IPv6

A dual stack (IPv4+IPv6) PPPoE service is provided by eircom on a trial basis. It is activated in the same way as standard IPv4 PPPoE, with settings taken from a config file in /etc/ppp/

root@voyage:/etc/ppp/peers# ls
MPN-UK eircom eircom-ipv6

A username@domain is reserved in the RADIUS server of the ISP and the PPPoE session is forwarded to a specially configured test LNS because the BRAS does not support IPv6. The eircom IPv6 pool assigned by RIPE is 2001:bb0::/32. The pools managed by this LNS are 2001:bb0:dd0::/56 used for DHCPv6 assignments of /64 prefixes and 2001:bb0:d00::/41 for DHCPv6-PD assignment of /56 prefixes.

Create a PPP peer config file with the IPv6 lines shown.

root@voyage:/etc/ppp/peers# cat eircom-ipv6
user xxxxx@ipv6.eircom.net
pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
noipdefault
#usepeerdns
#defaultroute  ## not using this peer as the default route
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect /bin/true
noauth
persist
mtu 1492
noaccomp
default-asyncmap
plugin rp-pppoe.so eth0
ipparam eircomipv6
+ipv6 ipv6cp-use-ipaddr
ipv6 ,

Add password to /etc/ppp/chap-secrets

root@voyage:/etc/ppp# cat chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
"eircom@eircom.net" * "broadband1"
"test1" * "xxxxx"

The following IPv6 config is included in /etc/sysctl.conf

root@voyage:/etc/ppp# cat /etc/sysctl.conf

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.ppp2.accept_ra=2

The wide dhcp client is used to obtain DHCPv6 delegated prefix (IA-PD) from the PPP peer.

root@voyage:/etc/ppp# cat /etc/wide-dhcpv6/dhcp6c.conf

interface ppp2 {          ## ppp0=default, ppp1=VPN, ppp2=IPv6
  # Identity Association for Prefix Delegation
  send ia-pd 1;
};

id-assoc pd 1 {
  prefix-interface br0 {  ## number the LAN interface
    sla-id 1;
    ifid 1;
    sla-len 8;            ## /56 prefix implies 8 bits used to number subnet
  };
};

radvd is used for sending router advertisements on the LAN. radvd is configured in /etc/radvd.conf

root@voyage:/etc/ppp# cat /etc/radvd.conf
interface br0
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;

  prefix ::/64
  {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr off;
    AdvValidLifetime 300;
    AdvPreferredLifetime 120;
  };
};

An entry for DHCPv6 is added to the firewall.

ip6tables -A INPUT -i ppp2 -p udp --dport 546 -j ACCEPT
ip6tables -A INPUT -i ppp2 -j REJECT

List IPv6 firewall rules

root@voyage:/etc/ppp# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp      anywhere             anywhere             udp dpt:dhcpv6-client

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Create a script in /etc/ppp/ip-up.d/ to activate the services automatically when the tunnel comes up

root@voyage:/var/log# vi /etc/ppp/ip-up.d/eircom-ipv6

#!/bin/sh

if [ "${PPP_IPPARAM}" = "eircomipv6" ]; then

# Flush existing firewall rules
ip6tables -F

# Accept DHCPv6 from WAN
ip6tables -A INPUT -i ${IFNAME} -p udp --dport 546 -j ACCEPT

# Allow outbound traffic of local origin
ip6tables -A OUTPUT -o ${IFNAME} -j ACCEPT

# Allow established connections
ip6tables -A INPUT -i ${IFNAME} -m state --state ESTABLISHED,RELATED -j ACCEPT

# Reject other incoming traffic from the WAN
ip6tables -A INPUT -i ${IFNAME} -j REJECT

# Start Router Advertisement Daemon
/etc/init.d/radvd start

# Start wide DHCPv6 client
/etc/init.d/wide-dhcpv6-client start

# Add default global route
ip -6 route add 2000::/3 dev ${IFNAME}

fi

Start the PPP session

root@voyage:~# pon eircom-ipv6

DHCPv6 client debug mode:

dhcp6c -fD -c /etc/wide-dhcpv6/dhcp6c.conf ppp2

View the interface status. A /64 prefix is assigned to the ppp interface.

root@voyage:/etc/ppp/peers# ifconfig ppp2
ppp2      Link encap:Point-to-Point Protocol
          inet addr:xx.xx.xx.xx  P-t-P:159.134.191.151  Mask:255.255.255.255
          inet6 addr: 2001:bb0:dd0:xxx:xxx:xxx:xxx:xxx:xxx/64 Scope:Global
          inet6 addr: fe80::2482:3cac:a65d:c664/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1082 (1.0 KiB)  TX bytes:130 (130.0 B)

View the IPv6 routing table.

