HE IPv6 tunnel broker and certification

calendar Dec 26, 2013 · 3 min read · aws networking ipv6  ·
Share on: linkedin copy

IPv6 is the evolution that everybody know must be done one day but not today.

Unike the Millenniun Bug that had a clear deadline, IPv6 adoption is a topic that I often discuss with clients but nobody is really willing to do it, even in a test environment.

I studied IPv6 in many Cisco certifications but since they're focused on the infrastructure side of the network, I plan to do some labs myself in the next months.

Since my ISP don't support native IPv6 connection (even if they like to put an "IPv6 ready" logo in their website) I had to use a tunnel to connect to the IPv6 Internet.

Hurricane Electric provides free IPv6 tunnels and have a nice and free IPv6 Certification program that is a good starting point.

Tunnel Setup

The first step is to create a tunnel to HE, on their website you can find templates for many platforms and OSs, I did it in my Cisco home router:

interface Tunnel6
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 load-interval 30
 ipv6 address 2001:X:X:X::X/64
 ipv6 enable
 keepalive 10 3
 tunnel source X.X.X.X
 tunnel destination X.X.X.X
 tunnel mode ipv6ip
end

Enable RA

The next step is to enable Route Advertisements so the clients can get an IPv6 prefix and gateway:

interface Vlan1
 ipv6 address 2001:X:X:X::X/64
 ipv6 nd ra interval 10

Client Configuration

I use both Windows and Linux OS. On the windows side we just have to enable IPv6 in the network card properties. For Debian just add this line

iface eth0 inet6 auto

to

/etc/network/interfaces

and restart network services

services networking reload

Check IPv6 address with ipconfig / ifconfig.

DNS server

On our clients we need to setup a IPV6 DNS server, Google is kind enough to provide it fo us:

2001:4860:4860::8888
2001:4860:4860::8844

Test connectivity

We should be able now to access some IPv6 enabled websites, watch the dancing Kame, telnet towel.blinkenlights.nl or see the Star Wars traceroute:

traceroute6 -m 255 obiwan.scrye.net

NGINX web server

A fast way to test IPv6 on local network is to install NGINX web server and configure it to listen IPv6 removin the # from line

listen   [::]:80;

in file

/etc/nginx/sites-available

So now we have a small IPv6 lab running, enjoy!

“You can either do a planned, careful migration, or you can do it in a panic, and you should know full well that panicking is more expensive.” Martin Levy, director of IPv6 strategy for Hurricane Electric

As a footnote, I spent some time doing the HE IPv6 certification,  even if it has no official recognition it could be fun.