Difference between pages "ZFS Install Guide" and "IPv6 Networking"

From Funtoo
(Difference between pages)
Jump to: navigation, search
m (Creating a bootable USB from ISO: updated to 4.0.0)
 
(ISPs who currently have IPv6 enabled for residential customers)
 
Line 1: Line 1:
== Introduction ==
+
= Introduction =
  
This tutorial will show you how to install Funtoo on ZFS (rootfs). This tutorial is meant to be an "overlay" over the [[Funtoo_Linux_Installation|Regular Funtoo Installation]]. Follow the normal installation and only use this guide for steps 2, 3, and 8.
+
[[wikipedia:IPv6|IPv6]] is an redesigned and improved version of the IPv4 protocol, and is intended to start replacing IPv4 in 2011 and beyond as the [[wikipedia:IPv4_address_exhaustion|IPv4 global address space becomes exhausted]]. IPv6 includes a number of improvements over IPv4, including most notably 128-bit addressing, simplified protocol header, integrated IPSec and Multicast implementations, improved discovery, flexibility and router interaction, and improved facilities for auto-configuration. IPv6 also marks the end of [[wikipedia:Network_address_translation|Network Address Translation]] (NAT), which is not recommended or necessary with IPv6. While it's possible to use non-routable addresses with IPv6, this is not a requirement and it is possible for any IPv6 device to have its own globally routable IP address if desired.
  
=== Introduction to ZFS ===
+
== Addressing ==
  
Since ZFS is a new technology for Linux, it can be helpful to understand some of its benefits, particularly in comparison to BTRFS, another popular next-generation Linux filesystem:
+
IPv6 addresses consist of 128 bits. The first 64 bits are used for the network and subnet portion of the address, while the remaining 64 bits are used for the host portion of the address. For more information on how to represent IPv6 addresses, please see the Presentation section of the [[wikipedia:IPv6_address|IPv6 address]] page on Wikipedia.
  
* On Linux, the ZFS code can be updated independently of the kernel to obtain the latest fixes. btrfs is exclusive to Linux and you need to build the latest kernel sources to get the latest fixes.
+
=== Network Masks ===
  
* ZFS is supported on multiple platforms. The platforms with the best support are Solaris, FreeBSD and Linux. Other platforms with varying degrees of support are NetBSD, Mac OS X and Windows. btrfs is exclusive to Linux.
+
IPv6 addresses also have an associated network mask, which is typically written as a trailing "/64" or "/48" at the end of the address, which specifies what bits of the address are used for network and subnet parts. For example, a "/48" mask specifies that addresses use a 48-bit network part, followed by a 16-bit subnet part (allowing for 2^16 subnets), followed by a 64-bit host part (allowing for up to 2<sup>64</sup> hosts for each of the 2<sup>16</sup> subnets to be specified.) In contrast, a "/64" mask specifies that addresses use a 64-bit network part, no subnet part, and a 64-bit host part (allowing up to 2<sup>64</sup> hosts total to be specified.) This means that if you are issued a "/64" set of addresses, you will not be able to define any subnets, but if you are issued a "/48" set of addresses, you will be able to define up to 2<sup>16</sup> subnets.
  
* ZFS has the Adaptive Replacement Cache replacement algorithm while btrfs uses the Linux kernel's Last Recently Used replacement algorithm. The former often has an overwhelmingly superior hit rate, which means fewer disk accesses.
+
=== Address Space and Security ===
  
* ZFS has the ZFS Intent Log and SLOG devices, which accelerates small synchronous write performance.
+
IPv6 also uses a global, flat address space. IPv6 is designed so that any device that needs to communicate on the Internet is able to have a unique globally-routable address. With IPv6, there is no need for using [[wikipedia:Network_address_translation|Network Address Translation]] (NAT). With IPv4, NAT is often used as a means of protecting systems from being accessed by malicious users. With IPv6, firewalls are typically used instead of NAT for restricting access to systems. With IPv6, it is normal for all machines on your home network to have "globally routable" addresses, the equivalent of a "public IP" in the world of IPv4. It is important to understand that this is the way that IPv6 is intended to be used for the majority of users, and that an IPv6-enabled router will no longer be performing NAT for you.
  
* ZFS handles internal fragmentation gracefully, such that you can fill it until 100%. Internal fragmentation in btrfs can make btrfs think it is full at 10%. Btrfs has no automatic rebalancing code, so it requires a manual rebalance to correct it.
+
=== Using IPv6 ===
  
* ZFS has raidz, which is like RAID 5/6 (or a hypothetical RAID 7 that supports 3 parity disks), except it does not suffer from the RAID write hole issue thanks to its use of CoW and a variable stripe size. btrfs gained integrated RAID 5/6 functionality in Linux 3.9. However, its implementation uses a stripe cache that can only partially mitigate the effect of the RAID write hole.
+
There are several ways to use IPv6 with Funtoo Linux. Here are some possibilities:
  
* ZFS send/receive implementation supports incremental update when doing backups. btrfs' send/receive implementation requires sending the entire snapshot.
+
* Participating in an existing IPv6 network
 +
* Creating a local IPv6 over IPv4 tunnel
 +
* Enabling IPv6 on your router, possibly via a tunnel (several ISP uses '''6rd'''...)
 +
* Unique Local IPv6 Unicast Addresses (site local)
  
* ZFS supports data deduplication, which is a memory hog and only works well for specialized workloads. btrfs has no equivalent.
+
==== Participating in IPv6 Network ====
  
* ZFS datasets have a hierarchical namespace while btrfs subvolumes have a flat namespace.
+
The first approach is an option if your Funtoo Linux system happens to be on an IPv6 network, or you desire to set up an IPv6 network. In this case, the Funtoo Linux system simply needs to be configured to participate in this IPv6 network -- and can also participate in an IPv4 network simultaneously. If you will be configuring an IPv6-compatible router, then you will simply configure your Funtoo Linux system to participate in this network.
  
* ZFS has the ability to create virtual block devices called zvols in its namespace. btrfs has no equivalent and must rely on the loop device for this functionality, which is cumbersome.
+
==== Local IPv6 over IPv4 Tunnel ====
  
The only area where btrfs is ahead of ZFS is in the area of small file
+
Another approach for using IPv6 is to configure an IPv6 over IPv4 tunnel locally on your Funtoo Linux system, in cooperation with a tunnel provider. This will allow you to use an existing IPv4 network to connect a single Funtoo Linux system to IPv6. It is also possible to configure this system to serve as an IPv6 router.
efficiency. btrfs supports a feature called block suballocation, which
+
enables it to store small files far more efficiently than ZFS. It is
+
possible to use another filesystem (e.g. reiserfs) on top of a ZFS zvol
+
to obtain similar benefits (with arguably better data integrity) when
+
dealing with many small files (e.g. the portage tree).
+
  
=== Disclaimers ===
+
==== Enabling IPv6 on Your Router ====
  
{{fancywarning|This guide is a work in progress. Expect some quirks.}}
+
If you have a router that is capable of supporting IPv6, then it is possible to configure your router so that an IPv6 network is available, at which point you can simply configure your Funtoo Linux system to participate in it. Note that many popular home/office routers can be configured to use an IPv6 over IPv4 tunnel, which provides a convenient option for home networks or smaller organizations to participate in IPv6. Using this approach, your computer systems behind the router are simply configured to participate in an IPv6 network, and your router handles tunneling the IPv6 traffic back and forth between your tunnel provider. This is typically the most flexible option for exploring IPv6 as it allows you to have multiple computer systems in your home or office to participate in an IPv6 network while your router takes care of everything transparently.
{{fancyimportant|'''Since ZFS was really designed for 64 bit systems, we are only recommending and supporting 64 bit platforms and installations. We will not be supporting 32 bit platforms'''!}}
+
  
