IPv6
Not too long ago, after reading yet another "the internet is dying! We're running out of address space and it's all coming by November 2010 according to Cisco!" I realized that, "hey waitaminute - that's just about two years from now. That's... soon."
So I setup IPv6 for the machines I own. I still depend on IPv4 simply due to IPv6 not being available... well, most anywhere. At least not natively.
A big part of the reason that we don't have IPv6 in more places is because... well, circular dependency here, but because it isn't around. I can't plug my laptop into any other ISP's line and use IPv6 natively, and even if I could, the chances of the average home grade router working with it is about two.
Out of thousands.
So to get around this, IPv6 in IPv4 tunnels are used. They do exactly what their name implies: tunnels IPv6 data within IPv4 packets. The downsides to IPv6 tunneling are latency/overhead and... your ability to keep your IP addresses. If you don't have native IPv6, then your current hosting provider or ISP won't be the one giving it to you - meaning you get to get the IPs from a third party company. When your hosting provider or ISP turns IPv6 on, what are the chances that you'll be able to reassign entire blocks of IPv6 address space? Probably not too great. If you've got Comcast as your home ISP, I don't think that your tunnel broker is going to happily move your address blocks over to Comcast's control - at all.
While the latter point is generally a deal breaker for a lot of people, in the long run, I don't care. IP address reassignment happens all the time. There's no rule stating that you must drop your tunnels once you get native IPv6, and there's no reason why it would be overly problematic or painful either. Simply bring up the native IPv6, change the DNS records, and drop your tunnels a few days later.
With this knowledge in hand, I went poking around the vast area known as the Internet and selected Hurricane Electric's IPv6 Tunnel Broker. What really sold me (for free, that is) on using HE for my tunnel was really twofold: one, their views on IPv6 (which boil down to "we'd really like to be in business when IPv4 is exhausted, so we're going to deploy native IPv6 everywhere, provide a tunnel broker for free for anyone and everyone, and we're going to do it three years before crunch time") and two, the fact that it was free.
In selecting HE, I also got full reverse DNS control, selection of the closest HE router to my server, full control of a /64 subnet and a /48 subnet (by request, which I requested), the possibility of adding three more /64 subnets and three more /48 subnets to my account, and full operating system support (with instructions for setup with linux-net-tools, iproute2, *BSD, OSX, Solaris, Windows XP+, and Cisco).
Not bad for $0. I'm a happy customer (and a potential customer should I ever need colocation/dedicated servers).
I setup my account with HE, logged in, and was presented with simplistic instructions on how to setup my CentOS server.
I created a new 'sit' tunnel named 'he-ipv6', with remote endpoint 209.51.161.58 - coming from 64.22.124.36 - and then turned the link up. Easy enough. Then I added my /64 allocation to the newly created tunnel, and pointed the default route through that tunnel.
Wait a minute. That's it? I'm IPv6 enabled already?
From there, I requested a /48 subnet so I could allocate a few full /64 subnets to my house (a /64 for my LAN, wifi, and secondary wifi), brought some more tunnels up, and then from my desktop...
And now my desktop is IPv6 enabled. Go ahead, ping6 2001:470:d82b:ffff::2! You'll hit my home desktop. Then ping ::3 - my Vista box. Yup, that's right! My windows box is also on the IPv6 network. :fffe::2 would be my laptop on the wifi. The entire :fffd::0/64 subnet (and corresponding wifi AP) is unused currently, but perhaps once I decide to upgrade my router's software and play with wpa_supplicant that will change.
But why did I do this? What did I gain? Well, for starters, it was really fun to use HE's Looking Glass to run a traceroute to my desktop...
But in the end, I can now access all of my computers from behind NAT, without actually using any NAT - at all. I could drop the IPv4 addresses from some computers and still retain access to them, full access. This may prove to be both a blessing and a curse, but given time, we'll see..
(And yes, I know I shouldn't be using ::1 for my routers, that'll change soon enough.)
So I setup IPv6 for the machines I own. I still depend on IPv4 simply due to IPv6 not being available... well, most anywhere. At least not natively.
A big part of the reason that we don't have IPv6 in more places is because... well, circular dependency here, but because it isn't around. I can't plug my laptop into any other ISP's line and use IPv6 natively, and even if I could, the chances of the average home grade router working with it is about two.
Out of thousands.
So to get around this, IPv6 in IPv4 tunnels are used. They do exactly what their name implies: tunnels IPv6 data within IPv4 packets. The downsides to IPv6 tunneling are latency/overhead and... your ability to keep your IP addresses. If you don't have native IPv6, then your current hosting provider or ISP won't be the one giving it to you - meaning you get to get the IPs from a third party company. When your hosting provider or ISP turns IPv6 on, what are the chances that you'll be able to reassign entire blocks of IPv6 address space? Probably not too great. If you've got Comcast as your home ISP, I don't think that your tunnel broker is going to happily move your address blocks over to Comcast's control - at all.
