IPv6 is an redesigned and improved version of the IPv4 protocol, and is intended to start replacing IPv4 in 2011 and beyond as the IPv4 global address space becomes exhausted. IPv6 includes a number of improvements over IPv4, including most notably 128-bit addressing, simplified protocol header, integrated IPSec and Multicast implementations, improved discovery, flexibility and router interaction, and improved facilities for auto-configuration. IPv6 also marks the end of Network Address Translation (NAT), which is not recommended or necessary with IPv6. While it's possible to use non-routable addresses with IPv6, this is not a requirement and it is possible for any IPv6 device to have its own globally routable IP address if desired.
IPv6 addresses consist of 128 bits. The first 64 bits are used for the network and subnet portion of the address, while the remaining 64 bits are used for the host portion of the address. For more information on how to represent IPv6 addresses, please see the Presentation section of the IPv6 address page on Wikipedia.
IPv6 addresses also have an associated network mask, which is typically written as a trailing "/64" or "/48" at the end of the address, which specifies what bits of the address are used for network and subnet parts. For example, a "/48" mask specifies that addresses use a 48-bit network part, followed by a 16-bit subnet part (allowing for 2^16 subnets), followed by a 64-bit host part (allowing for up to 264 hosts for each of the 216 subnets to be specified.) In contrast, a "/64" mask specifies that addresses use a 64-bit network part, no subnet part, and a 64-bit host part (allowing up to 264 hosts total to be specified.) This means that if you are issued a "/64" set of addresses, you will not be able to define any subnets, but if you are issued a "/48" set of addresses, you will be able to define up to 216 subnets.
Address Space and Security
IPv6 also uses a global, flat address space. IPv6 is designed so that any device that needs to communicate on the Internet is able to have a unique globally-routable address. With IPv6, there is no need for using Network Address Translation (NAT). With IPv4, NAT is often used as a means of protecting systems from being accessed by malicious users. With IPv6, firewalls are typically used instead of NAT for restricting access to systems. With IPv6, it is normal for all machines on your home network to have "globally routable" addresses, the equivalent of a "public IP" in the world of IPv4. It is important to understand that this is the way that IPv6 is intended to be used for the majority of users, and that an IPv6-enabled router will no longer be performing NAT for you.
There are several ways to use IPv6 with Funtoo Linux. Here are some possibilities:
- Participating in an existing IPv6 network
- Creating a local IPv6 over IPv4 tunnel
- Enabling IPv6 on your router, possibly via a tunnel
Participating in IPv6 Network
The first approach is an option if your Funtoo Linux system happens to be on an IPv6 network, or you desire to set up an IPv6 network. In this case, the Funtoo Linux system simply needs to be configured to participate in this IPv6 network -- and can also participate in an IPv4 network simultaneously. If you will be configuring an IPv6-compatible router, then you will simply configure your Funtoo Linux system to participate in this network.
Local IPv6 over IPv4 Tunnel
Another approach for using IPv6 is to configure an IPv6 over IPv4 tunnel locally on your Funtoo Linux system, in cooperation with a tunnel provider. This will allow you to use an existing IPv4 network to connect a single Funtoo Linux system to IPv6. It is also possible to configure this system to serve as an IPv6 router.
Enabling IPv6 on Your Router
If you have a router that is capable of supporting IPv6, then it is possible to configure your router so that an IPv6 network is available, at which point you can simply configure your Funtoo Linux system to participate in it. Note that many popular home/office routers can be configured to use an IPv6 over IPv4 tunnel, which provides a convenient option for home networks or smaller organizations to participate in IPv6. Using this approach, your computer systems behind the router are simply configured to participate in an IPv6 network, and your router handles tunneling the IPv6 traffic back and forth between your tunnel provider. This is typically the most flexible option for exploring IPv6 as it allows you to have multiple computer systems in your home or office to participate in an IPv6 network while your router takes care of everything transparently.
IPv6 requires CONFIG_IPV6 to be enabled in your kernel (either compiled in or as a module). If compiled as a module (e.g. if your kernel was compiled by genkernel), ensure the module is loaded.
# lsmod | grep ipv6
If this returns nothing, load the module with:
# modprobe ipv6
- IPv6 ping command
- route -6
- show IPv6 routes
- ip -6 neigh show
- show all IPv6 neighbors on the local LAN
Participating in an Existing IPv6 Network
If your local network already supports IPv6, then you can simply configure Funtoo Linux to participate in this IPv6 network. Here is a sample configuration that might be used to configure an ethernet interface (netif.eth0) to participate in both an IPv4 and IPv6 network:
template="interface" ipaddr="10.0.1.200/24 2001:470:d:c2c:218:51ff:feea:ee21/64" gateway="10.0.1.1" nameservers="10.0.1.1 2001:470:20::2" domain="funtoo.org" multicast="yes" routes="2000::/3 via fe80::daa2:5eff:fe7a:83de dev eth0"
Above, we use the interface template, and specify both an IPv4 and IPv6 address (with network mask) for ipaddr. In addition, an IPv4 and IPv6 nameserver is specified. For routing, we use the gateway command to specify an IPv4 gateway, while we use the routes command to specify a route to our router, which in this case has address fe80::daa2:5eff:fe7a:83de and is reachable on device eth0.
Note that we specify a route for "2000::/3" rather than "::/0" or "default", and this is a bit unusual. This is to work around a bug in many Linux kernels that prevents the default route from being handled properly. "2000::/3" maps to all routable IP addresses and has the benefit of being compatible with all Linux kernels.
