• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Getting allocated /64 working under Linux

Started by leondz, March 24, 2009, 02:26:45 PM

Previous topic - Next topic

leondz

Hi,

I'm an idiot. I've got the basic point-to-point stuff up and working, but I'd like to use the RDNS delegation, which requires my using the allocated /64. However, I can't seem to be able to get any traffic going to/from the allocated /64. The host that all this concerns is a machine running Centos out alone in public IPv4 space.

I've tried adding address space for the allocated /64 to eth0 (2001:470:8:4e9::1/64), which shows up fine via ifconfig, but doesn't seem to fix anything.


[21:12:05 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 40:40:43:CF:8A:AD
          inet addr:67.207.138.173  Bcast:67.207.138.255  Mask:255.255.255.0
          inet6 addr: fe80::4240:43ff:fecf:8aad/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2570 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:310686 (303.4 KiB)  TX bytes:1188505 (1.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:663 errors:0 dropped:0 overruns:0 frame:0
          TX packets:663 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1611517 (1.5 MiB)  TX bytes:1611517 (1.5 MiB)

sit0      Link encap:IPv6-in-IPv4
          inet6 addr: ::67.207.138.173/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit1      Link encap:IPv6-in-IPv4
          inet6 addr: fe80::43cf:8aad/64 Scope:Link
          inet6 addr: 2001:470:7:4e9::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)




[21:23:24 ~]# route -n -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::1/128                                     ::                                      U     0      11       1 lo
::67.207.138.173/128                        ::                                      U     0      0        1 lo
::127.0.0.1/128                             ::                                      U     0      0        1 lo
::/96                                       ::                                      U     256    0        0 sit0
2001:470:7:4e9::2/128                       ::                                      U     0      0        1 lo
2001:470:7:4e9::/64                         ::                                      U     256    0        0 sit1
fe80::43cf:8aad/128                         ::                                      U     0      0        1 lo
fe80::4240:43ff:fecf:8aad/128               ::                                      U     0      0        1 lo
fe80::/64                                   ::                                      U     256    0        0 eth0
fe80::/64                                   ::                                      U     256    0        0 sit1
ff00::/8                                    ::                                      U     256    0        0 eth0
ff00::/8                                    ::                                      U     256    0        0 sit1
::/0                                        ::                                      U     1      0        0 sit1



[21:23:28 ~]# ping6 ipv6.google.com
PING ipv6.google.com(2001:4860:b002::68) 56 data bytes
64 bytes from 2001:4860:b002::68: icmp_seq=0 ttl=61 time=55.0 ms
64 bytes from 2001:4860:b002::68: icmp_seq=1 ttl=61 time=55.2 ms
64 bytes from 2001:4860:b002::68: icmp_seq=2 ttl=61 time=55.2 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2008ms
rtt min/avg/max/mdev = 55.052/55.196/55.284/0.290 ms, pipe 2



21:24:13 ~]# ping6 2001:470:8:4e9::1
PING 2001:470:8:4e9::1(2001:470:8:4e9::1) 56 data bytes
From 2001:470:7:4e9::1 icmp_seq=0 Destination unreachable: Address unreachable
From 2001:470:7:4e9::1 icmp_seq=1 Destination unreachable: Address unreachable

--- 2001:470:8:4e9::1 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1003ms


How can I make use of the allocated /64?

zEkE

I've been able to do exactly what it seems you're trying to do, my problems were firewall related (assigned IP6Tables the wrong Public IF for IPv6)

I notice in your pastes, eth0 is showing only the local IPv6 address, and nothing from your allocated range.

Let me show how I do things, not necessarily the best way but it works (also willing to accept suggestions on this myself):

I have a script sitting in my if-up.d directory that runs the example commands from tunnelbroker.net, it looks something like this:
#!/bin/bash

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.218.224.42 <-- TunnelBroker endpoint
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f0e:610::2/64 <-- My IPv6 endpoint
route -A inet6 add ::/0 dev sit1

IPV6_DEV="eth1"

ip -6 addr add 2001:470:1f0f:610:0002:a576:7406:3/64 dev $IPV6_DEV <---\
ip -6 addr add 2001:470:1f0f:610:202:a5ff:fe76:5400/64 dev $IPV6_DEV <----} these are all from my allocated /64.
ip -6 addr add 2001:470:1f0f:610:202:a5ff:fe76:5401/64 dev $IPV6_DEV <---/


I then have an ip6tables script in the same directory - these are always called when my interface comes up, which is usually only at startup.

As far as assigning RDNS, I use Sitelutions because it's who I've always used for DNS for pointing records to the addresses, and I use afraid.org (because Sitelutions as of last time I checked, a couple weeks ago, don't support RDNS for IPv6) for the RDNS records for the range. You could easily use afraid.org for both, or neither if you don't need it.

leondz

Fantastic - that's worked perfectly. I was trying to add blah::/64 to eth0, which didn't work.

sdsdsd

 Link encap:Ethernet  HWaddr 40:40:43:CF:8A:AD
          inet addr:67.207.138.173  Bcast:67.207.138.255  Mask:255.255.255.0
          inet6 addr: fe80::4240:43ff:fecf:8aad/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2570 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:310686 (303.4 KiB)  TX bytes:1188505 (1.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:663 errors:0 dropped:0 overruns:0 frame:0
          TX packets:663 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1611517 (1.5 MiB)  TX bytes:1611517 (1.5 MiB)

sit0      Link encap:IPv6-in-IPv4
          inet6 addr: ::67.207.138.173/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit1      Link encap:IPv6-in-IPv4
          inet6 addr: fe80::43cf:8aad/64 Scope:Link
          inet6 addr: 2001:470:7:4e9::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

snarked

The last post ^^^ above is set up incorrectly.

2001:470:7:4e9::2/64, as your ROUTED /64, belongs on your eth0 interface.  sit1 needs 2001:470:6:4e9::2/64, the tunnel, so that HE can ping the tunnel and know it's still alive.  If you don't respond to pings, the tunnel may be disabled.

Sit0 and sit1 may need IPv4 addresses (which may be the SAME as eth0) so that packets are routable.  (Otherwise, what IPv4 source address does your encapsulated IPv6 packet use?)

avenger

I've never set ipv4 addresses on sit interfaces. This communication is done internally, and you can fix to the addresses by the 'remote' and 'local' parameters (on iproute2). For example:

ip tunnel add sit1 mode sit remote <he.net's IP> local <eth0's ip>


if you do not specify the remote one, it would not know to where to connect.. (it could accept data from any source) hehe

if you do not specify the local one, it will use the default IP address throught the route to the remote ip address in question.

snarked

Leaving the kernel to decide on which default IP for a 6in4 address is dangerous.  It's trivial if the host has only a single IPv4 address, but many hosts either do virtual hosting or are multi-homed and thus have MULTIPLE IPv4 addresses configured.

6to4 doesn't suffer the problem as the appropriate IPv4 address is extracted from 2002::/16's 2nd and 3rd quads.