====== IPv6 in a Tunnel ======
This document explains how to bring IPv6 Internet connectivity to a lab platform using tunnels. This scenario is useful whenever IPv6 is not enabled on the Internet access of your Lab.
===== -. General Context =====
[{{ :ipv6-tunnel-1.png?nolink&600 | Figure 1. Internet connectivity and IPv6 support}}]
As shown in Figure 1, we suppose that your lab is equipped with either dual-stack (supporting IPv4 and IPv6) devices or IPv6-only devices. We also suppose that you have no direct Internet IPv6 connectivity since you need to traverse a legacy IPv4-only access network. Unfortunately, this is still the case for many Internet Service Providers around the world.
In such case, tunnel mechanisms can help you get IPv6 connectivity without waiting for the migration of the IPv4-only network. [[https://tools.ietf.org/rfc/rfc7059.txt | RFC 7059]] presents an exhaustive overview of tunnel mechanisms. In this document, you will use a static 6in4 tunnel. Precisely, IPv6 packets generated by your lab devices are encapsulated in IPv4 headers in order to traverse the IPv4-only network. This IPv4 header is removed, and the original IPv6 packets are routed to the IPv6 destination. The incoming packets undergo a similar process to reach your lab devices.
===== -. Tunnel Example Configuration =====
Figure 2 illustrates a deployment example of the 6in4 tunnel. In this example, the Tunnel End-Point (TEP) is a specific device that has IPv4 Internet connectivity on interface e1. The TEP adds and removes the encapsulating IPv4 headers. Therefore, a specific configuration should be applied on this device. Moreover, you can choose this device to be the default gateway for your lab in a way that all ongoing IPv6 trafic benefits from the tunnelling mechanism.
[{{ :ipv6-tunnel-2.png?nolink&600 | Figure 2. 6in4 Tunnel for extending IPv6 connectivity}}]
Hurricane Electric provides a free service for 6in4 tunnels. Subscription is available on [[https://tunnelbroker.net]]. Start by creating a ''Regular Tunnel''. Then, put the IPv4 address of interface e1 of your TEP in the field ''IPv4 Endpoint (Your side)'' and select the nearest tunnel server. Verify that everything is set accordingly in the tunnel details page. Click on ''Example Configurations'' and copy the commands for your operating system. For example, if you are using an Debian based TEP, you can use the following configuration template in your ''/etc/network/interfaces'' file:
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address #TEP_IPv6_address
netmask 64
endpoint #Tunnel_server_IPv4_address
local #TEP_e1_IPv4_address
ttl 255
gateway #Tunnel_server_IPv6_address
When behind a firewall appliance, make sure that protocol 41 is not filtered. Note well that 41 is the IPv6 protocol number encapsulated in IPv4 (and not a port number) and should be authorized. For instance, the [[https://www.cisco.com/c/en/us/support/docs/ip/access-lists/43920-iacl.html | configuration]] on a Cisco firewall uses the following syntax: ''access-list 101 permit 41 source destination''.
Now, you can verify the configuration of your tunnel interface ''ip -6 addr show dev he-ipv6'' on the TEP and test if the IPv6 connectivity is working: ''ping6 ipv6.google.com''.
===== -. Lab Platform Configuration =====
Hurricane Electric has automatically assigned a /64 prefix to your account and routed it to the ''Client IPv6 Address''. You can retrieve the address on the tunnel details page under the ''Routed IPv6 Prefixes'' section. This prefix allows your TEP to operate as the router for this prefix and allows you to utilize static or automatic configuration to hand out IPs from this allocation to your internal network. In the following, we will examine these two methods.
In both cases, you should start by configuring a static IPv6 address on interface e0 of the TEP. This address should be chosen from your assigned /64 prefix.
ip -6 addr add Routed_Prefix::1/64 dev e0
==== -. Static Configuration ====
On any PC in your lab, you can configure a static IPv6 address chosen from your /64 routed prefix. Moreover, you should add a default route using the link-local address of the e0 interface of the TEP as in the following:
ip -6 addr add Routed_Prefix::X/64 dev PC_interface
ip -6 route add default via TEP_e0_link_local_IPv6_addr
==== -. Stateless Auto-Configuration ====
If you want to benefit from the auto-configuration mechanisms in IPv6, you can start a routing daemon on the TEP. This daemon (typically radvd on Debian) will send routing advertisements and enable your lab PC to perform stateless auto-configuration.
You can install radvd using ''apt-get install radvd'' on the TEP and configure the /64 prefix in ''/etc/radvd.conf'' as follows:
interface eth1
{
AdvSendAdvert on;
prefix 2001:470:1f13:ab6::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
Now you can start the routing daemon on the TEP using ''/etc/init.d/radvd start'' and observe the auto-configuration on any PC in you local network.