Categories

Bluetrait
        Bluetrait
            Coding
            Geek
            General
            Coding
                PHP
                Bluetrait
                WordPress
                    Plugins
                PHP
                Bluetrait (Program)
            Geek
                Juniper
                Cisco
                IBM N2200 8363
                PCs
                Spam
                IPv6
                Apple
                NetScreen
                Internet
            General
                Uni

Wed, 08 Jun 2011 6:44 PM

Happy IPv6 Day!

Michael Dale

traceroute6 to ns3.dalegroup.net (2001:470:1:41:a800:ff:fe59:ad77) from 2001:44b8:73f3:30a0:223:6cff:fe87:d1b0, 64 hops max, 12 byte packets

 1  2001:44b8:73f3:30a0:21f:12ff:fe54:8509  3.690 ms  1.642 ms  2.421 ms
 2  loop0.lns6.syd7.internode.on.net  27.485 ms  29.693 ms  38.001 ms
 3  gi1-1.cor2.syd7.internode.on.net  27.176 ms  39.971 ms  30.690 ms
 4  gi6-0-0-109.bdr1.syd7.internode.on.net  31.136 ms  36.664 ms  36.492 ms
 5  pos2-0.bdr1.sjc2.internode.on.net  184.883 ms  193.264 ms  207.775 ms
 6  paix.ipv6.he.net  185.041 ms  188.728 ms  185.915 ms
 7  10gigabitethernet1-2.core1.fmt1.he.net  213.857 ms  210.641 ms  414.330 ms
 8  2001:470:1:89::2  186.451 ms  191.536 ms  190.687 ms
 9  ns3.dalegroup.net  209.534 ms  221.058 ms  212.807 ms
 

Sun, 17 Jan 2010 11:10 AM

Native IPv6 over PPPoE with Internode and a Juniper SSG5

Michael Dale

Internode released a trial of native IPv6 over ADSL a few months back, so anyone with an ADSL account with them can try it.

So one of my clients has an SSG5 and an internode connection so I thought I'd set it up.

So the setup:

  • ADSL modem in bridge mode
  • SSG5 running ScreenOS 6.3.0r2 (I had some issues with 6.2, so it is best to use the latest OS)

The very first step is to enable IPv6 on the SSG5, this requires you to run the following command and then restart/reboot the device:

set envar ipv6=yes

Once done you should now have access to all the IPv6 functions in the WebUI.

The next step is to modify your PPPoE connection settings.

set pppoe name "Internode" username "username@ipv6.internode.on.net" password "encryptedpassword"

set pppoe name "Internode" ppp ipv6cp ipcp

Now you need to enable IPv6 on the interface that the PPPoE connection is setup on.

set interface "ethernet0/0" ipv6 mode "host"

set interface "ethernet0/0" ipv6 enable

set interface ethernet0/0 ipv6 ra accept

unset interface ethernet0/0 ipv6 nd nud

So the above should be enough for you to get the /64 on the PPPoE interface.

Internode is currently handing out a /60 for use in your network (via DHCPv6), so lets now set that up.

set interface ethernet0/0 dhcp6 client

set interface ethernet0/0 dhcp6 client options rapid-commit

set interface ethernet0/0 dhcp6 client options request pd

set interface ethernet0/0 dhcp6 client pd ra-interface bgroup0

set interface ethernet0/0 dhcp6 client enable

In the above "bgroup0" is my LAN interface.

Now let's get IPv6 running on "bgroup0"

set interface "bgroup0" ipv6 mode "router"

set interface "bgroup0" ipv6 ip 2001:44b8:7763:baa0::1/64

set interface "bgroup0" ipv6 enable

set interface bgroup0 ipv6 ra link-address

set interface bgroup0 ipv6 ra transmit

unset interface bgroup0 ipv6 nd nud

In the above the IPv6 address there is my first /64 out of the /60, I've manually set it to a :1 address but you can use whatever it's default auto assigned address is.

