103.24.132.0/23 & 2406:bf00::/32

Michael Dale

Future home.

 

Happy IPv6 Day!

Michael Dale

traceroute6 to ns3.dalegroup.net (2001:470:1:41:a800:ff:fe59:ad77) from 2001:44b8:73f3:30a0:223:6cff:fe87:d1b0, 64 hops max, 12 byte packets

Native IPv6 over PPPoE with Internode and a Juniper SSG5

Michael Dale

Internode released a trial of native IPv6 over ADSL a few months back, so anyone with an ADSL account with them can try it.

So one of my clients has an SSG5 and an internode connection so I thought I'd set it up.

So the setup:

• ADSL modem in bridge mode
• SSG5 running ScreenOS 6.3.0r2 (I had some issues with 6.2, so it is best to use the latest OS)

The very first step is to enable IPv6 on the SSG5, this requires you to run the following command and then restart/reboot the device:

Once done you should now have access to all the IPv6 functions in the WebUI.

The next step is to modify your PPPoE connection settings.

Now you need to enable IPv6 on the interface that the PPPoE connection is setup on.

So the above should be enough for you to get the /64 on the PPPoE interface.

Internode is currently handing out a /60 for use in your network (via DHCPv6), so lets now set that up.

In the above "bgroup0" is my LAN interface.

Now let's get IPv6 running on "bgroup0"

In the above the IPv6 address there is my first /64 out of the /60, I've manually set it to a :1 address but you can use whatever it's default auto assigned address is.

Now you might want to hand out internodes IPv6 DNS server addresses to your LAN

Now we need to setup the default IPv6 route, as the one that is added by default is incorrect.

And finally the IPv6 policy to allow traffic out (yay no NAT).

That should be all you need to do to get IPv6 working on your network.

There is more information over at the internode site if needed.

And here is a traceroute from a computer on the LAN

IPv6

Michael Dale

I spent a bit of time last night getting more of my network IPv6 ready.

• My Bind DNS server can now answer queries on IPv6.
• dalegroup.net now has an IPv6 address
• I'm in the process of trying to get my name server (ns1.dalegroup.net) to have an IPv6 address.
• Mail server has an IPv6 address (although nothing is routed to the IPv6 address yet)

EDIT: And now my IPv6 tunnel is completely broken :( I've email aarnet and hopefully it will be working soon!

Bluetrait 2 development update

Michael Dale

Just a quick development update.

The following is a list of the major changes that have happened since Code Example 1:

• Commenting Support
• Future Posting Support (via cron)
• Cron Support
• Basic Adding Post Support (with Categories)
• RSS Comments on Posts (with user detail support)
• Database Session Support (all sessions are stored in the database)
• Jquery
• SQLite database support now mostly works
• Contact Form (will be a default plugin) + Mailer Class
• Improvements to custom content

There are a couple of things that need doing before I can upgrade this site to Bluetrait 2:

• Spam Filtering
• Search
• Content Support (for my projects page etc)
• Admin Page (yes I haven't started on it yet!)
• Migration Script (to upgrade database)

The cron support is pretty cool and really easy to use. It will be used in future to handle update notifications, session garbage collection and "monthly database maintenance".

On another note this site is now accessible via IPv6 (2001:388:c021::20), which has already seen traffic!

 

IPv6 tunnel through IPv4 with a Netscreen

Michael Dale

I finally got an IPv6 tunnel going on my Netscreen SSG 5. So I thought I'd post the relevant configuration details here.

I'm currently running ScreenOS 5.4.0r3a0; there seems to be some WebUI bugs with IPv6 so it is best to do it via the command line.

Update: I just got a response back from JTAC. IPv6 is only supported on the ISG2000. So I'm unsure when/if it the WebUI bugs will be fixed.

Update2: IPv6 is now supported on the SSG 5 under screenos 6, the WEBUI bug has been fixed.

Background info:

• Trust interface 10.0.0.254/22 - bgroup0
• Untrust interface - bgroup2
• IPv6 broker (broker.aarnet.net.au) - 202.158.196.131
• IPv6 subnet - 2001:388:c021::1/64

The first step is to enable IPv6 on your Netscreen.

Type the following then save your config and restart the device:


Now let's setup the trust interface:


So we've setup my trust interface with the IPv6 subnet and autoconfiguration should be working.

Now let's setup a tunnel interface for the traffic to run through:


Now we'll setup a static route for IPv6 traffic to go through:


And finally we need to setup a policy to allow traffic out:


You may want to setup some policies to allow traffic in too.

That should be all you need to do.

IPv6 again!