== Video Tutorial ==
+
==== Using Unique Local IPv6 Unicast Addresses ====
  
As a companion to the install instructions below, a YouTube video ZFS install tutorial is now available:
+
If you don't have public IPv6 connectivity or you don't wish to open an IPv6 tunnel over an IPv4 network, you can use a mechanism similar to IPv4 private addresses ranges. This mechanism consists of concatenating the prefix FC00::/7 with a globally unique identifier and a subnet identifier to form the upper 64 bits of the IPv6 address. Details of the mechanisms to forge a unique local IPv6 unicast address are documented in [http://tools.ietf.org/html/rfc4193 RFC 4193], however unique local IPv6 unicast addresses are made of the following components:
 
+
{{#widget:YouTube|id=kxEdSXwU0ZI|width=640|height=360}}
+
 
+
== Downloading the ISO (With ZFS) ==
+
In order for us to install Funtoo on ZFS, you will need an environment that provides the ZFS tools. Therefore we will download a customized version of System Rescue CD with ZFS already included. When booting, use the "alternate"-kernel. The ZFS-module won't work with the default kernel.  
+
  
 
<pre>
 
<pre>
Name: sysresccd-4.0.0_zfs_0.6.2.iso   (522 MB)
+
      | 7 bits |1|  40 bits   |  16 bits  |          64 bits          |
Release Date: 2014-01-18
+
      +--------+-+------------+-----------+----------------------------+
md5sum 5a6530088e63b516765f78076a2e4859
+
      | Prefix |L| Global ID  | Subnet ID |        Interface ID        |
 +
      +--------+-+------------+-----------+----------------------------+
 
</pre>
 
</pre>
  
 +
* Prefix (7 bits): always FC00::/7
 +
* L (1 bits): must be set to 1 (1 = prefix is locally assigned, 0 is undefined so far and must not be used)
 +
* Global ID: A random identifier (see [http://tools.ietf.org/html/rfc4193 RFC 4193] for details about the generation algorithm
 +
* Interface ID: Host interface ID as defined in [http://tools.ietf.org/html/rfc3513 RFC 3513]
  
'''[http://ftp.osuosl.org/pub/funtoo/distfiles/sysresccd/ Download System Rescue CD with ZFS]'''<br />
+
{{fancynote|Just like with private IPv4 addresses, an IPv6 router must not route a unique local IPv6 unicast address outside the organization local network.}}
  
== Creating a bootable USB from ISO ==
+
= Requirements =
After you download the iso, you can do the following steps to create a bootable USB:
+
  
 +
IPv6 requires CONFIG_IPV6 to be enabled in your kernel (either compiled in or as a module). If compiled as a module (e.g. if your kernel was compiled by genkernel), ensure the module is loaded.
 
<console>
 
<console>
Make a temporary directory
+
###i## lsmod | grep ipv6
# ##i##mkdir /tmp/loop
+
 
+
Mount the iso
+
# ##i##mount -o ro,loop /root/sysresccd-4.0.0_zfs_0.6.2.iso /tmp/loop
+
 
+
Run the usb installer
+
# ##i##/tmp/loop/usb_inst.sh
+
 
</console>
 
</console>
  
That should be all you need to do to get your flash drive working.
+
If this returns nothing, load the module with:
 
+
When you are booting into system rescue cd, make sure you select the '''alternative 64 bit kernel'''. ZFS support was specifically added to the alternative 64 bit kernel rather than the standard 64 bit kernel.
+
 
+
== Creating partitions ==
+
There are two ways to partition your disk: You can use your entire drive and let ZFS automatically partition it for you, or you can do it manually.
+
 
+
We will be showing you how to partition it '''manually''' because if you partition it manually you get to create your own layout, you get to have your own separate /boot partition (Which is nice since not every bootloader supports booting from ZFS pools), and you get to boot into RAID10, RAID5 (RAIDZ) pools and any other layouts due to you having a separate /boot partition.
+
 
+
==== gdisk (GPT Style) ====
+
 
+
'''A Fresh Start''':
+
 
+
First lets make sure that the disk is completely wiped from any previous disk labels and partitions.
+
We will also assume that <tt>/dev/sda</tt> is the target drive.<br />
+
 
+
 
<console>
 
<console>
# ##i##gdisk /dev/sda
+
###i## modprobe ipv6
 
+
Command: ##i##x ↵
+
Expert command: ##i##z ↵
+
About to wipe out GPT on /dev/sda. Proceed?: ##i##y ↵
+
GPT data structures destroyed! You may now partition the disk using fdisk or other utilities.
+
Blank out MBR?: ##i##y ↵
+
 
</console>
 
</console>
  
{{fancywarning|This is a destructive operation. Make sure you really don't want anything on this disk.}}
+
= Commands =
  
Now that we have a clean drive, we will create the new layout.
+
; ping6
 +
: IPv6 ping command
 +
; route -6
 +
: show IPv6 routes
 +
; ip -6 neigh show
 +
: show all IPv6 neighbors on the local LAN
  
'''Create Partition 1''' (boot):
+
= Configuration =
<console>
+
Command: ##i##n ↵
+
Partition Number: ##i##↵
+
First sector: ##i##↵
+
Last sector: ##i##+250M ↵
+
Hex Code: ##i##↵
+
</console>
+
  
'''Create Partition 2''' (BIOS Boot Partition):
+
== Participating in an Existing IPv6 Network ==
<console>Command: ##i##n ↵
+
Partition Number: ##i##↵
+
First sector: ##i##↵
+
Last sector: ##i##+32M ↵
+
Hex Code: ##i##EF02 ↵
+
</console>
+
  
'''Create Partition 3''' (ZFS):
+
If your local network already supports IPv6, then you can simply configure Funtoo Linux to participate in this IPv6 network. Here is a sample configuration that might be used to configure an ethernet interface (netif.eth0) to participate in both an IPv4 and IPv6 network:
<console>Command: ##i##n ↵
+
Partition Number: ##i##↵
+
First sector: ##i##↵
+
Last sector: ##i##↵
+
Hex Code: ##i##bf00 ↵
+
  
Command: ##i##p ↵
+
{{File
 +
|/etc/netif.d/netif.eth0|<pre>
 +
template="interface"
 +
ipaddr="10.0.1.200/24 2001:470:d:c2c:218:51ff:feea:ee21/64"
 +
gateway="10.0.1.1"
 +
nameservers="10.0.1.1 2001:470:20::2"
 +
domain="funtoo.org"
 +
multicast="yes"
 +
routes="2000::/3 via fe80::daa2:5eff:fe7a:83de dev eth0"
 +
</pre>}}
  
Number  Start (sector)   End (sector)  Size      Code  Name
+
Above, we use the <tt>interface</tt> template, and specify both an IPv4 and IPv6 address (with network mask) for <tt>ipaddr</tt>. In addition, an IPv4 and IPv6 nameserver is specified. For routing, we use the <tt>gateway</tt> command to specify an IPv4 gateway, while we use the <tt>routes</tt> command to specify a route to our router, which in this case has address <tt>fe80::daa2:5eff:fe7a:83de</tt> and is reachable on device eth0.
  1            2048          514047  250.0 MiB  8300  Linux filesystem
+
  2          514048          579583  32.0 MiB    EF02  BIOS boot partition
+
  3          579584      1953525134  931.2 GiB  BF00  Solaris root
+
  
Command: ##i##w ↵
+
Note that we specify a route for "2000::/3" rather than "::/0" or "default", and this is a bit unusual. This is to work around a bug in many Linux kernels that prevents the default route from being handled properly. "2000::/3" maps to all routable IP addresses and has the benefit of being compatible with all Linux kernels.
</console>
+
  