Now you might want to hand out internodes IPv6 DNS server addresses to your LAN

set interface bgroup0 dhcp6 server

set interface bgroup0 dhcp6 server options dns dns1 2001:44b8:1::6

set interface bgroup0 dhcp6 server options dns dns2 2001:44b8:2::6

set interface bgroup0 dhcp6 server enable

Now we need to setup the default IPv6 route, as the one that is added by default is incorrect.

set route ::/0 interface ethernet0/0 gateway ::

And finally the IPv6 policy to allow traffic out (yay no NAT).

set policy id 12 from "Trust" to "Untrust"  "Any-IPv6" "Any-IPv6" "ANY" permit log

That should be all you need to do to get IPv6 working on your network.

There is more information over at the internode site if needed.

And here is a traceroute from a computer on the LAN

C:\Users\Administrator>tracert -6 ipv6.google.com

Tracing route to ipv6.l.google.com [2001:4860:c004::68]

over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  2001:44b8:7763:baa0::1

  2    37 ms    37 ms    37 ms  loop0.lns6.syd7.internode.on.net [2001:44b8:b070::4]

  3    37 ms    37 ms    37 ms  gi1-1.cor2.syd7.internode.on.net [2001:44b8:b070:5::1]

  4    37 ms     *       37 ms  gi6-0-0-146.bdr1.syd6.internode.on.net [2001:44b8:b060:146::1]

  5    37 ms    37 ms    37 ms  2001:4860:1:1:0:1283:0:2

  6    38 ms    38 ms    39 ms  2001:4860::1:0:9f8

  7   184 ms   295 ms   174 ms  2001:4860::1:0:165

  8   175 ms   175 ms   175 ms  2001:4860::1:0:890

  9   181 ms   176 ms   182 ms  2001:4860::29

 10   185 ms   176 ms   244 ms  tx-in-x68.1e100.net [2001:4860:c004::68]

Trace complete.


Wed, 06 Feb 2008 10:00 AM

IPv6

Michael Dale

I spent a bit of time last night getting more of my network IPv6 ready.

  • My Bind DNS server can now answer queries on IPv6.
  • dalegroup.net now has an IPv6 address
  • I'm in the process of trying to get my name server (ns1.dalegroup.net) to have an IPv6 address.
  • Mail server has an IPv6 address (although nothing is routed to the IPv6 address yet)

EDIT: And now my IPv6 tunnel is completely broken :( I've email aarnet and hopefully it will be working soon!


Sun, 23 Sep 2007 1:16 PM

Bluetrait 2 development update

Michael Dale

Just a quick development update.

The following is a list of the major changes that have happened since Code Example 1:

  • Commenting Support
  • Future Posting Support (via cron)
  • Cron Support
  • Basic Adding Post Support (with Categories)
  • RSS Comments on Posts (with user detail support)
  • Database Session Support (all sessions are stored in the database)
  • Jquery
  • SQLite database support now mostly works
  • Contact Form (will be a default plugin) + Mailer Class
  • Improvements to custom content

There are a couple of things that need doing before I can upgrade this site to Bluetrait 2:

  • Spam Filtering
  • Search
  • Content Support (for my projects page etc)
  • Admin Page (yes I haven't started on it yet!)
  • Migration Script (to upgrade database)

The cron support is pretty cool and really easy to use. It will be used in future to handle update notifications, session garbage collection and "monthly database maintenance".

On another note this site is now accessible via IPv6 (2001:388:c021::20), which has already seen traffic!

 


Thu, 15 Feb 2007 9:49 PM

IPv6 tunnel through IPv4 with a Netscreen

Michael Dale

I finally got an IPv6 tunnel going on my Netscreen SSG 5. So I thought I'd post the relevant configuration details here.

I'm currently running ScreenOS 5.4.0r3a0; there seems to be some WebUI bugs with IPv6 so it is best to do it via the command line.

Update: I just got a response back from JTAC. IPv6 is only supported on the ISG2000. So I'm unsure when/if it the WebUI bugs will be fixed.

Update2: IPv6 is now supported on the SSG 5 under screenos 6, the WEBUI bug has been fixed.

Background info:

  • Trust interface 10.0.0.254/22 - bgroup0
  • Untrust interface - bgroup2
  • IPv6 broker (broker.aarnet.net.au) - 202.158.196.131
  • IPv6 subnet - 2001:388:c021::1/64

The first step is to enable IPv6 on your Netscreen.

