IPv6 Networking FAQ

This page is being developed, and we welcome any comments or suggestions.

Other links

IPv6 Networking FAQ

Getting Started

IPv6 code was merged into NetBSD in June 1999, and is part of NetBSD. IPv6 configuration is mostly the same as IPv4 configuration, so you may want to check the documentation for IPv4 networking.

The GENERIC kernel configuration enables IPv6 support by default for most of the architectures (ports). Userland code includes IPv6 support where possible, by default, so no rebuild of userland is necessary even if you switch between an IPv4-only kernel and an IPv4/v6 kernel.

A little history of IPv6, and key features

Around 1992, the IETF became aware of a global shortage of IPv4 addresses, and technical obstacles in deploying new protocols due to limitations imposed by IPv4. An IPng (IP next generation) effort was started to solve these issues. The discussion is outlined in a bunch of RFCs, starting from RFC1550. After a large amount of discussion, around 1995, IPv6 (IP version 6) was picked as the final IPng proposal. The IPv6 base specification is specified in RFC2460.

In a single sentence, IPv6 is a re-engineering effort against IP technology. Key features are listed below:

  • Larger IP address space. IPv4 uses only 32 bits for IP address space, which allows only 4 billion nodes to be identified on the Internet. 4 billion may look like a large number; however, it is less than the human population on the earth! IPv6 allows 128 bits for IP address space, allowing 340282366920938463463374607431768211456 (three hundred forty undecillion) nodes to be uniquely identified on the Internet. A larger address space allows true end to end communication, without NAT or other short term workarounds against the IPv4 address shortage. (These days NAT is a headache for new protocol deployment and has scalability issues; we really need to decommission NAT networks for the Internet to grow further).
  • Deploy more recent technologies. After IPv4 was specified 20 years ago, we saw many technical improvements in networking. IPv6 includes a number of those improvements in its base specification, allowing people to assume these features are available everywhere, anytime. "Recent technologies" include, but are not limited to, the following:
    • Autoconfiguration. With IPv4, DHCP exists but is optional. A novice user can get into trouble if they visit another site without a DHCP server. With IPv6, a "stateless host autoconfiguration" mechanism is mandatory. This is much simpler to use and manage than IPv4 DHCP. RFC2462 has the specification for it.
    • Security. With IPv4, IPsec is optional and you need to ask the peer if it supports IPsec. With IPv6, IPsec support is mandatory. By mandating IPsec, we can assume that you can secure your IP communication whenever you talk to IPv6 devices.
    • Friendly to traffic engineering technologies. IPv6 was designed to allow better support for traffic engineering like diffserv or intserv (RSVP). We do not have a single standard for traffic engineering yet, so the IPv6 base specification reserves a 24-bit space in the header field for those technologies and is able to adapt to coming standards better than IPv4.
    • Multicast. Multicast is mandatory in IPv6, which was optional in IPv4. The IPv6 base specifications themselves extensively use multicast.
    • Better support for ad-hoc networking. Scoped addresses allow better support for ad-hoc (or "zeroconf") networking. IPv6 supports anycast addresses, which can also contribute to service discoveries.
    • and more.
  • A cure to routing table growth. The IPv4 backbone routing table size has been a big headache to ISPs and backbone operators. The IPv6 addressing specification restricts the number of backbone routing entries by advocating route aggregation. With the current IPv6 addressing specification, we will see only 8192 routes on the default-free zone.
  • Simplified header structures. IPv6 has simpler packet header structures than IPv4. It will allow future vendors to implement hardware acceleration for IPv6 routers easier.
  • Allows flexible protocol extensions. IPv6 allows more flexible protocol extensions than IPv4 does, by introducing a protocol header chain. Even though IPv6 allows flexible protocol extensions, IPv6 does not impose overhead to intermediate routers. It is achieved by splitting headers into two flavors: the headers intermediate routers need to examine, and the headers the end nodes will examine. This also eases hardware acceleration for IPv6 routers.
  • Smooth transition from IPv4. There were number of transition considerations made during the IPv6 discussions. Also, there are large number of transition mechanisms available. You can pick the most suitable one for your site.
  • Follows the key design principles of IPv4. IPv4 was a very successful design, as proven by the ultra large-scale global deployment. IPv6 is "new version of IP", and it follows many of the design features that made IPv4 very successful. This will also allow smooth transition from IPv4 to IPv6.
  • and more.

