1
By Gaza IPv6 Project Team
Eng. Alaa H. Ahmed
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Static point-to-point tunneling-6in4
 6to4-Tunneling
 Miredo automatic tunneling
 4 in 6 tunneling
2
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 If you want to leave your link and you have no IPv6 capable network around you, you need IPv6-in-IPv4 tunneling to reach the world wide IPv6-Internet.
 There are some kind of tunnel mechanism and also some possibilities to setup tunnels
3
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 There are more than one possibility to tunnel IPv6 packets over IPv4-only links:
 Static point-to-point tunneling: 6in4
 6to4-Tunneling
 Automatically tunneling-Miredo
4
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Allows point-to-point tunneling of IPv6 data between network endpoints via IPv4
 A point-to-point tunnel is a dedicated tunnel to an endpoint, which knows about your IPv6 network (for backward routing) and the IPv4 address of your tunnel endpoint.
 IPv4 address of your local tunnel endpoint must be static, global unique and reachable from the foreign tunnel endpoint
 A global IPv6 prefix assigned to you
 A foreign tunnel endpoint which is capable to route your IPv6 prefix to your local tunnel endpoint (mostly remote manual configuration required)
 requiring n(n-1)/2 tunnels for n sites (e.g. ten sites would require
45 tunnels for full mesh connectivity)
5
Gaza IPv6 Project - Eng. Alaa H. Ahmed

# /sbin/ip -6 tunnel show [<device>]
# /sbin/ip -6 tunnel show sit0: ipv6/ip remote any local any ttl 64 nopmtudisc sit1: ipv6/ip remote 195.226.187.50 local any ttl 64
6
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Create a IPv6 tunnel interface:
# /sbin/ip tunnel add <Tunnelname> mode sit local <ipv4addresslocal> remote <ipv4addressofforeigntunnel>
 Bring it up
# ip link set <Tunnelname> up
 Assign a IPv6 address from a new subnet to the tunnel
# ip -6 addr add <IPv6 Address >/64 dev <Tunnelname>
7
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Route the subnet to your IP own address,
# ip -6 route add <prefixtoroute1> dev <Tunnelname> metric 1
 Enable IPv6 forwarding
# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 Removing point-to-point tunnels
# /sbin/ip tunnel del <TunnelName>
8
Gaza IPv6 Project - Eng. Alaa H. Ahmed

9
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6.
 Allow IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.
 Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks.
 Host must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing
IPv6 packets and decapsulation of incoming 6to4 packets.
10
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 6to4 performs three functions:
 Assigns a block of IPv6 address space to any host or network that has a global IPv4 address.
 Encapsulates IPv6 packets inside IPv4 packets for transmission over an IPv4 network using 6in4.
 Routes traffic between 6to4 and "native" IPv6 networks.
11
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Most IPv6 networks use autoconfiguration, which requires the last 64 bits for the host.
 The first 64 bits are the IPv6 prefix.
 The first 16 bits of the prefix are always 2002:
 The next 32 bits are the IPv4 address
 The last 16 bits of the prefix are available for addressing multiple IPv6 subnets behind the same 6to4 router
IPv4 = 1.2.3.4  IPv6 Range= 2002:0102:0304::/48
Your Host IP  2002:0102:0304::1
12
Gaza IPv6 Project - Eng. Alaa H. Ahmed ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`

 Border Router & Relay Router
 A 6to4 border router is an IPv6 router supporting a
6to4 tunnel-interface.
 It is normally the border router between an IPv6 site and a wide-area IPv4 network, where the IPv6 site uses
2002::/16 co-related to the IPv4 address used later on.
 Relay router is a 6to4 router configured to support transit routing between 6to4 addresses and pure native
IPv6 addresses
13
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 To reach the entire IPv6 Internet a device is required that accepts your automatic tunnels and is able to forward the encapsulated IPv6 packets to the IPv6
Internet. This is the task of a 6to4 relay.
 They have been widely deployed and are reachable on
192.88.99.1 anycast address everywhere you are
14
Gaza IPv6 Project - Eng. Alaa H. Ahmed

