|
|
| January 2001 | Get BSD | New to BSD? | Search BSD | Submit News | FAQ | Contact Us | Join Us |
|
6to4 is an easy way to get IPv6 connectivity for hosts that only have an IPv4 uplink. It can be used with static as well as dynamically assigned numbers, e.g. as found in modem dialup scenarios. When using dynamic v4 addresses, note that a dynamic change of IP numbers will be a problem for incoming traffic, i.e. you can't run persistent servers.
The setup on your side doesn't exist on a single IPv6 number, but on a whole /48 network. The address prefix "2002:" is reserved for 6to4 based addresses (i.e. v6 addresses derived from IPv4 addresses). The next 32 bits are your IPv4 address. This results in a /48 network that you can use for your very own purpose. It leaves 16 bits of space for 216 IPv6 subnets, which can take up to 264 nodes each (that's, um ... a BIG number :-).
Thanks to the 6to4 prefix and your worldwide unique IPv4 address, this address block is also unique, and it's mapped to you.
Image #1 shows an example of how the IPv6 address is built for the IPv4 number 62.157.9.98. The lower bits ":0001::1" were chosen arbitrarily by me, they can contain other values. (e.g. EUI-64 addresses if you choose to setup address autoconfiguration via router solicitation - see rtsol(8) for more information).
Image #1: (click to enlarge!)
|
In contrast to the classic "v6 over v4 tunnel" setup, you do not register at a 6bone-gateway, which will then forward you any v6 traffic (encapsulated in v4). Instead, as your IPv6 address is derived from your IPv4 address, any answers can be sent through your nearest 6to4 gateway to you. Unencapsulation of the package is done via the stf(4) network interface, which also forwards the resulting v6 package then according to your routing setup (in case you have more than one machine connected on your 6to4 assigned network).
For sending out v6 packets, the stf(4) packet will take the v6 packet, and encapsulate it into a v4 packet. You still need a 6bone-connected 6to4-gateway that will unencapsulate your packets, and forward them to the 6bone.
Image #2 tries to illustrate this. Your private network is on the left; the uplink in this case is via a v4-connected PPP-link, and the machine on the right is the 6to4 gateway which is connected to the 6bone.
Image #2: (click to enlarge!)
|
In contrast to the "tunnel" setup, you usually can't setup packet filters to block 6to4-packets from unauthorized sources, as this is exactly how (and why) 6to4 works at all. As such, malicious users can send packets with invalid/hazardous IPv6 payloads. See the stf(4) manual page for common configuration mistakes intercepted by default, and for further advice on filtering.
The following commands are valid for NetBSD 1.5, but as they don't use any "magic" variables from the OS-specific startup system, this should be widely usable.
You need to know the following values:
Your IPv4 address. Use ifconfig(8) or netstat(8) to determine. If you use a NATing gateway or somethingo similar, be sure to use the official, outside-visible address, not your private (10/8 or 192.168/16) one.
We will use 62.224.57.114 in our example.
Your gateway interface's IPv6 address, derived from the above IPv4 address.
For our example, this is 2002:3ee0:3972:0001::1 (62.224.57.114 == 0x3ee03972, 0001::1 arbitrarily chosen).
The IPv6 address of your 6to4 gateway to use.
We will use 2002:cdb2:5ac2::1 (== 6to4.kfu.com).
Actual configuration consists of three steps:
Make sure you have at least one stf(4) interface configured into your kernel:
pseudo-device stf 1 # 6to4 IPv6 over IPv4 encapsulation
By default this is not enabled. Please consult some appropriate documents on kernel configuration and compilation.
Configure the stf(4) device by assigning it your IPv4-derived v6-address:
ifconfig stf0 inet6 2002:3ee0:3972:0001::1 prefixlen 16 alias
Make sure all your IPv6 traffic is forwarded to your 6to4 gateway to route it via the 6bone:
route add -inet6 default 2002:cdb2:5ac2::1
After these steps, you are connected to the IPv6-enabled world - congratulations!
If you have a permanent IPv4 address, you can put these two commands into /etc/netstart.local to configure IPv6 on each bootup.
There's a list of known working 6to4 gateways at http://www.kfu.com/~nsayer/6to4/. In tests, only 6to4.kfu.com and 6to4.ipv6.microsoft.com were found to be working. Cisco has another one that you have to register to before using it, see http://www.cisco.com/ipv6/. There's also an experimental 6to4 server located in Germany, 6to4.ipv6.fh-regensburg.de.