface 1 - loopback
– interface 2 - ISATAP
– interface 3 - 6to4 interface
– interface 4... – real network interfaces
– interface 5 – Teredo interface

4
 Windows XP configuration/2
• Set manual address
– netsh ipv6 interface {add|set} address
[interface=] <interface> [address=] <address>
– <interface> - interface name or index
– <address> - address in IPv6 format

• Deleting manual address:

– netsh ipv6 interface delete address
[interface=] <interface> [address=] <address>

Windows XP configuration/3
• Set/remove static IPv6 route:
netsh ipv6 interface {add|set|delete} route
[prefix=]<prefix>/<length>
[interface=]<interface> [[nexthop=] <address>]
• Applications:
– ipconfig, netstat, ping6, tracert6, pathping
– All Wininet.dll based applications
• ftp, telnet, IExplorer, Windows Media Player
• Windows 2003 server
– netsh interface ipv6 (only!)
– file/print sharing-et (site-local) supported over IPv6
– IIS and media server
– No Support: Exchange/Outlook ort OutlookExpress

5
 Windows XP configuration/4
• Neighbor cache:
– netsh interface ipv6 show neighbors
(ipv6 nc)
• IPv6 routing table
– netsh interface ipv6 show routes (ipv6
rt)
• Reconfiguration
– netsh interface ipv6 renew (ipv6 renew)
• Address selection policy
– netsh interface ipv6 show prefixpolicy
– netsh interface ipv6 set prefixpolicy
[prefix=]<prefix>/<length>
[precedence=]precedence [label=]label

What Windows cannot do with

IPv6
• DNS messages over IPv6
– not for Windows XP, but Windows Server 2003 can,
there is a builtin proxy for it.
• DNS update
– Dynamic DNS update for IPv6 addresses supported
– only global address registered – with stable
address (force it ipconfig /registerdns )
• IPv6 support for file and print sharing
– Windows 2003 can
• IPv6 support for the WinInet, IPHelper, and
DCOM APIs

6
 Windows XP configuration/4
• IPSec
– ipsec6 sp/sa/s/l
– No ESP support by default
• .NET
– IPv6 support, but IPv6 literal address does not work
• IPv6 firewall support after SP2 or Advanced networking pack
• IPv6 teredo support after SP2 or Advanced networking pack
• Application:
– www.threedegrees.com - instant messaging + p2p stream
sharing
• Further information: http://www.microsoft.com/ipv6
• Important! You should switch on IPv6 support if you have IPv6
connectivity or you have to tweak RFC3484 knobs.

Windows XP configuration/5
• Windows XP ICF – same rules for IPv4 and IPv6
– Show configuration:
• netsh firewall show globalport
• netsh firewall show adapter
– Set configuration
• set globalport [port#=enable|disable] [name=name]
[protocol=tcp|udp]
• set adapter [name] [icmp type#=enable|disable] [port
port#=enable|disable [name=name] [protocol=tcp|udp]]
[ignoreglobalport port#=enable|disable] [name=name]
[protocol=tcp|udp]] [filtering=enable|disable]
• set logging [filelocation=<location>]
[filesize=integer] [droppedpackets=enable|disable]
[successfulconnections=enable|disable]
• After SP2
– in the firewall you can configure Path MTU discovery support
– per process configuration possible
• Further information:
http://www.microsoft.com/technet/community/columns/cableguy/cg0104.mspx

7
 Reminder about RFC3484
• Multiple source addresses: - linklocal, global,
tunneling, mobile, choosing IPv6 or IPv4 for
communication – which one to select?
– implement sorting in getaddrinfo()- via policy table:

prefer native IPv6 prefer IPv4

Prefix Precendence Label Prefix Precendence Label

::1/128 50 0 ::1/128 50 0

::/0 40 1 ::/0 40 1

2002::/16 30 2 2002::/16 30 2

::/96 20 3 ::/96 20 3

::ffff:0:0:/96 10 4 ::ffff:0:0:/96 100 4

IPv6 on *BSD

• Supported:
– autoconfiguration, IPv4 tunnel, 6to4, MLDv1, IPSec,
Jumbogram, ICMP mode information query, TRT,
privacy extension
• Available: since FreeBSD 4.0, OpenBSD 2.7,
NetBSD 1.5
• KAME extension:
– NAT-PT, DHCPv6, PIM-(S)SM, multicast DNS, EDNS
resolver, ISATAP (not any more), anycast (integrated)

