HOWTO: Connect to the IPv6 Internet with your home router
Most of us (okay, basically all of us) connect to the Internet using an IPv4 address. There's a problem that is beginning to rapidly creep up though: We want to connect all our stuff to the Internet but there just aren't enough addresses. In fact, there are a little over 4 billion IPv4 addresses and a good chunk are already exhausted. For the curious, here's a good link to watch a RIR IPv4 countdown: click here. For the Unix/Linux inclined, try this:
lynx -dump http://www.iana.org/assignments/ipv4-address-space | grep "IANA - Reserved"
It's safe to say that the original designers of IPv4 probably didn't predict such widespread usage of the Internet. To solve the problem of address exhaustion, IPv6 was created. But what happened to IPv5? Well, back in the 1970's, a protocol named the "Internet Stream Protocol" was created. It was then upgraded from ST to ST+ (offering connection-oriented services and QoS), which became known as IPv5. So IPv6 was used.
So if IPv4 offers 4 billion addresses, how many addresses does IPv6 offer? Since the number is too big to display, I'll instead give the scientific notation. For IPv4, you get 232. But for IPv6, you get 2128 or 3.4*1038. That would be about 340 trillion, trillion, trillion addresses. Still not quite grasping how large that is? Consider the following:
- It's enough addresses for many trillions of addresses to be assigned to every human being on the planet.
- The earth is about 4.5 billion years old. If we had been assigning IPv6 addresses at a rate of 1 billion per second since the earth was formed, we would have by now used up less than one trillionth of the address space.
- The earth's surface area is about 510 trillion square meters. If a typical computer has a footprint of about a tenth of a square meter, we would have to stack computers 10 billion high blanketing the entire surface of the earth to use up that same trillionth of the address space.
- Imagine the IPv4 address space is a 1.6-inch square. In that case, the IPv6 address space would be represented by a square the size of the solar system.
Needless to say, we probably won't be running out of IPv6 addresses any time soon. So how do you get on the IPv6 Internet? It's actually not that difficult. You have two choices
- Connect to an IPv6 ISP and get allocated a block
- Use a 6to4 tunnel
Unless you've got lots of money, you probably won't be using the first option. Even just obtaining a /48 will set you back about $1,250 (though you'll have a LOT of address space to play with). Instead, most home users will opt for the second option an use a tunneling service. For that you'll need to register with a tunnel broker. Here's a list to choose from - link. I recommend using Hurricane Electric's service. First, register your name with them. It should take less than 24 hours to get an account. Next, follow the directions to create a tunnel. You basically plug in your IPv4 address and create the tunnel. Note that with Hurricane Electric, this can be either your public IPv4 address (the one your ISP gives you) or a private one if you're going to tunnel from within your network. Be sure to choose an endpoint that is close to you to minimize latency.
The next part is the hardest. We need to figure out how we're going to terminate our side of the tunnel. I would highly recommend using your home router to do this so you can minimize frustration. You can use a Linux box to do this behind your router but it will probably be a lot of pain to do so. I'm using a Linksys WRT54G v3 as my gateway so it was easy to put some custom firmware on it. I chose dd-wrt since it is very easy to use. Depending on what router you're using, you may or may not even be able to load custom firmware on it. Doing so is outside of the scope of this article. If you do use dd-wrt, be warned that the "generic micro" image does NOT have IPv6 support so if you have a v5 or v6 WRT, you're probably out of luck. Might be a good time to hit the bargin bin at your local computer store and hunt for an older WRT.
Once you've got a usable router and tunnel created, it's time to connect the two. For the remainder of this article, I'll refer to the dd-wrt web management interface. Log in and navigate to the Administration tab. Scroll down and look for the IPv6 Support section. Enable both IPv6 and radvd.
Now, click on the Commands tab and paste the following into the Commands box:
#!/bin/sh echo "1" > /proc/sys/net/ipv6/conf/all/forwarding extif=vlan1 intif=br0 tundev=he-ipv6 echo "bringing up HE tunnel" ip tunnel add he-ipv6 mode sit remote x.x.x.x local x.x.x.x ttl 255 ip link set he-ipv6 up ip addr add xxx:xxxx:::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr ip -6 route add xxxx:xxxx::/64 dev $intif ip -6 addr add xxxx:xxxx::1 dev $intif echo "bringing up router advertisment daemon" /sbin/radvd -C /tmp/radvd.conf
Be sure to substitute your IPv4 and IPv6 addresses where the "xxx"s are. If you're using Hurricane Electric, you can simply display the relevant configuration by going to the Tunnel Details page, then choosing the Linux-route2 configuration. The configuration for radvd (Router ADVertisement Daemon) is pretty easy so here goes:
interface br0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
prefix xxxx:xxxx::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
For some strange reason, my WRT doesn't seem to retain the radvd config so I just manually paste the whole IPv6 config in, radvd first. dd-wrt allows you to use CIFS shares to save your config so I may need to look into that.
Lastly, telnet (or ssh) to the router and paste the following commands in:
nvram set ipv6_enable=1
nvram set radvd_enable=1
nvram set radvd_conf=/tmp/radvd.conf
Now save the changes and reboot:
nvram commit
You're probably wondering whether I omitted a section on DHCP. IPv6 doesn't necessarily need DHCP but a new version, DHCPv6, does exist. IPv6 uses Router Solicitation and Router Advertisement messages to dole out addresses in a stateless fashion. Router Solicitations come from end nodes and are used to request addresses. Router Advertisements are sent by routers to advertise prefixes. The one thing those Router Advertisements don't have are DNS server addresses! Be sure you've set up your DNS servers in the router config. They should forward IPv6 queries if they can't answer them.
Our last hurdle is getting a computer on your network to grab an IPv6 address. I'm using Ubuntu Linux and Mac OS X, both of which come with IPv6 enabled. For Windows XP, you'll need to install the IPv6 stack. I hear Windows Vista has it enabled by default. Just remember to allow your firewall to receive multicasts. (RAs are sent as multicasts since IPv6 drops the broadcast address). You should receive an address as well as a default route. If so, congratulations!
To test it out, try to ping Google:
$ ping6 ipv6.google.com PING6(56=40+8+8 bytes) 2001:xxx:xxx:xxx --> 2001:4860:0:2001::68 16 bytes from 2001:4860:0:2001::68, icmp_seq=0 hlim=58 time=42.601 ms 16 bytes from 2001:4860:0:2001::68, icmp_seq=1 hlim=58 time=37.782 ms ^C --- ipv6.l.google.com ping6 statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 37.782/40.191/42.601 ms
If you're using Firefox, you'll need to enable IPv6 DNS queries. To do this, open an empty tab and type "about:config". You should see a bunch of preference keys pop up. In the filter box, begin typing ipv6 and look for a key named "network.dns.disableIPv6". It should be set to "true". Double click to set it to false (so you enable IPv6 DNS queries).
That should be it! Be warned though, that any device on your home network with an IPv6 stack running could grab an address and be open to attack. Be sure to either disable IPv6 where do don't need it or set up the appropriate firewall rules.
Have fun!