There are various projects you can do for free, given the information in this book and open source components (or evaluation versions of Microsoft products) readily available on the Internet.
It is possible to do the open source implementations based on FreeBSD, NetBSD, OpenBSD, or various Linux flavors. Use the platform you are most familiar with. The BSD variants have a powerful dual-stack packet filtering component called pf. This can be used to add a host-based firewall to any project (to block access via anything but the desired protocols) or even to build a multi-NIC router or firewall with complex rules. In Linux, the equivalent component is called Netfilter/IP Tables. The BSD and Linux packet filtering components have roughly the same functionality, but totally different deployment and configuration schemes. Both have one part that lives in the Kernel Space and one part that lives in user space. The configuration of the IPv4 and IPv6 stacks is done in different ways, but the functionality is almost the same. Both the BSD and Linux IPv6 implementations have passed IPv6 Ready Gold testing (at least one release, possibly not the most recent). For the most part, other open source components (Apache, Postfix, Dovecot, etc.) are pretty much the same regardless of what underlying platform is used.
Microsoft Windows since version 7, Windows Server since 2008, and Exchange Server each have excellent support for IPv6 and dual-stack operation. You can put together a viable testbed network with just Microsoft products if you like (except for the gateway router/firewall) or all with just open source or mix and match. It all depends on your expertise and requirements.
Some open source components (e.g., SMTP MTA, POP3/IMAP mail retrieval agents) are available in a variety of popular implementations (Postfix, QMail, EXIM, Dovecot, Cyrus IMAP, etc.). Pretty much all these have support for IPv6, but in some cases, the specifics to actually deploy these in dual-stack mode may be difficult to locate. I will recommend components that I have actually deployed and where I have verified dual-stack operation, but if you happen to prefer a different component, chances are the necessary configuration information is available online somewhere.
Each project has a basic level of functionality described and various extensions that can add more functionality (e.g., a basic router can be enhanced by adding packet filtering and/or proxies).
Accompanying Website
Rather than include these projects in this book, I have put these on the corresponding website, at https://thirdinternet.com . You can download the installation guides in PDF, and I can update them easily as new operating systems and releases of open source projects come out.
How to deploy a dual-stack firewall with pfSense, including 6in4 tunneling (I use a version of this in my home network)
How to deploy Windows Server with dual-stack operation in AWS
How to deploy FreeBSD with dual-stack operation, both standalone and in AWS
Exploring IPv6 on your phone
Hurricane Electric IPv6 Certification
Configure IPv6 on your node.
Connect to the IPv6 Internet.
Deploy a working website available over IPv6.
Deploy a working email server that accepts messages over IPv6.
Deploy a working DNS server that supports IPv6.
Configure a reverse DNS record for your IPv6 email server.
Do network troubleshooting with ping and traceroute with IPv6 addresses.
They have automated tools to verify that the projects you deploy actually work.
SixConf
On the preceding website (and on https://ipv6forum.com ), you can find a very useful free application (for Windows) that allows you to see (and completely control) the internal details of IPv6 addresses and configuration called SixConf . Here is a screenshot of the main window to give you an idea. A user guide is also available with full details. This will help you understand the information in this book. I have used this app when teaching IPv6 certification courses and find it really helps the students to understand what is going on. It is also useful when deploying IPv6 even in complex networks.
For whatever reason, Microsoft chose to provide configuration tools for IPv6 on their operating systems that look and act a lot like the ones for IPv4. This is kind of like providing a 747 with controls based on those in a family car. IPv6 is far richer and more complex, and this tool provides visibility into and control of these aspects.
A photo of a computer window depicts a title bar with Sixscape Communications, Private Limited. Below, it lists the various configurations and their details.
Note We need to provide a way to download this from an Apress web page for this book.
Conclusion
It is not particularly difficult to obtain free tunneled IPv6 service, even using free components. You do not need to wait for your ISP to provide IPv6 service to go fully operational. Simple transition mechanisms simplify the migration to full dual-stack operation. The only problem is you need at least one public IPv4 address to use 6in4. Failing that, 6rd is a reasonable substitute, but your ISP must provide it to you.
Most operating systems and many existing network applications (BIND, Apache, Postfix, Dovecot, ssh/sshd, etc.) are already fully capable of supporting full dual-stack operation. Network configuration is not that different from IPv4.
Most web applications (Apache or IIS based) get a “free ride,” once the underlying web server has been migrated to dual stack. In addition (although not covered in these labs), most Microsoft “.Net” applications get a free ride.
IPv4 NAT really doesn’t provide any useful function other than extending the life of the IPv4 address space, and only then at a very high price (in terms of lost capabilities and additional complexity). It adds no security in firewall architectures. NAT is a crutch you no longer need. IPv6 without NAT actually provides a simpler, better firewall architecture (no need for BINAT, proxy ARP, NAT traversal, etc.). We are really just returning to the pre-NAT “classical” firewall architectures, not something new and untested.
There are only a few really new concepts in IPv6 that current network administrators need to master, such as tunneling, Application Layer gateways, hexadecimal address representation, address scopes (e.g., link-local addresses), working without NAT, needing to provide Router Advertisement messages (for SLAAC to work), multicast and IPsec that actually work, etc. Everything else is remarkably similar to working with IPv4.
The supply of IPv4 public addresses is really almost gone, and there is no alternative to this other than migration to IPv6. The timeline on this is sooner than most people realize. The four main RIRs have ended normal allocation of IPv4 to telcos, ISPs, and cloud providers, and the fifth one will soon. You have better be ready to support IPv6 if you want to keep your job (or have your organization continue operation) past that point.
Congratulations, and welcome to the Third Internet as its newest netizen!