8
 FreeBSD configuration /1
• Installation: not necessary, the default
kernel has it
• The installer asking for IPv6 support:
– ipv6_enable=”yes” in
/etc/rc.conf
– Autoconfiguration is working
• ifconfig -a

FreeBSD configuration /2

• Manual address configuration

– ipv6_prefix_fxp0=”2001:db8:1:2”
– ipv6_ifconfig_fxp0=”2001:db8:1:2
::1 prefixlen 64”
– then /etc/netstart
– or ifconfig
• Neighbor cache:
– ndp -a
• routing table:
– route/netstat

9
 FreeBSD configuration /3
• Configuration of further addresses
– ipv6_ifconfig_if0_alias0="fec0:0:0:
5::2/64"
• What about if you don’t have IPv6 connectivity
– ip6addrctl(8) program – according RFC3484 you
can adjust default address selection
#preferip4connection_policy
#Prefix Precedence Label
::1/128 50 0
::/0 40 1
2002::/16 30 2
::/96 20 3
::ffff:0:0/96 100 4

FreeBSD configuration /3
• Reconfiguration
– rtsol fxp0
• Applications:
– ping6, traceroute6, ftp, telnet, r* commands,
sendmail, apache, Mozilla, proftpd, OpenSSH, LPD,
NFS/YP (FreeBSD 5.0 tól), courier-imap ,irc,
openldap, tftp, tcpdump, inn, tin
• Further information:
http://www.freebsd.org ,
http://ipv6.niif.hu/faq ,
http://www.hs247.com ,
http://www.kame.net

10
Configuring routing on FreeBSD -
tunneling
• Configure an IPv6 in IPv4 tunnel
– ifconfig gif1 create
– ifconfig gif1 tunnel @IPv4_source @IPv4_dest
– ifconfig gif1 inet6 @IPv6_address up
• Configure an IPv6 in IPv6 tunnel
– ifconfig gif1 create
– ifconfig gif1 tunnel @IPv6_source @IPv6_dest
– ifconfig gif1 inet6 @IPv6_address up

Configuring routing on FreeBSD

– static routes
• Configure a static route
– Default route
route add -inet6 default fe80::X:X:X:X%interface
route add -inet6 default X:X:X:X::X (if global address)
– Others
route add –inet6 X:X:X:X:: -prefixlen YY X:X:X:X::X
route add –inet6 X:X:X:X:: -prefixlen YY
fe80::X:X:X:X%interface

• %interface notation
If link-local address, need to specify on which interface
the address is available

11
 Configuring routing on FreeBSD
– permanent tunnels
• Add to /etc/rc.conf
– Create tunnel interfaces
cloned_interfaces="gif0 gif1” – number of tunnels
– Configure tunnel
gifconfig_gif0="10.1.1.1 10.1.1.2“
ipv6_ifconfig_gif0="2001:db8:1:2::1 prefixlen 64“

– Configure static routes

ipv6_static_routes="net1“
ipv6_route_net1="2001:db8:0000:0006:: -prefixlen 64
gif0"

Configuring routing on
FreeBSD/3
• RIPng: route6d daemon
route6d
-L IPv6_prefix,interface (receives only prefixes
derived from IPv6_prefix on interface interface)
-N interface (do not receive and advertise routes on
interface)
-O IPv6_prefix, interface (advertise only on interface
the IPv6 prefix)

12
 Configuring routing on
FreeBSD/4

• Router advertisement: /etc/rtadvdv.conf

• default:\
:chlim#64:raflags#0:rltime#1800:rtime#0:retrans#0:\
:pinfoflags="la":vltime#2592000:pltime#604800:mtu#auto:
• ef0:\
:addr=“2001:db8:ffff:1000::":prefixlen#64:tc=default:

IPv6 on Linux
• Supported:
– autoconfiguration, IPv4 tunnel, 6to4
– since Kernel 2.2.x recommended at least 2.4.8
• USAGI patch (mostly included in 2.6.x
series)
– Node information query, anycast, ISATAP,
privacy extension, IPSec, applications, bug-fix,
mobile IP

13
 General Linux configuration/1

• Kernel compile options:

– CONFIG_IPv6=m/y
– If the IPv6 module is loaded, file
/proc/net/if_inet6 should be present
– IPv6 module can be loaded by modprobe ipv6

