IPv4 person wants to deploy an educational but functional IPv6 network
December 29, 2011 3:29 PM   Subscribe

IPv4-savvy person looking to get started implementing a home/work test IPv6 network: I'm swimming in too much information. Can someone who has done this help me with where to start?

Looking out at 2012 job requirements, I'm going to need to know a fair bit about IPv6. I write embedded software, and the things my company makes are going to have to support (on some level) IPv6 networks in the next couplefew years. This means code development has to start looking at it right now.

Various people I've talked to and read have different solutions which offer different learning experiences: go buy a 4to6 tunnel and just setup one computer to use it; set up a couple virtual machines on a virtual IPv6 network and have them talk to each other; set up a 4to6 tunnel on your router; etc.

So I'm looking for people who have been there, done that, and don't mind sharing their best approaches. What did you do? What would you do differently if you were starting today?

Limitations / Details:
* I need a network that I can use day-to-day, run wireshark and see how things work, etc. Basically a way to grow an IPv6 version of all this "this is how IPv4 things really work" knowledge I've picked up over the years. What are the day-to-day issues our customers might see? etc. I think that means I want the "setup your router to make your home network dual-stack and tunnel out to a 4to6 provider" setup, but I'm still hazy on how to actually do that.
* I work in a remote office from my home, so anything which would play nicely with my IPv4-only Comcast residental ISP would be lovely. Also, not interfering with my wife's IPv4 experience is a must.
* My main corporate office is IPv4-savvy, but aren't netheads so can't help me. I've made sure all their future router upgrades, etc., support IPv6, but at the moment they're a pure IPv4 network.
* I have a little budget, say under $500 in the short term. If I have to replace my ancient Linksys router (currently running dd-wrt), I can do that. If I can get the network up and running and show that I'm learning useful things, well then the future budget could be real money.
* can be Windows or Linux; it'll have to work with both eventually (home computers and work testing tools run on two platforms) but I can start with just one if that's easier. I have an MSDN OS subscription available, so any variant of a Windows platform is available.
* technically difficult things are okay. I'm well-versed on the command line, have ported and written large chunks of IPv4 stacks, etc. I can make virtual machines, build kernels if I have to, etc. Obviously the less work the better, but all things are possible.

I've read a lot about the technical parts of IPv6, dug through the RFCs, O'Reilly books, etc. during my coffee breaks, but those things tend to be light on the implementation details.

Help me, Metafilter-wan Kenobi. You're my only hope (at making it to March with all my hair).
posted by introp to Computers & Internet (7 answers total) 17 users marked this as a favorite
 
(All of this will still let you have a full real IPV4 net. The things that you will notice that are different are that the sites that are up on ipv6 will be slightly slower, but maybe not noticeable. Also Comcast is rolling out IPV6 very soon anyway, so you won't have to deal with a tunnel.)
1. Go here, get a tunnel: http://tunnelbroker.net/
2. Set up a "router" for it.

It is actually shockingly easy to do, yet essentially pointless these days. #2 depends on if you want just your computer on it, or if you want your whole network on it, and what kind of "router" will be routing IPV6.
If you want your whole network on it, I wouldn't suggest you using a Windows computer as the router.
But on Mac or Linux, or FreeBSD, it is pretty easy. Once you get your tunnel and your IPV6 subnet, Tunnelbroker will literally have a page telling you exactly what commands to type in to establish the route.

From there, then you need to set your real NIC up with a manually assigned IPV6 address from your subnet they give you. Then, install and run radvd on that machine to advertise the route and IPV6 subnet. Radvd is the realy key to all of this in this tunnel situation, and the thing that will still remain once your ISP goes onto IPV6 itself (but it would run on your router -- most SOHO routers don't support it sadly, but some do, like the Apple routers. With them it is painfully easy, you literally just click a checkbox, and it autoconfigures itself. It is easier than DHCP)
posted by Threeway Handshake at 3:48 PM on December 29, 2011


Other important things to know about, for a workplace environment:

There is a link-local subnet that all your computers will auto-assign themselves, fe80:, which is the equiv of 169.254.0.0 basically. The full address will be based on the MAC address of the interface.

There is no NAT. All routers are actually real routers. All computers on local networks are addressable from the IPV6 Internet.

Learn to read the addresses and 128bit subnets of the address space.

Read up on radvd, it is essentially the standard of route and subnet advertising, and basically replaces DHCP.

Read up on AAAA records, and how to configure the common DNS servers to be able to use them.