Type the following then save your config and restart the device:

set envar ipv6=yes

Now let's setup the trust interface:

set interface "bgroup0" ipv6 mode "router"
set interface "bgroup0" ipv6 ip 2001:388:c021::1/64
set interface "bgroup0" ipv6 enable
unset interface bgroup0 ipv6 ra link-address
set interface bgroup0 ipv6 ra transmit
set interface bgroup0 ipv6 nd nud

So we've setup my trust interface with the IPv6 subnet and autoconfiguration should be working.

Now let's setup a tunnel interface for the traffic to run through:

set interface "tunnel.1" zone "Untrust"
set interface tunnel.1 ip unnumbered interface bgroup2
set interface "tunnel.1" ipv6 mode "host"
set interface "tunnel.1" ipv6 enable
set interface tunnel.1 tunnel encap ip6in4 manual
set interface tunnel.1 tunnel local-if bgroup2 dst-ip 202.158.196.131

Now we'll setup a static route for IPv6 traffic to go through:

set route ::/0 interface tunnel.1 gateway :: preference 20

And finally we need to setup a policy to allow traffic out:

set policy id 77 from "Trust" to "Untrust" "Any-IPv6" "Any-IPv6" "ANY" permit log
set policy id 77

You may want to setup some policies to allow traffic in too.

That should be all you need to do.


Tue, 15 Nov 2005 6:54 PM

IPv6 again!

Michael Dale

I've done some basic IPv6 stuff in the past, which only involved a single IPv6 address and a connection to aarnet. I was going to look into setting up a tunnel on my router (a m0n0wall box) so that I had both a IPv4 address and a IPv6 address but it didn't support IPv6 stuff.

Anyway I've got my cisco 2651 up and connected to the internet and it has full IPv6 support so I decided to give it a go. Aarnet also give you an option to run a full /64 subnet, so I decided to give it a go.

The web interface outputs a shell script that gives you the configuration needed for the router. So I modified by config (with some small changes).

ipv6 unicast-routing
!
interface tunnel0
ipv6 address 2001:0388:f000:0000:0000:0000:0000:0247/128
tunnel source dialer1
tunnel destination 202.158.196.131
tunnel mode ipv6ip
!
ipv6 route ::/0 tunnel0
!
interface FastEthernet 0/0
ipv6 address 2001:0388:c148:1::/64 eui-64
ipv6 nd prefix-advertisement 2001:0388:c148:1::/64 43200 43200 onlink autoconfig
!

The last section (prefix-advertisement) is similar to DHCP, it assigns an IPv6 address to any IPv6 capable computer/OS. So both my Windows 2000 box (with IPv6 kit installed) and Mac OS X system were given a full routed IPv6 address. No dodgy natted connection here, a full routed /64 subnet. :)

The speed of the IPv6 is pretty good seeing as it is running through an aarnet tunnel.

electra:~ michaeldale$ ping vee-six.telstra.net
PING vee-six.telstra.net (203.50.0.254): 56 data bytes
64 bytes from 203.50.0.254: icmp_seq=0 ttl=56 time=21.330 ms
64 bytes from 203.50.0.254: icmp_seq=1 ttl=56 time=19.761 ms
64 bytes from 203.50.0.254: icmp_seq=2 ttl=56 time=21.125 ms
64 bytes from 203.50.0.254: icmp_seq=3 ttl=56 time=19.949 ms
^C
--- vee-six.telstra.net ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 19.761/20.541/21.330/0.693 ms
electra:~ michaeldale$ ping6 vee-six.telstra.net
PING6(56=40+8+8 bytes) 2001:388:c148:1:211:24ff:fe2a:f1b3 --> 2001:360::3
16 bytes from 2001:360::3, icmp_seq=0 hlim=58 time=25.059 ms
16 bytes from 2001:360::3, icmp_seq=1 hlim=58 time=25.874 ms
16 bytes from 2001:360::3, icmp_seq=2 hlim=58 time=23.465 ms
16 bytes from 2001:360::3, icmp_seq=3 hlim=58 time=24.281 ms
^C
--- vee-six.telstra.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 23.465/24.670/25.874 ms

