Messing around with ipv6

My v-colo at Panix can be configured to use IPv6. Now it looks a little bit like Panix is kludging routing slightly (they give you a /96 but with a /64 netmask). It’s very possible that their router is just at the end of a HE tunnelbroker, since HE are an upstream provider to Panix.

Enabling IPv6 on the v-colo was simple; I just enabled it on their “config” website and…it worked. I could even set up a rDNS entry for that IP. Since I don’t currently need more than the one address I didn’t bother looking at the other addresses.

My linode required a specific tunnel being set up. So I signed up for one, associated my linode IPv4 address with it. Then configured my CentOS machine:

Add to /etc/sysconfig/network

NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=sit1

Create /etc/sysconfig/network-scripts/ifcfg-sit1

DEVICE=sit1
BOOTPROTO=none
ONBOOT=yes
IPV6INIT=yes
IPV6TUNNELIPV4=<HE's IP4 tunnel address>
IPV6ADDR=<Assigned IPv6 tunnel address>

Then “ifup sit1” and… it was on the network!

But, here, the rDNS of the tunnel is specific directly by HE. So I had to use one of the /64 addresses assigned to me. This was as simple as adding a line such as

IPV6ADDR_SECONDARIES=<one_of_my_ip_addresses>

“ifdown sit1” then “ifup sit1” and the address was assigned.

Now one thing I don’t understand is how the kernel decides on what source address should be used when making a connection, since “ip addr” shows both as a /64. But it seems to work; outgoing ssh connections show the connection coming from my routed address and not the tunnel address.

Of course, using a routed address meant I needed to setup rDNS for that. HE allows delegation of the routed subnet and a little bit of trail-and-error seems to have got that to work.

Because this is a test, I’m using a different name for my IPv6 addresses. When I’m convinced it all works then I’ll probably switch to having the same name for IPv4 and IPv6. Although I noticed my web server config doesn’t listen on IPv6. Umm.

Why am I doing this? I don’t believe IPv4 is going away for a fair few years yet (those areas with IPv6 only will have ISP provided proxies for web servers and 6to4 NAT gateway, for example) but I thought it’d be something to play with.

What’s interesting is this…

From my linode to my v-colo

IPv4:
6 packets transmitted, 6 received, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 83.076/83.313/83.760/0.436 ms, pipe 2

IPv6:
6 packets transmitted, 6 received, 0% packet loss, time 5001ms
rtt min/avg/max/mdev = 71.254/72.490/76.062/1.670 ms, pipe 2

Various traceroutes later, it seems the cross-country transit from NYC to LAX (which is HE, both ways) is quicker on IPv6 which surprises me.

I guess my next step will be to add a tunnelbroker connection to my home network. But that will require a little more thought; I don’t necessarily want to expose my Windows machines to the outside world (the NAT gateway acts as a nice little firewall for IPv4) so I’ll need to be a little bit cleverer. It also seems my preferred WTR54G firmware (Tomato) doesn’t support IPv6 so I’ll need to work on that as well.

*UPDATE:*

I realised that the way I was seeing traceroutes to my routed IPv6 range meant that it wasn’t actually using the end-tunnel IPv6 address for the route. So I just tried assigning one of the routed addresses directly to the interface and not use the tunnel address. It seems to work just as well, so I don’t have to worry about what source ip6 address will be used for outgoing connections.