[mdlug] ipv6 in Centos -- ouch

Michael Mol mikemol at gmail.com
Sun Jan 22 15:28:07 EST 2012 

On Sun, Jan 22, 2012 at 3:02 PM, Jay Nugent <jjn at nuge.com> wrote:
> Greetings Carl (et al),
>
> On Sun, 22 Jan 2012, Carl T. Miller wrote:
>
>> I'm still trying to decide if I want to brag that
>> I have IPv6 working or if I want to rant about the
>> fact that it was painful to set up.  I can't believe
>> that I'm the first person who got iptables, ip6tables,
>> radvd, sysctl and the various files in /etc/sysconfig
>> to work.
>>
>> I thought the Hurricane Electric certification would
>> walk me through the setup.  Not really.  I spent hours
>> in their blogs and searching Google to find how to
>> configure everything using standard Centos files.
>> I could not find a single website that correctly lists
>> how to setup an IPv6 router!  Hopefully later today
>> there will be a listing on LinuxQuestion.org and/or
>> at the Hurricane Electric forums.
>>
>> Now that I know what to do, it's rather simple and it
>> would take me only a few minutes to set up a new system.
>>
>> I'm already looking forward to working through the
>> certification.
>
>    I bought a book before I started.  After much looking around and only
> finding books that delved FAR TOO DEEP into the software, or described
> each single BIT used in the protocol, I settled on a book that skipped all
> that and just described the config files used in Debian (Sarge), FreeBSD
> 6.1, and Solaris 10.  The author outright *refused* to discuss WinBlows,
> as that was just a constantly churning calron of Monkey Poop (my words,
> not his - but pretty close).
>
>    Though this book IS NOT a plug-and-play step by step - it did help me
> to better understand how IPv6 was supposed to 'play' with other IPv6
> boxes, and how to configure them to do so.  And though the tools described
> in this book have moved on and developed over the years since 2007, it got
> me enough into the ball park I could make the thing run :)
>
>    My IPv6 network is probably simpler than most.  A 'sit' tunnel to
> Hurricane Electric where they send me a /64 prefix.  An "RA" server to
> deploy those prefixes to my servers and workstations.  And I opted to
> allow SLAAC autoconfiguration for Link-Local, while using the *SAME* lower
> 64 bits (based on the MAC) plus my prefix to assign Global routable
> addresses.  As many of you know me, I have NO DAMN WINBLOWS boxes on my
> network and thus *NEVER* use any firewalls anywhere for any reason!  But
> then I am lucky enough to have a pair of /25 blocks of IPv4 addresses to
> play with  :)
>
>
>    The book is:
>
>    "IPv6 in Practice - A Unixer's Guide to the Next Generation Internet"
>    by: Benedikt Stockebrand
>    published by:  Springer
>
>    ISBN-10  3-540-24524-3
>    ISBN-13  978-3-540-24524-7
>
>
>    Something to keep in mind folks....  *ANY* of your internal NATed
> (RFC1918 192.168/16) boxes *can* be the endpoint termination of the SIT
> tunnel !!!  From the public Internet's perspective, ALL of your boxes look
> like just ONE box - they all 'appear' to be inside your gateway.  So if
> you have a DNS or Web or Email box on your network, go ahead and make it
> your SIT endpoint and RA server.  As long as your off-the-shelf cheapie
> gateway router can pass "SIT" (Protocol 41) it won't matter where your
> tunnel *actually* terminates.  So if you are thinking you need to replace
> your D-Link or LinkSys router with one that can do IPv6, or can terminate
> the SIT tunnel, or run RA, you don't need to replace it.

FWIW, I started with two books when I got started on IPv6:

IPv6 Network Administration, by Niall Richard Murphy and David Malone
IPv6 Essentials, by Silvia Hagen.

Both through O'Reilly. Both are dated, but they're good reads and get
you started. It's important to have more up-to-date resources
available, such as people currently and regularly professionally
involved with it. I've mentioned that IRC channel before, though SixXS
and Hurricane Electric both have forums which are likely perfectly
usable.

(I don't do forums well. I just...don't. Give me a mailing list or
chat room with competent, respectful, intelligent people. Not that
forums can't have intelligent people, but they don't come in through
my email client or through my chat client, where I like to funnel as
much communication as possible.)


-- 
:wq

More information about the mdlug mailing list