15
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Configure Linux to forward (route) IPv6.
 Create the 6to4 tunnel.
 Assign IPv6 addresses to the interfaces on the Linux system.
 Configure IPv6 routing.
 Advertise IPv6 prefixes to the end systems.
16
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Enable IPv6 packet forwarding
# cat /proc/sys/net/ipv6/conf/all/forwarding
0
#echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 For permanent edit /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
NETWORKING_IPV6=yes
IPV6FORWARDING=yes
 restart network service
17
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 To create the tunnel we need to know the IPv4 address of the WAN connection.
# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000 link/ether 00:0c:29:b6:07:3d brd ff:ff:ff:ff:ff:ff inet 10.1.12.1/24 brd 10.1.12.255 scope global eth1
 The tunnel type is called SIT (Simple Internet
Transition) on Linux. The created interface will have the name tun6to4.
# ip tunnel add tun6to4 mode sit ttl 254 remote any local 10.1.12.1
# ip link set dev tun6to4 up
18
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 The following display shows the tunnel up and running.
# ip link show dev tun6to4
10: tun6to4@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue link/sit 10.1.12.1 brd 0.0.0.0
19
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 The 6to4 address is a combination of the 6to4 prefix
(2002::/16), the IPv4 address of the WAN interface
(10.1.12.1 -> hexadecimal ::a01:c01::).
 the site-level aggregator (SLA or "subnet"; we chose 0 for the WAN interface and 1 for the LAN interface) and the host. The prefix is /64.
# ip -6 addr add 2002:a01:c01::1/16 dev tun6to4
20
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Looking at the interfaces we now see these addresses configured
# ip -6 addr show dev tun6to4
10: tun6to4@NONE: <NOARP,UP,LOWER_UP> mtu 1480 inet6 2002:a01:c01::1/16 scope global valid_lft forever preferred_lft forever inet6 ::10.1.12.1/128 scope global valid_lft forever preferred_lft forever
21
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 As long as the local LAN only consists of directly connected LAN segments only two routes are required: a route to other 6to4 sites and a default route
# ip -6 route add 2000::/3 via ::10.1.23.3 dev tun6to4 metric 1
# ip -6 route add ::/0 via ::192.88.99.1 dev tun6to4 metric 1
# ip -6 route show
2000::/3 via ::10.1.23.3 dev tun6to4 metric 1 … fe80::/64 dev eth1 metric 256 … fe80::/64 dev eth0 metric 256 … fe80::/64 dev tun6to4 metric 256 … default via fe80::1 dev eth0 metric
22
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Remove all routes through this dedicated tunnel device
# /sbin/ip -6 route flush dev tun6to4
 Shut down interface
# /sbin/ip link set dev tun6to4 down
 Remove created tunnel device
# /sbin/ip tunnel del tun6to4
23
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Automatic tunneling occurs, when a node directly connects another node gotten the IPv4 address of the other node before
 Teredo is by default in Windows releases
 Miredo an open source Teredo IPv6 tunneling software, for Linux and the BSD operating systems. It includes functional implementations of all components of the
Teredo specification
24
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 Teredo operates using a platform independent tunneling protocol designed to provide IPv6 (Internet Protocol version 6) connectivity by encapsulating IPv6 datagram packets within IPv4 User Datagram Protocol (UDP) packets.
 These datagrams can be routed on the IPv4 Internet and through NAT devices
25
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Teredo Client: A host which has IPv4 connectivity to the Internet from behind a NAT assigned an IPv6 address that starts with the
Teredo prefix (2001:0::/32).
 Teredo server :A well-known host which is used for initial configuration of a Teredo tunnel. A Teredo server never forwards any traffic for the client . very modest bandwidth requirements which allows a single server to support large numbers of clients.
 Teredo relay: The remote end of a Teredo tunnel forward all of the data on behalf of the Teredo clients it serves, Therefore, a relay requires a lot of bandwidth and can only support a limited number of simultaneous clients
26
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 0-31: are set to the Teredo prefix (2001:0::/32).
 32-64: IPv4 address of the Teredo server
 64-79: holds some flags and other bits;
 80-95: contains the obfuscated UDP port number mapped by the
NAT to the Teredo client with all bits inverted.
 96-127: contains the obfuscated IPv4 address. This is the public
IPv4 address of the NAT with all bits inverted
Bits
Length
Description
0 - 31
32 bits
Prefix
32 - 63
32 bits
Teredo server IPv4
64 - 79
16 bits
Flags
27
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous
80 - 95
16 bits
Obfuscated
UDP port
96 - 127
32 bits
Obfuscated
Client public IPv4

28
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous
closest Teredo relay

 Teredo is not compatible with all NAT devices. Like symmetric NATs.
 Symmetric NAT
 Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port; if the same internal host sends a packet even with the same source address and port but to a different destination, a different mapping is used.
 Only an external host that receives a packet from an internal host can send a packet back
29
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Get the package from the internet
 wget http://www.remlab.net/files/miredo/miredo-1.0.6.tar.bz2
 Extract it
 tar -xvf miredo-1.0.6.tar.bz2
 Install it
 ./configure
 make
 make install
30
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Start the service
 /usr/local/sbin/miredo -f
[root@localhost sbin]# ./miredo -f miredo[6325]: Starting...
miredo[6326]: Qualified (NAT type: restricted) miredo[6326]: New Teredo address/MTU miredo[6326]: Teredo pseudo-tunnel started miredo[6326]: (address: 2001:0:53aa:64c:0:d66c:aa8d:9671, MTU: 1280)
31
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Check the teredo interface
#ifconfig teredo Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: fe80::ffff:ffff:ffff/64 Scope:Link inet6 addr: 2001:0:53aa:64c:0:d66c:aa8d:9671/32 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
32
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Ping IPv6 Address
 ipv6.google.com
 www.v6.google.com
[root@localhost ~]# ping6 -c 4 www.kame.net
PING www.kame.net(2001:200:dff:fff1:216:3eff:feb1:44d7) 56 data bytes
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=3 ttl=58 time=1235 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=2 ttl=58 time=2242 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=1 ttl=58 time=3241 ms
64 bytes from 2001:200:dff:fff1:216:3eff:feb1:44d7: icmp_seq=0 ttl=58 time=4243 ms
--- www.kame.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 1235.778/2740.725/4243.165/1120.492 ms, pipe 5
[root@localhost ~]#
33
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous

 Setup of point-to-point tunnel
 creating a 4over6 tunnel device
# /sbin/ip tunnel add <device> mode ip4ip6 remote
<ipv6addressofforeigntunnel> local <ipv6addresslocal>
 Bring it up
# /sbin/ip link set dev <device> up
 Add a route
# /sbin/ip -6 route add <prefixtoroute1> dev <device> metric 1
34
Gaza IPv6 Project - Eng. Alaa H. Ahmed

 http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/chapterconfiguring-ipv6-in-ipv4-tunnels.html
 https://www.sixxs.net/faq/connectivity/?faq=ossetup
 http://www.shorewall.net/6to4.htm
 http://www.tldp.org/HOWTO/Linux%2BIPv6-
HOWTO/configuring-ipv6to4-tunnels.html
 http://www.anyweb.co.nz/tutorial/v6Linux6to4
35
Gaza IPv6 Project - Eng. Mohammed Abu-Jamous