Linux IPv6 HOWTO (en)

Peter Bieringer

pb�at�bieringer�dot�de

Revision History
Revision 0.67wip2017-07-14PB
Revision 0.662014-05-15PB
Revision 0.652009-12-13PB
Revision 0.642009-06-11PB
Revision 0.602007-05-31PB
Revision 0.512006-11-08PB

Abstract

The goal of the Linux IPv6 HOWTO is to answer both basic and advanced questions about IPv6 on the Linux operating system. This HOWTO will provide the reader with enough information to install, configure, and use IPv6 applications on Linux machines. Intermediate releases of this HOWTO are available at mirrors.bieringer.de or mirrors.deepspace6.net. See also revision history for changes.


Table of Contents

1. General
1. Copyright, license and others
1.1. Copyright
1.2. License
1.3. About the author
2. Category
3. Version, History and To-Do
3.1. Version
3.2. History
3.3. To-Do
4. Translations
4.1. To language
5. Technical
5.1. Original source of this HOWTO
5.2. On-line references to the HTML version of this HOWTO (linking/anchors)
6. Preface
6.1. How many versions of a Linux & IPv6 related HOWTO are floating around?
7. Used terms, glossary and shortcuts
7.1. Network related
7.2. Document related
8. Requirements for using this HOWTO
8.1. Personal prerequisites
8.2. Linux operating system compatible hardware
2. Basics
1. What is IPv6?
2. History of IPv6 in Linux
2.1. Beginning
2.2. In between
2.3. Current
2.4. Future
3. What do IPv6 addresses look like?
4. FAQ (Basics)
4.1. Why is the name IPv6 and not IPv5 as successor for IPv4?
4.2. IPv6 addresses: why such a high number of bits?
4.3. IPv6 addresses: why so small a number of bits on a new design?
3. Address types
1. Addresses without a special prefix
1.1. Localhost address
1.2. Unspecified address
1.3. IPv6 address with embedded IPv4 address
2. Network part, also known as prefix
2.1. Link local address type
2.2. Site local address type
2.3. Unique Local IPv6 Unicast Addresses
2.4. Global address type "(Aggregatable) global unicast"
2.5. Multicast addresses
2.6. Anycast addresses
3. Address types (host part)
3.1. Automatically computed (also known as stateless)
3.2. Manually set
4. Prefix lengths for routing
4.1. Prefix lengths (also known as "netmasks")
4.2. Matching a route
4. IPv6-ready system check
1. IPv6-ready kernel
1.1. Check for IPv6 support in the current running kernel
1.2. Try to load IPv6 module
1.3. Compile kernel with IPv6 capabilities
1.4. IPv6-ready network devices
2. IPv6-ready network configuration tools
2.1. net-tools package
2.2. iproute package
3. IPv6-ready test/debug programs
3.1. IPv6 ping
3.2. IPv6 traceroute6
3.3. IPv6 tracepath6
3.4. IPv6 tcpdump
4. IPv6-ready programs
5. IPv6-ready client programs (selection)
5.1. Checking DNS for resolving IPv6 addresses
5.2. IPv6-ready telnet clients
5.3. IPv6-ready ssh clients
5.4. IPv6-ready web browsers
6. IPv6-ready server programs
7. FAQ (IPv6-ready system check)
7.1. Using tools
5. Configuring interfaces
1. Different network devices
1.1. Physically bounded
1.2. Virtually bounded
2. Bringing interfaces up/down
2.1. Using "ip"
2.2. Using "ifconfig"
6. Configuring IPv6 addresses
1. Displaying existing IPv6 addresses
1.1. Using "ip"
1.2. Using "ifconfig"
2. Add an IPv6 address
2.1. Using "ip"
2.2. Using "ifconfig"
3. Removing an IPv6 address
3.1. Using "ip"
3.2. Using "ifconfig"
4. Automatic IPv6 Address Configuration
5. Enable Privacy Extension
