January 20, 2009 – 1:16 am
As part of the prep for LCA09 in Hobart, the network team have got to do something we’ve never had the chance to before; Deploy ipv6 natively. The configuration was pretty simple; We’re running stock out of the box Centos, which supports v6. Mike Groeneweg from aarnet, the conference bandwidth sponsor, provided us with a /48 allocation - 2001:388:A001::, and configured their router port with 2001:388:A001::FE/64 (or the equivalent of .254 on the conference management VLAN).
He then routed 2001:388:A001::/48 to 2001:388:A001::1/64 and I configured our gateway by adding
NETWORKING_IPV6=yes
IPV6_DEFAULTGW=2001:388:A001::FE
to /etc/sysconfig/network
and
IPV6INIT=yes
IPV6ADDR="2001:388:A001::1/64"
to /etc/sysconfig/network-scripts/ifcfg-eth0. A ’service network restart’ later, and I could ping the new ipv6 address. Next up, I moved onto the internal interface, which was simply a matter of adding the range to the interface file and enabling ipv6 on that interface too;
IPV6INIT=yes
IPV6ADDR="2001:388:A001:1::/64"
Another ’service network restart’, and hey presto! I couldn’t ping the address. It took a minute or two before I realised I hadn’t enabled ipv6 forwarding. I poked 1 into all sorts of places in /proc/sys/net/ipv6/conf/ without luck, then I came across the shotgun approach; edit /etc/sysconfig/network and add
IPV6FORWARDING=yes
then restart the network again. Hey presto, I could ping the internal interface with ping6.
At this point, I had the choice of either Stateless or Stateful networking. Realising that letting everyone’s laptop’s work it out was was the best bet, I decided on stateless. Under stateless IPv6, hosts can configure themselves automatically when connected to a routed IPv6 network using ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local multicast router solicitation request for its configuration parameters; if configured suitably, routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters. Stateful would have required me running DHCPv6.
So, a quick ‘yum install radvd‘ later, I fired up vim again and edited the default config file, removing the comments from the stanza, then updating the prefix option.
$vim /etc/radvd.conf
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:388:a001:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
The ’service’ tool got another workout with a ’service network restart’, and we were in business. Except for the lack of Route Advertisements. People playing along at home will realise my mistake here, but it took me about an hour of packet sniffing and tcpdumping before I went back and took another look at the config file. Sure enough, changing it to
AdvRouterAddr on;
Worked a treat, and I could fire up the ipv6 stack on my laptop and get an address. A ‘ping6 sixxs.net’ returned the beautiful response
$ ping6 sixxs.net
PING sixxs.net(noc.sixxs.net) 56 data bytes
64 bytes from noc.sixxs.net: icmp_seq=0 ttl=50 time=100 ms
64 bytes from noc.sixxs.net: icmp_seq=1 ttl=50 time=107 ms
But alas, I was thwarted again when trying to view the dancing turtle at www.kame.net by missing something, and it took an hour or two longer, and various bits of telnet, netcat and other tools before the little light went on in my head and I remembered the ‘ip6tables’ service starting when I booted the box. A quick hole for http traffic later, and we had dancing turtle goodness.
Posted in lca09 | No Comments »
