A few years ago, CiscoWorks LAN Management Solution introduced support for IPv6. I figured that was a good enough excuse to learn IPv6. After all, that is the future of the Internet. I had a collection of FreeBSD machines at home, and I knew they had wonderful support for IPv6. While chatting on IRC, I learned that Hurricane Electric offered a free IPv6 tunnel service complete with your own /64. Who wouldn’t want 18 quintillion IP addresses (you never know when you will have to address a small galaxy)?
My main router/firewall is a FreeBSD box, and Hurricane Electric made it easy to get the incoming IPv6 connection working. HE provided a simple sample config. Getting the tunnel interface up was just the first step, though. If I were going to be able to view the Kame dancing turtle (which was the geek’s way of testing IPv6 back then), I would need to provide IPv6 addresses to my other machines on my intranet. I decided to take my /64 and make the last octet of the address be the same as my last IPv4 octet. For example, my main workstation had an IPv4 address of 192.168.1.4. So its IPv6 became 2001:470:1f00:2464::4. That made things easy to remember.
Next up was satisfying the hosts that used IPv4 DHCP. I didn’t want to go with full-blown IPv6 DHCP. Stateless address autoconfiguration (SLAAC) was fine for me. I configured my main firewall/router to run rtadvd to hand out IPv6 addresses to my various laptops and other DHCP hosts.
I had all of the addressing setup, but I was unable to connect to the Kame site and see the dancing turtle. Turns out I forgot to enable IPv6 forwarding on the FreeBSD router. After setting the net.inet6.ip6.forwarding sysctl, I had a dancing turtle!
The last thing I had to take care of is the firewall. When one is used to using RFC1918 addresses with NAT at home, it could be easy to forget that all of this /64 block is directly reachable on the v6 Internet. It’s critical that you protect your /64 just as you would your main IPv4 interface. I used the IPFW firewall, and there is a lot of documentation available to configure this firewall to meet your needs.
For your reference, here is the /etc/rc.conf config from my FreeBSD firewall/router showing all of the IPv6 network parameters I setup. I look forward to seeing your IPv6 in my web server access log.
# These next four lines come straight out of the Hurricane
# Electric sample config for FreeBSD
# This next line is critical to provide IPv6 switching
Hi,I have question regarding hardware setup for the SD-WAN deployment. Can we setup vManage, vSmart and vBond on the same physical server for production (if resources are sufficient) and redundancy is achieved by lower level like vmware? Any argues agains...
Hello,I am trying to retrieve raw data from my SF300 switches using traps and OIDs, as not all information can be found in log buffer. However, I am not able to find OIDs reflecting system memory usage and critical information regarding ports statistics, ...
Hello, We have two Cisco routers 1921 (Software Version 15.7(3)M5) with a EHWIC-4ESG card connecting multiple L2 switches. I have configured vlan10 with multiple IPs to provide access to all devices in the LAN segment. Router 1 (R1) is by config...
guys, i need some help.I have been playing with PT since yesterday and reading many totorials/watching many movies but i am confused.I created 2 2950 switches in my PT(they are layer 2?) with three vlans; 10,20 and 99.Port 24 on both switches are Tru...