There are number of good books available on IPv6. Be sure to check these if you are interested.

See also:

Network Configuration Files

The network configuration is defined in a set of text configuration files. Note that you do not need to edit some of those if you are configuring a host (not a router), by using autoconfiguration.

  • /etc/rc.conf - rc.conf(5) specifies system services, including the network services, to be automatically started at system initialization.
  • /etc/hosts - hosts(5) can include mappings between FQDN names and IPv6 numeric addresses.
  • /etc/ifconfig.{IF} or ifconfig_IF in /etc/rc.conf - you can include IPv6 network setup, using ifconfig(8), into here.

Is the machine a router or a host

In IPv6, routers and hosts are clearly separated. Nodes that forward packets for others are called routers. Nodes that do not are called hosts. Routers need to be configured manually. Routers will advertise information about subnet using rtadvd(8) daemon. Hosts usually have only one external network interface (some part of this document assumes this), and will be autoconfigured using the advertised subnet information.

Host autoconfiguration in IPv6

There are two separate mechanisms defined for IPv6 host autoconfiguration. One is called stateless address autoconfiguration, and is specified in RFC2462. The other is called DHCPv6, and is being discussed by the IETF dhc working group. NetBSD currently implements the former.

Stateless address configuration basically works as follows. We have two parties here: a host (which is to be autoconfigured) and a router (which emits necessary information to the host).

  • The host configures a link-local address to its network interface. A link-local IPv6 address starts with "fe80", and has a value in the lower-most 64 bits. The lower-most 64 bits are called the interface ID. For Ethernet and some other interfaces, the MAC address is used as the source for interface ID. 
        % ifconfig ne2
    ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet manual
        inet6 fe80::a00:5aff:fe38:6f86%ne2 prefixlen 64 scopeid 0x1
  • By running rtadvd(8) on the router, the router periodically advertises information about the link (like Ethernet segment) to all nodes on the link. The information is carried by ICMPv6 "router advertisement" packet. The attached example advertises the following information:
    • IPv6 subnet prefix is 2001:218:420::/64
    • Default router is on fe80::240:5ff:fea0:8e08
    • And couple of more parameters, like IPv6 link MTU, default hoplimit, and router lifetime.
    14:18:20.812850 fe80::240:5ff:fea0:8e08 > ff02::1: icmp6: router advertisement\
(chlim=64, router_ltime=1800, reachable_time=30000, retrans_time=1000)(src\
lladdr: 0:40:5:a0:8e:8)(mtu: mtu=1500)(prefix info: LA valid_ltime=2592000,\
preffered_ltime=604800, prefix=2001:218:420::/64)
                         6000 0000 00a0 3aff fe80 0000 0000 0000
                         0240 05ff fea0 8e08 ff02 0000 0000 0000
                         0000 0000 0000 0001 8600 d38d 4000 0708
                         0000 7530 0000 03e8 0101 0040 05a0 8e08
                         0501 0000 0000 05dc 0304 40c0 0027 8d00
                         0009 3a80 0000 0000 2001 0218 0420 0000
                         0000 0000 0000 0000
  • The host catches the advertisement, and configures the global IPv6 address and the default router. By running ndp(8) on the host, we can see more detail about the most recent router advertisement. 
    % ifconfig ne2
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet manual
        inet6 fe80::a00:5aff:fe38:6f86%ne2 prefixlen 64 scopeid 0x1
        inet6 2001:218:420:0:a00:5aff:fe38:6f86 prefixlen 64
  • Optionally, the host can ask for an advertisement from the router by sending an ICMPv6 "router solicitation" packet. rtsol(8) transmits the router solicitation packet. If you are running a mobile node, you may want to run rtsold(8) and transmit router solicitations periodically. The packet will be like this: 
    14:18:20.300501 fe80::a00:5aff:fe38:6f86 > ff02::2: icmp6: router solicitation\
(src lladdr: 8:0:5a:38:6f:86) (len 16, hlim 255)
			 6000 0000 0010 3aff fe80 0000 0000 0000
			 0a00 5aff fe38 6f86 ff02 0000 0000 0000
			 0000 0000 0000 0002 8500 d7b0 0000 0000
			 0101 0800 5a38 6f86

We call it stateless address autoconfiguration, since we do not need to manage state in the router side. It is a very simple, robust and effective autoconfiguration mechanism.

