• index
• systems
• software
• protocol
• about

Linux IPv6

• Basic IPv6 functions
  • Overview
  • Preference
  • Privacy Extensions
  • Packet Filter/Firewall
• Tunnelling IPv4/IPv6
  • Configured tunnels
  • 6to4
• DHCPv6
• PPPv6
• Supported IPv6 RFCs & IDs
• References
• Further reading

The Linux kernel implements most of its IPv6 parts from USAGI. The integrated USAGI version/release is unknown. Implemented into the kernel are the core functions of USAGI; the "standard" user-level programs provide basic IPv6 functionality. Support for several newer subprotocols is not integrated into kernel/most base systems and has to be installed by hand or as third-party software/packages.

Content from	12/2006
Current version	Linux kernel 2.6
Tested version	Linux 2.6.16
Documentation for	unknown

Basic IPv6 functions

Overview

IPv6 is (in most configurations) active by default and successfully performs stateless autoconfiguration upon reception of RAs. The required IPv6 kernel modules are (mostly) loaded automatically.

Preference

Linux prefers IPv6 if a DNS query results in IPv4 and IPv6 addresses being sent back (A and AAAA RRs).

Privacy Extensions

Privacy addresses are not enabled by default. Their generation is activated with a sysctl: (if is the used interface) sysctl net.ip6.conf.if.use_tempaddr=1 To prefer privacy addresses and use them over the normal addresses, use: sysctl net.ip6.conf.if.use_tempaddr=2

Packet Filter/Firewall

The Linux netfilter firewall has stateless IPv6 filtering support since 2007 with the integration into Linux kernel 2.6.20.4

The IPv6 part of netfilter is called via the separate command ip6tables. See the Further Reading list for links to usage examples (Firewall Usage and Firewalling Examples).

up

Tunnelling IPv4/IPv6

Configured tunnels

Linux supports configured tunnels with the sit tunnel-interface. Setting up a manual tunnel requires several steps on the command line.

Beforehand, you need the following information:

$host-ipv4

IPv4-address of the host

$router-ipv4

IPv4-address of the router/tunnel-server

$tunnel-v6host

(Tunnel) IPv6-address of the host

Create the interface (sit1 is the tunnel interface) and set up the IPv4 addresses: ip tunnel add sit1 mode sit remote $router-ipv4 local $host-ipv4 ip link set sit1 up Set up the IPv6 address of the host: ip address add dev sit1 $tunnel-v6host Set the (IPv6) default route on the tunnel: ip route add ::/0 dev sit1

6to4

Linux supports automatic 6to4-tunnelling with the tun6to4 tunnel-interface. Setting up a 6to4 tunnel requires several steps on the command line.

Beforehand, you need the following information:

$6to4

6to4/IPv6-prefix of the host (see 6to4 Details: Creating the prefix for instructions).

Create and activate the interface: ip tunnel add tun6to4 mode sit ttl 64 remote any local ip link set dev tun6to4 up Apply the 6to4 prefix: ip -6 addr add $6to4/16 dev tun6to4 Set the (IPv6) default route on the public 6to4 anycast address: ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1

up

DHCPv6

Linux does not integrate DHCPv6 by default; most distributions do not include DHCPv6 software in their installation. DHCPv6 functionality (server, relay and client) can be obtained through external packages (see DHCPv6 software overview for comparison):

• Dibbler DHCPv6 software
• WIDE DHCPv6
• ISC DHCP DHCPv6

In our tests Dibbler was used successfully as DHCPv6 client and server in both stateful and stateless mode. It received (as client) several types of additional addresses and DNS information, which then were used by the network stack. As server, it distributed these information successfully to a variety of clients. (See the above referenced Dibbler DHCPv6 page for more information and configuration hints.)

up

PPPv6

Linux (in the form of SuSE 10.1) integrates an IPv6-capable PPP daemon into its base system. Most Linux distributions (including SuSE) ship the standard, IPv6-capable (Paul’s PPP Package) ppp.1

The PPP software supports (in version 2.4.3) RFC 2472 2 and was tested successfully with IPv6 on DSL (via PPPoE). After the addition of one configuration line the PPP daemon pppd tries to negotiate IPv6 while establishing the PPP link (IPv6CP) and successfully creates a link-local address for the PPP interface. The IPv6 stack afterward receives RAs on the PPP link and configures an global address on the PPP interface.