electra:~ michaeldale$ traceroute6 vee-six.telstra.net
traceroute6 to vee-six.telstra.net (2001:360::3) from 2001:388:c148:1:211:24ff:fe2a:f1b3, 30 hops max, 12 byte packets
1 2001:388:c148:1:207:eff:fe80:5cc0 2.565 ms 1.756 ms 1.422 ms
2 2001:388:f000::246 25.438 ms 17.068 ms 19.847 ms
3 gigether0-2-0.bb1.a.syd.aarnet.net.au 37.864 ms 27.464 ms 22.706 ms
4 gigabitethernet3-0.bb3.a.syd.aarnet.net.au 28.522 ms 19.571 ms 17.456 ms
5 eth0.ipv6.broadway.aarnet.net.au 25.852 ms 16.863 ms 19.326 ms
6 2001:388:200:4::2 25.896 ms 23.23 ms 25.435 ms
7 2001:388:200:4::2 26.875 ms !P 23.721 ms !P 27.306 ms !P

And a trace to my mac (the second last hop is my cisco router) from here

traceroute6 to 2001:388:c148:1:211:24ff:fe2a:f1b3 (2001:388:c148:1:211:24ff:fe2a:f1b3) from 2001:1888:0:1:290:27ff:fe9a:4b0b, 64 hops max, 12 byte packets
1 puaiohi-fe1-0-1 1.761 ms 1.923 ms 1.961 ms
2 akepa-e0-0-7 2.737 ms 2.865 ms 2.922 ms
3 tunnel-henet-ca-us 62.519 ms 62.382 ms 62.737 ms
4 3ffe:81d0:ffff:1::1 61.172 ms 61.049 ms 61.039 ms
5 3ffe:80a::b1 63.145 ms 61.613 ms 63.022 ms
6 10gigether0-0-0.bb1.a.syd.aarnet.net.au 237.385 ms 227.818 ms 254.435 ms
7 broker1.a.syd.aarnet.net.au 222.550 ms 222.128 ms 223.146 ms
8 2001:388:f000::247 240.004 ms 238.553 ms 240.206 ms
9 2001:388:c148:1:211:24ff:fe2a:f1b3 241.638 ms 240.077 ms 239.622 m


Mon, 28 Mar 2005 1:31 PM

IPv6 tunnel

Michael Dale

I have setup an IPv6 tunnel through AARNET

E:\>tracert vee-six.telstra.net

Tracing route to vee-six.telstra.net [2001:360::3] over a maximum of 30 hops:

1 22 ms 19 ms 18 ms 2001:388:f000::246
2 39 ms 53 ms 40 ms gigether0-2-0.bb1.a.syd.aarnet.net.au [2001:388:1:5001:204:e0ff:fe00:1022]
3 19 ms 17 ms 19 ms gigabitethernet2.7304.syd.aarnet.net.au [2001:388:1:5006:20f:23ff:fea3:ef02]
4 26 ms 26 ms 39 ms 2001:388:200:4::2
5 26 ms 24 ms 26 ms vee-six.telstra.net [2001:360::3]

Trace complete.

I'll have a play around with it some more later. :)


Fri, 31 Dec 2004 11:16 AM

IPv6 connectivity

Michael Dale

When I installed FreeBSD onto my server it setup an IPv6 address, funky I thought although I'm never going to use it. Anyway my Mac is also built on BSD and it too has an IPv6 address. So I tried a normal ping but it only supports IPv4 so I tried typing ping6 and it worked! Cool!

So anyway I now have two computers talking to each other with IPv6.

electra:~ michaeldale$ ping6 -I en1 fe80::200:e8ff:fe6c:557b
PING6(56=40+8+8 bytes) fe80::211:24ff:fe2a:f1b3 --> fe80::200:e8ff:fe6c:557b
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=0 hlim=64 time=1.365 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=1 hlim=64 time=1.338 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=2 hlim=64 time=1.382 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=3 hlim=64 time=2.111 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=4 hlim=64 time=1.433 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=5 hlim=64 time=1.379 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=6 hlim=64 time=1.346 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=7 hlim=64 time=1.354 ms

--- fe80::200:e8ff:fe6c:557b ping6 statistics ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 1.338/1.463/2.111 ms

Also that connection is running over my wireless, pretty fast I thought. :)