https://wiki.initlab.org/api.php?action=feedcontributions&user=Ignisf&feedformat=atom
initLab - User contributions [en]
2024-03-28T11:14:11Z
User contributions
MediaWiki 1.37.2
https://wiki.initlab.org/index.php?title=IPv6Tunnels/ExampleConfigs&diff=443
IPv6Tunnels/ExampleConfigs
2016-10-11T23:11:15Z
<p>Ignisf: Add an equal cost multipath switch and a description for it for bird 1.6.2+ users</p>
<hr />
<div>''' Example configs '''<br />
<br />
= Linux =<br />
<br />
== Tunnel interface on Debian ==<br />
<pre><br />
auto marla-ipv6-spn<br />
iface marla-ipv6-spn inet6 v4tunnel<br />
mode ipip<br />
ttl 225<br />
address 2001:67c:21bc:7fff:0001:2:0:2<br />
netmask 120<br />
local USER-IP-ADDRESS<br />
endpoint 79.98.105.18<br />
gateway 2001:67c:21bc:7fff:0001:2:0:1<br />
</pre><br />
<br />
== Tunnel interface on OpenWRT ==<br />
<br />
Install the 6in4 package, and add something like this to /etc/config/network (change the addresses):<br />
<pre><br />
config interface 'crock6'<br />
option proto '6in4'<br />
option peeraddr '79.98.105.18'<br />
option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64'<br />
option ip6gw '2001:67c:21bc:7fff:0001:10:0:1'<br />
option ip6prefix '2001:67c:21bc:c::/64'<br />
option ttl '255'<br />
</pre><br />
<br />
== quagga ==<br />
<br />
In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.<br />
<br />
Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".<br />
<br />
(this is actually the live configuration of initLab)<br />
<br />
bgpd.conf:<br />
<br />
<pre><br />
!<br />
router bgp 65535<br />
bgp router-id 192.168.232.1<br />
no bgp default ipv4-unicast<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10<br />
!<br />
address-family ipv6<br />
network 2001:67c:21bc:4::/62<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 activate<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 activate<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out<br />
exit-address-family<br />
!<br />
ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62<br />
ipv6 prefix-list mine seq 15 deny any<br />
!<br />
route-map external-out permit 10<br />
match ipv6 address prefix-list mine<br />
!<br />
route-map external-out deny 20<br />
!<br />
<br />
</pre><br />
<br />
== bird ==<br />
<br />
This is /etc/bird/bird6.conf:<br />
<pre><br />
<br />
# Configure logging<br />
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };<br />
<br />
# Listen only on IPv6<br />
listen bgp v6only;<br />
<br />
<br />
# Write your router id here, any ipv4 address that you have will do<br />
router id 46.233.38.1;<br />
<br />
# The direct protocol automatically generates device routes to<br />
# all network interfaces. Can exist in as many instances as you wish<br />
# if you want to populate multiple routing tables with device routes.<br />
protocol direct {<br />
interface "*";<br />
}<br />
<br />
# This pseudo-protocol performs synchronization between BIRD's routing<br />
# tables and the kernel. If your kernel supports multiple routing tables<br />
# (as Linux 2.2.x does), you can run multiple instances of the kernel<br />
# protocol and synchronize different kernel tables with different BIRD tables.<br />
protocol kernel {<br />
export all;<br />
<br />
# Usually, only best routes are exported to the kernel protocol. With<br />
# path merging enabled, both best routes and equivalent non-best routes<br />
# are merged during export to generate one ECMP (equal-cost multipath)<br />
# route for each network. This is useful e.g. for BGP multipath. Note<br />
# that best routes are still pivotal for route export (responsible for<br />
# most properties of resulting ECMP routes), while exported non-best<br />
# routes are responsible just for additional multipath next hops. This<br />
# option also allows to specify a limit on maximal number of nexthops in<br />
# one route. By default, multipath merging is disabled. If enabled,<br />
# default value of the limit is 16. bird 1.6.2+ required.<br />
#merge paths;<br />
}<br />
<br />
# This pseudo-protocol watches all interface up/down events.<br />
protocol device {<br />
