IPv6 on Fedora
After hearing about the activation of IPv6 (AAAA) records for four of the root DNS servers I got very curious about IPv6 and its current state of adoption. Well, it turns out IPv6 may not be the solutions to all Internet woes but we will have to learn to live with it anyway.
And so I did. Like 99.999% percent of Internet users I don't have a native IPv6 connection, but enabling a IPv6 tunnel on Fedora is very, very easy. I decided for the simplest type of tunnel, called 6to4. This type of tunnel is very convenient as I don't need to register it anywhere nor do I need to ask permission to anyone. It is based on the kindness of people that run 6to4 routers in the IPv4 Internet at the 192.88.99.1 anycast address. Usually people disregard this type of tunnel as being slow, but routing from Brazil to the world is already so slow I found the performance acceptable. Besides, there isn't much yet to do in the current IPv6 Internet.
Enabling a 6to4 tunnel on Fedora is ridiculously simple. First put the following lines in /etc/sysconfig/network:
NETWORKING_IPV6=yes IPV6_DEFAULTDEV=tun6to4 IPV6FORWARDING=yes
The last line is only required if you are going to share the IPv6 connection with a local network. The rest of this recipe assumes you are. Now find the configuration file for the interface connected to the Internet. If it is eth1 the file should be /etc/sysconfig/networking/devices/ifcfg-eth1. Put the following lines there:
IPV6INIT=yes IPV6TO4INIT=yes IPV6_CONTROL_RADVD=yes IPV6TO4_ROUTING="eth0-:1::1/64 wlan0-:2::1/64"
Once again, the last two lines are only required if you have a local network you want to provide with IPv6 connectivity. If not, remove the extra lines and you are set. Restart the interface and you are connected to the IPv6 Internet! When using 6to4, probably due to the performance concerns, Fedora prefers IPv4 addresses. So, go to a IPv6 only site (like http://www.ipv6.bieringer.de/) to test it. And remember to define a IPv6 firewall. Your current iptables firewall only covers IPv4, use ip6tables to create a IPv6 one.
A nice thing about this setup is that a 6to4 tunnel gives me a whole /48 netblock based on my IPv4 address. So, no NAT in my local IPv6 network! The last two lines lines above allow the networking scripts to control the RADV daemon and to create IPv6 addresses to other interfaces (besides the one you are actually configuring). Just treat the /48 of your 6to4 address as a prefix and create a /64 netblock for each interface. Create a /etc/radvd.conf file with an entry like this for each interface:
interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2002:XXXX:XXXX:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
Where 2002:XXXX:XXXX is your automatically configured 6to4 adress. Start RADV daemon and the hosts in you internal network should receive an automatically generated address.
For me, the next step would be to do the same to this site and add a little bit more content to the IPv6 Internet. Unfortunately, the Xen kernel used by my VPS provider doesn't support stateful iptables support for IPv6. I though IPv6 support on Linux was a done deal, but this critical functionality was only added about and year ago in kernel 2.6.20. It seems IPv6 may be a bit farther in the future than I expected. But it was surely fun to set it up anyway.