5.1. Enable Privacy Extension using sysctl
5.2. Enable Privacy Extension using NetworkManager
5.3. Test real use of Privacy Extension IPv6 Addresses
7. Configuring normal IPv6 routes
1. Displaying existing IPv6 routes
1.1. Using "ip"
1.2. Using "route"
2. Add an IPv6 route through a gateway
2.1. Using "ip"
2.2. Using "route"
3. Removing an IPv6 route through a gateway
3.1. Using "ip"
3.2. Using "route"
4. Add an IPv6 route through an interface
4.1. Using "ip"
4.2. Using "route"
5. Removing an IPv6 route through an interface
5.1. Using "ip"
5.2. Using "route"
6. FAQ for IPv6 routes
6.1. Support of an IPv6 default route
8. Neighbor Discovery
1. Displaying neighbors using ”ip”
2. Manipulating neighbors table using ”ip”
2.1. Manually add an entry
2.2. Manually delete an entry
2.3. More advanced settings
9. Configuring IPv6-in-IPv4 tunnels
1. Types of tunnels
1.1. Static point-to-point tunneling
1.2. Automatically tunneling
1.3. 6to4-Tunneling
1.4. UDP encapsulated IPv6 tunneling
2. Displaying existing tunnels
2.1. Using "ip"
2.2. Using "route"
3. Setup of point-to-point tunnel
3.1. Add point-to-point tunnels
3.2. Removing point-to-point tunnels
3.3. Numbered point-to-point tunnels
4. Setup of 6to4 tunnels
4.1. Add a 6to4 tunnel
4.2. Remove a 6to4 tunnel
10. Configuring IPv4-in-IPv6 tunnels
1. Displaying existing tunnels
2. Setup of point-to-point tunnel
3. Removing point-to-point tunnels
11. Kernel settings in /proc-filesystem
1. How to access the /proc-filesystem
1.1. Using ”cat” and ”echo”
1.2. Using ”sysctl”
1.3. Values found in /proc-filesystems
2. Entries in /proc/sys/net/ipv6/
2.1. conf/default/*
2.2. conf/all/*
2.3. conf/interface/*
2.4. neigh/default/*
2.5. neigh/interface/*
2.6. route/*
3. IPv6-related entries in /proc/sys/net/ipv4/
3.1. ip_*
3.2. tcp_*
3.3. icmp_*
3.4. others
4. IPv6-related entries in /proc/net/
4.1. if_inet6
4.2. ipv6_route
4.3. sockstat6
4.4. tcp6
4.5. udp6
4.6. igmp6
4.7. raw6
4.8. ip6_flowlabel
4.9. rt6_stats
4.10. snmp6
4.11. ip6_tables_names
12. Netlink-Interface to kernel
13. Address Resolver & Selection
14. Network debugging
1. Server socket binding
1.1. Using ”netstat” for server socket binding check
2. Examples for tcpdump packet dumps
2.1. Router discovery
2.2. Neighbor discovery
15. Support for persistent IPv6 configuration in Linux distributions
1. Red Hat Linux and ”clones”
1.1. Test for IPv6 support of network configuration scripts
1.2. Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...
2. SuSE Linux
2.1. SuSE Linux 7.3
2.2. SuSE Linux 8.0
2.3. SuSE Linux 8.1
3. Debian Linux
3.1. Further information
16. Auto-configuration
1. Stateless auto-configuration out-of-the-box
2. Stateless auto-configuration using Router Advertisement Daemon (radvd)
3. Dynamic Host Configuration Protocol v6 (DHCPv6)
17. Mobility
1. Common information
1.1. Node Mobility
1.2. Network Mobility
1.3. Links
18. Firewalling
1. Firewalling using netfilter6
1.1. More information
2. Preparation
2.1. Get sources
2.2. Extract sources
2.3. Apply latest iptables/IPv6-related patches to kernel source
2.4. Configure, build and install new kernel
2.5. Rebuild and install binaries of iptables
3. Usage of ip6tables
3.1. Check for support
3.2. Learn how to use ip6tables
3.3. Examples
4. Network Address Translation (NAT) using netfilter6
4.1. IPv6 Masquerading
4.2. IPv6 Destination NAT