Note that we cannot autoconfigure routers. Routers really need to be configured manually.

Setting up an IPv6 router

First, you may want to get an IPv6 global address from upstream provider. If you have one, you'll need to perform the following steps.

  • Add manual configuration for network interfaces, into /etc/ifconfig.{IF} (rc.conf(5)) or /etc/netstart.local. See the following section for details.
  • Configure the following lines in rc.conf(5). 
        ip6mode="router"
    rtsol="NO"
    rtadvd="YES"                rtadvd_flags="sm1 ne2"  # set interfaces to advertise
  • You may want to edit /etc/rtadvd.conf (rtadvd.conf(5)) for fine-tuning the router advertisement timers.
  • If you would like to announce routes by using RIPng, configure rc.conf(5) to run route6d(8).
  • Perform a reboot.

Due to restrictions in the IPv6 specification, it is not possible to autoconfigure routers. Do not attempt to tweak the configuration. You will end up having unexpected behavior as a result.

Setting up an IPv6 host

If you have an IPv6 router on the network, all you have to do is as follows. After the reboot, the host will be autoconfigured by using Router Advertisements from the rtadvd(8) on the adjacent router.

  1. Configure the following lines in rc.conf(5). 
        ip6mode="autohost"
    rtsol="YES"  rtsol_flags="sm1"      # set your interface here
    For the 2nd line, alternatively, you can use /etc/ifconfig.{IF}, like below: 
        up
    !rtsol $int
  2. Perform a reboot.

If you do not have an IPv6 router on the network, you'll need to manually configure your system. See the following section for details.

Also, due to restrictions in the IPv6 specification, it is not recommended to autoconfigure a host with multiple external interfaces (like 2 ethernet interfaces). Please perform manual configuration in this case. See the following section for details.

Manual Configuration

One of the key value-adds of IPv6 is the ubiquitous availability of autoconfiguration. Since IPv6 addresses are 128 bits, there's a higher chance for mistakes in manual configuration. We strongly recommend that you avoid manual configuration whenever possible. For example:

  • If you configure routes to routers, run a routing daemon like route6d(8).
  • If you configure interface addresses on hosts, get the information from an adjacent router by configuring ip6mode=autohost and rtsol=YES (see rc.conf(5)).

If you think it is easier to do manual configuration, it's not. Manual configuration will impose future maintenance labor upon you.

If you really need a manual configuration, read on.

If you need to configure a node manually, add manual configuration for network interfaces into rc.conf(5).

You will first need to declare the type of the node (host or router) by setting ip6mode as per below.

    ip6mode="router"        # forward packets for others
    ip6mode="host"          # do not forward packets for others

Then, add interface configuration into rc.conf(5), or other files sourced by /etc/rc.d/network such as /etc/ifconfig.xxN. You can have multiple lines in /etc/ifconfig.xxN, like:

    inet 10.1.1.1 netmask 0xffffff00
    inet6 3ffe:501:ffff::1 prefixlen 64 alias

Note "alias" at the end of the line. As there are multiple interface addresses with IPv6, the keyword is mandatory.

If your configuration is not covered by rc.conf(5), configuration can be added into /etc/netstart.local or /etc/rc.local. You will need to use the following programs:

  • ifconfig(8) - change or view the characteristics of a network interface.
  • route(8) - manipulate the network routing tables.

Naming a New Node on the Network

A string hostname will be resolved to IPv6 numeric addresses by using /etc/hosts (hosts(5)), and/or DNS. This is much like the same as IPv4 case. yp(8) may be used, however, the author has no experience using yp(8) with IPv6 addresses.

  1. /etc/hosts (hosts(5)): For small networks of a few nodes, the hostname/IP maps can be manually duplicated in the /etc/hosts files of each node.

    /etc/hosts:

    3ffe:501:ffff::a:b:c:d  host2.mydomain.org.au host2

  2. DNS: The hostname maps can be centralized into zone-files which are accessed by the name-server, named(8). (there are many documents at www.dns.net which deal with setting up and maintaining DNS files).