While the latter point is generally a deal breaker for a lot of people, in the long run, I don't care. IP address reassignment happens all the time. There's no rule stating that you must drop your tunnels once you get native IPv6, and there's no reason why it would be overly problematic or painful either. Simply bring up the native IPv6, change the DNS records, and drop your tunnels a few days later.
With this knowledge in hand, I went poking around the vast area known as the Internet and selected Hurricane Electric's IPv6 Tunnel Broker. What really sold me (for free, that is) on using HE for my tunnel was really twofold: one, their views on IPv6 (which boil down to "we'd really like to be in business when IPv4 is exhausted, so we're going to deploy native IPv6 everywhere, provide a tunnel broker for free for anyone and everyone, and we're going to do it three years before crunch time") and two, the fact that it was free.
In selecting HE, I also got full reverse DNS control, selection of the closest HE router to my server, full control of a /64 subnet and a /48 subnet (by request, which I requested), the possibility of adding three more /64 subnets and three more /48 subnets to my account, and full operating system support (with instructions for setup with linux-net-tools, iproute2, *BSD, OSX, Solaris, Windows XP+, and Cisco).
Not bad for $0. I'm a happy customer (and a potential customer should I ever need colocation/dedicated servers).
I setup my account with HE, logged in, and was presented with simplistic instructions on how to setup my CentOS server.
ip tunnel add he-ipv6 mode sit remote 209.51.161.58 local 64.22.124.36 ttl 255 ip link set he-ipv6 up ip addr add 2001:470:4:b2::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6
I created a new 'sit' tunnel named 'he-ipv6', with remote endpoint 209.51.161.58 - coming from 64.22.124.36 - and then turned the link up. Easy enough. Then I added my /64 allocation to the newly created tunnel, and pointed the default route through that tunnel.
Wait a minute. That's it? I'm IPv6 enabled already?
[kyle@averageurl ~]$ ping6 ipv6.google.com PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes 64 bytes from 2001:4860:0:1001::68: icmp_seq=0 ttl=55 time=327 msYup...
From there, I requested a /48 subnet so I could allocate a few full /64 subnets to my house (a /64 for my LAN, wifi, and secondary wifi), brought some more tunnels up, and then from my desktop...
kyle@ksb ~ $ ping6 ipv6.google.com PING ipv6.google.com(2001:4860:0:2001::68) 56 data bytes 64 bytes from 2001:4860:0:2001::68: icmp_seq=1 ttl=54 time=325 ms
And now my desktop is IPv6 enabled. Go ahead, ping6 2001:470:d82b:ffff::2! You'll hit my home desktop. Then ping ::3 - my Vista box. Yup, that's right! My windows box is also on the IPv6 network. :fffe::2 would be my laptop on the wifi. The entire :fffd::0/64 subnet (and corresponding wifi AP) is unused currently, but perhaps once I decide to upgrade my router's software and play with wpa_supplicant that will change.
But why did I do this? What did I gain? Well, for starters, it was really fun to use HE's Looking Glass to run a traceroute to my desktop...
Tracing the route to IPv6 node 2001:470:d82b:ffff::2 from 1 to 30 hops 1 2 ms <1 ms <1 ms 2001:470:0:32::2 2 76 ms 75 ms 75 ms 2001:470:0:35::2 3 103 ms 103 ms 103 ms 2001:470:0:4b::2 4 103 ms 103 ms 103 ms 2001:470:0:8c::2 5 148 ms 148 ms 148 ms 2001:470:4:b2::1 6 234 ms 236 ms 238 ms 2001:470:d82b:ffff::1 7 234 ms 233 ms 233 ms 2001:470:d82b:ffff::2... while it sits behind my IPv4 NAT router. And then my Vista computer, and then my laptop connected to the wifi. Then I got to go take a look at The KAME project and check out the dancing turtle. It turns out that Google's IPv6 site also has an animated logo.
But in the end, I can now access all of my computers from behind NAT, without actually using any NAT - at all. I could drop the IPv4 addresses from some computers and still retain access to them, full access. This may prove to be both a blessing and a curse, but given time, we'll see..
(And yes, I know I shouldn't be using ::1 for my routers, that'll change soon enough.)
I've toyed with IPv6 on a number of occasions, but never had it work so simply. I'm really glad you posted this. My whole LAN is now routing IPv6. Nice!