Lucid Lynx with IPv6: client connectivity

Open Office has been building Linux networks for office automation since the last century. As we would like to be ready for the next century, we are currently doing IPv6 wherever possible.
In a series of articles, I will explain how to set up an Ubuntu 10.04 “ipv6 only” network of Linux machines: that is server, and desktops. In this episode: client connectivity.
When you are going to connect your client PC’s with IPv6, you have a couple of choices — again. The two sensible choices are: use IPv6 autoconfiguration or use DHCP6. (The silly choice is to set up clients manually).

Let us start, just for fun and exercise, with the silly choice: manual configuration.

Manual configuration

In our last episode, you (hopefully) got IPv6 working on your gateway. Now you are going to need your network prefix. If you have a /48 network, then your network prefix is the first three parts of your IPv6 address.
If you have setup your gateway correctly, you can setup your client PC’s as follows. Add to your /etc/network/interfaces:

iface eth0 inet6 static
 address xxxx:xxxx:xxxx::qqqq
 netmask 48
 gateway xxxx:xxxx:xxxx::1

… where the X’s are the prefix of your network.
If you don’t have IPv6 addresses on your network by now, the “qqqq” could be anything. In fact, if your gateway knows it’s full /48 netblock, you can have any address within your prefix. If you would like to have prefix::g00d:dead:beef, just go ahead. (Well, to be precise: there is a bit that says “global” or “local”. Setting this bit to it’s global value, 1, theoretically means that you could have an overlapping IP address based on stateless autoconfiguration (more on that later). But since our assumption was “no other IPv6 addresses”, for now, you can safely use any address you like).

If you have given yourself a shiny new IPv6 address in /etc/network/interfaces, then, as root, type ifdown eth0; ifup eth0. You should be able to ping the gateway now, by issueing ping6 xxxx:xxxx:xxxx::1 – given that your gateway is your-prefix::1.

Does that work? Good. If it doesn’t work, that is probably because either you set up an IP address not ending with “::1” on your gateway; or even more problematic, you did not even think of setting up an IP address. So please check, if the interface that connects your client and gateway, does have an IPv6 address. For example, if your gateway has an eth0 and eth1, while eth0 is the outside and eth1 is the inside, the check if ip -6 a l dev eth1 (ip address list dev eth1) does show you a “global” IP address. You could also try to ping the client from the gateway, does that work? Please note, that with IPv6 the setup should basically the same as with IPv4 in the sense that you’ll normally have a gateway address (that could be prefix::1, but could also be anything else) and have a couple of IP addresses in the same “range” on the “inside”.

OK. Once you’ve figured out how ping the gateway, you’re ready for the next thing to try: ping something outside, like ping6

If that does not work, then there is probably something wrong with IPv6 forwarding. That may either be the sysctl IPv6 forwarding settings; or your firewalling; or, more theoretically, a non working gateway. Retry pinging from your gateway, does that work? If that does not work, you should check the IPv6 connectivity on the gateway itself. If you can ping6 both inside and outside from the gateway, then re-check the sysctl settings: cat /proc/sys/net/ipv6/conf/all/forwarding. If it says “0”, then re-read the end of “Basic Connectivity”. If that says “1”, then re-check the firewall (ip6tables -L -v).
For now, I’ll assume you got your basic client connectivity working. So let’s move on to automatic configuration.

Stateless Autoconfiguration

In our office networks, until now, we have always chosen DHCP for our client PC’s, as that gave us maximum flexibility. With IPv6, we chose to use “stateless autoconfiguration” instead. This gives us a little bit less flexibility, but there is one big advantage: any Linux machine with IPv6 enabled will immediately get an IPv6 address.
Here is how. First, install radvd on your gateway, like this: apt-get install radvd. Then build a configuration file for it. Ours is really simple (and please note: eth0 is the network interface that is connected to the “inside” of your network ):
interface eth0
AdvSendAdvert on;
prefix XXXX:XXXX:XXXX::/64
AdvOnLink on;
AdvAutonomous on;

Now please note: you have a /48 network, but don’t put the /48 in your prefix: it won’t work. With radvd, you have 65536 different /64 networks at your disposal but you can’t use them all at once. But, technically, there is nothing against using XXXX:XXXX:XXXX:QQQQ::/64 as prefix, i.e. choose another one of your networks, instead of the “0000” that the above config file gives you.
Anyway, start the radvd daemon and within seconds you’ll see that all the IPv6 enabled clients in your network instantly have a network address and a default IPv6 route to your IPv6 gateway.
As Ubuntu doesn’t enable the privacy extensions of IPv6 autoconfiguration, you will get IPv6 addresses based on the MAC address of your network cards. If the mac address of your network card is, for example, 1c:4b:d6:80:e3:4f, then the IPv6 address will be calculated as follows:

  1. Group, and split in two parts: 1c4b:d6 and 80:e34f
  2. Add “ff:fe” in between: 1c4b:d6ff:fe80:e34f
  3. Change the 7th bit (first, second, third …. 7th, 8th, we’re humans, not computers) to a “1”: 1e4b:d6ff:fe80:e34f
  4. Add your prefix: xxxx:xxxx:xxxx::1e4b:d6ff:fe80:e34f

All right. If you followed all steps correctly, you now have a network with IPv6 on your clients. Next thing we’ll do is to add DNS to that. If you have DHCP with the ISC DHCP server on your network, then there will even be some short scripts to help you fetch your IPv6 DNS information from your DHCP configuration file.