A few years ago, CiscoWorks LAN Management Solution introduced support for IPv6. I figured that was a good enough excuse to learn IPv6. After all, that is the future of the Internet. I had a collection of FreeBSD machines at home, and I knew they had wonderful support for IPv6. While chatting on IRC, I learned that Hurricane Electric offered a free IPv6 tunnel service complete with your own /64. Who wouldn’t want 18 quintillion IP addresses (you never know when you will have to address a small galaxy)?
My main router/firewall is a FreeBSD box, and Hurricane Electric made it easy to get the incoming IPv6 connection working. HE provided a simple sample config. Getting the tunnel interface up was just the first step, though. If I were going to be able to view the Kame dancing turtle (which was the geek’s way of testing IPv6 back then), I would need to provide IPv6 addresses to my other machines on my intranet. I decided to take my /64 and make the last octet of the address be the same as my last IPv4 octet. For example, my main workstation had an IPv4 address of 192.168.1.4. So its IPv6 became 2001:470:1f00:2464::4. That made things easy to remember.
Next up was satisfying the hosts that used IPv4 DHCP. I didn’t want to go with full-blown IPv6 DHCP. Stateless address autoconfiguration (SLAAC) was fine for me. I configured my main firewall/router to run rtadvd to hand out IPv6 addresses to my various laptops and other DHCP hosts.
I had all of the addressing setup, but I was unable to connect to the Kame site and see the dancing turtle. Turns out I forgot to enable IPv6 forwarding on the FreeBSD router. After setting the net.inet6.ip6.forwarding sysctl, I had a dancing turtle!
The last thing I had to take care of is the firewall. When one is used to using RFC1918 addresses with NAT at home, it could be easy to forget that all of this /64 block is directly reachable on the v6 Internet. It’s critical that you protect your /64 just as you would your main IPv4 interface. I used the IPFW firewall, and there is a lot of documentation available to configure this firewall to meet your needs.
For your reference, here is the /etc/rc.conf config from my FreeBSD firewall/router showing all of the IPv6 network parameters I setup. I look forward to seeing your IPv6 in my web server access log.
# These next four lines come straight out of the Hurricane
# Electric sample config for FreeBSD
# This next line is critical to provide IPv6 switching
Hello, I'm having an issue with running HSRP on Cisco Nexus 9K in vPC. I've done the configs but when Initiate the "show hsrp" command on the Nexus 9Ks. its saying "Standby router is unknown" on primary switch and "Active router is unknown" on standby swi...
Afternoon AllIve been at this task for weeks on and off. What I thought was a simple setup has got me stumped. from the router CLI I can ping 22.214.171.124 but not from and ofthe hosts. Below is my router config, its now all over the place due to my constant fi...
Hi, I'm trying to get an IPsec tunnel working, but it seems phase 2 isn't coming up. Their subnet is a /27 public IP and mine is a private IP subnet. I've attached the crypto debug output. I've also attached the config of the other en...
So I'm trying to think of a way to do this and have been messing around in gns3 a bit but I figured I'd post here for ideas while I putz around. 2 internet routers that connect to 2 different ISP's. They share the BGP tables. ...