 +
=== Many Addresses and Stateless Autoconfiguration ===
  
=== Format your boot volume ===
+
Also note that if we did not specify an IPv6 address in the <tt>ipaddr</tt> variable, then eth0 would still get at least one IPv6 address anyway. First, it would get a link-local address, starting in <tt>fe80::/16</tt>, and it would also automatically use ''stateless autoconfiguration'' to grab an unused IPv6 address from the range used by your IPv6 router. This works similarly to the way a DHCP client works with IPv4, but is built-in to the IPv6 protocol and does not require a DHCP server to function. It works because with IPv6, routers send out ICMP packets to advertise themselves to systems on your network, and your Funtoo Linux system can use this information to automatically grab an unused address. It is important to understand this behavior because it means that by default, your Funtoo Linux system will grab a globally-routable ("public") IPv6 address from your router with no steps necessary on your part and thus may be accessible from the Internet if no firewall is in place. However, in most cases the default IPv6 route must be specified in the <tt>routes</tt> variable for IPv6 to function properly, so this auto-configuration isn't completely automatic at this time.
Format your separate <tt>/boot</tt> partition:
+
<console>
+
# ##i##mkfs.ext2 /dev/sda1
+
</console>
+
  
=== Encryption (Optional) ===
+
== Local IPv6 over IPv4 Tunnelling ==
If you want encryption, then create your encrypted vault(s) now by doing the following:
+
  
<console>
+
Tunnelling is the process of encapsulating IPv6 packets within an IPv4 packet so that it can be transmitted over an IPv4 network. This process happens at a local ''tunnel entry point'', which can be a Linux machine or a router, such as an Apple AirPort. The packet then traverses the IPv4 network, until reaches the ''tunnel endpoint'', which ''de-encapsulates'' the packet and places it on an IPv6 network. There are several different types of IPv6 tunnels. There are also several IPv6 tunnel providers that offer free tunnelling services, making it convenient to start using IPv6, even on your home network.
# ##i##cryptsetup luksFormat /dev/sda3
+
# ##i##cryptsetup luksOpen /dev/sda3 vault_1
+
</console>
+
  
=== Create the zpool ===
+
Note that if you want configure an IPv6 over IPv4 tunnel on your router, such as an Apple AirPort, then you will simply need to sign up with one of the tunnel providers and use their instructions to configure your router. At this point, your router will be IPv6 enabled and you can then configure your Funtoo Linux system to participate in an existing IPv6 network using the instructions in the previous section. If this is not an option for you, then it is also possible to set up the IPv6 over IPv4 tunnel directly on your Funtoo Linux system. This means that only your Funtoo Linux system will be able to participate in IPv6, at least to start (later, you could configure your Funtoo Linux system to route IPv6 for other machines on your network) Follow the instructions in this section to set up local tunneling on your Funtoo Linux system.
We will first create the pool. The pool will be named `tank` and the disk will be aligned to 4096 (using ashift=12)
+
<console># ##i##zpool create -f -o ashift=12 -o cachefile= -O compression=on -m none -R /mnt/funtoo tank /dev/sda3</console>
+
  
{{fancyimportant|If you are using encrypted root, change '''/dev/sda3 to /dev/mapper/vault_1'''.}}
+
=== Tunnel providers ===
 +
; [http://gogonet.gogo6.com/page/freenet6-tunnelbroker freenet6]
 +
: Supports anonymous tunnels and works behind NAT. You can connect to with your login or as anonymous from anywhere. This can be configured under Funtoo Linux by emerging the '''net-misc/gogoc''' ebuild.
 +
; [http://tunnelbroker.net/ Hurricane Electric]
 +
: Configured '''6in4''' tunnel, with support for dynamic IPv4 addresses, and Apple AirPorts can be configured to use this tunnel - see [http://www.nedprod.com/Niall_stuff/addingIPv6toyourhome.html this link]. Also see [http://ipv6.he.net/certification/faq.php ipv6.he.net FAQ] You can setup this tunnel with ifconfig and iproute2, or configure your router to be the tunnel entry point  -- the point at which IPv6 traffic is encapsulated/de-encapsulated.
 +
; [http://en.wikipedia.org/wiki/Teredo_tunneling Teredo]/[http://www.remlab.net/miredo/ Miredo]
 +
: [http://tools.ietf.org/html/rfc4380 RFC4380] mandated transition mechanism. Works behind NAT. Assigns one "/128" per host.
  
{{fancynote|'''ashift<nowiki>=</nowiki>12''' should be use if you have a newer, advanced format disk that has a sector size of 4096 bytes. If you have an older disk with 512 byte sectors, you should use '''ashift<nowiki>=</nowiki>9''' or don't add the option for auto detection}}
+
=== Getting Started with gogoc ===
  
{{fancynote|If you have a previous pool that you would like to import, you can do a: '''zpool import -f -R /mnt/funtoo <pool_name>'''}}
+
Freenet6 is a free IPv6 access service provided by gogo6 via the [http://en.wikipedia.org/wiki/Tunnel_Setup_Protocol TSP tunnelling protocol].
 +
<code>gogoc</code> supports any TSP tunnel; perhaps one is provided by your ISP. We will focus on an anonymous tunnel via freenet6.
  
=== Create the zfs datasets ===
+
You need ipv6 to be enabled in your kernel as well as the TUN module.
We will now create some datasets. For this installation, we will create a small but future proof amount of datasets. We will have a dataset for the OS (/), and your swap. We will also show you how to create some optional datasets: <tt>/home</tt>, <tt>/var</tt>, <tt>/usr/src</tt>, and <tt>/usr/portage</tt>.
+
  
 +
You can quickly get started by emerging {{Package|net-misc/gogoc}}, adding <code>gogoc</code> to your startup scripts and starting it.
 +
{{Package|net-misc/gogoc}} is currently keyworded unstable (on some architectures, see [https://bugs.gentoo.org/362549 gentoo bug #362549]). If you are running stable Funtoo, you may want to put an entry into your package.keywords/package.accept_keywords file.
 
<console>
 
<console>
Create some empty containers for organization purposes, and make the dataset that will hold /
+
###i## emerge gogoc
# ##i##zfs create -p tank/os/funtoo
+
###i## bzcat /usr/share/doc/gogoc-*/gogoc.conf.sample.bz2 >/etc/gogoc/gogoc.conf
# ##i##zfs create -o mountpoint=/ tank/os/funtoo/root
+
###i## rc-update add gogoc default
 
+
###i## /etc/init.d/gogoc start
Optional, but recommended datasets: /home
+
# ##i##zfs create -o mountpoint=/home tank/os/funtoo/home
+
 
+
Optional datasets: /usr/src, /usr/portage/{distfiles,packages}
+
# ##i##zfs create -o mountpoint=/usr/src tank/os/funtoo/src
+
# ##i##zfs create -o mountpoint=/usr/portage -o compression=off tank/os/funtoo/portage
+
# ##i##zfs create -o mountpoint=/usr/portage/distfiles tank/os/funtoo/portage/distfiles
+
# ##i##zfs create -o mountpoint=/usr/portage/packages tank/os/funtoo/portage/packages
+
 
</console>
 
</console>
  
=== Create your swap zvol ===
+
{{Note}}By default, <code>gogoc</code> will use an anonymous tunnel. If you wish to authenticate yourself, read and edit <code>/etc/gogoc/gogoc.conf</code>.
'''Make your swap +1G greater than your RAM. An 8G machine would have 9G of SWAP (This is kinda big though). For machines with this much memory, You could just make it 2G if you don't have any problems.'''
+
<console>
+
# ##i##zfs create -o sync=always -o primarycache=metadata -o secondarycache=none -o volblocksize=4K -V 1G tank/swap
+
</console>
+
  
