IPv6 on FreeBSD
FreeBSD has long been considered a leading IPv6 host implementation. Beta code for the IPv6 support was available as soon as 1996, and new code releases from different groups of contributors have steadily come out in Japan, France, and the U.S. Moreover, FreeBSD is considered the IPv6-enabled operating system that has the biggest collection of IPv6-enabled applications available for production purposes. In 2000, FreeBSD version 4.0 was the first release that included IPv6 as a supported feature: IPv6 support is bundled in FreeBSD's mainstream code. Previously, the KAME Project, INRIA, and NRL were separate implementations of the IPv6 stack for the FreeBSD platform. Each of these is described in the following list:
KAME— The KAME Project is a joint effort of six companies in Japan to provide a free IPv6 and IPSec stack for BSD variants to the world, including FreeBSD. Officially, KAME is an abbreviation for Karigome, where the KAME project office is located. KAME also means turtle in Japanese. More information about the KAME project can be found at www.kame.net.
INRIA— The French National Institute for Research in Computer Science and Control developed a free IPv6 implementation for platforms such NetBSD and FreeBSD. More information about INRIA and IPv6 can be found at www.inria.fr.
NRL— The Naval Research Laboratory in the U.S. developed a free IPv6 implementation for FreeBSD.
All these IPv6 implementations merged in 2000 using the KAME Project code as the base IPv6 stack. Since FreeBSD version 4.0 and beyond, the KAME code is merged in the mainstream code of FreeBSD.
Internetworking FreeBSD with IPv6
The FreeBSD implementation includes networking applications, utilities, and tools that were ported to IPv6 years ago such as Telnet, FTP, TFTP, traceroute6, ping6, ifconfig, netstat, route, nslookup, name resolver, lpr, syslog, whois, tcpwrappers, ipfilter, ip6fw, and IPSec. These IPv6-enabled applications are integrated into the standard directories of FreeBSD version 4 and beyond, allowing nodes based on this operating system to interact with other nodes on the IPv6 Internet.
The FreeBSD platform is one of the richest operating systems in the number of software applications already supporting IPv6. The FreeBSD ports collection and the KAME website together contain an impressive collection of IPv6-ready applications such as apache, mozilla, lynx, bind, sendmail, sylpheed, fetchmail, cvs, ssh, openssh, irc, emacs, ethereal, rat, ruby, and many others. This list is incomplete. Other IPv4-only applications are scheduled to be ported to IPv6 for FreeBSD.
For more information on IPv6-enabled applications for FreeBSD in the ports collection and on the KAME Project website, refer to www.freebsd.org/ports/ipv6.html and www.kame.net/.
The availability of IPv6-enabled applications for FreeBSD is allowing an increasing number of network professionals around the world to run all their day-to-day Internet applications over IPv6 only. This is a trend in Asia and Europe, where IPv4 spaces are difficult to obtain.
Verifying IPv6 Support on FreeBSD
IPv6 support is bundled in FreeBSD version 4.0 and beyond. By using the ifconfig -a command on FreeBSD, as shown in Example 6-19, you can see whether the FreeBSD version supports IPv6. In Example 6-19, the link-local address fe80::260:8ff:fe37:f2f has been automatically enabled on the ep0 interface at this computer's boot. The low-order 64-bit of the link-local address has been created using the given Ethernet MAC address 00:60:08:37:0f:2f of the ep0 interface converted into EUI-64 format.
Example 6-19. Verifying IPv6 Support on FreeBSD
freebsd# ifconfig -a ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::260:8ff:fe37:f2f%ep0 prefixlen 64 scopeid 0x1 ether 00:60:08:37:0f:2f media: Ethernet 10baseT/UTP |
Stateless Autoconfiguration on FreeBSD
Although IPv6 support is bundled in FreeBSD, you must enable stateless autoconfiguration on all FreeBSD interfaces by adding the line ipv6_enable="YES" to the /etc/rc.conf file. The /etc/rc.network6 script uses this parameter at the boot of the FreeBSD node to enable IPv6 and stateless autoconfiguration on all interfaces.
When this parameter is present, the computer at bootup starts the stateless autoconfiguration mechanism by sending a router solicitation request on the local link. If an IPv6 router is properly configured and present on the link, the router responds with a router advertisement message including the necessary information to process the stateless autoconfiguration mechanism on the FreeBSD node's interfaces.
