Jun 152012
 
Spend 30 minutes with IPv6 every Friday!

This week I’ve been teaching a group of students how to build a large-scale SIP network with an Open Source SIP server called Kamailio. The class is in Barcelona, Spain where the rest of the population enjoy beautiful weather and I’m locked in with a group of engineers in a room filled with IP phones, laptops, cell phones and discussions about networking and telephony. Of course, I keep bringing up IPv6. In order to prove that it exists and works, I asked SIXXS for a new tunnel and got approval quickly. Let me describe what I did to IPv6-enable the class network so you can repeat it in your office, your home or your own training class. Spend 30 minutes with IPv6 every Friday!

Applying for a tunnel with SIXXS.net

There are many IPv6 tunnel providers around, so you really have no excuse for not using IPv6 even if your service provider can’t provide you with native access. It is important for you and your career that you upgrade yourself to IPv6, so get a tunnel working.

In the example of SIXXs.net, you create a free account and then apply for a tunnel. Your first tunnel will give you a /64 network, which works for one local LAN. After you have the first tunnel up and running you can apply for a larger network that will get routed over the same tunnel to your node. The networks are all real networks that they will assign to you for free. The IPv6 address space is so huge that they can afford assigning REAL IPv6 addresses for your network. After SIXXs approves your tunnel request, you will get a mail. They’re fast, it normally just takes a few hours. Login again and you will find your new tunnel:

The new IPv6 tunnel from SIXXs for my training class. This tunnel was provided from NFSi Telecom in Portugal. Thanks!

 

Setting up the tunnel

One of the reasons that I picked SIXXs is their tunnel client AICCU. It will handle a NATted connection. In the class I got one IPv4 address that is connected to my router, like a home network. The router operates NAT and handles out private IP addresses to everyone.  I had no control of this network, so AICCU fits in very well.

Installing AICCU on Ubuntu, which we use on our “server” laptop, was easy.

apt-get install aiccu

This is the details of the new IPv6 tunnel assigned to me by SIXXS

AICCU will install and ask for your tunnel username and password. This is NOT your SIXXs username and password. Each tunnel is assigned a specific set of credentials. Just click on the tunnel identifier with the blue icon in your SIXXs page (as pictured above) and you will get tunnel details. Start with making sure that the “tunnel type” is AYIYA. This is the name of the tunnel setup protocol that the AICCU application use. Scroll down a bit and find the “TIC Password” setting. Add a strong password and save it.

Now add your tunnel login (found over the password input box) and the password to the Aiccu configuration on your system. The installation in UBUNTU will complete after you answer the question about username and login. You’re now ready to  connect to the IPv6 world. If you run another operating system, you can install AICCU in most systems the same way using yum, ports or another package manager. Some of them will help you with the configuration, some not. Here’s my /etc/aiccu.conf file:


# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
# AICCU Configuration

# Login information (defaults: none) - to be found on your Tunnel Information page
username EDV-SIXXS/T1234
password MyVerySecretPassword

# Protocol and server to use for setting up the tunnel (defaults: none)
protocol tic
server tic.sixxs.net

# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface sixxs

# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
tunnel_id T12345

# Be verbose? (default: false)
verbose false

# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
daemonize true

# Automatic Login and Tunnel activation?
automatic true

Starting AICCU

With everything configured – I just used the default configuration in Ubuntu and provided my tunnel credentials – I want to start my tunnel. It’s easy.

service aiccu start

The AICCU server starts like any other daemon in your LInux system. Did it work? Well, run “ip address” or “ifconfig” to find out.


sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::818:2000:1cd:2/64 Scope:Link
inet6 addr: 2001:b18:2000:1cd::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1

 

Apart from the standard interface (eth0) we now have an interface called “SIXXS” that has a REAL ipv6 address (starting with 2001:). What a feeling!

After connecting, I quickly tested connectivity by pinging Facebook. Now after the World IPv6 Launch we have IPv6 on many public services.


# ping6 www.facebook.com
PING www.facebook.com(www6-10-01-prn1.facebook.com) 56 data bytes
64 bytes from www6-11-01-prn1.facebook.com: icmp_seq=1 ttl=55 time=225 ms
64 bytes from www6-10-01-prn1.facebook.com: icmp_seq=2 ttl=55 time=224 ms
64 bytes from www6-11-01-prn1.facebook.com: icmp_seq=3 ttl=55 time=225 ms
64 bytes from www6-10-01-prn1.facebook.com: icmp_seq=4 ttl=55 time=225 ms
64 bytes from www6-11-01-prn1.facebook.com: icmp_seq=5 ttl=55 time=224 ms
^C
--- www.facebook.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 224.100/225.100/225.921/0.865 ms

We are connected! Observe that I used the Linux “ping6″ command and not the “ping” command. Let’s find out which IPv6 address they have.


# dig -t AAAA www.facebook.com

; <<>> DiG 9.8.1-P1 <<>> -t AAAA www.facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34368
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.facebook.com. IN AAAA

;; ANSWER SECTION:
www.facebook.com. 11 IN AAAA 2a03:2880:10:1f02:face:b00c:0:25

Here I query DNS for an AAAA record and find the Facebook IPv6 address. Seems like DNS is working too.

Distributing IPv6 to the network

Having IPv6 on one computer is a good start, but you might want to distribute to your network so you can test DHCPv6 and other options for distributing IPv6 network configurations to hosts. I’ll start with using router advertisements. In this mode, my IPv6 router (the SIXXs tunnel endpoint) will advertise a network prefix. The other hosts will use this prefix to automatically create an IPv6 address based on their Ethernet MAC address.

In Ubuntu, I’ll use the “radvd” daemon for this. Install with “apt-get install radvd” and you will get a new configuration file – /etc/radvd.conf.

Now is a good time to find your tunnel subnets. This is the network that SIXXs net distributes to you via the local partner. On your tunnel details page, you have the subnet information in the bottom of the page, above the statistics. Copy the subnet prefix. It will look like “2001:b18:2000:81cd::/64″ – a /64 network routed to you over your new tunnel.  In this file, you will specify the local (internal) interface you will use to announce the prefix. In my case it’s eth0. Apart from the subnet details, you can add DNS servers. A few systems support getting DNS server addresses via router advertisements, but far from all. Here’s my configuration, based on the default configuration:


interface eth0
{
AdvSendAdvert on;

# This may be needed on some interfaces which are not active when
# radvd starts, but become available later on; see man page for details.

# IgnoreIfMissing on;

#
# These settings cause advertisements to be sent every 3-10 seconds. This
# range is good for 6to4 with a dynamic IPv4 address, but can be greatly
# increased when not using 6to4 prefixes.
#

MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;

#
# You can use AdvDefaultPreference setting to advertise the preference of
# the router for the purposes of default router determination.
# NOTE: This feature is still being specified and is not widely supported!
#
AdvDefaultPreference low;

#
# Disable Mobile IPv6 support
#
AdvHomeAgentFlag off;

#
# The network prefix I got from SIXXs on the tunnel details page
#
prefix 2001:b18:2000:81cd::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};

#
# RDNSS
# NOTE: This feature is not very widely implemented.
#
RDNSS 2001:b18:2000:1cd::2
{
AdvRDNSSLifetime 30;
};

};

After completing the configuration (basically you just need to add your network prefix) you can start radvd with “service radvd start”. Give it a few seconds, then check on another computer. On my OS/X system, I quickly got the IPv6 address and was up and running.

Issues found -none!

I enabled IPv6 in the classroom and made sure that it worked on my systems. SIXXs net not only give you access to the tunnel, but also lets you add reverse DNS zones and DNSsec keys. In addition, you have traffic statistics on the tunnel information page where you can see the amount of data used. You will be surprised. I see that a lot of traffic from my students Google, Facebook and other traffic now goes over IPv6. No one has complained over the Internet connection. It’s like the World IPv6 Launch – the net just works as expected, but now with a connection to 100% of the Internet.

Adding IPv6 gave us a good training network to experiment with dual stack solutions, test devices IPv6 support and much more. If you run training classes, make sure that you set up an IPv6 tunnel in the training network if the training center does not provide IPv6 access. Having IPv6 should be the default for all trainings, as it is the default for all things IP now.

Now I let you set up your own tunnel. Have fun and enjoy learning IPv6!

/Olle