Michael Dale

I've done some basic IPv6 stuff in the past, which only involved a single IPv6 address and a connection to aarnet. I was going to look into setting up a tunnel on my router (a m0n0wall box) so that I had both a IPv4 address and a IPv6 address but it didn't support IPv6 stuff. Anyway I've got my cisco 2651 up and connected to the internet and it has full IPv6 support so I decided to give it a go. Aarnet also give you an option to run a full /64 subnet, so I decided to give it a go. The web interface outputs a shell script that gives you the configuration needed for the router. So I modified by config (with some small changes). The last section (prefix-advertisement) is similar to DHCP, it assigns an IPv6 address to any IPv6 capable computer/OS. So both my Windows 2000 box (with IPv6 kit installed) and Mac OS X system were given a full routed IPv6 address. No dodgy natted connection here, a full routed /64 subnet. :) The speed of the IPv6 is pretty good seeing as it is running through an aarnet tunnel. _{electra:~ michaeldale$ ping vee-six.telstra.net PING vee-six.telstra.net (203.50.0.254): 56 data bytes 64 bytes from 203.50.0.254: icmp_seq=0 ttl=56 time=21.330 ms 64 bytes from 203.50.0.254: icmp_seq=1 ttl=56 time=19.761 ms 64 bytes from 203.50.0.254: icmp_seq=2 ttl=56 time=21.125 ms 64 bytes from 203.50.0.254: icmp_seq=3 ttl=56 time=19.949 ms ^C --- vee-six.telstra.net ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 19.761/20.541/21.330/0.693 ms electra:~ michaeldale$ ping6 vee-six.telstra.net PING6(56=40+8+8 bytes) 2001:388:c148:1:211:24ff:fe2a:f1b3 --> 2001:360::3 16 bytes from 2001:360::3, icmp_seq=0 hlim=58 time=25.059 ms 16 bytes from 2001:360::3, icmp_seq=1 hlim=58 time=25.874 ms 16 bytes from 2001:360::3, icmp_seq=2 hlim=58 time=23.465 ms 16 bytes from 2001:360::3, icmp_seq=3 hlim=58 time=24.281 ms ^C --- vee-six.telstra.net ping6 statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 23.465/24.670/25.874 ms electra:~ michaeldale$ traceroute6 vee-six.telstra.net traceroute6 to vee-six.telstra.net (2001:360::3) from 2001:388:c148:1:211:24ff:fe2a:f1b3, 30 hops max, 12 byte packets 1 2001:388:c148:1:207:eff:fe80:5cc0 2.565 ms 1.756 ms 1.422 ms 2 2001:388:f000::246 25.438 ms 17.068 ms 19.847 ms 3 gigether0-2-0.bb1.a.syd.aarnet.net.au 37.864 ms 27.464 ms 22.706 ms 4 gigabitethernet3-0.bb3.a.syd.aarnet.net.au 28.522 ms 19.571 ms 17.456 ms 5 eth0.ipv6.broadway.aarnet.net.au 25.852 ms 16.863 ms 19.326 ms 6 2001:388:200:4::2 25.896 ms 23.23 ms 25.435 ms 7 2001:388:200:4::2 26.875 ms !P 23.721 ms !P 27.306 ms !P} And a trace to my mac (the second last hop is my cisco router) from here _{traceroute6 to 2001:388:c148:1:211:24ff:fe2a:f1b3 (2001:388:c148:1:211:24ff:fe2a:f1b3) from 2001:1888:0:1:290:27ff:fe9a:4b0b, 64 hops max, 12 byte packets 1 puaiohi-fe1-0-1 1.761 ms 1.923 ms 1.961 ms 2 akepa-e0-0-7 2.737 ms 2.865 ms 2.922 ms 3 tunnel-henet-ca-us 62.519 ms 62.382 ms 62.737 ms 4 3ffe:81d0:ffff:1::1 61.172 ms 61.049 ms 61.039 ms 5 3ffe:80a::b1 63.145 ms 61.613 ms 63.022 ms 6 10gigether0-0-0.bb1.a.syd.aarnet.net.au 237.385 ms 227.818 ms 254.435 ms 7 broker1.a.syd.aarnet.net.au 222.550 ms 222.128 ms 223.146 ms 8 2001:388:f000::247 240.004 ms 238.553 ms 240.206 ms 9 2001:388:c148:1:211:24ff:fe2a:f1b3 241.638 ms 240.077 ms 239.622 m}

IPv6 tunnel

Michael Dale

I have setup an IPv6 tunnel through AARNET E:\>tracert vee-six.telstra.net Tracing route to vee-six.telstra.net [2001:360::3] over a maximum of 30 hops: 1 22 ms 19 ms 18 ms 2001:388:f000::246 2 39 ms 53 ms 40 ms gigether0-2-0.bb1.a.syd.aarnet.net.au [2001:388:1:5001:204:e0ff:fe00:1022] 3 19 ms 17 ms 19 ms gigabitethernet2.7304.syd.aarnet.net.au [2001:388:1:5006:20f:23ff:fea3:ef02] 4 26 ms 26 ms 39 ms 2001:388:200:4::2 5 26 ms 24 ms 26 ms vee-six.telstra.net [2001:360::3] Trace complete. I'll have a play around with it some more later. :)

IPv6 connectivity

Michael Dale

When I installed FreeBSD onto my server it setup an IPv6 address, funky I thought although I'm never going to use it. Anyway my Mac is also built on BSD and it too has an IPv6 address. So I tried a normal ping but it only supports IPv4 so I tried typing ping6 and it worked! Cool! So anyway I now have two computers talking to each other with IPv6. electra:~ michaeldale$ ping6 -I en1 fe80::200:e8ff:fe6c:557b PING6(56=40+8+8 bytes) fe80::211:24ff:fe2a:f1b3 --> fe80::200:e8ff:fe6c:557b 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=0 hlim=64 time=1.365 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=1 hlim=64 time=1.338 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=2 hlim=64 time=1.382 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=3 hlim=64 time=2.111 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=4 hlim=64 time=1.433 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=5 hlim=64 time=1.379 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=6 hlim=64 time=1.346 ms 16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=7 hlim=64 time=1.354 ms --- fe80::200:e8ff:fe6c:557b ping6 statistics --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max = 1.338/1.463/2.111 ms Also that connection is running over my wireless, pretty fast I thought. :)