=== Format your swap zvol ===
+
=== Getting started with Teredo ===
<console>
+
# ##i##mkswap -f /dev/zvol/tank/swap
+
# ##i##swapon /dev/zvol/tank/swap
+
</console>
+
  
Now we will continue to install funtoo.
+
While this mechanism is officially called Teredo, the implementation of the Teredo service we will be using is called Miredo.
 +
{{Note}}{{Package|net-misc/miredo}} is currently keyworded unstable. If you are running stable Funtoo, you may want to put an entry into your package.keywords/package.accept_keywords file.}}
  
== Installing Funtoo ==
+
Emerge <tt>net-misc/miredo</tt> and start it up (you can add it to your default runlevel if you wish):
[[Funtoo_Linux_Installation|Download and extract the Funtoo stage3 and continue installation as normal.]]
+
 
+
Then once you've extracted the stage3, chroot into your new funtoo environment:
+
 
<console>
 
<console>
Go into the directory that you will chroot into
+
###i## emerge net-misc/miredo
# ##i##cd /mnt/funtoo
+
###i## /etc/init.d/miredo start
 
+
Mount your boot drive
+
# ##i##mount /dev/sda1 /mnt/funtoo/boot
+
 
+
Bind the kernel related directories
+
# ##i##mount -t proc none /mnt/funtoo/proc
+
# ##i##mount --rbind /dev /mnt/funtoo/dev
+
# ##i##mount --rbind /sys /mnt/funtoo/sys
+
 
+
Copy network settings
+
# ##i##cp /etc/resolv.conf /mnt/funtoo/etc/
+
 
+
chroot into your new funtoo environment
+
# ##i##env -i HOME=/root TERM=$TERM chroot /mnt/funtoo /bin/bash --login
+
 
+
Place your mountpoints into your /etc/mtab file
+
# ##i##cat /proc/mounts > /etc/mtab
+
 
+
Sync your tree
+
# ##i##emerge --sync
+
 
</console>
 
</console>
  
=== Add filesystems to /etc/fstab ===
+
{{Note}}Miredo requires <code>CONFIG_TUN</code> enabled in your kernel. If it is compiled as a module, ensure the <tt>tun</tt> module is loaded.
 
+
Before we continue to compile and or install our kernel in the next step, we will edit the <tt>/etc/fstab</tt> file because if we decide to install our kernel through portage, portage will need to know where is your <tt>/boot</tt> so that it can place the files in there. We also need to update <tt>/etc/mtab</tt> so our system knows what is mounted
+
 
+
{{File
+
|/etc/fstab|<pre>
+
# <fs>                  <mountpoint>    <type>          <opts>          <dump/pass>
+
 
+
/dev/sda1              /boot          ext2            defaults        0 2
+
/dev/zvol/tank/swap    none            swap            sw              0 0
+
</pre>}}
+
 
+
== Kernel Configuration ==
+
To speed up this step, you can install "bliss-kernel" since it's already properly configured for ZFS and a lot of other configurations. The kernel is also compiled and ready to go. To install {{Package|sys-kernel/bliss-kernel}} type the following:
+
  
 +
If all goes well, you can check the assignment of an IPv6 address using <tt>/sbin/ip</tt>, for example:
 
<console>
 
<console>
# ##i##emerge -av bliss-kernel
+
###i## /sbin/ip addr show dev teredo
 +
4: teredo: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN qlen 500
 +
    link/none
 +
    inet6 2001:0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/32 scope global
 +
      valid_lft forever preferred_lft forever
 +
    inet6 fe80::ffff:ffff:ffff/64 scope link
 +
      valid_lft forever preferred_lft forever
 
</console>
 
</console>
  
Now make sure that your <tt>/usr/src/linux symlink</tt> is pointing to this kernel by typing the following:
+
=== Tunnelling 6to4 ===
<console>
+
# ##i##eselect kernel list
+
Available kernel symlink targets:
+
[1]  linux-3.10.10-FB.01 *
+
</console>
+
You should see a star next to the bliss-kernel version you installed. In this case it was 3.10.10-FB.01. If it's not set, you can type '''eselect kernel set #'''.
+
  
== Installing the ZFS userspace tools and kernel modules ==
+
6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels.
Emerge {{Package|sys-fs/zfs}}, {{Package|sys-kernel/spl}}, and {{Package|sys-fs/zfs-kmod}}:
+
When using 6to4 your IPv6 golablly addressable IP is generated from you IPv4 IP address.
<console># ##i##emerge -av zfs spl zfs-kmod</console>
+
  
{{Note}}(spl = Solaris Porting Layer)
+
The anycast address of 192.88.99.1 has been allocated for the purpose of sending packets to a 6to4 relay router. Note that when converted to a 6to4 IPv6 address with the subnet and hosts fields set to zero this IPv4 address (192.88.99.1) becomes the IPv6 address 2002:c058:6301::.
  
Check to make sure that the zfs tools are working, the <code>zpool.cache</code> file that you copied before should be displayed.
+
To use the funtoo network template method, write the config file for the interface /etc/conf.d/netif.6to4 (which will also handle the converting of your IPv4 address to your IPv6 address). Make sure you change "WAN" to your correct internet facing interface.
 +
<pre>
 +
template=ipv6-tunnel
 +
WAN="eth0"
 +
MTU="1280"
 +
ipv4=`ifconfig $WAN | sed -ne 's/[[:space:]]*inet addr:\([0-9.]*\).*/\1/p'`
 +
ipv6=`printf "2002:%02x%02x:%02x%02x::1" \`echo $ipv4 | tr "." " "\``
 +
remote=192.88.99.1
 +
local="$ipv4/24"
 +
ipaddr="$ipv6/48"
 +
routes="2000::/3 via 2002:c058:6301:: dev $WAN"
 +
</pre>
  
 +
Then create the netif.6to4 symlink and add it to the default runlevel
 
<console>
 
<console>
# ##i##zpool status
+
###i## ln -s /etc/init.d/netif.tmpl /etc/init.d/netif.6to4
# ##i##zfs list
+
###i## rc-update add netif.6to4 default
 +
###i## /etc/init.d/netif.6to4 start
 
</console>
 
</console>
  
If everything worked, continue.
+
You should now be capable of connecting via IPv6:
 
+
== Install the bootloader ==
+
=== GRUB 2 ===
+
Before you do this, make sure this checklist is followed:
+
* Installed kernel and kernel modules
+
* Installed zfs package from the tree
+
* <code>/dev</code>, <code>/proc</code>, <code>/sys</code> are mounted in the chroot environment
+
 
+
Once all this is checked, let's install grub2. First we need to enable the "libzfs" use flag so zfs support is compiled for grub2.
+
 
+
<console># ##i##echo "sys-boot/grub libzfs" >> /etc/portage/package.use</console>
+
 
+
Then we will compile grub2:
+
 
+
<console># ##i##emerge -av grub</console>
+
 
+
Once this is done, you can check that grub is version 2.00 by doing the following command:
+
 
<console>
 
<console>
# ##i##grub-install --version
+
###i## ping6 ipv6.google.com
grub-install (GRUB) 2.00
+
 
</console>
 
</console>
  
Now try to install {{Package|sys-boot/grub}}:
+
To allow this host to be a router, a modified template is required:
<console>
+
# ##i##grub-install --recheck /dev/sda
+
</console>
+
 
+
You should receive the following message:
+
<console>
+
Installation finished. No error reported.
+
</console>
+
 