    Forward zone file entry

    host2  IN AAAA     3ffe:501:ffff::a:b:c:d

    Reverse zone file entry

    d.0.0.0.c.0.0.0.b.0.0.0.a.0.0.0.0.0.0.0.f.f.f.f.1.0.5.0.e.f.f.3.ip6.arpa.
	IN PTR   host2.mydomain.org.au.

    Note: If you have heard about A6 records and bitstring labels for DNS – A6 and bitstrings are now in experimental status, so you don't need to worry about them. AAAA is to be used for production service and works fine.

    Also note that the reverse DNS table is moving from ip6.int to ip6.arpa; 6Bone (3ffe) addresses are at the time of this writing only known in ip6.int, production addresses should be announced under ip6.arpa, as ip6.int will go away.

Please note that the following addresses MUST NOT appear on global DNS cloud:

link-local addresses (matches fe80::/10, like fe80::1)

This one is not globally reachable.

site-local addresses (matches fec0::/10, like fec0::1)

This one is not globally reachable either. This one somewhat like a private address, so you can put it into your intranet DNS cloud.

v4 mapped addresses (matches ::ffff:0.0.0.0/96, like ::ffff:10.1.1.1)

This address is only for internal use in a node. Do not put this into DNS database directly.

It is not recommended to put these addresses onto DNS cloud:

  1. multicast addresses (matches ff00::/8, like ff05::1)

For the NetBSD/KAME IPv6 code, putting the following address does not make sense due to lack of support:

v4 compatible address (matches ::0.0.0.0/96, like ::10.1.1.1)

NetBSD/KAME does not support RFC2893 auto tunnel.

IPv6 unicast address allocation

There are couple of differences between IPv6 and IPv4 address allocation.

  • The prefix length for an IPv6 subnet will always be /64; no more, no less. It allows you to place as many IPv6 devices as the underlying network medium allows.

    With IPv4, prefix length varies between subnets to subnets, and it caused painful costs when renumbering subnets (for example, imagine when you renumber an IPv4 subnet from /28 to /29 or vice versa).

  • An ordinary leaf site will always get /48 of address space. It will make site renumbering easier, and allows you to switch ISP more easily.

    With IPv4, the allocation varies by the size of the site, and made it very painful when you migrated from one ISP to another, for example.

Connecting to IPv6 upstream

Depending on the ISP situation around you, you may be able to get native IPv6 connectivity (just like you do for IPv4), or you may be able to get tunnelled connectivity (IPv6 packets encapsulated into IPv4 packets). The section talks about the latter case.

You can hook your machine up to experimental IPv6 network, called "6bone". You will need to talk with nearest 6bone site, to get your IPv6 address prefix. Note that you'll need to have a fixed IPv4 global address for this.

If you do not have a fixed IPv4 global address (if you are using dialup ISP connection), don't panic. You can hook yourself up to Freenet6. They provide a web interface to hook up your home network whenever you reconnect to the Internet.

In both cases, you will need to set up an IPv6-over-IPv4 tunneling interface onto your router. Consult gif(4) for details.

  • Setting up gif tunnel: create /etc/ifconfig.gif0 with the following content. The first argument (x.x.x.x) is your IPv4 address, and the second one (y.y.y.y) is the IPv4 address of the other endpoint.

    create		(only needed on post-1.5)
tunnel x.x.x.x y.y.y.y

    Or, add the following lines into /etc/netstart.local or /etc/rc.local.

    # ifconfig gif0 create		(only needed on post-1.5)
# ifconfig gif0 tunnel x.x.x.x y.y.y.y

  • See if the tunnel is working correctly: First try invoking the following command:

    # ping6 -n ff02::1%gif0

    If you see two packets, one from your local node and another from the remote node, the tunnel is working fine. If you have an IPv4 reachability problem between x.x.x.x and y.y.y.y, you will see only one reply or no reply. Here are items to look at if you are having trouble:

    • Make sure you do not have a NAT box between you and the peer. Tunnelled IPv6 packets cannot go through a NAT box.
    • Make sure you do not have any IPv4 packet filters between you and the peer.

  • Exchange routes: Depending on your upstream configuration, you may need to set up default route to the upstream, or you may need to run a routing daemon.

The above configuration uses an RFC2893 IPv6-over-IPv4 configured tunnel. Note that RFC2893 packets will not be able to go through a NAT router (if your tunnel endpoint itself - a NetBSD box - is a NAT router, it should not be a problem).

