IPv6 and Linux (FTTC and PPPoE) - a tutorial

[alexwright]

Being the sort of guy who likes to ride the crest of the technology wave, I've been running IPv6 on my home network for a number of years now, via a tunnel broker (SIXXS)

With IDNet now supporting IPv6 natively, and it being almost IPv6 day (8th June), I thought I'd share my experience of getting IPv6 working natively over PPPoE and my FTTC connection. If you are on ADSL and don't have an IPv6 enabled router, I think you are currently out of luck!

First, my system:

As I didn't want to power any additional boxes, the BT VDSL modem connects directly to my Linux based server. The Linux kernel has a PPPoE module built in, and I believe any modern system will be able to form a connection simply be editing /etc/ppp/pppoe.conf and adding your password to /etc/ppp/chap-secrets.

You will also need to configure the ppp0 interface. For me (running Gentoo), this involves editing /etc/conf.d/net to add the following:

config_ppp0=( "ppp" )
link_ppp0="eth1"

plugins_ppp0=( "pppoe" )
username_ppp0='YourUsername'
password_ppp0='Your Password'
pppd_ppp0=(
       "noauth"
       "defaultroute"
       "usepeerdns"
       "holdoff 3"
       "child-timeout 60"
       "lcp-echo-interval 15"
       "lcp-echo-failure 3"
       noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp
)

depend_ppp0() {
    need net.eth1
}

Starting ppp0 should now leave you with a running IPv4 connection. All well and good, but isn't this supposed to be about IPv6? Well, yes. First edit /etc/ppp/ppp-server-options to the following:

require-pap
login
lcp-echo-interval 10
lcp-echo-failure 2
ipv6 ::1,::2

The important line is the last one, that enables IPv6 for the ppp coonnection.
Then, we need to fetch our IPv6 address allocation from IDNet. For this purpose, I used Dibbler, a DHCPv6 client.

Running the client in Prefix Delegation mode (config):

# This is an example configuration file with prefix delegation
# enabled. To ask for prefixes, use 'pd' (or 'prefix-delegation') keyword.

log-mode full

# 7 = omit debug messages
log-level 7

iface "ppp0" {
  pd
}

Start the client, and get it to run on boot.

Then, run ifconfig to reveal your allocated IPv6 Address:

> ifconfig

...
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:xx.xx.xx.xx  P-t-P:212.69.63.51  Mask:255.255.255.255
          inet6 addr: 2a02:390:feed:aaaa:bbbb:cccc:dddd:eeee/64 Scope:Global
          inet6 addr: fe80::8434:b8b4:605d:d92/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:4105266 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2310189 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:3517241103 (3.2 GiB)  TX bytes:262926315 (250.7 MiB)
...

The line starting fe80 is the automatically allocated link address (Its used instead of ARP for resolving link addresses), but the one we are interested is the one starting '2a02' (I've anonymised mine!). This is the start of your address, kind of. If you look in the log, you will find you have been allocated an address in the form: 2a02:390:aaaa::/48 the address above is the address allocated to the ppp link, We'll need it now to add the routing.

For some reason, I couldn't get it to configure routing automatically, so you'll need to run the following after starting the ppp link replacing 'aaaa' as required by the address you have been allocated):

> /sbin/ip -6 route add ::/0 via 2a02:390:feed:aaaa::1

You should now be able to ping an IPv6 address!
Try the following:

> ping6 www.kame.net

If that works, congratulations! You have a working IPv6 connection :-)

If you are running your server, like me, as a router, you will now also need to advertise the route. I use radvd:
/etc/radvd

interface eth0
{
   AdvSendAdvert on;
   AdvLinkMTU 1280;

   # recommended values from ronald
   MinRtrAdvInterval 3;
   MaxRtrAdvInterval 10;

  prefix 2a02:390:aaaa:1::/64
   {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr on;
   };
};

interface eth2
{
        AdvSendAdvert on;
        AdvLinkMTU 1280;

   # recommended values from ronald
      MinRtrAdvInterval 3;
      MaxRtrAdvInterval 10;

        prefix 2a02:390:aaaa:2::/64
        {
             AdvOnLink on;
             AdvAutonomous on;
      AdvRouterAddr on;
        };
};

Your network should now also be IPv6 enabled. I've found that MacOSX, Android phones Lexmark printers and Windows 7 will all just work. Windows XP might have to be 'persuaded'...