+
If not, then go back to the above checklist.
+
 
+
=== LILO ===
+
Before you do this, make sure the following checklist is followed:
+
* <code>/dev</code>, <tt>/proc</tt> and <tt>/sys</tt> are mounted.
+
* Installed the {{Package|sys-fs/zfs}} package from the tree.
+
Once the above requirements are met, LILO can be installed.
+
 
+
Now we will install {{Package|sys-boot/lilo}}.
+
<console># ##i##emerge -av sys-boot/lilo</console>
+
Once the installation of LILO is complete we will need to edit the lilo.conf file.
+
 
{{File
 
{{File
|/etc/lilo.conf|<pre>
+
|/etc/netif.d/ipv6-tunnel|<pre>
boot=/dev/sda
+
#!/bin/sh
prompt
+
timeout=4
+
default=Funtoo
+
  
image=/boot/bzImage
+
netif_pre_up() {
      label=Funtoo
+
        require local remote
      read-only
+
        try ip tunnel add $interface mode sit remote $remote local $local ttl 255
      append="root=tank/os/funtoo/root"
+
        try ip addr add $ipaddr dev $interface
      initrd=/boot/initramfs
+
        try ip addr add $ipaddr4 dev $interface
</pre>}}
+
}
All that is left now is to install the bootcode to the MBR.
+
  
This can be accomplished by running:
+
netif_post_up() {
<console># ##i##/sbin/lilo</console>
+
        try ip route add ::/0 dev $interface
If it is successful you should see:
+
}
<console>
+
Warning: LBA32 addressing assumed
+
Added Funtoo + *
+
One warning was issued
+
</console>
+
  
== Create the initramfs ==
+
netif_pre_down() {
There are two ways to do this, you can use genkernel, or you can use my bliss initramfs creator. I will show you both.
+
        ip route del ::/0 dev $interface
 
+
=== genkernel ===
+
<console>
+
# ##i##emerge -av sys-kernel/genkernel
+
# You only need to add --luks if you used encryption
+
# ##i##genkernel --zfs --luks initramfs
+
</console>
+
 
+
=== Bliss Initramfs Creator ===
+
If you are encrypting your drives, then add the "luks" use flag to your package.use before emerging:
+
 
+
<console>
+
# ##i##echo "sys-kernel/bliss-initramfs luks" >> /etc/portage/package.use
+
</console>
+
 
+
Now install the creator:
+
 
+
<console>
+
# ##i##emerge bliss-initramfs
+
</console>
+
 
+
 
+
Then go into the install directory, run the script as root, and place it into /boot:
+
<console># ##i##cd /opt/bliss-initramfs
+
# ##i##./createInit
+
# ##i##mv initrd-<kernel_name> /boot
+
</console>
+
'''<kernel_name>''' is the name of what you selected in the initramfs creator, and the name of the outputted file.
+
 
+
== Using boot-update ==
+
=== /boot on separate partition ===
+
If you created a separate non-zfs partition for boot then configuring boot-update is almost exactly the same as a normal install except that auto detection for root does not work. You must tell boot-update what your root is.
+
==== Genkernel ====
+
If your using genkernel you must add 'real_root=ZFS=<root>' and 'dozfs' to your params.
+
Example entry for boot.conf:
+
<console>
+
"Funtoo ZFS" {
+
        kernel vmlinuz[-v]
+
        initrd initramfs-genkernel-x86_64[-v]
+
        params real_root=ZFS=tank/os/funtoo/root
+
        params += dozfs=force
+
        # Also add 'params += crypt_root=/dev/sda3' if you used encryption
+
        # Adjust the above setting to your system if needed
+
 
}
 
}
</console>
 
  
==== Bliss Initramfs Creator ====
+
netif_post_down() {
If you used the Bliss Initramfs Creator then all you need to do is add 'root=<root>' to your params.
+
         ip tunnel del $interface
Example entry for boot.conf:
+
<console>
+
"Funtoo ZFS" {
+
         kernel vmlinuz[-v]
+
        initrd initrd[-v]
+
        params root=tank/os/funtoo/root quiet
+
        # If you have an encrypted device with a regular passphrase,
+
        # you can add the following line
+
        params += enc_root=/dev/sda3 enc_type=pass
+
 
}
 
}
</console>
+
</pre>}}
  
After editing /etc/boot.conf, you just need to run boot-update to update grub.cfg
+
Then add the following line to <tt>/etc/conf.d/netif.6to4</tt>:
<console># ##i##boot-update</console>
+
{{File
 
+
|/etc/conf.d/netif.6to4|<pre>
=== /boot on ZFS ===
+
ipaddr4="$ipv4/24"
TBC - pending update to boot-update to support this
+
</pre>}}
 
+
== Final configuration ==
+
=== Add the zfs tools to openrc ===
+
<console># ##i##rc-update add zfs boot</console>
+
 
+
=== Clean up and reboot ===
+
We are almost done, we are just going to clean up, '''set our root password''', and unmount whatever we mounted and get out.
+
  
 +
After restarting the 6to4 interface radvd can be started:
 
<console>
 
<console>
Delete the stage3 tarball that you downloaded earlier so it doesn't take up space.
+
###i## /etc/init.d/netif.6to4 restart
# ##i##cd /
+
###i## /etc/init.d/radvd start
# ##i##rm stage3-latest.tar.xz
+
</console>
  
Set your root password
+
== Optimization ==
# ##i##passwd
+
>> Enter your password, you won't see what you are writing (for security reasons), but it is there!
+
  
Get out of the chroot environment
+
=== Prefer IPv4 over IPv6 ===
# ##i##exit
+
  
Unmount all the kernel filesystem stuff and boot (if you have a separate /boot)
+
Generally if your IPv6 connection is through a tunnel, it will be slower than an IPv4 connection. For this reason, if you are using an IPv6 tunnel, it can be best to configure your systems to ''prefer'' IPv4 if an IPv4 version of the site is available, and use IPv6 only when necessary. This way, you will avoid unnecessary encapsulation and de-encapsulation of IPv4 traffic. Here's how to do this for a number of operating systems:
# ##i##umount -l proc dev sys boot
+
  
Turn off the swap
+
==== Linux ====
# ##i##swapoff /dev/zvol/tank/swap
+
  
Export the zpool
+
Linux will prefer IPv6 if IPv6 support is enabled in the kernel. To prefer IPv4, edit <tt>/etc/gai.conf</tt> and add this line:
# ##i##cd /
+
{{File
# ##i##zpool export tank
+
|/etc/gai.conf|<pre>
 +
precedence ::ffff:0:0/96 100
 +
</pre>}}
  
Reboot
+
==== Windows 7, Server 2008, Vista ====
# ##i##reboot
+
</console>
+
  
{{fancyimportant|'''Don't forget to set your root password as stated above before exiting chroot and rebooting. If you don't set the root password, you won't be able to log into your new system.'''}}
+
These operating systems prefer IPv6 by default. See [http://msdn.microsoft.com/en-us/library/bb756941.aspx this link]. To prefer IPv4, use the following steps:
  
and that should be enough to get your system to boot on ZFS.
+
# Start <tt>regedit</tt>.
 +
# Navigate to <tt>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP6\Parameters</tt>.
 +
# Create a new DWORD named <tt>DisabledComponents</tt>. Edit this new DWORD and set it to HEX value of <tt>20</tt> or a DECIMAL value of <tt>32</tt>.
 +
# Restart your computer.
  