IPv6-relevant configuration of the PPP daemon is limited to specifying whether and how a IPv6 link-local address should be generated. The following line needs to be added to /etc/ppp/options and activates IPv6:

ipv6 ,

up

Supported IPv6 RFCs & IDs

This list of supported RFCs is specific to two Linux distributions which supply this data — SUSE Linux Enterprise Server 10 SP2 (Kernel 2.6.16 modified) and Red Hat Enterprise Linux 5.2 (Kernel 2.6.18 modified).

Table 1: Red Hat ES 5.2 and SUSE SLES 10 IPv6 RFCs and IDs3

Document	Title
RFC 1981	Path MTU discovery for IP version 6
RFC 2460	Internet protocol, version 6 (IPv6) specification
RFC 2461	Neighbor discovery for IP version 6 (IPv6)
RFC 2462	IPv6 stateless address autoconfiguration
RFC 2464	Transmission of IPv6 packets over Ethernet networks
RFC 2465	Management Information Base for IPv6: Textual Conventions and General Group
RFC 2472 (only Red Hat)	PPPv6
RFC 2710	Multicast Listener Discovery (MLD)
RFC 3041	Privacy Extensions
RFC 3056	6to4 [RFC is not listed but probably supported —Ed.
RFC 3315	Stateful DHCPv6
RFC 3484	Default Address selection
RFC 3596	DNS Extensions to support IPv6
RFC 3810	Multicast Listener Discovery Version 2 (MLDv2)
RFC 4007	IPv6 Scoped Address Architecture
RFC 4193	Unique Local IPv6 Unicast Addresses
RFC 4213	Transition Mechanisms for IPv6 Host and Routers
RFC 4291	IPv6 Addressing Architecture
RFC 4443	Internet Control Message Protocol (ICMPv6) for the Internet ProtoVersion 6 (IPv6) Specification

There will be no Linux-specific/distribution-agnostic list — many RFCs describe functions which are supplied by system services, and thus outside the kernel.

up

References/Documentation

1. Paul’s PPP Package Homepage (Paul Mackerras: n.d. Accessed 20.12.2006)↑
2. PPPD(8) manual page from pppd version 2.4.3 (Paul Mackerras: n.d. Accessed 15.1.2007)↑
3. Special Interoperability Test Certification of the Novell SuSE Linux Enterprise Server 10, Service Pack 2 [...] (Defense Information Systems Agency/Joint Interoperability Test Command (JITC): July 2008. Accessed April 2009) and
   Special Interoperability Test Certification of the Red Hat Enterprise Linux 5.2 Server and Client [...] (Defense Information Systems Agency/Joint Interoperability Test Command (JITC): July 2008. Accessed April 2009) and
   SUSE Linux Enterprise Server 10 SP2 IPv6 Letter of Compliance for DISA/JITC (Novell, Inc.: n.d. Accessed April 2009) and
   RedHat Enterprise Release 5.2 IPv6 Letter of Compliance for DISA/JITC (Red Hat, Inc.: n.d. Accessed May 2009) ↑
4. Status of Open Source and commercial IPv6 firewall implementations Slides of talk at European Conference on Applied IPv6 (ECAI6) (Peter Bieringer: September 2007. Accessed May 2009)↑

Further reading

1. Linux IPv6 HOWTO (Peter Bieringer, TLDP.org: February 2009. Accessed May 2009) Essential reading, especially the chapters:
   • Configuring IPv6 addresses
   • Configuring normal IPv6 routes
   • Configuring IPv6-in-IPv4 tunnels
   • Kernel settings in /proc-filesystem: Entries in /proc/sys/net/ipv6/
   • Firewalling Usage
   • Firewalling Examples
   • Router Advertisement Daemon (radvd) Configuration hints
2. Current Status of IPv6 Support for Networking Applications (Peter Bieringer et al, deepspace6.net: April 2010. Accessed April 2010)

up

IPv6 Intelligence is an information source for implementations of the Internet Protocol Version 6 (IPv6). The original pages are the offspring of a thesis paper for public consumption. Paul Weissmann is the author and holds the Copyright © 2007-2021. In his spare time he also sometimes still feeds OpenPA.net, a resource on HP PA-RISC computers.

• Main
• Impressum/Datenschutz
• Sitemap