Figure 6-6 illustrates a FreeBSD node and an IPv6 router on the same local link. The FreeBSD node starts by sending a router solicitation request on the local link through the ep0 interface. Then the IPv6 router responds with a router advertisement message containing the prefix 2001:410:ffff:3::/64 on the ethernet0 interface. Therefore, the FreeBSD node can configure its IPv6 address on the ep0 interface with the prefix given using stateless autoconfiguration.
Example 6-20 shows a sample of the configuration applied to the IPv6 router in Figure 6-6 to enable stateless autoconfiguration. By using the ipv6 address 2001:410:ffff:3::1/64 command on the ethernet0 interface, IPv6 is enabled on the interface, a static IPv6 address is assigned, and stateless autoconfiguration is enabled.
Example 6-20. Enabling IPv6 and Stateless Autoconfiguration on Cisco
Router(config)#int ethernet0 Router(config-if)#ipv6 address 2001:410:ffff:3::1/64 Router(config-if)#exit |
Following the router configuration, Example 6-21 displays the ep0 interface configuration on FreeBSD after the node has successfully completed stateless autoconfiguration. The highlighted line shows that the aggregatable global unicast IPv6 address 2001:410:ffff:3:260:8ff:fe37:f2f is assigned to the ep0 interface. The low-order 64-bit of the link-local fe80::260:8ff:fe37:f2f and 2001:410:ffff:3:260:8ff:fe37:f2f addresses has been generated using the Ethernet MAC address 00:60:08:37:0f:2f of the ep0 interface converted into EUI-64 format.
Example 6-21. Interface Configuration on FreeBSD After Stateless Autoconfiguration Is Performed
Freebsd# ifconfig -a ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::260:8ff:fe37:f2f%ep0 prefixlen 64 scopeid 0x1 inet6 2001:410:ffff:3:260:8ff:fe37:f2f prefixlen 64 autoconf ether 00:60:08:37:0f:2f media: Ethernet 10baseT/UTP |
NOTE
The ifconfig interface or ifconfig interface inet6 commands can also be used on FreeBSD to display the IPv6 configuration of a given interface.
NOTE
It is possible for FreeBSD to act as an IPv6 router and to send a router advertisement on the local link. Configuring FreeBSD to act as an IPv6 router is beyond the scope of this book.
Assigning a Static IPv6 Address and Default Route on FreeBSD
When no IPv6 router is available on the local link providing stateless autoconfiguration, you can manually assign static IPv6 addresses to interfaces on FreeBSD. The ifconfig command performs this task:
freebsd#ifconfig interface inet6 ipv6-address prefixlen length
This command assigns a static IPv6 address to the given interface. The inet6 argument identifies the address family IPv6. The ipv6-address is the static address to assign to the interface. The prefixlen argument defines the length of the prefix.
The following example assigns the static IPv6 address fec0:0:0:1::1 to the interface ep0 with a prefix length of 64 bits:
freebsd#ifconfig ep0 inet6 fec0:0:0:1::1 prefixlen 64
TIP
By adding the line ipv6_ifconfig_ep0="fec0:0:0:1::1 prefixlen 64" to the /etc/rc.conf file, you can save this network configuration. This parameter is used by the /etc/rc.network6 script at the computer's next boot to assign the static IPv6 address to the ep0 interface.
On FreeBSD, you can add a default IPv6 route using the route add -inet6 default command:
freebsd#route add -inet6 default gateway[%interface]
The route command adds a default IPv6 route pointing to the gateway address given as an argument. The %interface argument must be used to determine the interface when the IPv6 address of the gateway is a link-local address.
The following example adds a default IPv6 route that points to the next-hop link-local address fe80::260:3eff:fe47:1533 via the ep0 interface:
freebsd#route add -inet6 default fe80::260:3eff:fe47:1533%ep0
This other example adds a default IPv6 route that points to the aggregatable global unicast address 3ffe:b00:ffff:10::1. In this case, the %interface argument is not needed.
freebsd#route add -inet6 default 3ffe:b00:ffff:10::1
TIP
By adding the line ipv6_defaultrouter="fe80::260:3eff:fe47:1533%ep0" to the /etc/rc.conf file, you can save this network configuration. This parameter is used by the /etc/rc.network6 script at the computer's next boot to add the default IPv6 route to the routing table.
