Project V7: DHCPv6 with Vyatta (10 pts.)

What You Need

A Vyatta router, real or virtual. I used a Vyatta virtual machine running on my Mac OS X computer.
It does not need to be connected to the IPv6 Internet, although that's more fun.

An end device to connect to the IPv6 Internet via the Vyatta virtual router. The end device can be almost anything, such as a PC, Mac, Linux computer, smartphone, or iPad. So far the instructions below only cover these devices explicitly:

Windows 7
Linux
Mac OS X

Purpose

This is what every home and small business LAN needs to distribute IPv6 to end devices--the "last mile". You should get as fast and efficient at this process as you are configuring a typical IPv4 LAN.

Using Bridged Networking

In VMware, set your Vyatta to Bridged mode, not NAT. VMware does not support IPv6 on NAT interfaces.

Enabling SSH

I recommend controlling your Vyatta via SSH, so you can copy and paste configurations in.

On your Vyatta Router, execute these commands:

configure

set interfaces ethernet eth0 address dhcp

set service ssh

commit

save

exit

show interfaces

Your eth0 interface should now have an IPv4 address. You can use an SSH client such as SSH Secure Shell to control it.

Creating a Loopback Interface

To make this project easy to do, we'll use a loopback interface to test connectivity rather than the real Internet.

On your Vyatta Router, execute these commands:

configure

set interfaces loopback lo 2001:db8:5::5/64

commit

save

exit

ping 2001:db8:5::5

You should see replies, as shown below:

Press Ctrl+C to stop the pings.

Selecting the Distribution Interface

On your Vyatta Router, execute this command:

show interfaces

Choose an interface to be used as the Default Gateway on your LAN.

In my example, the correct interface to use is eth0, as shown below:

Determining an IPv6 Range to Distribute

We'll distribute addresses from the 2001:db8:6::/64 subnet.

To be more specific, we'll use this range:

2001:db8:6::1000 - 2001:db8:6::1999

If you are using a Hurricane Electric tunnel, use subnet from your "Routed /48"--the standard allocation of IPv6 addresses.

Enabling IPv6 Forwarding

On your Vyatta router, execute this command:

show ipv6 forwarding

You should see a message saying "ipv6 forwarding is on", as shown below:

If it's not on, enable it with these commands:

configure

delete system ipv6 disable-forwarding

commit

save

exit

How Autoconfiguration Works

There are many different ways to configure addresses in IPv6. We will use the technique Ed Horley used at the 2012 North American IPv6 Summit in Denver, CO (explained here.

This technique sets the Autonomous, Managed, and Other bits all to 1, which has these results:

Windows clients get three global unicast IPv6 addresses: two from SLAAC and one from DHCPv6, and an IPv6 DNS server address from DHCPv6
Older Mac OS X clients and Linux clients don't have a DHCPv6 client in the OS, so they get SLAAC addresses but no DHCPv6 addresses, and don't get an IPv6 DNS server address from DHCPv6.

This isn't ideal, but it works in practice because at present clients can resolve DNS over IPv4.

Configuring a Static IPv6 Address on eth0

On your Vyatta router, execute these commands:

configure

edit interfaces ethernet eth0 

set address 2001:db8:6::1/64

commit

save

exit

show interfaces

You should see an address of 2001:db8:6::1/64 on your eth0 interface, as shown below:

Sending Router Advertisements on eth0

The commands below configure these results:

Assign the first address in your Routed /64 subnet to eth0
Send Router Advertisements on eth0 every ten seconds, which tell clients:
- Use DHCPv6 to configure addresses and DNS settings
- Autoconfigure the default gateway to point to the Vyatta

On your Vyatta router, execute these commands:

configure

edit interfaces ethernet eth0 

set ipv6 router-advert send-advert true

set ipv6 router-advert max-interval 10

set ipv6 router-advert prefix 2001:db8:6::/64

set ipv6 router-advert prefix 2001:db8:6::/64 autonomous-flag true

set ipv6 router-advert other-config-flag true

set ipv6 router-advert default-preference high

set ipv6 router-advert managed-flag true

commit

save

exit

sudo tcpdump ip6

You should see packets scrolling by, including "router advertisement" packets, as shown below:

Press Ctrl+C to stop the packet capture.

Saving the Screen Image

Make sure you see at least one "router advertisement" packets.

Save a screen shot of this image with the filename

Proj V7a from Your Name

Configuring DHCPv6

DHCPv6 is used primarily to deliver DNS addresses to the Windows clients, here.