See also:

Typical IPv6 network setup - with /48 prefix from upstream

Suppose you have obtained your address prefix, 3ffe:0501:ffff::/48 from your upstream for your home network. You have two ethernet segments in your home, like below. Both myrouter A and myrouter B run IPv6-capable NetBSD. IPv4 addresses are assigned like below. You wish to connect to the upstream via IPv6-over-IPv4 tunnel, from myrouter A at x.x.0.1/24 to upstream router at y.y.y.10.

myrouter A
  | IPv4 x.x.0.1/24
  |
==+=== ethernet 0
  |
  | IPv4 x.x.0.2/24
myrouter B
  | IPv4 x.x.1.2/24
  |
==+=== ethernet 1

  1. First, you need to configure your tunnel to the upstream from myrouter A. On myrouter A, configure the tunnel by using ifconfig(8), and then confirm the reachability by using ping6(8). "ff02::1" is referred to as an all-node multicast address, which should reach all nodes on the tunnel - in this case, myrouter A and upstream router. If you get answers from two nodes, the tunnel is working fine. If you get answer from only one node (myrouter A itself), something is bad between you and the upstream. It could be IPv4 filtering, it could be misconfiguration on either side, or something else. Track the problem down before proceeding.

    # ifconfig gif0 create		(only needed on post-1.5)
# ifconfig gif0 tunnel x.x.0.1 y.y.y.10
# ping6 -I gif0 -n ff02::1
PING6(56=40+8+8 bytes) fe80::a00:5aff:fe38:6f86 --> ff02::1
16 bytes from fe80::a00:5aff:fe38:6f86%lo0, icmp_seq=0 hlim=64 time=0.334 ms
16 bytes from fe80::240:5ff:fea7:f092%gif0, icmp_seq=0 hlim=64 time=3.416 ms(DUP!)

  2. Next, you need to assign a subnet address from your address block, 3ffe:0501:ffff::/48, to two of your ethernet segments. Since the prefix length for IPv6 subnet is always /64, you have 65536 subnets available for you! Let's just assign 3ffe:0501:ffff:0000::/64 to ethernet 0, and 3ffe:0501:ffff:0001::/64 to ethernet 1.

    myrouter A ---- tunnel ------->	upstream
  | IPv4 x.x.0.1/24		IPv4 y.y.y.10
  |
==+=== ethernet 0: x.x.0.0/24, 3ffe:501:ffff:0::/64
  |
  | IPv4 x.x.0.2/24
myrouter B
  | IPv4 x.x.1.2/24
  |
==+=== ethernet 1: x.x.1.0/24, 3ffe:501:ffff:1::/64

  3. Let us assign IPv6 global address to your routers. Since routers MUST be manually configured, you need to perform the "ifconfig" as described in manual configuration section. For myrouter A, lookup link-local IPv6 address (it starts with "fe80"), take the lower 64 bits, attach upper 64 bits from the subnet address, and configure it. To preserve configuration across reboot, you may wish to append the setting to /etc/ifconfig.ne2.

    # ifconfig ne2
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	address: 08:00:5a:38:6f:86
	media: Ethernet manual
	inet x.x.0.1 netmask 0xffffff00 broadcast x.x.0.255
	inet6 fe80::a00:5aff:fe38:6f86%ne2 prefixlen 64 scopeid 0x1
# ifconfig ne2 inet6 3ffe:501:ffff:0:a00:5aff:fe38:6f86 prefixlen 64 alias
# echo 'inet6 3ffe:501:ffff:0:a00:5aff:fe38:6f86 prefixlen 64 alias' >> /etc/ifconfig.ne2

    For myrouter B, do the similar thing.

    # ifconfig tlp0 inet6 3ffe:501:ffff:0:a00:5aff:fe38:8765 prefixlen 64 alias
	(ethernet 0 side)
# ifconfig tlp1 inet6 3ffe:501:ffff:1:a00:5aff:fe38:9710 prefixlen 64 alias
	(ethernet 1 side)

  4. To exchange routing information, run route6d(8) on both routers. If the upstream asks you to aggregate route announcements, please consult the manual page for command line options. Now that connectivity to yourupstream should be okay, try to ping external IPv6 nodes. Do not forget to specify "-n" to ping6(8); IPv6 reverse address lookup can take a very long time and should be avoided when you do tests.