Managing IPv6 on FreeBSD
The ifconfig, netstat, route, ping6, and traceroute6 commands are used on UNIX platforms to manage IPv4 addresses and routes. Table 6-3 shows how these commands can be used to manage IPv6 addresses and routes on FreeBSD.
| Command | Description | |
|---|---|---|
| Removing IPv6 Addresses | ||
| freebsd#ifconfig interface inet6 ipv6-address delete | Deletes an ipv6-address on a given interface. | |
| Example freebsd#ifconfig ep0 inet6 fec0:0:0:1::1 delete | Deletes the ipv6 address fec0:0:0:1::1 on the ep0 interface. | |
| Displaying IPv6 Routes | ||
| freebsd#netstat -f inet6 -rn | Displays the local IPv6 routing table. The inet6 argument is the address family IPv6. | |
| Adding IPv6 Routes | ||
| freebsd#route add -inet6 ipv6-prefix-prefixlen length gateway[%interface] | Adds a static IPv6 route for the destination network specified by the arguments ipv6-prefix and length. A gateway address must be specified. If the gateway is a link-local address, the optional parameter %interface must be used. | |
| Example freebsd#route add -inet6 3ffe:b00:ffff:: -prefixlen 48 fe80::260:3eff:fe47:1533%ep0 | The static IPv6 route 3ffe:b00:ffff::/48 is added to the IPv6 routing table. This destination can be reached through the link-local address fe80::260:3eff:fe47:1533 via the ep0 interface. | |
| Removing IPv6 Routes | ||
| freebsd#route delete -inet6 ipv6-prefix-prefixlen length | Deletes a static IPv6 route for the destination network specified by the arguments ipv6-prefix and length. | |
| Example freebsd#route delete -inet6 3ffe:b00:ffff::-prefixlen 48 | The static IPv6 route 3ffe:b00:ffff::/48 is removed from the IPv6 routing table. | |
| ping6 and traceroute6 | ||
| freebsd#ping6 www.6bone.net | Pings the destination www.6bone.net using IPv6. | |
| freebsd#traceroute6 www.6bone.net | Traces the route to the destination www.6bone.net using IPv6. | |
NOTE
Additional information about the ifconfig, netstat, route, ping6, and traceroute6 commands, including IPv6 support, is available in FreeBSD's man pages.
Defining a Configured Tunnel on FreeBSD
FreeBSD supports the configured tunnel as a transition and coexistence mechanism to deliver IPv6 packets over existing IPv4 networks. This section covers the establishment of a configured tunnel between a FreeBSD node and a Cisco router. Figure 6-7 illustrates a basic topology in which FreeBSD dual-stack node E has established a configured tunnel to Cisco dual-stack Router R5. The IPv4 address assigned to the configured tunnel interface tunnel0 on Router R5 is 206.123.31.100, and the IPv6 address is 3ffe:b00:ffff:2::1/64. On FreeBSD node E, the IPv4 address 132.214.10.1 and the IPv6 address 3ffe:b00:ffff:2::2/128 have been assigned to the configured tunnel interface gif0.
Figure 6-7. Establishing a Configured Tunnel Between FreeBSD and a Cisco Router
NOTE
The recommended prefix length for a point-to-point link should be a /64 or even a /128 when you know for sure that one and only one device is connecting. Because there is only one device in Figure 6-7, a /128 prefix length is used for the FreeBSD node. Refer to Chapter 5 to understand the rationale of the /128 prefix length.
Example 6-22 is based on Figure 6-7. It shows the configuration applied on Cisco Router R5 to set the configured tunnel to FreeBSD node E. The IPv6 source address of the tunnel0 interface is assigned using the ipv6 address 3ffe:b00:ffff:2::1/64 command. Then the tunnel source 206.123.31.100 and tunnel destination 132.214.10.1 commands define the source and destination IPv4 addresses of the configured tunnel. Finally, tunnel mode ipv6ip defines the type of tunneling as the configured tunnel.
Example 6-22. Establishing the Configured Tunnel on Cisco Router R5
RouterR5(config)#int tunnel0 RouterR5(config-if)#ipv6 address 3ffe:b00:ffff:2::1/64 RouterR5(config-if)#tunnel source 206.123.31.100 RouterR5(config-if)#tunnel destination 132.214.10.1 RouterR5(config-if)#tunnel mode ipv6ip RouterR5(config-if)#exit |
NOTE
The commands used to define a configured tunnel on the FreeBSD versions before 4.4 differ from commands applied on FreeBSD version 4.4 and beyond. This book presents only commands for FreeBSD version 4.4 and higher.
