Networking « Page 8 « b20c:c011:5:b109::/64

Category Archives: Networking

IPv6 access to IPv4 Internet

Posted on November 23, 2010 by cbroccoli

Now that IPv6 is working in a closed environment, I decided to see how users in an IPv6 only network could still use the IPv4 Internet. This type of functionality will be key to migrating enterprises to IPv6 since they will need to continue to work in the IPv4 world until the IPv6 Internet gets some content. The squid proxy is capable of running dual stack and could support access to both Internets simultaneously.

As a first step, I installed Squid 3.1.6 on a new Ubuntu 10.10 server in VBox. One interface is running IPv6 only and is on the host internal network. The other interface is a dual-stack bridged to the external WLAN. For the client I am using an Ubuntu Desktop 10.04.1 also running in VBox.

The squid configuration is as follows –

In the acl section I uncommented the line:

acl localnet src fc00::/7  #RFC 4193 local private network range

since I am using the ULA network fdc1:e1f2:425d::/48 in my lab. I also modified the http_port just to see it change in netstat:

http_port 8080

Finally I uncommented the http_access line (local net being set in the acl above):

http_access allow localnet

Once the squid.conf file was configured, I restarted squid:

cbroccoli@squid-proxy:/etc/squid3   sudo /etc/init.d/squid3 restart

The client is using Firefox, so under Edit-Preferences, I added the IPv6 address of the squid proxy and the port 8080. I enabled this for all protocols as well. Once this was configured I was able to access all IPv4 Internet pages. The following Wireshark trace shows the IPv6 addresses in the IP headder and the request to the proxy for www.yahoo.com.

Configuring Apache and Bind to support IPv6

Posted on November 20, 2010 by cbroccoli

No Comments

Once the basic network connectivity was running, I enabled Apache to support IPv6.

First I added an IPv6 only interface on the VBox Host Internal Network in the Ubuntu server. The address of this interface is: fdc1:e1f2:425d:2:a00:27ff:fec8:8380

Next I added the following line blow the NameVirtualHost *:80 statement in the /etc/apache2/ports.conf file:

NameVirtualHost *:80

Listen [fdc1:e1f2:425d:2:a00:27ff:fec8:8380]:80

Once the file was updated, I restarted the Apache2 daemon with:

cbroccoli@ubuntuserver:$ sudo apachectl start

Entering netstat -a should show the www service running. If the interface is not up or if the router is not up, then the apache daemon will not start.

Additionally, bind needs to support AAAA records so that the web server can be accessed by name.

Here I added the following lines to named.conf.local:

zone "broccolifamily.net" { 
 type master;
 file "/etc/bind/db.broccolifamily.net";
 notify no;
 };

Then I added/updated the associated zone file and restarted the bind process:

sudo /etc/init.d/bind9 reload

Everything is working. nslookup from Windows7 has the following output:

C:\Windows\system32>nslookup www6.broccolifamily.net
Server:  UnKnown
Address:  fdc1:e1f2:425d:2:a00:27ff:fec8:8380
Name:    www6.broccolifamily.net

Address:  fdc1:e1f2:425d:2:a00:27ff:fec8:8380

With Ubuntu, nslookup by itself doesn’t work. You need to use the -type=AAAA option to get an address back… nslookup -type=AAAA www6.broccolifamily.net. Putting the name into a browser, however, works without any problems.

IPv6 Router Configs

Posted on November 19, 2010 by cbroccoli

No Comments

The first step in setting up the network was to configure the routers. The LAB environment is shown in a previous post. As shown in the diagram, I used two 3640 routers with IOS 12.4(21). Both routers were configured as IPv6 only routers and ospfv3 as the routing protocol between them. On R2 I added a ISATAP tunnel interface to allow for access to the lab environment from a dual stack client on the external wireless LAN network.

Router R1 was configured as follows:

ipv6 unicast-routing
ipv6 cef
!
interface Ethernet0/0
 no ip address
 half-duplex
 ipv6 address FDC1:E1F2:425D:1::/64 eui-64
 ipv6 enable
 ipv6 ospf 1 area 0
!
interface Ethernet0/1
 no ip address
 half-duplex
 ipv6 address FDC1:E1F2:425D:2::/64 eui-64
 ipv6 enable
 ipv6 ospf 1 area 0
!
ipv6 router ospf 1
router-id 10.10.10.1
 log-adjacency-changes
!

R2 was configured similarly:

ipv6 unicast-routing
ipv6 cef
!
interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address FDC1:E1F2:425D:3::/64 eui-64
 no ipv6 nd suppress-ra
 tunnel source Ethernet0/1
 tunnel mode ipv6ip isatap
 ipv6 ospf 1 area 0
!
interface Ethernet0/0
 no ip address
 half-duplex
 ipv6 address FDC1:E1F2:425D:1::/64 eui-64
 ipv6 enable
 ipv6 ospf 1 area 0
!
ipv6 router ospf 1
 router-id 10.10.10.2
 log-adjacency-changes
!

Looking at the routing table, you can see that all routes are present including the route for the tunnel interface.

3640_ipv6_R1#sh ipv6 route
IPv6 Routing Table - 7 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   FDC1:E1F2:425D:1::/64 [0/0]
     via ::, Ethernet0/0
L   FDC1:E1F2:425D:1:CE01:15FF:FED4:0/128 [0/0]
     via ::, Ethernet0/0
C   FDC1:E1F2:425D:2::/64 [0/0]
     via ::, Ethernet0/1
L   FDC1:E1F2:425D:2:CE01:15FF:FED4:1/128 [0/0]
     via ::, Ethernet0/1
O  FDC1:E1F2:425D:3::/64 [110/11121]
     via FE80::CE00:15FF:FED4:0, Ethernet0/0
L   FE80::/10 [0/0]
     via ::, Null0
L   FF00::/8 [0/0]
     via ::, Null0

When pinging and tracing the route to the tunnel interface from the IPv6 interface on the Windows7 host, you can see that the connection works:

C:\Users\cbroccoli>ping FDC1:E1F2:425D:3:0:5EFE:C0A8:10A

Pinging fdc1:e1f2:425d:3:0:5efe:192.168.1.10 with 32 bytes of data:
Reply from fdc1:e1f2:425d:3:0:5efe:192.168.1.10: time=43ms
Reply from fdc1:e1f2:425d:3:0:5efe:192.168.1.10: time=9ms
Reply from fdc1:e1f2:425d:3:0:5efe:192.168.1.10: time=7ms
Reply from fdc1:e1f2:425d:3:0:5efe:192.168.1.10: time=10ms

Ping statistics for fdc1:e1f2:425d:3:0:5efe:192.168.1.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 7ms, Maximum = 43ms, Average = 17ms

C:\Users\cbroccoli>tracert -6 FDC1:E1F2:425D:3:0:5EFE:C0A8:10A

Tracing route to fdc1:e1f2:425d:3:0:5efe:192.168.1.10 over a maximum of 30 hops

1     9 ms     3 ms     1 ms  fdc1:e1f2:425d:2:ce01:15ff:fed4:1
2    26 ms     7 ms     5 ms  fdc1:e1f2:425d:3:0:5efe:192.168.1.10

Trace complete.