    # route6d	(on both routers)
# ping6 -n www.6bone.net

  5. If you have end hosts (non-router nodes) on your network, you may want your router to advertise subnet information to end hosts. By doing this, your end hosts will be able to autoconfigure themselves. You will need to prepare /etc/rtadvd.conf, and run rtadvd(8). Note that you should advertise subnet information from the upstream router. In the picture, myrouter A should advertise to ethernet 0, and myrouter B should advertise to ethernet 0 and 1. You may want to disable advertisement from myrouter B to ethernet 0, because B is on the downstream and is not optimal as the default router (but if you disable it, machines on ethernet 0 will not be able to talk with machines on ethernet 1 when myrouter A is dead).

    # rtadvd ne2	(from myrouter A to ethernet 0)
# rtadvd tlp0 tlp1	(from myrouter B to ethernet 0 and 1)

    Then, you need to run rtsol(8) or rtsold(8) on your end nodes so that they can be autoconfigured.

In some cases, your upstream may ask you to configure differently from the above scenario.

Typical IPv6 network setup - with 6to4 /48 prefix

If you have more than one static global IPv4 address, you can use 6to4 mechanism (RFC3056) for your own /48 IPv6 prefix.

There are routers called "public 6to4 relay router" out there, which will behave as the other side of tunnel for you. You will need to configure one of your machines to behave as 6to4 gateway, which will encapsulate IPv6 packets into IPv4 and throw them to public 6to4 relay router (and vice versa). If your IPv4 address is x.y.z.u, your IPv6 prefix will be 2002:xxyy:zzuu::/48 (xx, yy, zz and uu is hexadecimal notation for x, y, z and u, respectively).

If your ISP gave you a private IPv4 address (like 10.x.x.x), unfortunately you cannot use this mechanism. The mechanism does not work across NAT devices.

Let us assume the following topology, and machine myrouter A has an IPv4 address x.y.z.u. IPv4 address for myrouter B does not matter.

myrouter A
  | IPv4 x.y.z.u
  |
==+=== ethernet 0
  |
myrouter B
  |
==+=== ethernet 1

  1. First, you need to configure 6to4 tunnel interface on myrouter A. We have picked an IPv6 subnet prefix, 2002:xxyy:zzuu:0000::/64, for use in the tunnel. With the promulgation of RFC 3068, everyone using 6to4 should now set their default router to 2002:c058:6301:: which is a special magic anycast address for the nearest (in BGP terms, anyhow) Relay Router. There's also a list of public 6to4 relay routers you can choose from. Note that we cannot use ff02::1 test on stf0 interface, as the interface is not capable of IPv6 multicasting. Since stf0 interface is not enabled by default GENERIC kernel, you may need to recompile your kernel (this is due to security reasons - see the stf(4) man page).

    # ifconfig stf0 create		(only needed on post-1.5)
# ifconfig stf0 inet6 2002:xxyy:zzuu:0000::1 prefixlen 16 alias
# route add -inet6 default 2002:c058:6301::	  (or another one from the list)

  2. Next, you need to assign a subnet address from your address block, 2002:xxyy:zzuu::/48, to two of your ethernet segments. Since we have already used 2002:xxyy:zzuu:0000::/64 for the tunnel, we cannot use it for our ethernet interfaces. Let us use 2002:xxyy:zzuu:0001::/64 and 2002:xxyy:zzuu:0002::/64 here.

      : 6to4 tunnel, 2002:xxyy:zzuu:0000::/64
  :
myrouter A
  | IPv4 x.y.z.u
  |
==+=== ethernet 0: 2002:xxyy:zzuu:0001::/64
  |
myrouter B
  |
==+=== ethernet 1: 2002:xxyy:zzuu:0002::/64

  3. You can now go back to the previous section and setup myrouter B, RIPng routing, as well as router advertisement.

See also:

Resolve DNS names over IPv6 cloud

To go to a totally IPv6 environment (without IPv4), you'd need to contact name servers using IPv6 cloud. It's easy: you just need to put IPv6 addresses into resolv.conf(5). If you would like to run an IPv6 transport ready DNS server, try running net/bind9. Example configuration would be like this:

    nameserver 3ffe:501:4819::42

There's a working IPv6-ready DNS server running on the above address, so feel free to try it out.