The following covers the configured tunnel setup applied on FreeBSD version 4.4 and beyond.
The pseudo-interface assigned as the configured tunnel interface on FreeBSD is called the gif interface. FreeBSD with IPv6 support has been designed to handle multiple gif interfaces simultaneously. The gif interface used to establish a configured tunnel carrying IPv6 packets over IPv4 must be enabled and established using a combination of gifconfig and ifconfig commands.
Example 6-23 is based on Figure 6-7. It shows the configuration applied on FreeBSD node E to set a configured tunnel to Cisco Router R5. First, the ifconfig gif0 create command enables the configured interface gif0 on FreeBSD. Then the gifconfig command defines the source and destination IPv4 address for the configured tunnel. ifconfig gif0 inet6 3ffe:b00:ffff:2::2 3ffe:b00:ffff:2::1 prefixlen 128 alias assigns the static IPv6 addresses to the configured tunnel gif0 interface. Finally, the route add -inet6 default 3ffe:b00:ffff:2::1 command adds a default IPv6 route pointing to the IPv6 address of the tunnel endpoint.
Example 6-23. Establishing a Configured Tunnel on the gif0 Interface on FreeBSD
freebsd#ifconfig gif0 create freebsd#gifconfig gif0 132.214.10.1 206.123.31.100 freebsd#ifconfig gif0 inet6 3ffe:b00:ffff:2::2 3ffe:b00:ffff:2::1 prefixlen 128 alias freebsd#route add -inet6 default 3ffe:b00:ffff:2::1 |
As soon as this configuration is successfully applied, it can be displayed on FreeBSD using the ifconfig gif0 and gifconfig gif0 commands. With ifconfig, you should see both IPv4 and IPv6 addresses assigned to the configured tunnel gif0 interface. To validate this setup with the Cisco router, you can ping6 the router's IPv6 address 3ffe:b00:ffff:2::1 from this node.
TIP
By adding the lines gif_interfaces="gif0", gifconfig_gif0="132.214.10.1 206.123.31.100" and ipv6_ifconfig_gif0="3ffe:b00:ffff:2::2 3ffe:b00:ffff:2::1 prefixlen 128 alias" to the /etc/rc.conf file, you can save this network configuration. This parameter is used by the /etc/rc.network6 script at the computer's next boot to enable and set the configured tunnel interface gif0.
Using 6to4 on FreeBSD
The 6to4 tunnel is another transition mechanism supported on FreeBSD. This section presents the configuration of a 6to4 tunnel between a FreeBSD node and the Cisco router.
Figure 6-8 illustrates a basic topology in which FreeBSD dual-stack node F has enabled the 6to4 mechanism to establish automatic tunneling to Cisco Router R6. Cisco Router R6 also uses the 6to4 support. Because the IPv4 address assigned to Cisco Router R6 is 206.123.31.100, the IPv6 prefix of this 6to4 site is 2002:ce7b:1f64::/48. The IPv6 address 2002:ce7b:1f64:1::1 is assigned to Cisco Router R6's ethernet0 interface. On FreeBSD node F, the IPv4 address 132.214.10.1 is assigned to the ep0 interface. Therefore, the IPv6 prefix of the 6to4 site is 2002:84d6:0a01::/48. The IPv6 address 2002:84d6:0a01:1::1 is assigned to the FreeBSD 6to4 interface stf0.
Example 6-24 is based on Figure 6-8. It shows the configuration applied on Cisco Router R6 that enables the 6to4 mechanism. Both the IPv4 and IPv6 addresses are assigned to the ethernet0 interface using the commands ip address 206.123.31.100 255.255.255.0 and ipv6 address 2002:ce7b:1f64:1::1/64. Then 6to4 is enabled on the tunnel9 interface using the ipv6 unnumbered ethernet0, tunnel source ethernet0 and tunnel mode ipv6ip 6to4 commands. Finally, an IPv6 route to the destination network 2002::/16 points out that the tunnel9 interface is added.