# Time in seconds between two scans of the network interface list. On<br />
# systems where we are notified about interface status changes<br />
# asynchronously (such as newer versions of Linux), we need to scan the<br />
# list only in order to avoid confusion by lost notification messages,<br />
# so the default time is set to a large value.<br />
#scan time 10; # Scan interfaces every 10 seconds<br />
}<br />
<br />
protocol static {<br />
# REPLACE WITH YOUR NET HERE<br />
route 2001:67c:21bc:4::/64 unreachable; # Sink route<br />
}<br />
<br />
filter ext_originate_ip6 {<br />
# REPLACE WITH YOUR NET HERE<br />
if (net = 2001:67c:21bc:4::/64 ) then accept;<br />
else reject;<br />
}<br />
<br />
template bgp t_ext_ip6 {<br />
# replace ASN here!<br />
local as 65532;<br />
export filter ext_originate_ip6;<br />
}<br />
<br />
<br />
# REPLACE NEIGHBOR IPs HERE<br />
<br />
# IPv6 bgp link to marla<br />
protocol bgp marla_tbc_ip6 from t_ext_ip6 {<br />
description "uplink to marla/tbc over ipv6";<br />
neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533;<br />
# preference 110; # Set higher preference for Marla<br />
}<br />
<br />
# IPv6 bgp link to tyler<br />
protocol bgp tyler_tbc_ip6 from t_ext_ip6 {<br />
description "uplink to tyler/tbc over ipv6";<br />
neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533;<br />
}<br />
<br />
<br />
</pre><br />
<br />
= Mikrotik =<br />
TODO: explain config<br />
<br />
<pre><br />
/interface 6to4<br />
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\<br />
marla-ipv6-bsc remote-address=79.98.105.18<br />
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\<br />
tyler-ipv6-bst remote-address=78.128.1.18<br />
/routing bgp instance<br />
set default as=65531<br />
/ipv6 address<br />
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \<br />
interface=marla-ipv6-bsc<br />
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\<br />
yes interface=bridge-lan<br />
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \<br />
interface=tyler-ipv6-bst<br />
/routing bgp network<br />
add network=2001:67c:21bc:2::/64 synchronize=no<br />
/routing bgp peer<br />
add address-families=ipv6 name=tyler remote-address=\<br />
2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default<br />
add address-families=ipv6 name=marla remote-address=\<br />
2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default<br />
</pre><br />
<br />
= Juniper =<br />
<br />
== Juniper SRX ==<br />
<br />
* XX.XX.XX.XX is your local ip address<br />
<br />
<pre><br />
<br />
interfaces {<br />
ip-0/0/0 {<br />
unit 0 {<br />
tunnel {<br />
source XX.XX.XX.XX;<br />
destination 79.98.105.18;<br />
ttl 255;<br />
}<br />
family inet6 {<br />
address 2001:67c:21bc:7fff:0001:12:1:2/120;<br />
}<br />
}<br />
unit 1 {<br />
tunnel {<br />
source XX.XX.XX.XX;<br />
destination 78.128.1.18;<br />
ttl 255;<br />
}<br />
family inet6 {<br />
address 2001:67c:21bc:7fff:0002:12:0:2/120;<br />
}<br />
}<br />
}<br />
}<br />
routing-options {<br />
graceful-restart;<br />
rib inet6.0 {<br />
static {<br />
route 2001:67c:21bc:e::/64 {<br />
discard;<br />
as-path {<br />
origin igp;<br />
}<br />
}<br />
}<br />
}<br />
router-id XX.XX.XX.XX;<br />
autonomous-system 65529;<br />
}<br />
protocols {<br />
bgp {<br />
group IPv6-BG-Tunnels {<br />
type external;<br />
import import-IPv6-ludost-net;<br />
family inet6 {<br />
any;<br />
}<br />
export export-IPv6-ludost-net;<br />
neighbor 2001:67c:21bc:7fff:0001:12:1:1 {<br />
local-address 2001:67c:21bc:7fff:0001:12:1:2;<br />
peer-as 200533;<br />
local-as 65529;<br />
}<br />
neighbor 2001:67c:21bc:7fff:0002:12:0:1 {<br />
local-address 2001:67c:21bc:7fff:0002:12:0:2;<br />
peer-as 200533;<br />
local-as 65529;<br />
}<br />
}<br />
}<br />
}<br />
policy-options {<br />
policy-statement export-IPv6-ludost-net {<br />
term 0 {<br />
from {<br />
route-filter 2001:67c:21bc:e::/64 exact;<br />
}<br />
then accept;<br />
}<br />
term default {<br />
then reject;<br />
}<br />
}<br />
policy-statement import-IPv6-ludost-net {<br />
term default {<br />
then accept;<br />
}<br />
}<br />