Using FAITH TCP relay translator

We cannot connect directly from an IPv6-only client to an IPv4-only server, or vice versa. We need a device called a "translator" to do this.

NetBSD is shipped with the faithd(8) TCP relay translator, which can be used to enable an IPv6-only (or IPv4/v6) client to contact IPv4-only servers by using IPv6 TCP. By using it with net/totd DNS proxy server, you can install an IPv6-to-IPv4 translator environment, like this:

+--IPv6 only cloud------+
|			|
|IPv6 only		|			IPv4 only
|client	 == IPv6 ===> translator ----- IPv4 -->	servers
|	    tcp	      runs faithd(8)   tcp
|			|
+-----------------------+

For actual setup, please refer to the following documents.

See also:

IPv6 across IPv4-only routers, or NAT routers

If your organization has IPv4-only routers, IPv4 NAT routers, or other things that may become obstacles to direct IPv6 networking, you can overcome these hurdles by following ways. Pick the most suitable one for your network configuration:

  • It is possible to place two routers, one for IPv4, and one for IPv6, between two ethernet segments. You can place IPv6-only routers between two segments, enabling IPv6 routing only. This way, you can keep IPv4 network untouched. 
    outgoing router
  |
==+=======================+=== IPv4/v6 subnet A
  |			  |
IPv4-only router	IPv6-only router
  | forward		  | forward
  | IPv4 only		  | IPv6 only
==+=======================+=== IPv4/v6 subnet B
  • Usage of private/global address in IPv4 has nothing to do with IPv6 network. If it is allowed under your network management policy, you can configure global IPv6 reachability, while splitting IPv4 network into private address segment and global address segment by NAT box/ firewalls. 
    outgoing router
  |
==+=======================+=== subnet A: IPv4 global, IPv6 global
  |			  |
IPv4-only NAT router	IPv6-only router
  |			  |
==+=======================+=== subnet B: IPv4 private, IPv6 global
  • In some cases, you can bridge IPv6 traffic across segments by using normal IPv4 router. If you can configure your IPv4 router to bridge ethernet protocol type 0x86dd, you can bridge IPv6 traffic only. In this case, subnet allocation will become different between IPv4 and IPv6 - this may become headache if you do this too much... 
    outgoing router
  |
==+======== ether segment 1: IPv4 subnet A, IPv6 subnet X
  |
IPv4-only router (bridge ether type 0x86dd)
  |
==+======== ether segment 2: IPv4 subnet B, IPv6 subnet X (same as above)
  • If you have IPv4 reachability between two distant location in your organization, you can use IPv6-over-IPv4 tunnel to go across IPv4-only network in between. 
    	+--- IPv4-only cloud -------------------+
	|					|
  +<================= IPv6-over-IPv4 tunnel =============>+
  |	|					|	  |
  |	+---------------------------------------+	  |
  |							  |
IPv4/v6 router						IPv4/v6 router
  |							  |
==+======= IPv4/v6 segment 1				==+======= IPv4/v6 segment 2

Twists

Because IPv6 is still in its infancy, there are several non-standard items or specification holes. The KAME IPv6 implementation tries to address those.

  • IPv6 specifies "scoped", or not-worldwide-unique, addresses in the specification. To disambiguate a scoped address, we need to explicitly specify the scope of the address. For example, the specification specifies a "link-local address" which is unique on a single link only. You need to specify the outgoing "link" with the address to disambiguate the address.

    KAME IPv6 code embeds a scope identifier into the 3rd and 4th byte of a scoped address in the in-kernel structures. Because of this, you sometimes see embedded form, like "fe80:1::abcd:1234:abcd:1234" to mean "fe80:0000:0000:0000:abcd:1234:abcd:1234 on scope 1". You should not specify the embedded form whenever possible.

    To disambiguate a scoped address, you have two options:

    • Use a special command line option, like -I option for ping6(8).
    • Use the extended scoped address syntax, like fe80::1%de0 for specifying the address. Note that the syntax is available only for certain set of applications (applications that use getaddrinfo(3) can handle this).
  • When you perform some experiments in your local network, do not try to use site-local unicast addresses. The way the specification is written is too vague. Both the specification and implementations should be improved before putting site-local addresses into real use. Even if you wish to run partitioned networks (which does not connect to the outside), always use IPv6 aggregable global unicast addresses.
  • Other implementation details can be found in KAME implementation document.