• Autoconfiguration supported
• ifconfig

General Linux configuration/2

• Address configuration
•ifconfig <interface> inet6 add
<ipv6address>/<prefixlength>
• Neighbor cache:
•ip -6 neigh show
• IPv6 routing table:
•route -A inet6/netstat

14
 Redhat configuration/1
• # Enabling Global IPv6 support
/etc/sysconfig/network file:
NETWORKING_IPV6="yes"
• # Enabling IPv6 support on a particular interface
/etc/sysconfig/network-scripts/ifcfg-eth0 file:
IPV6INIT="yes"
• # Configuring IPv6 interface address
/etc/sysconfig/network-scripts/ifcfg-eth0 file:
IPV6ADDR="3FFE:2F00:20::291D:6A83/48“
• # Default route configuration:
/etc/sysconfig/static-routes-ipv6 file:
eth0 ::/0 3FFE:2F00:20::922:A678

Fedore configuration/1
• (Fedora Core 2 only) Append to /etc/sysconfig/network:
– NETWORKING_IPV6=yes
– IPV6_DEFAULTDEV=“your exit device e.g. tun6to4”
• (Fedora Core 1 only) Append to /etc/sysconfig/network:
– NETWORKING_IPV6=yes
– IPV6_GATEWAYDEV=“your exit device e.g. tun6to4”
• 6to4 gateway- Append to /etc/sysconfig/network-
scripts/ifcfg-eth0:
– IPV6INIT=yes
– IPV6TO4INIT=yes

15
 Redhat configuration/2
• Applications:
– ping6, traceroute6, tcpdump, tracepath6, apache,
bind, imap (xinetd), sendmail, openssh, telnet, ftp,
mozilla, lynx, wget, kde, xchat,
• Further information:
– http://www.bieringer.de/linux/IPv6/
http://www.hs247.com,
http://www.linux-ipv6.org/

Debian configuration/1

• Main URL:
http://people.debian.org/~csmall/ipv6/
• Enabling IPv6
You should put "ipv6" in "/etc/modules"
• Address configuration: "/etc/network/interfaces" :
iface eth0 inet6 static
address 2001:XXXX:YYYY:ZZZZ::1
netmask 64

16
 Debian configuration/2

• Tunnel configuration: "/etc/network/interfaces" :

iface tun0 inet6 v4tunnel
endpoint A.B.C.D
address 2001:XXXX:1:YYYY::2
gateway 2001:XXXX:1:YYYY::1
netmask 64

Debian configuration/3

• RA configuration on Debian router

"/etc/radvd.conf" :
interface eth0
{
AdvSendAdvert on;
AdvLinkMTU 1500;
prefix 2001:XXXX:YYYY:ZZZZ:/64 {
AdvOnLink on;
AdvPreferredLifetime 3600;
AdvValidLifetime 7200;
};
};

17
 Debian configuration/4
• Configuration on router:
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.router_solicitations = 0
• Firewalls
iptables -I INPUT -j ACCEPT --proto 41

Solaris configuration/1

• Supported since Solaris 8

– autoconfiguration, IPv4 tunnel, 6to4, IPSec,
applications

18
 Solaris configuration/2

• Autoconfiguration
existing "/etc/hostname6.<intf>"
• Static address configuration:
"/etc/hostname6.<intf>" :
addif 2001:db8:1:2::100 up
• Static name ↔IPv6 address resolution:
in /etc/inet/ipnodes
• DNS resolution should be enabled
/etc/nsswitch.conf
ipnodes: files dns

MacOSX configuration/1

• Supported since MacOSX 10.2 (since

Darwin kernel version 6)
– autoconfiguration, IPv4 tunnel, 6to4, IPSec,
applications, Apple Filing Protocol (since AFP
version 3.1)
– Rendez-vous point supports IPv6
– Basically – what you can expect from *BSD.

19
 MacOSX configuration/2

• Enabled by ip6config command

ip6config command interface
– commands:
• start-v6 –enable IPv6 on given (all) interface
• stop-v6 –disable IPv6 on given (all) interface
• start-stf – enable IPv6 as defined in /etc/6to4.conf
• start-rtadvd – start router advertisement daemon and
enable IPv6 packet forwarding between interfaces
– ip6 – enable disable per interface
• Autoconfiguration
enabled by default

20