== After reboot ==
+
== ISPs who currently have IPv6 enabled for residential customers ==
=== Create initial ZFS Snapshot ===
+
Continue to set up anything you need in terms of /etc configurations. Once you have everything the way you like it, take a snapshot of your system. You will be using this snapshot to revert back to this state if anything ever happens to your system down the road. The snapshots are cheap, and almost instant.
+
  
To take the snapshot of your system, type the following:
+
* Canada:
<console># ##i##zfs snapshot -r tank@install</console>
+
** '''Videotron''': Videotron has a [http://support.videotron.com/residential/internet/ipv6/videotron-ipv6 beta-program] for residential customers who want to test IPv6 (no official technical support, it is possible they don't have enabled it in your area so check first before investing in new hardware). Although  at date of writing, a large part of their networks are IPv6, '''you must go through a 6rd tunnel''' because they still need to upgrade some of their equipments and '''your router must support the 6rd protocol''' (this requirement is documented). Videotron sells you a D-Link DIR-825 with a modified firmware however this model has a weird gotcha: it does not support IPv6 firewalling.''' This is not a Videotron specific issue''' (even the genuine firmwares coming  from the manufacturer has no support for IPv6 firewalling as of June 2011). A good alternative to recommend is the CISCO/LinkSYS E4200, more expensive (MSRP ~$180 US/CDN) but has IPv6 firewalling support.  Once the E4200 firmware has been upgraded go in Setup/IPv6 Setup disable "IPv6 - Automatic" (you should then see an IPv6 address in the DUID field) and leave "automatic" for the 6rd configuration. You should be in business and see all of the hosts on your network with an IPv6 stack enabled being assigned a public IPv6 address starting with 2607:f048.
 +
** '''Teksavvy''' : TekSavvy has a [http://teksavvy.com/ipv6 IPv6 beta-program] for residential customers who use their DSL service (no statement found for cable connections). Just ask them to enable IPv6 to your subscription and it should be available within the next 24 hours. Their IPv6 connectivity is native so you don't need to setup a tunnel.
 +
** '''Shaw''' (?)
 +
** '''Cogeco cable''' (?)
 +
** '''Telus''' (?)
 +
** '''Bell''' : Bell appears to have an official IPv6 support especially for its business subscribers (See http://ipv6.bell.ca) via a toolkit and various web pages on the subject.
  
To see if your snapshot was taken, type:
+
* France
<console># ##i##zfs list -t snapshot</console>
+
** '''Free'''
 +
** '''Nerim'''
 +
** '''the French Data Network (FDN)'''
 +
* United States:
 +
** '''Comcast''' (limited pilot in some areas only)
  
If your machine ever fails and you need to get back to this state, just type (This will only revert your / dataset while keeping the rest of your data intact):
+
== Home routers compatible with IPv6 ==
<console># ##i##zfs rollback tank/os/funtoo/root@install</console>
+
  
{{fancyimportant|'''For a detailed overview, presentation of ZFS' capabilities, as well as usage examples, please refer to the [[ZFS_Fun|ZFS Fun]] page.'''}}
+
A few residential routers have support for IPv6 at date of writing and many more home networking devices will have robust IPv6 support in a more or less near futures. The following does not pretend to be exhaustive:
 +
* '''D-Link DIR-825 rev. 1B''' (June 2011): Has IPv6 support out of the box, however for somewhat reason the router has no support for IPv6 firewalling even with teh 2.05N revision of the firmware. Consequence for you is you have to deploy an IPv6 firewall on each of hosts concerned with a public IPv6 connectivity. The canadian ISP Videotron is selling a DIR-825 with a customized firmware as unfortunately, like with the genuine manufacturer firmware, no IPv6 firewalling possible :( .
 +
* '''CISCO/LinkSys E4200''' (June 2011): Advertised as being IPv6 compatible with a firmware update (available as of June 14th 2011 -> check for the version tagged 1.0.02 build 13 or later on the manufacturer website). The device supports native IPv6 and IPv6 through a 6rd tunnel (no support for any other tunneling protocol).
  
 +
== Resources ==
 +
*[http://ipv6.he.net/certification/cert-main.php free ipv6 certification program]
 +
*[http://ipv6-test.com/ Test ipv6 (ipv6-test.com)]
 +
*[http://test-ipv6.com/ Test ipv6 (test-ipv6.com)]
 +
*[http://www.comcast6.net/ Comcast's IPv6 page]
 +
*[http://tunnelbroker.net/ Hurricane Electric Tunnel Broker ]
 +
*[http://www.gentoo-wiki.info/HOWTO_IPv6 Gentoo Wiki IPv6 ]
 +
*[http://www.gentoo.org/doc/en/ipv6.xml Gentoo IPv6 Guide]
 +
with Apple airport extreme, etc:
 +
*[http://www.tunnelbroker.net/forums/index.php?topic=680.0 tunnelbroker.net forums post - airport config ]
 +
*[http://www.nedprod.com/Niall_stuff/addingIPv6toyourhome.html Adding IPv6 Support To Your Home]
 +
*[http://www.tunnelbroker.net/forums/index.php?topic=273.0 tunnelbroker.net forums post - Gentoo config (won't work in Funtoo)]
 +
Nice Overview over IPv6
 +
* [http://www.linux.com/learn/tutorials/428331-ipv6-crash-course-for-linux IPv6 Crash Course for Linux] and page 2 [http://www.linux.com/learn/tutorials/432537:another-ipv6-crash-course-for-linux-real-ipv6-addresses-routing-name-services IPv6 Crash Course for routing name services]
 +
* [http://livre.g6.asso.fr/index.php/Accueil IPv6 Théorie et Pratique (in french only)] revised online version of the O'Reilly book published in 2005 by a collective researchers and IT actors.
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]
[[Category:Filesystems]]
+
[[Category:Networking]]
 
[[Category:Featured]]
 
[[Category:Featured]]
 
__NOTITLE__
 

Revision as of 17:08, 24 January 2014

Contents

Introduction

IPv6 is an redesigned and improved version of the IPv4 protocol, and is intended to start replacing IPv4 in 2011 and beyond as the IPv4 global address space becomes exhausted. IPv6 includes a number of improvements over IPv4, including most notably 128-bit addressing, simplified protocol header, integrated IPSec and Multicast implementations, improved discovery, flexibility and router interaction, and improved facilities for auto-configuration. IPv6 also marks the end of Network Address Translation (NAT), which is not recommended or necessary with IPv6. While it's possible to use non-routable addresses with IPv6, this is not a requirement and it is possible for any IPv6 device to have its own globally routable IP address if desired.

Addressing

IPv6 addresses consist of 128 bits. The first 64 bits are used for the network and subnet portion of the address, while the remaining 64 bits are used for the host portion of the address. For more information on how to represent IPv6 addresses, please see the Presentation section of the IPv6 address page on Wikipedia.

Network Masks

IPv6 addresses also have an associated network mask, which is typically written as a trailing "/64" or "/48" at the end of the address, which specifies what bits of the address are used for network and subnet parts. For example, a "/48" mask specifies that addresses use a 48-bit network part, followed by a 16-bit subnet part (allowing for 2^16 subnets), followed by a 64-bit host part (allowing for up to 264 hosts for each of the 216 subnets to be specified.) In contrast, a "/64" mask specifies that addresses use a 64-bit network part, no subnet part, and a 64-bit host part (allowing up to 264 hosts total to be specified.) This means that if you are issued a "/64" set of addresses, you will not be able to define any subnets, but if you are issued a "/48" set of addresses, you will be able to define up to 216 subnets.

Address Space and Security

IPv6 also uses a global, flat address space. IPv6 is designed so that any device that needs to communicate on the Internet is able to have a unique globally-routable address. With IPv6, there is no need for using Network Address Translation (NAT). With IPv4, NAT is often used as a means of protecting systems from being accessed by malicious users. With IPv6, firewalls are typically used instead of NAT for restricting access to systems. With IPv6, it is normal for all machines on your home network to have "globally routable" addresses, the equivalent of a "public IP" in the world of IPv4. It is important to understand that this is the way that IPv6 is intended to be used for the majority of users, and that an IPv6-enabled router will no longer be performing NAT for you.