On your Vyatta router, execute these commands:

configure

edit service dhcpv6-server shared-network-name lan subnet 2001:db8:6::/64

set name-server '2620:0:ccc::2'

set name-server '2620:0:ccd::2'

set address-range start 2001:db8:6::1000

set address-range start 2001:db8:6::1000 stop 2001:db8:6::1999

commit

save

exit

sudo tcpdump ip6 | grep dhcpv6

If there is another machine on your network, such as the VMware host machine, you should see dhcpv6 packets, as shown below:

Press Ctrl+C to stop the packet capture.

Adding a Static Route to the Vyatta OpenVPN Server

This is only needed if you are connecting to the Internet through a second router, such as an Amazon EC2 device.

If you are not using the real Internet, just skip this section.

If your connection to the Internet is through a tunnel to another router, you must add a route to that remote router so it knows where your /48 is.

In my case, I am using an Amazon E2C Vyatta virtual machine.

On that device, execute these commands, using thesr values:

The first address is your routed /48 from Hurricane Electric
The second address is the vtun2 IPv6 address on your Vyatta OpenVPN Client

Use your subnet prefix, not mine, for the routed /48, and the tunnel endpoint:

configure

set protocols static route6 2001:470:8273::/48 next-hop 2001:470:1f05:7a9::2

commit

save

exit

Choosing a Client Device

To complete this project, you need to connect one client, and use traceroute top prove that it has autoconfigured both the IPv6 address and IPv6 default route.

So choose the section below for your client.

Connecting a Windows 7 Client
Start a Windows 7 computer, connected to the same LAN as your Vyatta's interface sending out Router Advertisements.

Resetting the Network Stack
On your Windows 7 machine, in case some previous project has messed things up, execute these commands:
netsh winsock reset catalog netsh int ipv4 reset reset.log
netsh int ipv6 reset reset.log
Restart the Windows 7 machine.
Observing Autoconfiguration
On the Windows 7 client, in a Command Prompt window, execute this command:
ipconfig | more
You should see three addresses starting with 2001:db8:6, as shown below:

Saving the Screen Image
Make sure you see at least one address starting with 2001:db8:6
Save a screen shot of this image with the filename
Proj V7b from Your Name
On the Windows 7 client, in a Command Prompt window, execute this command:
ping -6 2001:db8:5::5
You should see replies, as shown below:

Connecting a Linux Client
Start a Linux computer, connected to the same LAN as your Vyatta's interface sending out Router Advertisements.
I used a BackTrack 5 R2 virtual machine.
In the Linux client, in a Terminal window, execute these commands:
dhclient watch "ifconfig"
This shows your ip addresses in real-time.
Wait ten seconds and see if an address starting with 2001:db8:6 appears, as shown below.
If it doesn't appear, start Wireshark sniffing in the Linux machine. This makes the network card promiscuous, and often makes networking work better.

Saving the Screen Image
Make sure you see at least one address starting with 2001:db8:6
Save a screen shot of this image with the filename
Proj V7b from Your Name
In the Linux client, in a Terminal window, execute this command:
ping6 2001:db8:5::5
You should see replies, as shown below:

Connecting a Mac OS X Client
Start a Mac OS X computer, connected to the same LAN as your Vyatta's interface sending out Router Advertisements.
I used a MacBook Air running Lion, 10.7.4.
In the Mac OS X client, in a Terminal window, execute this command:
ifconfig
You should see at least one address starting with 2001:db8:6, as shown below:

Saving the Screen Image
Make sure you see at least one address starting with 2001:db8:6
Save a screen shot of this image with the filename
Proj V7b from Your Name
In the Mac OS X client, in a Terminal window, execute this command:
ping6 2001:db8:5::5
You should see replies, as shown below:
Troubleshooting
I had some problems making this work reliably. Here are things that made it work better:
If the Vyatta is in a VM, use Bridged networking, not NAT
To clear any old IPv6 configuration and renew it on the Mac's en0 interface, enter these two commands to disable IPv6 on that interface and then re-enable it again:
sudo ip6 -d en0 sudo ip6 -u en0

Turning In your Project

Email the image to cnit.60@gmail.com with a subject line of

Proj V7 from Your Name

Sources

http://computernetworkingnotes.com/ipv6-features-concepts-and-configurations/install-ipv6.html

http://www.howfunky.com/2012/05/north-american-ipv6-summit-advanced.html

http://ebook.cna.ilkom.unsri.ac.id/vyatta/Vyatta_IPv6_R6.0_v03.pdf

Last modified 7:11 pm 11-3-12