My Home IPv6 Setup
World IPv6 launch day was earlier this week, on Wednesday. I wanted to write a few details about the IPv6 setup I have at home. I’ve had IPv6 access through a Hurricane Electric 6in4 tunnel for probably about a year now.
I have networks at my apartment, and my parent’s house. These are connected via a site-to-site VPN, with OSPF running between everything. Most of my servers are hosted out of my parent’s house because of their static IP address. Here’s an overview of how everything’s set up with IPv4:
I also have a couple of VPS’s, one with Slicehost and one at EC2. They host my public websites, are what my MX records point to, etc.
First IPv6 Tunnel
Originally, I set up a single IPv6 tunnel going to the Cisco router I use on the edge of the network at my parents house. I routed part of my /48 over the OpenVPN tunnel to my apartment. This worked suitably for IPv6 communication between servers / computers at the two sites, but it wasn’t really workable for Internet access.
Internet bound IPv6 traffic from my apartment had to cross one tunnel (the OpenVPN tunnel) to get back to my parents house, and then cross another tunnel (the Hurricane Electric 6in4 tunnel) to get to the v6 Internet. So performance was pretty bad.
So, I got a second tunnel and /48 from Hurricane Electric for my apartment. This works much better. Internet-bound traffic from each site uses the HE IPv6 tunnel that terminates at that site. IPv6 traffic between my sites traverses the OpenVPN tunnel.
For world IPv6 day, I IPv6 enabled the server that hosts my public websites and is one of my MX servers. It would be nice of Amazon or Rackspace would support native IPv6. I think it’s rather ridiculous that they don’t. So, I did this with a third HE 6in4 tunnel that terminates directly on my server. I’m just using the /64 tunnel subnet. I don’t need an entire /48 for this :)
I initially set this up using the iproute2 commands that HE provided. Those worked without issue.it took a little bit of time to get everything working when I configured this through the persistent config files in /etc/sysconfig/network-scripts. Here is the config that I ended up getting to work:
# In /etc/sysconfig/network-scripts/ifcfg-sit1: DEVICE=sit1 ONBOOT=yes BOOTPROTO=none IPV6INIT=yes IPV6ADDR=<my IPv6 IP from HE>>/64 IPV6TUNNELIPV4=<the IPv4 endpoint HE assigns> IPV6TUNNELIPV4LOCAL=<my IPv4 address> # In /etc/sysconfig/network, added: NETWORKING_IPV6=yes # Created /etc/sysconfig/network-scripts/static-routes-ipv6 with: sit1 ::/0
Right now, my outgoing mail gateway doesn’t utilize IPv6. I will probably turn this on when I move over to a newly mail gateway I’m building with puppet and CentOS 6 to replace the existing one.
I’m using SLAAC rather than DHCPv6 for address assignment on my user-facing networks. At some point I might switch to DHCPv6. I’ve had issues with the radvd daemon crashing on the 1U Vyatta router I have at my apartment, and I really like having dynamic DNS records created for DHCP devices with v4.
I currently don’t have reverse DNS set up for IPv6. I’d like to get this going at some point.including possibly making the reverse lookups publically accessible.
I haven’t heard anything specific from either of the ISP’s about native IPv6. I’m not quite sure what I’ll do when that becomes available. The performance should be better.but I don’t know that I want to have to renumber my internal networks at the whim of my service providers.