Not about the specification, but there are some things worth mentioning:

  • Not all the tools are IPv6 transport ready. X(7), and some other tools support IPv4 transport only. Though named(8) and yp(8) can contain IPv6 address in their database, they do not support IPv6 transport (they cannot resolve names over the IPv6 cloud).
  • Some of pkgsrc directories have been changed to use USE_INET6 to switch between IPv4/v6 builds and IPv4-only builds. USE_INET6 will automatically be turned on for IPv6-ready NetBSD systems.
  • The implementation does not support automatic tunnels (RFC2893) nor 6over4 (RFC2529), as these standards are not widely in use and considered obsolete in IPv6 community.
  • AF_INET6 wildcard listening sockets will grab IPv4 connection only with certain configurations (RFC2553 documents this behavior). This is for plugging security hole in specification. Consult inet6(4) and ip6(4) for more details.
  • IPv6 requires network interfaces to have multicast support. If your driver has any problem in multicast support (like lack of support, bug in multicast filter configuration, etc), then IPv6 does not work at all. If you see this kind of problem, please do send a bug report.
  • NetBSD does not ship with getipnodebyname(3); nor getipnodebyaddr(3), as they are practically deprecated in the IPv6 basic API specification. They also lack support for the scoped nature of IPv6 address. Use getaddrinfo(3) and getnameinfo(3) instead.

Where to ask questions

If you have any questions, do not hesitate to ask on the tech-net mailing list, or users@ipv6.org. When you ask about your configuration, be VERY sure to attach a network diagram for your site. Without a network diagram, nobody can guess your network configuration.

Maintenance

  • Monitoring activity - useful tools
    • ifconfig(8) - configure and display network interface parameters
    • route(8) - manipulate the routing tables
    • ping6(8) - send ICMPv6 ECHO_REQUEST packets to network nodes
    • traceroute6(8) - print the route that packets take to reach a network node
    • net/tcpdump - selectively view traffic on a network interface
    • netstat(1) - show network status
    • ndp(8) - arp(8) lookalike for IPv6
    • ifmcstat(8) - check kernel multicast group configuration
    • systat(1) 'systat netstat' - dynamically display network connections
  • IPv6 autoconfiguration
    • rtadvd(8) - transmit router advertisements from router
    • rtsold(8) - periodically send router solicitation, for use on hosts(5)
    • rtsol(8) - send single router solicitation; for use on hosts
  • Routing daemons
  • IPv6-related pseudo interfaces
    • faith(4) - IPv6-to-IPv4 TCP relay capturing interface, helps faithd(8)
    • gif(4) - generic tunnel interface, which does IPv[46] over IPv[46]
    • ifconfig(8) - configures gif(4) with "tunnel" subcommand
    • stf(4) - 6to4 tunnel interface (RFC3056)

See also:

Userland applications

The following programs in the base system are known to be IPv6-enabled: finger(1), fstat(1), ftp(1), netstat(1), rlogin(1), rsh(1), systat(1), telnet(1), tftp(1), whois(1), faithd(8), fingerd(8), ftpd(8), ifconfig(8), inetd(8), lpd(8) (and friends), mld6query(8), ndp(8), ping6(8), pppd(8), rdate(8), rip6query(8), rlogind(8), route6d(8), rshd(8), sendmail(8), syslogd(8), tcpdchk(8) (and friends), telnetd(8), tftpd(8), traceroute6(8), trpt(8) .

RPC and NFS now support IPv6.

An increasing number of packages are also ready for IPv6.

If you want IPv6-ready third-party software, you may need to get an IPv6 patch for the software. There are collections of IPv6 patches on the net.

See also:

<center>

This IPv6 Configuration Help site is owned by The NetBSD Project.

[ Previous | Next | Random Site | List Sites ]

</center>
[NetBSD flag] Home page

(contact us)   Generated from %NetBSD: index.xml,v 1.7 2006/03/11 13:53:06 kano Exp %
Copyright © 1994-2006 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
NetBSD® is a registered trademark of The NetBSD Foundation, Inc.