Example 6-24. Enabling 6to4 on Cisco Router R6
RouterR6#configure terminal RouterR6(config)#int ethernet0 RouterR6(config-if)#ip address 206.123.31.100 255.255.255.0 RouterR6(config-if)#ipv6 address 2002:ce7b:1f64:1::1/64 RouterR6(config-if)#int tunnel9 RouterR6(config-if)#no ip address RouterR6(config-if)#ipv6 unnumbered ethernet0 RouterR6(config-if)#tunnel source ethernet0 RouterR6(config-if)#tunnel mode ipv6ip 6to4 RouterR6(config-if)#exit RouterR6(config)#ipv6 route 2002::/16 Tunnel9 |
The pseudo-interface assigned as the 6to4 mechanism on FreeBSD is the stf0 interface. Only one stf interface at a time is allowed on a FreeBSD node. However, in the default FreeBSD installation, the stf0 interface is not supported by the running kernel. 6to4 support on FreeBSD requires a properly compiled kernel that enables the pseudo-device stf option. After a new release of the kernel with 6to4 support has been compiled, reboot the computer. You should be able to display the stf0 interface using the ifconfig -a command.
Example 6-25 is based on Figure 6-8. It shows the configuration applied on FreeBSD that enables the 6to4 mechanism. First, the ifconfig ep0 inet 132.214.10.1 netmask 255.255.255.0 command assigns the IPv4 address to the ep0 interface on FreeBSD. Then the ifconfig stf0 inet6 2002:84d6:0a01:1::1 prefixlen 16 alias command defines the 6to4 prefix and the IPv6 address for this 6to4 site. The 6to4 prefix is created using the IPv4 address assigned to the ep0 interface.
Example 6-25. Enabling 6to4 on FreeBSD
freebsd#ifconfig ep0 inet 132.214.10.1 netmask 255.255.255.0 freebsd#ifconfig stf0 inet6 2002:84d6:0a01:1::1 prefixlen 16 alias |
The 2002::/16 route is automatically added to the routing table after the completion of the last command. As soon as this configuration is applied, it can be displayed on FreeBSD using the ifconfig stf0 command. To validate this setup with the Cisco router enabled as a 6to4 router, you can ping6 the router's IPv6 address 2002:ce7b:1f64:1::1 from this node.
TIP
By adding the lines stf_interface_ipv4addr="132.214.10.1", stf_interface_ipv4plen="16", stf_interface_ipv6_ifid="0:0:0:1", and stf_interface_ipv6_slaid="0001" to the /etc/rc.conf file, you can save this network configuration. stf_interface_ipv4addr is the local IPv4 address used for the 6to4 operation. stf_interface_ipv4plen is the prefix length of the 6to4 prefix. stf_interface_ipv6_ifid is the interface ID (low-order 64-bit). stf_interface_ipv6_slaid represents bits 48 to 64 of the IPv6 address (site-level aggregator). These parameters are used by the /etc/rc.network6 script at the computer's next boot to enable and configure the 6to4 mechanism on FreeBSD.
Using 6to4 Relay on FreeBSD
As with Microsoft, it is possible on FreeBSD to point out a 6to4 relay on the Internet to deliver all non-6to4 traffic. Example 6-26 presents the configuration applied on a FreeBSD node to point out a 6to4 relay. Example 6-26 considers that Cisco Router R6 shown in Figure 6-8 is a 6to4 relay router. The default IPv6 route that points out a 6to4 relay is added using the route add -inet6 default 2002:ce7b:1f64:1::1 command.
Example 6-26. Using a 6to4 Relay on FreeBSD
freebsd#ifconfig ep0 inet 132.214.10.1 netmask 255.255.255.0 freebsd#ifconfig stf0 inet6 2002:84d6:0a01:1::1 prefixlen 16 alias freebsd#route add -inet6 default 2002:ce7b:1f64:1::1 |
FreeBSD version 4 and beyond are compliant with RFC 3068, An Anycast Prefix for 6to4 Relay Routers. Therefore, the 6to4 prefix 2002:c058:6301::, which is based on the defined IPv4 anycast prefix, can be used to reach a public 6to4 relay on the Internet. The route add -inet6 default 2002:c058:6301:: command might be used for route configuration in this situation. See Chapter 5 for more information about the 6to4 relay.
OpenBSD and NetBSD
Because the KAME Project code has also been merged into OpenBSD version 2.7 and NetBSD 1.5 and beyond, the supported features and the commands used on these BSD platforms are very similar to FreeBSD.
More information about IPv6 support on OpenBSD and NetBSD can be found at the KAME Project website at www.kame.net.