Read up on firewalls/filtering, this will be important because of the fully-addressable space above. We got away with a lot because of the NAT hack for the limited IPV4 space, which accidentally gave us all non-addressable networks inside our firewalls.
posted by Threeway Handshake at 4:40 PM on December 29, 2011


Quick add on to Threeway Handshake's notes: The link-local addresses are always enabled. By in large, every active IPv6 interface will have multiple addresses. While it's true IPv4 interfaces can have multiple addresses, they normally don't. You'd only get the 169.254.0.0 on v4 if there's no DHCP but on v6 the link local address is a freebie and stays active once you get configured. I vaguely recall there was a concept of organization-scope routed addresses as well so your typical office PC could easily have 3 IP addresses.

You should bone up on the multicast stuff too which I found pretty interesting.
posted by chairface at 4:48 PM on December 29, 2011


One of the biggest changes I've been reading up on is the fact that in IPv4, NAT and Firewall are concepts that have grown together to the point where there's very little information about running a fully routed network with a firewall in place.
posted by odinsdream at 5:55 PM on December 29, 2011


For the learning, I would get whatever Cisco Press book contains the intro to IPv6. There is a chapter in the ICND2 book.

For the doing, I would personally get a computer and set up a linux router on it. That's what most of the commercial small routers are running, and a real installation will give you the tools (like wireshark, et al) to see what's going on.

I haven't done anything with ipv6 myself, but casual reading suggests that it mostly just works, sort of the way a LAN with DHCP and a DNS server would work. You plug a thing in, it gets an address, and it registers itself with DNS. If someone is used to dealing with static networks and using numerical notation to talk to internal devices (like, I know my printer is 10.0.0.99 so that's how I connect to it), trying to remember fe80::ad:2a:3f:21:e3:fa is going to be a challenge. Impossible if you use random addresses instead of MAC addresses.

It looks like they've gone with a hierarchical scheme for routing so that instead of remembering 100000 different routes, routers really only have to look at the address to figure out where it needs to route the packet. Sort of like the old telephone system, where a phone switch would look at a number and be able to KNOW that a 312-555-0000 number has to be routed to chicago. Then the switch in chicago looks at the 555 part and sends it to the switch that handles the 555 exchange. In other words, routers don't have to know anything about the networks upstream or downstream from themselves, only who they are attached to.

(All of this is speculation based on light reading. Giant grain of salt.)
posted by gjc at 6:02 PM on December 29, 2011


it registers itself with DNS

There's no auto-dns registration. Anything that is automatic would be over things like NetBIOS (but I'm not sure that does IPV6 yet, or Bonjour (that does.)

There is a DHCP6 service, though not very widely used yet. The DHCP6 server would be the one to register a client machine into DNS.

It looks like they've gone with a hierarchical scheme for routing so that instead of remembering 100000 different routes, routers really only have to look at the address to figure out where it needs to route the packet.

Routers in IPV6 do the same thing as IPV4 routers do essentially. Your router at home knows of routes to the local network, as well as its default gateway, which is the ISP's next router, or the tunnel endpoint. A higher up router that is connected to several different subnets will know the routes to each of those, as well as having a default route up higher.
posted by Threeway Handshake at 7:49 PM on December 29, 2011


Seconding what Threeway Handshake recommended, it's what I did a few years back (down to the use of Hurricane Electric's tunnel broker). I think dd-wrt or a similar distro should be capable of acting as a tunnel endpoint; it's not a difficult job. You can also use something like 6to4 for inbound traffic and a nearby 6to4 relay for outgoing traffic (relies on IPv4 anycast), if you don't want to set up an explicit tunnel. I haven't tried that but people have reported success.

Most of the differences I've noticed with v6 stuff is in the initial network configuration stage— the kinds of things that are often handled by DHCP and ARP and such— there are different protocols for those in v6-world, mostly relying on the link-local scoped addresses that machines can give themselves without outside help.

One nice consequence of that plus the fact that machines are expected to be able to handle multiple addresses is that you're supposed to be able to renumber your network easily and without downtime just by having your router advertise a new prefix and later withdraw the old one. I haven't tried that…

In day-to-day operation, the rest of IPv6 isn't much different from v4 operation. If you have a bunch of Macs on a LAN, there might be substantial v6 traffic already (eg, if you ssh to one via its Bonjour-advertised name, you'll probably go over v6). I think Apple's "Back to My Mac" service uses tunneled IPv6 as well.

It looks like they've gone with a hierarchical scheme for routing so that instead of remembering 100000 different routes, routers really only have to look at the address to figure out where it needs to route the packet. Sort of like the old telephone system,

This isn't actually much different from IPv4. What they're doing is trying to assign IPv6 addresses hierarchically so that routing tables will be small. But they do the same thing with v4.
posted by hattifattener at 7:58 PM on December 29, 2011


« Older Bent out of shape over a ring... Treebeard would...   |   How does one actually succeed in dating? Newer »
This thread is closed to new comments.