2014. április 8., kedd

How to setup a raspberry PI as an IPv6 router with a SIXXS tunnel

IPv6?

Internet Protocol version 6 is a network protocol that will soon replace  the current Internet Protocol version 4 - the protocol that runs the Internet, and has those familiar four-number addresses like
183.43.221.13

With IPv6 are coming a plethora of changes, probably the most end-user-alarming one will be the change in the address format demonstrated above.

The four-times-one-byte address will be replaced by a eight-times-two-bytes address that looks like some fancy password from a bad computer movie.

The new addresses will take the form of

4367:9987:a01b:0000:0000:0007:cafe:babe

According to the simplification rules of IPv6 addresses, this can be written as

4367:9987:a01b::7:cafe:babe

Since with a double colon you can jump through all of the all-zero address parts, and leading zeros can also be omitted.


What will the Romans ever do for us?

We did not only sucked almost all the oil out of the Earth's crust, but we really almost used up all of the IPv4 addresses.

Now look around you and take a mental note of the feeling of right now, because when your grandchildren will ask you how it felt when all of the IPv4 addresses were used up, you will have to describe this exact feeling.

Our oil supplies will be enough for quite a few decades, but out IPv4 addresses won't last an other one. Our pool of IPv4 addresses is quickly running dry.

IPv6 offers us a mindboggling 2128 addresses. That's right, since the original IPv4 address pool size were a mere 264, the new pool size will be the old pool size squared, so every device that has an IPv4 address today could get as many IPv6 addresses as there are IPv4 addresses on the face of the Earth.

And that is a lot.  (Not counting with NAT of course ;) )

If the IETF would make this happen again (squaring the address pool), then a new IP address could be assigned to every thousandth or so atom in the known universe.

Besides the exuberant addresses, IPv6 brings to us an other few things play with, such as:


  • Direct connectivity, no NATs. Again, for there are a plenty of available addresses.
  • Nice zero-configuration LANs, no router or other coordination is needed.
  • Multicast - send traffic to many hosts at once.
  • Anycast - send traffic to the closest host holding the given anycast address.
  • Simpler message format, faster routing, faster Internet.
  • Built-in security
  • Better QoS - better handling and controlling of independent data streams between hosts, making possible to throttle and prioritize traffic more efficiently.
  • Better mobility support - switching between networks is much easier.
  • Better administration: zero configuration, network renumbering and easy multihoming (using more than one internet connections).
  • Smooth transition from IPv4


This last bullet point made possible by being able to "map" all the current IPv4 addresses into a tiny little fraction of the available IPv6 addresses.

This with the availability of IPv6 tunnel services (like SIXXS) can ship you into the future without causing severe (or any) seasickness.


SIXXS?

SIXXS is an IPv6 deployment & tunnel broker. Anyone can register and get an IPv6 address range the size of the current IPv4 address space. I for example own three of them at the moment.

If you register at https://www.sixxs.net/ you can get an IPv6 address range and a possibility to build a tunnel through the old Internet into the new one.

Tunnelling works by directing all non-local IPv6 traffic to a distant machine, with IPv6 packets encapsulated in IPv4 ones. You might not get the speed benefits, but you will get all the others, with the priceless feeling of being an early adopter of a wonderful new technology.


You can then browse the Web and use almost all your usual applications over IPv6, and can access the growing number of resources only available on the new net - on hosts with only IPv6 addresses.

Your SIXXS account will be credited with a few ISKs when you open it. A handful of ISKs are need to request your tunnel (and therefore address (range)). ISKs accumulate by keeping your tunnels up and running - something you probably planning to do anyway.

If you would like to experiment with your home devices, you need an IPv6 - and SIXXS tunnel - capable router.

Bummer.

Not many routers can set up tunnels to SIXXS PoPs out of the box, so we need to do some geeky stuff to convert your household to IPv6.


Raspberry PI?

You probably know  - and chances you own - a small single board computer called a Raspberry PI. This little device has a slow-but-OK ARM CPU, some OK amount of memory for a very low price. If you don't have one, make sure you buy two, for about a hundred USDs it's a fair deal.

Google for your local supply of PIs. 


Raspberry PI setup - aiccu

Raspberry PI can run Linux, make sure you have the current official version of Raspbian running on it.

After you have requested your tunnel - and it got approved in a few hours (or days if you are unlucky), you can set up your PI to connect to the new Internet.

Make sure you request a dynamic, NAT traversing AYIYA tunnel, since it is almos certain that you're behind a NAT.

The client program you need to install is aiccu. Make that happen by issuing the following command:

sudo apt-get install aiccu

This will install the software and the dependencies. The aiccu install script will ask for your user name and password, and if you have more than one tunnel, you will have to select the appropriate one here.

Aiccu will start up, and there you go:

root@minotaur:~# ping6 google.com
PING google.com(bud02s04-in-x06.1e100.net) 56 data bytes
64 bytes from bud02s04-in-x06.1e100.net: icmp_seq=1 ttl=57 time=4.99 ms
64 bytes from bud02s04-in-x06.1e100.net: icmp_seq=2 ttl=57 time=7.76 ms
64 bytes from bud02s04-in-x06.1e100.net: icmp_seq=3 ttl=57 time=6.24 ms
64 bytes from bud02s04-in-x06.1e100.net: icmp_seq=4 ttl=57 time=3.86 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 3.865/5.719/7.767/1.452 ms

You can see into the future. Minotaur is my Raspberry PI, the command I used is ping6, the target machine was google.com.

But what about the other devices on the network? They can't. Your RPI has to act as a router between them and the rest of the IPv6 Internet.

Fortunately this can easily be done. Just install radvd, a router advertisement daemon that will periodically yell at your local devices, telling them about the great opportunity of becoming a test subject for your experiment:

sudo apt-get install radvd

Radvd needs a configuration file at /etc/radvd.conf:

interface eth0 {
    AdvSendAdvert on;
    prefix 2a01:368:e000:8074::/64 {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
    };
};

Now hold on for a while, that is my ip address prefix, you have to substitute that for your own. Take a look at your SIXXS User Home page under the title "Subnets", and look for "Subnet Prefix".


If you start radvd after this, well, it might not want to start, complaining about IPv6 forwarding being turned off.


Raspberry PI setup - sysctl

Allow IPv6 forwarding by creating the configuration file /etc/sysctl.d/local.conf containing:


net.ipv6.conf.all.forwarding=1


Raspberry PI setup - interfaces

Linux won't forward IPv6 packets from an interface if there is no IPv6 address of that interface is known. So we will have to set one up.

Edit /etc/network/interfaces and add

iface eth0 inet6 static
 pre-up modprobe ipv6
 address 2a01:368:e000:8074::101
 netmask 64

to it. Please replace the IPv6 address to one with your SIXXS-provided prefix. You can make one up by writing a suitable number after your prefix.

Raspberry PI setup - modules 

The sysctl part only works if the ipv6 kernel module is loaded before sysctl tries to set up forwarding. This can be done by editing the file /etc/modules and inserting a single line into it:

ipv6

This way the proper kernel driver will be loaded at every boot.

After all of this, you need to reboot your PI. Make sure aiccu and radvd is running.




Set up your other devices.

Hah! I was joking. You don't have to. Actually I had to reconnect to my wifi with my Samsung Galaxy S4 to notice the change, but my desktop computer picked up the router configuration without me having to intervene.

The IPV6 test site http://test-ipv6.com/ scored 10/10.