Difference between revisions of "Basic routing using IPv6"
From Notes_Wiki
m |
m |
||
Line 1: | Line 1: | ||
[[Main Page | Home]] > [[IPv6]] > [[Basic routing using IPv6]] | |||
For trying basic routing using IP forwarding on a IPv6 networks we require 3 nodes. We will configure one subnet1 IP address on node 1, subnet1 and subnet2 IP addresses on node 2 and subnet2 IP address on node3. Then we will add route for subnet2 on node1 via node2 and similarly add route for subnet1 on node3 via node2. At last we need to enable IP forwarding for IPv6 in node2 and disable any firewall rules that may block IP forwarding. | For trying basic routing using IP forwarding on a IPv6 networks we require 3 nodes. We will configure one subnet1 IP address on node 1, subnet1 and subnet2 IP addresses on node 2 and subnet2 IP address on node3. Then we will add route for subnet2 on node1 via node2 and similarly add route for subnet1 on node3 via node2. At last we need to enable IP forwarding for IPv6 in node2 and disable any firewall rules that may block IP forwarding. | ||
Line 40: | Line 39: | ||
[[Main Page | Home]] > [[IPv6]] > [[Basic routing using IPv6]] |
Latest revision as of 06:51, 18 April 2022
Home > IPv6 > Basic routing using IPv6
For trying basic routing using IP forwarding on a IPv6 networks we require 3 nodes. We will configure one subnet1 IP address on node 1, subnet1 and subnet2 IP addresses on node 2 and subnet2 IP address on node3. Then we will add route for subnet2 on node1 via node2 and similarly add route for subnet1 on node3 via node2. At last we need to enable IP forwarding for IPv6 in node2 and disable any firewall rules that may block IP forwarding.
Steps
On node 1 do following changes:
- Add IPv6 address '3ffe::1:<64-bit Identifier>/64' to network interface. The 64-bit identifier can be obtained by using nodes 48-bit MAC address and inserting 16-bit sequence 0xfffe in center (between 24th and 25th bits). After this we also need to invert the seventh most significant bit of MAC address part to 1, since the new address is locally administered. For example if MAC address of node1 is '48:5b:39:69:86:6f' then assign IPv6 address as '3ffe::1:4a5b:39ff:fe69:866f'. To add IPv6 address to interface we can use command like 'ifconfig eth0 add 3ffe::1:4a5b:39ff:fe69:866f/64'.
- Verify that IP address got assigned properly using 'ifconfig' command. You should see two IPv6 address assigned to eth0. One would be link-local address starting with fe80:: which ends with same 64-bit identifier. Other would be globally routed address starting with 3ffe:: which we assigned in previous step.
- Add route for subnet '3ffe:0:0:2::/64' via node 2. Assuming node2 subnet1 IPv6 address to be '3ffe::1:4a5b:39ff:fe52:6525' use command 'route -A inet6 add 3ffe:0:0:2::/64 gw 3ffe::1:4a5b:39ff:fe52:6525'
- Verify using 'netstat -rnv -A inet6' command that route got added properly.
On node 2 do following changes:
- Add IPv6 addresses '3ffe::1:<64-bit Identifier>/64' and '3ffe::2:<64-bit Identifier/64>'. Also verify that addresses got assigned properly using 'ifconfig' command.
- Enable IPv6 forwarding by using command 'sysctl net.ipv6.conf.all.forwarding=1'. Verify by using command 'sysctl net.ipv6.conf.all.forwarding' that value indeed got changed to 1.
- Ensure that ip6tables is not going to prevent node from forwarding packets using 'ip6tables -L -n' or 'ip6tables-save'. You can just disable ip6tables for this experiment using 'service ip6tables off' or 'ip6tables -F'.
- Ping node1 on its subnet1 IP to ensure that node1 and node2 can communicate over subnet1 using something like 'ping6 3ffe::1:4a5b:39ff:fe69:866f'.
On node3 do following changes:
- Add IPv6 address '3ffe::2:<64-bit Identifier>/64'. Also verify that address got assigned properly.
- Add route for subnet '3ffe:0:0:1::/64' via node 2. Assuming node2 subnet2 IPv6 address to be '3ffe::2:4a5b:39ff:fe52:6525' use command 'route -A inet6 add 3ffe:0:0:1::/64 gw 3ffe::2:4a5b:39ff:fe52:6525'
- Verify using 'netstat -rnv -A inet6' command that route got added properly.
- Ping node2 on its subnet1 IP to ensure that node2 and node3 can communicate over subnet2 using something like 'ping6 3ffe::2:4a5b:39ff:fe52:6525'.
- Now try to ping node1 using something like 'ping6 3ffe::1:4a5b:39ff:fe69:866f'.
- Try traceroute to node1 using something like 'traceroute6 3ffe::1:4a5b:39ff:fe69:866f'.
Try to capture packets using wireshark or tcpdump6 on nodes to capture neighbour solicitation, neighbour advertizement and other interesting IPv6 packets.
Note:
- Since we would not want packets from this test networks to reach network we would use 13-bit TLA-ID (Top level Aggregation Identifier) as 0x1FFE. For address to belong to globally routable IPv6 unicast address it should start with bits 001. Hence our test IP addresses start with 0x3ffe
- Noted that use of addresses in range 'fec0::/10' which were earlier defined as site-local range (to be used as private IPv6 address range) have been deprecated and no site should use addresses in this range for private communication.
- Also use of address range '3ffe::/16' as we have done above is also deprecated. As per the latest RFCs at the time of writing we should choose a random IP range in 'fd00::/8' and use that to assign local private IP addresses to nodes. There is also provision of taking unique private IP addresses in range 'fc00::/8' from some global numbering authority. Again at time of this writing no such autority is yet formed so the only possible option is to choose some /48 subnet in 'fd00::/8' for private addressing.