root@voyage:/etc/ppp/peers# netstat -rn6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::1/128                        ::                         Un   0   1    17 lo
2001:bb0:xxxxxxxxxxxxxxxxx/128 ::                         Un   0   1     0 lo
2001:bb0:xxxxxxx::/64          ::                         UAe  256 0     0 ppp2
fe80::20d:b9ff:fe29:46fc/128   ::                         Un   0   1     0 lo
fe80::20d:b9ff:fe29:46fd/128   ::                         Un   0   1     0 lo
fe80::85c8:8020:cd47:59fa/128  ::                         Un   0   1     0 lo
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         U    256 0     0 br0
fe80::/64                      ::                         U    256 0     0 ppp2
fe80::/10                      ::                         U    1   0     0 ppp2
fe80::/10                      ::                         U    256 0     0 ppp2
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 br0
ff00::/8                       ::                         U    256 0     0 ppp2
::/0                           fe80::2b0:c2ff:feed:781b   UGDAe 1024 0   0 ppp2
::/0                           ::                         !n   -1  1     6 lo

Another way of viewing interface detail using the ip tool.

root@voyage:/etc/ppp# ip -f inet6 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::20d:b9ff:fe29:46fc/64 scope link
       valid_lft forever preferred_lft forever
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
    inet6 fe80::20d:b9ff:fe29:46fd/64 scope link
       valid_lft forever preferred_lft forever
63: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qlen 3
    inet6 2001:bb0:xxxxxxxxxxxxx/64 scope global dynamic
       valid_lft 2591918sec preferred_lft 604718sec
    inet6 fe80::c1c0:c92f:7f14:e72c/10 scope link
       valid_lft forever preferred_lft forever

IPv6 traceroute.

root@voyage:/etc/ppp# traceroute -6 google.com
traceroute to google.com (2a00:1450:400b:c02::64), 30 hops max, 80 byte packets
 1  ipv6.cra.dublin.eircom.net (2001:bb0:6:c001::1)  31.686 ms  33.903 ms  35.698 ms
 2  inex.google.com (2001:7f8:18::57)  45.595 ms  47.402 ms  49.667 ms
 3  inex.google.com (2001:7f8:18::57)  51.986 ms  54.532 ms  56.593 ms
 4  2001:4860::1:0:70c4 (2001:4860::1:0:70c4)  53.924 ms 2001:4860::1:0:70c5 (2001:4860::1:0:70c5)  55.735 ms  71.621 ms
 5  2001:4860::2:0:3de7 (2001:4860::2:0:3de7)  98.109 ms 2001:4860::2:0:64f8 (2001:4860::2:0:64f8)  62.455 ms  64.739 ms
 6  de-in-x64.1e100.net (2a00:1450:400b:c02::64)  35.309 ms  37.387 ms  39.670 ms

Windows PC receives IPv6 address using SLAAC.

C:\Users\bblab>ipconfig

Windows IP Configuration


Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:bb0:d00:1501:xxxxxxxxxxxxxxxxxxx
   Temporary IPv6 Address. . . . . . : 2001:bb0:d00:1501:xxxxxxxxxxxxxxxxxxx
   Link-local IPv6 Address . . . . . : fe80::70b5:c0b9:8694:128c%22
   IPv4 Address. . . . . . . . . . . : 192.168.11.87
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::20d:b9ff:fe29:46fd%22
                                       192.168.11.254

C:\Users\bblab>ping -6 google.com

Pinging google.com [2a00:1450:400b:c02::71] with 32 bytes of data:
Reply from 2a00:1450:400b:c02::71: time=247ms
Reply from 2a00:1450:400b:c02::71: time=202ms
Reply from 2a00:1450:400b:c02::71: time=135ms
Reply from 2a00:1450:400b:c02::71: time=308ms

Ping statistics for 2a00:1450:400b:c02::71:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 135ms, Maximum = 308ms, Average = 223ms

Another look at the IPv6 routing table showing the delegated prefix in use on the LAN

root@voyage:/etc/ppp# netstat -rn6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::1/128                        ::                         Un   0   1   434 lo
2001:bb0:d00:1501::/128        ::                         Un   0   1     0 lo
2001:bb0:d00:1501::1/128       ::                         Un   0   1     3 lo
2001:bb0:d00:1501::/64         ::                         U    256 0     0 br0
2000::/3                       ::                         U    1024 0    0 ppp2
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::20d:b9ff:fe29:46fc/128   ::                         Un   0   1     0 lo
fe80::20d:b9ff:fe29:46fd/128   ::                         Un   0   1   672 lo
fe80::7073:4828:dc2f:9008/128  ::                         Un   0   1     2 lo
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         U    256 0     0 br0
fe80::/64                      ::                         U    256 0     0 ppp2
fe80::/10                      ::                         U    1   0     0 ppp2
fe80::/10                      ::                         U    256 0     0 ppp2
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 br0
ff00::/8                       ::                         U    256 0     0 ppp2
::/0                           ::                         !n   -1  1   821 lo

Restarting the services if required

root@voyage:/etc/ppp# sysctl -p
root@voyage:/etc/ppp# /etc/init.d/radvd restart
root@voyage:/etc/ppp# /etc/init.d/wide-dhcpv6-client restart

Testing IPv6 connectivity using test-ipv6.com

testipv6

Advertisements