Monday, July 14, 2014

Linux as an IPv6 Router

Hello all,

First of all, I do apologize that I haven't updated my blog page since 3 months ago because I have had a very difficult situation in my life recently, but everything went well. Special thanks to all my supporters who helped me on this sticky situation.

Today, I would like to talk about IPv6 Router and how we can configure/monitor Linux(RedHat,Fedora,CentOS,SELinux) to work as an IPv6 Router. We can easily use radvd daemon
(Router ADVertisement Daemon) for this purpose. In order to install radvd daemon, run the following command after you switched to su :

su -
yum install radvd


Now you need to turn on IPv6 forwarding. Run the below command (Figure 1):

sysctl net.ipv6.conf.all.forwarding=1


                                                                        Figure 1


Configuration file is located at /etc/radvd.conf.  Figure 2 shows the content of radvd.conf :

                                                                          Figure 2

As you can see in the figure 2, all lines are commented. Based on our requirements in network, we can start to uncomment those lines.

Let's go through this lines and their definitions:

interface eth0
You need to decide which NIC or interface you want to use as a router. In this example, it assumes one interface:  ens33


                                                                           Figure 3



AdvSendAdvert on;
A flag indicating  whether  or  not  the router sends periodic router advertisements and responds to router solicitations. Router solicitations means when radvd daemon detects router network address requests from hosts.

MinRtrAdvInterval 30;
The minimum time allowed between sending unsolicited multicast router advertisements from the interface, in seconds.

MaxRtrAdvInterval 100;
The maximum time allowed between sending unsolicited multicast router advertisements from the interface, in seconds.

prefix 2001:db8:1:0::/64
 {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr off;
 };

The prefix definition specifies your IPv6 network address. To specify prefix options for a specific prefix, add them within parentheses following the prefix definition.  Here we have 3 prefix options.

AdOnLink on
According to manpage, when set, indicates  that this prefix can be used for on-link determination.
When not set the advertisement makes no statement about on-link or off-link properties of the prefix. It simply means that host requests can be received on the specified network address.

 AdvAutonomous on
When set, indicates that this prefix can be used for autonomous address configuration as specified in RFC 4862. It provides automatic address configuration.

AdvRouterAddr off
When set, indicates that the address of interface is sent instead of network prefix, as is required by Mobile IPv6. When set, minimum limits specified by Mobile IPv6 are used for MinRtrAdvInterval and MaxRtrAdvInterval.

Now, I am going to change this configuration file to meet my private network requirements, for example.


                                                                              Figure 4

In this example, for a private network 192.168.74.0 Figure 3, we use the unique-local IPv6 prefix which operates like IPv4 private network address. It's fc00:0:0:0::/64

Just a reminder from my comments in IPv6 configuration (http://ktaraghi.blogspot.ca/2014/02/ipv6-and-network-auto-configuration.html): A host in IPv6 stateless address autoconfiguration network uses its own MAC address to create a temporary link-local address (FE80:: prefix) to be able to connect to router. Then, the router sends its network prefix to replace the link-local prefix and create a full Internet address.

Now, test your configuration file by the following command:

radvd -c

If everything is fine such as syntax, we can start radvd daemon. Run the following command:

/bin/systemctl start radvd.service

to check if the service is running, run the following command:

/bin/systemctl status radvd.service

                                                                            Figure 5

Now, it's time to check and see the advertisement packets that this machine is sending out to other machines/routers. On a different machine, run the following command:

radvdump -d 4


                                                                            Figure 6

-d switch means debug mode and 4 means in verbose mode(log everything).
In Figure 6, it shows that our Linux Router is advertising the correct network address (fc00::/64); the same ipv6 network address that we configured. And That's it.

Hope you enjoyed.
Regards,
Khosro Taraghi