Good luck, and don't forget a firewall on the Linux router (the one that runs the PPPoE connection) as all your machines will now have public addresses! You can't rely on the security of NAT any more...

On the plus side, if you like Bit Torrent, or gaming (using IPv6 enabled game servers), you don't have to worry about setting up reverse NAT connections either.

Any questions?

[Rik]

Great work, have a karma and a sticky. 

[Steve]

 

[Ray]

 

[jm_paulin]

Does this mean you are running dual-stack?
Or is that really pure IPv6?

Looks like your ifconfig still reports an ipv4 address as well as IPv6.... :

Code Select Expand

> ifconfig
ppp0      Link encap:Point-to-Point Protocol 
          inet addr:xx.xx.xx.xx  P-t-P:212.69.63.51  Mask:255.255.255.255


[Steve]

From my own experience I couldn't connect to IDNet without asking for the IPv4 address,once PPP has been established there is some delay before my IPv6 address appears

[alexwright]

I am running dual stack, as to covert IPv4 addresses to IPv6 involves messing around intercepting DNS queries for IPv4 only sites, and rewriting them.

[tcrichton]

Alex that's a great post, thank you.

I'm unfortunately not being assigned an ipv6 address by IDNET through dibbler and I'm wondering if you had to ask them to turn on a magic ipv6 switch for your account or if it should just work.

Thanks,

Tristan.

[Glenn]

  Tristan

[Rik]

AFAIK, Tristan, it should just work.

[Steve]

 

As Rik said if IPv4 and IPv6 is correctly enabled with your hardware you will receive an IP4 and 6 address.

[Ray]

 

[tcrichton]

Thanks guys,

I'll keep twiddling with the settings then :-)

Tristan.

P.S. Thanks for all the Karma!

[Terryphi]

I'm unfortunately not being assigned an ipv6 address by IDNET through dibbler and I'm wondering if you had to ask them to turn on a magic ipv6 switch for your account or if it should just work.

I have installed a new IPv6 capable router in the last few days and set up hardware and OS as required. I am on ADSL. Checking the config I see that I have not been automatically allocated a Global IPv6 address by IDNet network so cannot visit IPv6 sites.

Did you get yours working, Tristan? Maybe a call to Support is required after the holiday.

[Steve]

We thought the allocation was 'automatic' but it seems not so for everyone and indeed if your on the Be* feed that wasn't IPv6 enabled a month or so ago.

[Terryphi]

Thanks, Steve. I'll talk to Support when they are back.

[Terryphi]

Thanks, Steve. I'll talk to Support when they are back.

I spoke to IDNet Support this morning and I was told that allocation of an ipv6 address is "automatic". Unfortunately, my Technicolor TG582n is not connecting to IPv6 although I have done all the required software tweaks. I will have to seek advice from Technicolor Support. Disappointing.

[Steve]

AAISP have used that router for IPv6 but I could find no details on setup. The Billion 7800N is straight forward and non educational as all you have to do is tick a box to enable and off you go. There is a box that says obtain IPv6 address automatically and that has '::' entered in it.

http://www.thinkbroadband.com/news/4899-andrews-amp-arnold-tg582n-the-chosen-router-for-ipv6.html

I guess there's big difference between IPv6 ready and working.

[Ardua]

I had to ask Support to 'enable' IPv6 and it has been working fine for me ever since. As all my devices are Apple, Mac OSX and IOS5 detect the fastest site and connect to it. For example, I have just visited TBB and clicked on their IPv6 button and got a 'yay' for IPv6. I did the same on an IPAD and it shows IPv4; however, yesterday, it was showing IPv6.

[Steve]

Thanks Ardua, I was trying to recall who recently did not get an automatic allocation and I understood from that point onwards it was 'fixed' again to everyone with an automatic allocation of IPv6 address.