Using IPv6

There are several ways to use IPv6 with Funtoo Linux. Here are some possibilities:

  • Participating in an existing IPv6 network
  • Creating a local IPv6 over IPv4 tunnel
  • Enabling IPv6 on your router, possibly via a tunnel (several ISP uses 6rd...)
  • Unique Local IPv6 Unicast Addresses (site local)

Participating in IPv6 Network

The first approach is an option if your Funtoo Linux system happens to be on an IPv6 network, or you desire to set up an IPv6 network. In this case, the Funtoo Linux system simply needs to be configured to participate in this IPv6 network -- and can also participate in an IPv4 network simultaneously. If you will be configuring an IPv6-compatible router, then you will simply configure your Funtoo Linux system to participate in this network.

Local IPv6 over IPv4 Tunnel

Another approach for using IPv6 is to configure an IPv6 over IPv4 tunnel locally on your Funtoo Linux system, in cooperation with a tunnel provider. This will allow you to use an existing IPv4 network to connect a single Funtoo Linux system to IPv6. It is also possible to configure this system to serve as an IPv6 router.

Enabling IPv6 on Your Router

If you have a router that is capable of supporting IPv6, then it is possible to configure your router so that an IPv6 network is available, at which point you can simply configure your Funtoo Linux system to participate in it. Note that many popular home/office routers can be configured to use an IPv6 over IPv4 tunnel, which provides a convenient option for home networks or smaller organizations to participate in IPv6. Using this approach, your computer systems behind the router are simply configured to participate in an IPv6 network, and your router handles tunneling the IPv6 traffic back and forth between your tunnel provider. This is typically the most flexible option for exploring IPv6 as it allows you to have multiple computer systems in your home or office to participate in an IPv6 network while your router takes care of everything transparently.

Using Unique Local IPv6 Unicast Addresses

If you don't have public IPv6 connectivity or you don't wish to open an IPv6 tunnel over an IPv4 network, you can use a mechanism similar to IPv4 private addresses ranges. This mechanism consists of concatenating the prefix FC00::/7 with a globally unique identifier and a subnet identifier to form the upper 64 bits of the IPv6 address. Details of the mechanisms to forge a unique local IPv6 unicast address are documented in RFC 4193, however unique local IPv6 unicast addresses are made of the following components:

       | 7 bits |1|  40 bits   |  16 bits  |          64 bits           |
       +--------+-+------------+-----------+----------------------------+
       | Prefix |L| Global ID  | Subnet ID |        Interface ID        |
       +--------+-+------------+-----------+----------------------------+
  • Prefix (7 bits): always FC00::/7
  • L (1 bits): must be set to 1 (1 = prefix is locally assigned, 0 is undefined so far and must not be used)
  • Global ID: A random identifier (see RFC 4193 for details about the generation algorithm
  • Interface ID: Host interface ID as defined in RFC 3513
Note: Just like with private IPv4 addresses, an IPv6 router must not route a unique local IPv6 unicast address outside the organization local network.

Requirements

IPv6 requires CONFIG_IPV6 to be enabled in your kernel (either compiled in or as a module). If compiled as a module (e.g. if your kernel was compiled by genkernel), ensure the module is loaded.

# lsmod | grep ipv6

If this returns nothing, load the module with:

# modprobe ipv6

Commands

ping6
IPv6 ping command
route -6
show IPv6 routes
ip -6 neigh show
show all IPv6 neighbors on the local LAN

Configuration

Participating in an Existing IPv6 Network

If your local network already supports IPv6, then you can simply configure Funtoo Linux to participate in this IPv6 network. Here is a sample configuration that might be used to configure an ethernet interface (netif.eth0) to participate in both an IPv4 and IPv6 network:

template="interface"
ipaddr="10.0.1.200/24 2001:470:d:c2c:218:51ff:feea:ee21/64"
gateway="10.0.1.1"
nameservers="10.0.1.1 2001:470:20::2"
domain="funtoo.org"
multicast="yes"
routes="2000::/3 via fe80::daa2:5eff:fe7a:83de dev eth0"

Above, we use the interface template, and specify both an IPv4 and IPv6 address (with network mask) for ipaddr. In addition, an IPv4 and IPv6 nameserver is specified. For routing, we use the gateway command to specify an IPv4 gateway, while we use the routes command to specify a route to our router, which in this case has address fe80::daa2:5eff:fe7a:83de and is reachable on device eth0.

Note that we specify a route for "2000::/3" rather than "::/0" or "default", and this is a bit unusual. This is to work around a bug in many Linux kernels that prevents the default route from being handled properly. "2000::/3" maps to all routable IP addresses and has the benefit of being compatible with all Linux kernels.

Many Addresses and Stateless Autoconfiguration

Also note that if we did not specify an IPv6 address in the ipaddr variable, then eth0 would still get at least one IPv6 address anyway. First, it would get a link-local address, starting in fe80::/16, and it would also automatically use stateless autoconfiguration to grab an unused IPv6 address from the range used by your IPv6 router. This works similarly to the way a DHCP client works with IPv4, but is built-in to the IPv6 protocol and does not require a DHCP server to function. It works because with IPv6, routers send out ICMP packets to advertise themselves to systems on your network, and your Funtoo Linux system can use this information to automatically grab an unused address. It is important to understand this behavior because it means that by default, your Funtoo Linux system will grab a globally-routable ("public") IPv6 address from your router with no steps necessary on your part and thus may be accessible from the Internet if no firewall is in place. However, in most cases the default IPv6 route must be specified in the routes variable for IPv6 to function properly, so this auto-configuration isn't completely automatic at this time.

Local IPv6 over IPv4 Tunnelling

Tunnelling is the process of encapsulating IPv6 packets within an IPv4 packet so that it can be transmitted over an IPv4 network. This process happens at a local tunnel entry point, which can be a Linux machine or a router, such as an Apple AirPort. The packet then traverses the IPv4 network, until reaches the tunnel endpoint, which de-encapsulates the packet and places it on an IPv6 network. There are several different types of IPv6 tunnels. There are also several IPv6 tunnel providers that offer free tunnelling services, making it convenient to start using IPv6, even on your home network.

Note that if you want configure an IPv6 over IPv4 tunnel on your router, such as an Apple AirPort, then you will simply need to sign up with one of the tunnel providers and use their instructions to configure your router. At this point, your router will be IPv6 enabled and you can then configure your Funtoo Linux system to participate in an existing IPv6 network using the instructions in the previous section. If this is not an option for you, then it is also possible to set up the IPv6 over IPv4 tunnel directly on your Funtoo Linux system. This means that only your Funtoo Linux system will be able to participate in IPv6, at least to start (later, you could configure your Funtoo Linux system to route IPv6 for other machines on your network) Follow the instructions in this section to set up local tunneling on your Funtoo Linux system.

Tunnel providers

freenet6
Supports anonymous tunnels and works behind NAT. You can connect to with your login or as anonymous from anywhere. This can be configured under Funtoo Linux by emerging the net-misc/gogoc ebuild.
Hurricane Electric
Configured 6in4 tunnel, with support for dynamic IPv4 addresses, and Apple AirPorts can be configured to use this tunnel - see this link. Also see ipv6.he.net FAQ You can setup this tunnel with ifconfig and iproute2, or configure your router to be the tunnel entry point -- the point at which IPv6 traffic is encapsulated/de-encapsulated.
Teredo/Miredo
RFC4380 mandated transition mechanism. Works behind NAT. Assigns one "/128" per host.