4.3. IPv6 Port Forwarding
5. Firewalling using nftables
5.1. Preparation for nftables usage
5.2. Basic nftables configuration
5.3. Simple filter policy with nftables using only table ”inet”
5.4. Filter policy with nftables using tables ”ip”, ”ip6” and ”inet”
19. Security
1. Node security
2. Access limitations
3. IPv6 security auditing
3.1. Legal issues
3.2. Security auditing using IPv6-enabled netcat
3.3. Security auditing using IPv6-enabled nmap
3.4. Security auditing using IPv6-enabled strobe
3.5. Security auditing using online tools
3.6. Audit results
20. Encryption and Authentication
1. Modes of using encryption and authentication
1.1. Transport mode
1.2. Tunnel mode
2. Support in kernel (ESP and AH)
2.1. Support in vanilla Linux kernel 2.4.x
2.2. Support in vanilla Linux kernel 2.6.x
3. Automatic key exchange (IKE)
3.1. IKE daemon ”racoon”
3.2. IKE daemon ”pluto”
4. Additional informations:
21. Quality of Service (QoS)
1. General
2. Linux QoS using ”tc”
2.1. Example for a constant bitrate queuing
22. Hints for IPv6-enabled daemons
1. Berkeley Internet Name Domain (BIND) daemon ”named”
1.1. Listening on IPv6 addresses
1.2. IPv6 enabled Access Control Lists (ACL)
1.3. Sending queries with dedicated IPv6 address
1.4. Per zone defined dedicated IPv6 addresses
1.5. IPv6 DNS zone files examples
1.6. Serving IPv6 related DNS data
1.7. Checking IPv6-enabled connect
2. Internet super daemon (xinetd)
3. Webserver Apache2 (httpd2)
3.1. Listening on IPv6 addresses
4. Router Advertisement Daemon (radvd)
4.1. Configuring radvd
4.2. Debugging
5. Dynamic Host Configuration v6 Server (dhcp6s)
5.1. Configuration of the DHCPv6 server (dhcp6s)
5.2. Configuration of the DHCPv6 client (dhcp6c)
5.3. Usage
5.4. Debugging
6. ISC Dynamic Host Configuration Server (dhcpd)
6.1. Configuration of the ISC DHCP server for IPv6 (dhcpd)
6.2. Usage
7. DHCP Server Dibbler
7.1. Configuration of the Dibbler DHCP server for IPv6
7.2. Usage
8. tcp_wrapper
8.1. Filtering capabilities
8.2. Which program uses tcp_wrapper
8.3. Usage
8.4. Logging
9. vsftpd
9.1. Listening on IPv6 addresses
10. proftpd
10.1. Listening on IPv6 addresses
11. Other daemons
23. Programming
1. Programming using C-API
1.1. Address Structures
1.2. Lookup Functions
1.3. Quirks Encountered
1.4. Putting It All Together (A Client-Server Programming Example)
2. Other programming languages
2.1. JAVA
2.2. Perl
24. Interoperability
25. Further information and URLs
1. Paper printed books, articles, online reviews (mixed)
1.1. Printed Books (English)
1.2. Articles, eBooks, Online Reviews (mixed)
1.3. Science Publications (abstracts, bibliographies, online resources)
1.4. Others
2. Conferences, Meetings, Summits
2.1. 2004
3. Online information
3.1. Join the IPv6 backbone
3.2. Latest news and URLs to other documents
3.3. Protocol references
3.4. More information
3.5. By countries
3.6. By operating systems
3.7. IPv6 Security
3.8. Application lists
4. IPv6 Infrastructure
4.1. Statistics
4.2. Internet Exchanges
4.3. Tunnel broker
4.4. Native IPv6 Services
5. Maillists
6. Online tools
6.1. Testing tools
6.2. Information retrievement
6.3. IPv6 Looking Glasses
6.4. Helper applications
7. Trainings, Seminars
8. 'The Online Discovery' ...
26. Revision history / Credits / The End
1. Revision history
1.1. Releases 0.x
2. Credits
2.1. Major credits
2.2. Other credits
3. The End