[Home] [Networking] [Crypto] [Linux kernel patches] [Userspace] [Docs] [CV/Resume] [Links]
Content: Unique Local IPv6 Unicast Addresses howto.
Author: Catalin(ux) M BOIE
Unique Local IPv6 Unicast Addresses (RFC4193)
This tutorial explain the usage of a special class of IPv6, similar with 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 classes (RFC1918). Do not forget that fec0::/10 (RFC3879) classes are deprecated because of ambiguous meaning of word "site".
The new allocated range is: FC00::/7.
FC00::/7 is split in two: FC00::/8 and FD00::/8. For FC00::/8 the method to generate the Global ID is not defined yet, so, do not use it and choose FD00::/8 instead.
How to choose:
XX:XXXX:XXXX - the Global ID - choose it randomly enough
YYYY - the subnet id - pick what you wish between 0000 and FFFF.
First usable address in subnet 2222 is FD99:9999:9999:2222::1/64 and the last one is FD99:9999:9999:2222:FFFF:FFFF:FFFF:FFFE/64.
Let's link together 2 sites (site 1 and site2) with a tunnel:
site1: /etc/sysconfig/network-scripts/ifcfg-v6site2: DEVICE=v6site2 TYPE=sit BOOTPROTO=none ONBOOT=yes IPV6INIT=yes IPV6TUNNELIPV4=Now, restart the network (service network restart) and try to ping between sites:
and on site2:
If the ping6 doesn't work, check with tcpdump that the packets arrive at site2. If they arrive, probably IP protocol 41 is not allowed. You should add "-A INPUT -p ipv6 -j ACCEPT" to /etc/sysconfig/iptables and restart the service (service iptables restart) to let it pass.
As a bonus, if we want to route a class between the site1 and site2, let's configure static routes. Let's assume that we have another class on interface dummy0 (ip li set dummy0 up; ip ad ad fd99:9999:9999:4444::1/64 dev dummy0) on site2 that we want to make it accesible to site1:
- On site1 set static route by editing /etc/sysconfig/network-scripts/route6-v6site2 and adding the following line:
fd99:9999:9999:4444::/64 via fd22:2222:2222:9999::1 dev v6site2
Verify by running "ip -6 ro li". - On site2, activate forwarding by adding "IPV6FORWARDING=yes" to /etc/sysconfig/network and restarting the network (service network restart).
- On site2, allow forwarding to fd99:9999:9999:4444::/64 network by adding "-A FORWARD -d fd99:9999:9999:4444::/64 -j ACCEPT" before the REJECT line, to /etc/sysconfig/ip6tables and restarting the service (service ip6tables restart).
- Test from site1 using "ping6 fd99:9999:9999:4444::1".