With regard IPv6/IPV4 as I understand it if you are IPv6 enabled and a server has both AAAA and A DNS entries, the browser will always try IPv6 first

[Terryphi]

AAISP have used that router for IPv6 but I could find no details on setup. The Billion 7800N is straight forward and non educational as all you have to do is tick a box to enable and off you go. There is a box that says obtain IPv6 address automatically and that has '::' entered in it.

http://www.thinkbroadband.com/news/4899-andrews-amp-arnold-tg582n-the-chosen-router-for-ipv6.html

I guess there's big difference between IPv6 ready and working.

Or a big difference between AAISP and IDNet (apart from the cost!) When I spoke to Support all I asked was whether ipv6 address allocation was automatic. I do not expect them to sort out a problem if it is at my end. However, from the cool tone of the conversation I got the impression that IDNet is not eager at present to help customers with IPv6 implementation.

[Ardua]

With regard IPv6/IPV4 as I understand it if you are IPv6 enabled and a server has both AAAA and A DNS entries, the browser will always try IPv6 first

Steve - I am somewhat out of my depth and sinking fast!  I have Mac OSX Lion installed on my MacBook and IOS5 on my IPhone and IPad. What follows comes from an Apple Mailing List:

There are some significant changes to IPv6 in Lion.

Results from getaddrinfo are now sorted using routing statistics (destination with the lowest min round trip time wins). If the statistics can not determine which destination is better, an implementation of RFC3484 is used. The default RFC3484 policy is read only.

CF and NS layer frameworks that use CFSocketStream do not use getaddrinfo. Those APIs use something similar to happy eyeballs. The A and AAAA queries are started at the same time but the responses are handled as they are received. When an answer is received, it is sorted in to a list of destination addresses. If there are no more addresses coming in (this was the last answer in the DNS packet or mDNSResponder has no more answers in the cache), a connection is started to the first destination on the sorted list. The DNS resolve operation is left running and more answers are processed as they arrive. A timer is setup for a period of time in which we would expect the connection to complete, based on the routing statistics. If the timer fires before the connection is established, a connection to the next best address will be started while the existing connection continues to try and make progress. A similar timer is setup and the process repeats until a connection is established or we run out of addresses to try. The code keeps track of whether or not it has received both A and AAAA response (whether the answer was a list of addresses or no address). If the connection is established before both A and AAAA responses come back, the resolve is kept open for up to a second to allow mDNSResponder to receive a slow response and store it in the cache. This way, subsequent connections to the same host in a short period of time will have all answers in the cache.

Most users that aren't on this list don't care if they connect over IPv4 or IPv6. They just care that they connect. The code in CF and NS aims to make sure the user always gets a connection quickly. The code above also addresses issues where a AAAA response is never received (doesn't hold up connecting to IPv4) and issues where the user has some busted equipment that sends routing advertisements for a prefix even though the equipment has no way to route IPv6 traffic. The trade off is that it may be hard to predict whether a connection will occur over IPv6 or IPv4. If an option were added to prefer one address family over the other, it would need to indicate how much longer the user was willing to wait to get the address family of their choice.

You can use the command line tool "nettop -n -m route" to dump a live view of the routing statistics. You can use "nettop -n" to dump a live view of all TCP and UDP sockets on the system.

[url]http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html/url]

The above is how it seems to work in practice!

[Steve]

Thanks again! I wonder if that applies to any browser on Mac OS X

[Terryphi]

I bought a Technicolor TG582n router specifically to test IPv6 because it is described as "IPv6 ready." However, it does not actually work as an IPv6 connection. Both IDNet Support and Technicolor Support take no responsibility for this and will not, or cannot, provide me with the necessary firmware to do so. I know that AAISP and Technicolor have sorted out firmware for this router which allows users to use IPv6 on the AAISP network.

Technicolor say I should talk to the reseller (i.e. Amazon.co.uk) who can contact their Technicolor business contact to ask for a solution. I have now emailed Amazon. The saga continues!

[tcrichton]

Sorry for the late response.

I didn't get IPv6 working but also haven't asked IDNet support to enable it (if I need to...)

I may have another bash at it once I've confirmed I don't need a switch to be flicked at support.

Tristan.