Getting Started with gogoc

Freenet6 is a free IPv6 access service provided by gogo6 via the TSP tunnelling protocol. gogoc supports any TSP tunnel; perhaps one is provided by your ISP. We will focus on an anonymous tunnel via freenet6.

You need ipv6 to be enabled in your kernel as well as the TUN module.

You can quickly get started by emerging net-misc/gogoc, adding gogoc to your startup scripts and starting it. net-misc/gogoc is currently keyworded unstable (on some architectures, see gentoo bug #362549). If you are running stable Funtoo, you may want to put an entry into your package.keywords/package.accept_keywords file.

# emerge gogoc
# bzcat /usr/share/doc/gogoc-*/gogoc.conf.sample.bz2 >/etc/gogoc/gogoc.conf
# rc-update add gogoc default
# /etc/init.d/gogoc start

Note Note: By default, gogoc will use an anonymous tunnel. If you wish to authenticate yourself, read and edit /etc/gogoc/gogoc.conf.

Getting started with Teredo

While this mechanism is officially called Teredo, the implementation of the Teredo service we will be using is called Miredo. Note Note: net-misc/miredo is currently keyworded unstable. If you are running stable Funtoo, you may want to put an entry into your package.keywords/package.accept_keywords file.}}

Emerge net-misc/miredo and start it up (you can add it to your default runlevel if you wish):

# emerge net-misc/miredo
# /etc/init.d/miredo start

Note Note: Miredo requires CONFIG_TUN enabled in your kernel. If it is compiled as a module, ensure the tun module is loaded.

If all goes well, you can check the assignment of an IPv6 address using /sbin/ip, for example:

# /sbin/ip addr show dev teredo
4: teredo: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN qlen 500
    link/none 
    inet6 2001:0:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/32 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::ffff:ffff:ffff/64 scope link 
       valid_lft forever preferred_lft forever

Tunnelling 6to4

6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. When using 6to4 your IPv6 golablly addressable IP is generated from you IPv4 IP address.

The anycast address of 192.88.99.1 has been allocated for the purpose of sending packets to a 6to4 relay router. Note that when converted to a 6to4 IPv6 address with the subnet and hosts fields set to zero this IPv4 address (192.88.99.1) becomes the IPv6 address 2002:c058:6301::.

To use the funtoo network template method, write the config file for the interface /etc/conf.d/netif.6to4 (which will also handle the converting of your IPv4 address to your IPv6 address). Make sure you change "WAN" to your correct internet facing interface.

template=ipv6-tunnel
WAN="eth0"
MTU="1280" 
ipv4=`ifconfig $WAN | sed -ne 's/[[:space:]]*inet addr:\([0-9.]*\).*/\1/p'`
ipv6=`printf "2002:%02x%02x:%02x%02x::1" \`echo $ipv4 | tr "." " "\``
remote=192.88.99.1
local="$ipv4/24"
ipaddr="$ipv6/48"
routes="2000::/3 via 2002:c058:6301:: dev $WAN"

Then create the netif.6to4 symlink and add it to the default runlevel

# ln -s /etc/init.d/netif.tmpl /etc/init.d/netif.6to4
# rc-update add netif.6to4 default
# /etc/init.d/netif.6to4 start

You should now be capable of connecting via IPv6:

# ping6 ipv6.google.com

To allow this host to be a router, a modified template is required:

#!/bin/sh

netif_pre_up() {
        require local remote
        try ip tunnel add $interface mode sit remote $remote local $local ttl 255
        try ip addr add $ipaddr dev $interface
        try ip addr add $ipaddr4 dev $interface
}

netif_post_up() {
        try ip route add ::/0 dev $interface
}

netif_pre_down() {
        ip route del ::/0 dev $interface
}

netif_post_down() {
        ip tunnel del $interface
}

Then add the following line to /etc/conf.d/netif.6to4:

ipaddr4="$ipv4/24"

After restarting the 6to4 interface radvd can be started:

# /etc/init.d/netif.6to4 restart
# /etc/init.d/radvd start

Optimization

Prefer IPv4 over IPv6

Generally if your IPv6 connection is through a tunnel, it will be slower than an IPv4 connection. For this reason, if you are using an IPv6 tunnel, it can be best to configure your systems to prefer IPv4 if an IPv4 version of the site is available, and use IPv6 only when necessary. This way, you will avoid unnecessary encapsulation and de-encapsulation of IPv4 traffic. Here's how to do this for a number of operating systems:

Linux

Linux will prefer IPv6 if IPv6 support is enabled in the kernel. To prefer IPv4, edit /etc/gai.conf and add this line:

precedence ::ffff:0:0/96 100

Windows 7, Server 2008, Vista

These operating systems prefer IPv6 by default. See this link. To prefer IPv4, use the following steps:

  1. Start regedit.
  2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP6\Parameters.
  3. Create a new DWORD named DisabledComponents. Edit this new DWORD and set it to HEX value of 20 or a DECIMAL value of 32.
  4. Restart your computer.

ISPs who currently have IPv6 enabled for residential customers

  • Canada:
    • Videotron: Videotron has a beta-program for residential customers who want to test IPv6 (no official technical support, it is possible they don't have enabled it in your area so check first before investing in new hardware). Although at date of writing, a large part of their networks are IPv6, you must go through a 6rd tunnel because they still need to upgrade some of their equipments and your router must support the 6rd protocol (this requirement is documented). Videotron sells you a D-Link DIR-825 with a modified firmware however this model has a weird gotcha: it does not support IPv6 firewalling. This is not a Videotron specific issue (even the genuine firmwares coming from the manufacturer has no support for IPv6 firewalling as of June 2011). A good alternative to recommend is the CISCO/LinkSYS E4200, more expensive (MSRP ~$180 US/CDN) but has IPv6 firewalling support. Once the E4200 firmware has been upgraded go in Setup/IPv6 Setup disable "IPv6 - Automatic" (you should then see an IPv6 address in the DUID field) and leave "automatic" for the 6rd configuration. You should be in business and see all of the hosts on your network with an IPv6 stack enabled being assigned a public IPv6 address starting with 2607:f048.
    • Teksavvy : TekSavvy has a IPv6 beta-program for residential customers who use their DSL service (no statement found for cable connections). Just ask them to enable IPv6 to your subscription and it should be available within the next 24 hours. Their IPv6 connectivity is native so you don't need to setup a tunnel.
    • Shaw (?)
    • Cogeco cable (?)
    • Telus (?)
    • Bell : Bell appears to have an official IPv6 support especially for its business subscribers (See http://ipv6.bell.ca) via a toolkit and various web pages on the subject.
  • France
    • Free
    • Nerim
    • the French Data Network (FDN)
  • United States:
    • Comcast (limited pilot in some areas only)

Home routers compatible with IPv6

A few residential routers have support for IPv6 at date of writing and many more home networking devices will have robust IPv6 support in a more or less near futures. The following does not pretend to be exhaustive:

  • D-Link DIR-825 rev. 1B (June 2011): Has IPv6 support out of the box, however for somewhat reason the router has no support for IPv6 firewalling even with teh 2.05N revision of the firmware. Consequence for you is you have to deploy an IPv6 firewall on each of hosts concerned with a public IPv6 connectivity. The canadian ISP Videotron is selling a DIR-825 with a customized firmware as unfortunately, like with the genuine manufacturer firmware, no IPv6 firewalling possible :( .
  • CISCO/LinkSys E4200 (June 2011): Advertised as being IPv6 compatible with a firmware update (available as of June 14th 2011 -> check for the version tagged 1.0.02 build 13 or later on the manufacturer website). The device supports native IPv6 and IPv6 through a 6rd tunnel (no support for any other tunneling protocol).

Resources

with Apple airport extreme, etc:

Nice Overview over IPv6