Many Addresses and Stateless Autoconfiguration
Also note that if we did not specify an IPv6 address in the ipaddr variable, then eth0 would still get at least one IPv6 address anyway. First, it would get a link-local address, starting in fe80::/16, and it would also automatically use stateless autoconfiguration to grab an unused IPv6 address from the range used by your IPv6 router. This works similarly to the way a DHCP client works with IPv4, but is built-in to the IPv6 protocol and does not require a DHCP server to function. It works because with IPv6, routers send out ICMP packets to advertise themselves to systems on your network, and your Funtoo Linux system can use this information to automatically grab an unused address. It is important to understand this behavior because it means that by default, your Funtoo Linux system will grab a globally-routable ("public") IPv6 address from your router with no steps necessary on your part and thus may be accessible from the Internet if no firewall is in place. However, in most cases the default IPv6 route must be specified in the routes variable for IPv6 to function properly, so this auto-configuration isn't completely automatic at this time.
Local IPv6 over IPv4 Tunnelling
Tunnelling is the process of encapsulating IPv6 packets within an IPv4 packet so that it can be transmitted over an IPv4 network. This process happens at a local tunnel entry point, which can be a Linux machine or a router, such as an Apple AirPort. The packet then traverses the IPv4 network, until reaches the tunnel endpoint, which de-encapsulates the packet and places it on an IPv6 network. There are several different types of IPv6 tunnels. There are also several IPv6 tunnel providers that offer free tunnelling services, making it convenient to start using IPv6, even on your home network.
Note that if you want configure an IPv6 over IPv4 tunnel on your router, such as an Apple AirPort, then you will simply need to sign up with one of the tunnel providers and use their instructions to configure your router. At this point, your router will be IPv6 enabled and you can then configure your Funtoo Linux system to participate in an existing IPv6 network using the instructions in the previous section. If this is not an option for you, then it is also possible to set up the IPv6 over IPv4 tunnel directly on your Funtoo Linux system. This means that only your Funtoo Linux system will be able to participate in IPv6, at least to start (later, you could configure your Funtoo Linux system to route IPv6 for other machines on your network) Follow the instructions in this section to set up local tunneling on your Funtoo Linux system.
- Supports anonymous tunnels and works behind NAT. You can connect to with your login or as anonymous from anywhere. This can be configured under Funtoo Linux by emerging the net-misc/gogoc ebuild.
- Hurricane Electric
- Configured 6in4 tunnel, with support for dynamic IPv4 addresses, and Apple AirPorts can be configured to use this tunnel - see this link. Also see ipv6.he.net FAQ You can setup this tunnel with ifconfig and iproute2, or configure your router to be the tunnel entry point -- the point at which IPv6 traffic is encapsulated/de-encapsulated.
- RFC4380 mandated transition mechanism. Works behind NAT. Assigns one "/128" per host.
Getting Started with gogoc
Freenet6 is a free IPv6 access service provided by gogo6 via the TSP tunnelling protocol.
gogoc supports any TSP tunnel; perhaps one is provided by your ISP. We will focus on an anonymous tunnel via freenet6.
You need ipv6 to be enabled in your kernel as well as the TUN module.
You can quickly get started by emerging
gogoc to your startup scripts and starting it.
|Warning:||net-misc/gogoc is currently keyworded unstable (on some architectures, see gentoo bug #362549). If you are running stable Funtoo, you may want to put an entry into your package.keywords/package.accept_keywords file.|
# emerge gogoc # bzcat /usr/share/doc/gogoc-*/gogoc.conf.sample.bz2 >/etc/gogoc/gogoc.conf # rc-update add gogoc default # /etc/init.d/gogoc start
gogoc will use an anonymous tunnel. If you wish to authenticate yourself, read and edit
Getting started with Teredo
While this mechanism is officially called Teredo, the implementation of the Teredo service we will be using is called Miredo.
|Warning:||net-misc/miredo is currently keyworded unstable. If you are running stable Funtoo, you may want to put an entry into your package.keywords/package.accept_keywords file.|
Emerge net-misc/miredo and start it up (you can add it to your default runlevel if you wish).
# emerge net-misc/miredo # /etc/init.d/miredo start
Miredo requires CONFIG_TUN enabled in your kernel. If it is compiled as a module, ensure the tun module is loaded.
If all goes well, you can check the assignment of an IPv6 address using /sbin/ip, for example:
# /sbin/ip addr show dev teredo 4: teredo: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN qlen 500 link/none inet6 2001:0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/32 scope global valid_lft forever preferred_lft forever inet6 fe80::ffff:ffff:ffff/64 scope link valid_lft forever preferred_lft forever
Getting started with Hurricane Electric
This section has not been written.
Prefer IPv4 over IPv6
Generally if your IPv6 connection is through a tunnel, it will be slower than an IPv4 connection. For this reason, if you are using an IPv6 tunnel, it can be best to configure your systems to prefer IPv4 if an IPv4 version of the site is available, and use IPv6 only when necessary. This way, you will avoid unnecessary encapsulation and de-encapsulation of IPv4 traffic. Here's how to do this for a number of operating systems:
Linux will prefer IPv6 if IPv6 support is enabled in the kernel. To prefer IPv4, edit /etc/gai.conf and add this line:
precedence ::ffff:0:0/96 100
Windows 7, Server 2008, Vista
These operating systems prefer IPv6 by default. See this link. To prefer IPv4, use the following steps:
- Start regedit.
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP6\Parameters.
- Create a new DWORD named DisabledComponents. Edit this new DWORD and set it to HEX value of 20 or a DECIMAL value of 32.
- Restart your computer.
- free ipv6 certification program
- Test ipv6 (ipv6-test.com)
- Test ipv6 (test-ipv6.com)
- Comcast's IPv6 page
- Hurricane Electric Tunnel Broker
- Gentoo Wiki IPv6
- Gentoo IPv6 Guide
with Apple airport extreme, etc: