Nov 182011

IP tunnels are solutions for sending IP packets over IP packets. This can be done within the same protocol family, which is often called VPNs. We use the same solution to tunnel IPv6 packets over IPv4 networks.  There are free services that provide access to the IPv6 internet over tunnels, called tunnel brokers.

When learning IPv6, it’s unfortunately quite often not possible to get IPv6 from your service provider. This doesn’t mean you should not ask. The common response now is “well, that thing. No one asks for it.”. So start asking them now. Keep returning to them with the question! Please do not give up.

Overview of IPv6 tunnel technologyIn order to get an IPv6 network to lab with while waiting, to make sure you can configure your services like web, e-mail, firewall and network gateways correctly, you can get an IPv6 tunnel that will provide IPv6 networking on top of an IPv4 connection. And yes, you can get an IPv6 tunnel across a NAT. There are many services out there. Easiest is if you set up a small Linux or FreeBSD system as a gateway. You don’t need a large box. A small network device running OpenWRT or DD-wrt will work.  I won’t get into the details here, but will give you pointers on where to find them.

Start with setting up a lab network for your IPv6 tunnel. Make sure you have both IPv4 and IPv6 on the network. Remember that when you open the tunnel, you open up for access from every computer on the IPv6 Internet. Use a separate network and learn more about setting up a simple IPv6 firewall on this network after you have the first connections running.

Get a network into your network

IPv6 Deployment & Tunnel Broker is a tunnelbroker for many platforms.

The tunnel provider will allocate a network of addresses to your account. This means that they will route all traffic to these addresses to the tunnel to your routing point, i.e. your gateway box. This might sound complicated if you haven’t done anything like it before, but please follow me.

  • First you need to register for a tunnel account. We have tested two major services, and (Hurricane electric).
  • Secondly you need to set up a tunnel between two IPv4 endpoints. With SIXXS, this is done automatically with the “aiccu” tunnel software that can be used inside of a NATed network. For other services you will have to setup a tunnel between a public IP on your side and the tunnel broker. There are detailed descriptions of this on their site.
  • The provider assigns an IPv6 address (or a few) that they send over this tunnel to your end.
  • The provider then assigns an IPv6 network that they will route to one of your IPv6 addresses. This is the network that you use for servers. They will also assign reverse DNS for this network to your name server.
  • At this point, you have to start figuring out how to distribute IPv6 addresses to clients and servers in your new IPv6 lab. As mentioned in an earlier article, there are many ways and you can test them all.

Spend 30 minutes with IPv6 every Friday!The SIXXS network is “mobile”, i.e. you can use it on a laptop and open up the network wherever you are. Both and SIXXS have extensive documentation, so log in to both and continue reading.
Spend 30 minutes and get an overview (or see this video) and then plan your lab. Allocate resources and have fun with IPv6!