ipv6 ndp proxy - advice needed...
Henri Hennebert
hlh at restart.be
Mon Jun 18 14:25:49 UTC 2007
Hello,
Here is my problem... I want to become a tunnel broker...
I rent a dedicated server (called tignes) which is running 6.2-RELEASE
and which has one ipv4 address and may use /64 ipv6 addresses
(2001:41d0:1:2ad2::/64).
The interface must be configured with a prefixlen of 56 and I can't
change any routing in my ISP router!
[root at tignes ~]# ifconfig rl0
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::2e0:4cff:fede:f409%rl0 prefixlen 64 scopeid 0x1
inet 213.251.163.210 netmask 0xffffff00 broadcast 213.251.163.255
inet6 2001:41d0:1:2ad2::1 prefixlen 56
ether 00:e0:4c:de:f4:09
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
with the default gateway:
default 2001:41d0:1:2aff:ff:ff:ff:ff UGS rl0
So far so good...
I want to use this server as a ipv6 tunnel broker for my network at home.
At home, my gateway (avoriaz) running 6.2-RELEASE is connected to my ISP
with a ADSL connection (using mpd4). On avoriaz I create a gif interface
as well as on the dedicated server:
[root at avoriaz ~]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 83.134.220.45 --> 213.251.163.210
inet6 fe80::230:5ff:fe12:bbbf%gif0 prefixlen 64 scopeid 0x5
inet6 2001:41d0:1:2ad2::fffe:0 --> 2001:41d0:1:2ad2::ffff:0
prefixlen 128
[root at tignes ~]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 213.251.163.210 --> 83.134.220.45
inet6 fe80::2e0:4cff:fede:f409%gif0 prefixlen 64 scopeid 0x4
inet6 2001:41d0:1:2ad2::ffff:0 --> 2001:41d0:1:2ad2::fffe:0
prefixlen 128
And I decide that at home my ipv6 network will be:
2001:41d0:1:2ad2::1:0/112
So I add on tignes a static route:
2001:41d0:1:2ad2::1:0/112 2001:41d0:1:2ad2::fffe:0 UGS gif0
and at home on the gateway:
default 2001:41d0:1:2ad2::ffff:0 UGS gif0
The address of the gateway on my home network is:
[root at avoriaz ~]# ifconfig xl0
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::204:76ff:fe9f:3324%xl0 prefixlen 64 scopeid 0x2
inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255
inet6 2001:41d0:1:2ad2::1:1 prefixlen 112
ether 00:04:76:9f:33:24
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
and on my workstation (morzine) :
[root at morzine ~]# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::2e0:81ff:fe70:6b68%em0 prefixlen 64 scopeid 0x1
inet 192.168.24.2 netmask 0xffffff00 broadcast 192.168.24.255
inet6 2001:41d0:1:2ad2::1:2 prefixlen 112
ether 00:e0:81:70:6b:68
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
maybe a schema:
+-------------+
dedicated server | tignes |
+-------------+
|............2001:41d0:1:2ad2::/56
| gw: 2001:41d0:1:2aff:ff:ff:ff:ff
|
(gif ipv6 tunnel)
|
|
+-------------+
home gateway | avoriaz |
+-------------+
|............2001:41d0:1:2ad2::1:0/112
+-------------+
home workstation | morzine |
+-------------+
Now, from tignes (dedicated server) I can ping6 the world:
[root at tignes ~]# ping6 www.kame.net
PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1 -->
2001:200:0:8002:203:47ff:fea5:3085
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=0 hlim=53
time=272.770 ms
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=1 hlim=53
time=283.548 ms
on morzine (the workstation) I can ping6 avoriaz and tignes:
[root at morzine ~]# ping6 tignes6
PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1:2 --> 2001:41d0:1:2ad2::1
16 bytes from 2001:41d0:1:2ad2::1, icmp_seq=0 hlim=63 time=29.066 ms
16 bytes from 2001:41d0:1:2ad2::1, icmp_seq=1 hlim=63 time=28.472 ms
If I try to ping6 the world, no answer...
and on the dedicated server:
[root at tignes ~]# tcpdump -i rl0 icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
15:30:11.621367 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo
request, seq 26, length 16
15:30:11.902219 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6,
neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32
15:30:12.621494 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo
request, seq 27, length 16
15:30:12.905746 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6,
neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32
15:30:13.622036 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo
request, seq 28, length 16
15:30:13.902557 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6,
neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32
15:30:14.632267 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo
request, seq 29, length 16
15:30:14.902459 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6,
neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32
15:30:15.621377 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo
request, seq 30, length 16
15:30:15.905359 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6,
neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32
So tignes is not responding to neighbor solicitation.
If I do:
[root at tignes ~]# ifconfig rl0 inet6 2001:41d0:1:2ad2::1:2/128 alias
tignes respond to neighbor solicitation and after
[root at tignes ~]# ifconfig rl0 inet6 2001:41d0:1:2ad2::1:2/128 -alias
for the next 60 seconds, morzine receive the responses:
[root at morzine ~]# ping6 www.kame.net
PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1:2 -->
2001:200:0:8002:203:47ff:fea5:3085
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=136 hlim=51
time=302.028 ms
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=137 hlim=51
time=312.177 ms
The question now:
How to force tignes to answer neighbor solicitation for any addresses in
2001:41d0:1:2ad2::1:0/112 ?
I din't want to use a tunnel broker, I want to try it myself for the
sake of it :-)
Thank you for your time
Henri
More information about the freebsd-net
mailing list