IPv6 Intelligence

Linux IPv6

The Linux kernel implements most of its IPv6 parts from USAGI. The integrated USAGI version/release is unknown. Implemented into the kernel are the core functions of USAGI; the "standard" user-level programs provide basic IPv6 functionality. Support for several newer subprotocols is not integrated into kernel/most base systems and has to be installed by hand or as third-party software/packages.

Content from 12/2006
Current version Linux kernel 2.6
Tested version Linux 2.6.16
Documentation for unknown

Basic IPv6 functions

Overview

IPv6 is (in most configurations) active by default and successfully performs stateless autoconfiguration upon reception of RAs. The required IPv6 kernel modules are (mostly) loaded automatically.

Preference

Linux prefers IPv6 if a DNS query results in IPv4 and IPv6 addresses being sent back (A and AAAA RRs).

Privacy Extensions

Privacy addresses are not enabled by default. Their generation is activated with a sysctl: (if is the used interface) sysctl net.ip6.conf.if.use_tempaddr=1 To prefer privacy addresses and use them over the normal addresses, use: sysctl net.ip6.conf.if.use_tempaddr=2

Packet Filter/Firewall

The Linux netfilter firewall has stateless IPv6 filtering support since 2007 with the integration into Linux kernel 2.6.20.4

The IPv6 part of netfilter is called via the separate command ip6tables. See the Further Reading list for links to usage examples (Firewall Usage and Firewalling Examples).

up

Tunnelling IPv4/IPv6

Configured tunnels

Linux supports configured tunnels with the sit tunnel-interface. Setting up a manual tunnel requires several steps on the command line.

Beforehand, you need the following information:

$host-ipv4
IPv4-address of the host
$router-ipv4
IPv4-address of the router/tunnel-server
$tunnel-v6host
(Tunnel) IPv6-address of the host

Create the interface (sit1 is the tunnel interface) and set up the IPv4 addresses: ip tunnel add sit1 mode sit remote $router-ipv4 local $host-ipv4 ip link set sit1 up Set up the IPv6 address of the host: ip address add dev sit1 $tunnel-v6host Set the (IPv6) default route on the tunnel: ip route add ::/0 dev sit1

6to4

Linux supports automatic 6to4-tunnelling with the tun6to4 tunnel-interface. Setting up a 6to4 tunnel requires several steps on the command line.

Beforehand, you need the following information:

$6to4
6to4/IPv6-prefix of the host (see 6to4 Details: Creating the prefix for instructions).

Create and activate the interface: ip tunnel add tun6to4 mode sit ttl 64 remote any local ip link set dev tun6to4 up Apply the 6to4 prefix: ip -6 addr add $6to4/16 dev tun6to4 Set the (IPv6) default route on the public 6to4 anycast address: ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1

up

DHCPv6

Linux does not integrate DHCPv6 by default; most distributions do not include DHCPv6 software in their installation. DHCPv6 functionality (server, relay and client) can be obtained through external packages (see DHCPv6 software overview for comparison):

In our tests Dibbler was used successfully as DHCPv6 client and server in both stateful and stateless mode. It received (as client) several types of additional addresses and DNS information, which then were used by the network stack. As server, it distributed these information successfully to a variety of clients. (See the above referenced Dibbler DHCPv6 page for more information and configuration hints.)

up

PPPv6

Linux (in the form of SuSE 10.1) integrates an IPv6-capable PPP daemon into its base system. Most Linux distributions (including SuSE) ship the standard, IPv6-capable (Paul’s PPP Package) ppp.1

The PPP software supports (in version 2.4.3) RFC 2472 2 and was tested successfully with IPv6 on DSL (via PPPoE). After the addition of one configuration line the PPP daemon pppd tries to negotiate IPv6 while establishing the PPP link (IPv6CP) and successfully creates a link-local address for the PPP interface. The IPv6 stack afterward receives RAs on the PPP link and configures an global address on the PPP interface.

IPv6-relevant configuration of the PPP daemon is limited to specifying whether and how a IPv6 link-local address should be generated. The following line needs to be added to /etc/ppp/options and activates IPv6:

ipv6 ,

up

Supported IPv6 RFCs & IDs

This list of supported RFCs is specific to two Linux distributions which supply this data — SUSE Linux Enterprise Server 10 SP2 (Kernel 2.6.16 modified) and Red Hat Enterprise Linux 5.2 (Kernel 2.6.18 modified).

Table 1: Red Hat ES 5.2 and SUSE SLES 10 IPv6 RFCs and IDs3
Document Title
RFC 1981 Path MTU discovery for IP version 6
RFC 2460 Internet protocol, version 6 (IPv6) specification
RFC 2461 Neighbor discovery for IP version 6 (IPv6)
RFC 2462 IPv6 stateless address autoconfiguration
RFC 2464 Transmission of IPv6 packets over Ethernet networks
RFC 2465 Management Information Base for IPv6: Textual Conventions and General Group
RFC 2472
(only Red Hat)
PPPv6
RFC 2710 Multicast Listener Discovery (MLD)
RFC 3041 Privacy Extensions
RFC 3056 6to4 [RFC is not listed but probably supported —Ed.
RFC 3315 Stateful DHCPv6
RFC 3484 Default Address selection
RFC 3596 DNS Extensions to support IPv6
RFC 3810 Multicast Listener Discovery Version 2 (MLDv2)
RFC 4007 IPv6 Scoped Address Architecture
RFC 4193 Unique Local IPv6 Unicast Addresses
RFC 4213 Transition Mechanisms for IPv6 Host and Routers
RFC 4291 IPv6 Addressing Architecture
RFC 4443 Internet Control Message Protocol (ICMPv6) for the Internet ProtoVersion 6 (IPv6) Specification

There will be no Linux-specific/distribution-agnostic list — many RFCs describe functions which are supplied by system services, and thus outside the kernel.

up

References/Documentation

  1. Paul’s PPP Package Homepage (Paul Mackerras: n.d. Accessed 20.12.2006)
  2. PPPD(8) manual page from pppd version 2.4.3 (Paul Mackerras: n.d. Accessed 15.1.2007)
  3. Special Interoperability Test Certification of the Novell SuSE Linux Enterprise Server 10, Service Pack 2 [...] (Defense Information Systems Agency/Joint Interoperability Test Command (JITC): July 2008. Accessed April 2009) and
    Special Interoperability Test Certification of the Red Hat Enterprise Linux 5.2 Server and Client [...] (Defense Information Systems Agency/Joint Interoperability Test Command (JITC): July 2008. Accessed April 2009) and
    SUSE Linux Enterprise Server 10 SP2 IPv6 Letter of Compliance for DISA/JITC (Novell, Inc.: n.d. Accessed April 2009) and
    RedHat Enterprise Release 5.2 IPv6 Letter of Compliance for DISA/JITC (Red Hat, Inc.: n.d. Accessed May 2009)
  4. Status of Open Source and commercial IPv6 firewall implementations Slides of talk at European Conference on Applied IPv6 (ECAI6) (Peter Bieringer: September 2007. Accessed May 2009)

Further reading

  1. Linux IPv6 HOWTO (Peter Bieringer, TLDP.org: February 2009. Accessed May 2009) Essential reading, especially the chapters:
  2. Current Status of IPv6 Support for Networking Applications (Peter Bieringer et al, deepspace6.net: April 2010. Accessed April 2010)

up