}<br />
security {<br />
forwarding-options {<br />
family {<br />
inet6 {<br />
mode packet-based;<br />
}<br />
}<br />
}<br />
}<br />
</pre></div>
Ignisf
https://wiki.initlab.org/index.php?title=IPv6Tunnels/ExampleConfigs&diff=433
IPv6Tunnels/ExampleConfigs
2016-08-09T20:31:37Z
<p>Ignisf: /* bird */</p>
<hr />
<div>''' Example configs '''<br />
<br />
= Linux =<br />
<br />
== Tunnel interface on Debian ==<br />
<pre><br />
auto marla-ipv6-spn<br />
iface marla-ipv6-spn inet6 v4tunnel<br />
mode ipip<br />
ttl 225<br />
address 2001:67c:21bc:7fff:0001:2:0:2<br />
netmask 120<br />
local USER-IP-ADDRESS<br />
endpoint 79.98.105.18<br />
gateway 2001:67c:21bc:7fff:0001:2:0:1<br />
</pre><br />
<br />
== Tunnel interface on OpenWRT ==<br />
<br />
Install the 6in4 package, and add something like this to /etc/config/network (change the addresses):<br />
<pre><br />
config interface 'crock6'<br />
option proto '6in4'<br />
option peeraddr '79.98.105.18'<br />
option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64'<br />
option ip6gw '2001:67c:21bc:7fff:0001:10:0:1'<br />
option ip6prefix '2001:67c:21bc:c::/64'<br />
option ttl '255'<br />
</pre><br />
<br />
== quagga ==<br />
<br />
In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.<br />
<br />
Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".<br />
<br />
(this is actually the live configuration of initLab)<br />
<br />
bgpd.conf:<br />
<br />
<pre><br />
!<br />
router bgp 65535<br />
bgp router-id 192.168.232.1<br />
no bgp default ipv4-unicast<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10<br />
!<br />
address-family ipv6<br />
network 2001:67c:21bc:4::/62<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 activate<br />
neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 activate<br />
neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out<br />
exit-address-family<br />
!<br />
ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62<br />
ipv6 prefix-list mine seq 15 deny any<br />
!<br />
route-map external-out permit 10<br />
match ipv6 address prefix-list mine<br />
!<br />
route-map external-out deny 20<br />
!<br />
<br />
</pre><br />
<br />
== bird ==<br />
<br />
This is /etc/bird/bird6.conf:<br />
<pre><br />
<br />
# Configure logging<br />
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };<br />
<br />
# Listen only on IPv6<br />
listen bgp v6only;<br />
<br />
<br />
# Write your router id here, any ipv4 address that you have will do<br />
router id 46.233.38.1;<br />
<br />
# The direct protocol automatically generates device routes to<br />
# all network interfaces. Can exist in as many instances as you wish<br />
# if you want to populate multiple routing tables with device routes.<br />
protocol direct {<br />
interface "*";<br />
}<br />
<br />
# This pseudo-protocol performs synchronization between BIRD's routing<br />
# tables and the kernel. If your kernel supports multiple routing tables<br />
# (as Linux 2.2.x does), you can run multiple instances of the kernel<br />
# protocol and synchronize different kernel tables with different BIRD tables.<br />
protocol kernel {<br />
export all;<br />
}<br />
<br />
# This pseudo-protocol watches all interface up/down events.<br />
protocol device {<br />
# Time in seconds between two scans of the network interface list. On<br />
# systems where we are notified about interface status changes<br />
# asynchronously (such as newer versions of Linux), we need to scan the<br />
# list only in order to avoid confusion by lost notification messages,<br />
# so the default time is set to a large value.<br />
#scan time 10; # Scan interfaces every 10 seconds<br />
}<br />
<br />
protocol static {<br />
# REPLACE WITH YOUR NET HERE<br />
route 2001:67c:21bc:4::/64 unreachable; # Sink route<br />
}<br />
<br />
filter ext_originate_ip6 {<br />
# REPLACE WITH YOUR NET HERE<br />
if (net = 2001:67c:21bc:4::/64 ) then accept;<br />
else reject;<br />
}<br />
<br />
template bgp t_ext_ip6 {<br />
# replace ASN here!<br />
local as 65532;<br />
export filter ext_originate_ip6;<br />
}<br />
<br />
<br />
# REPLACE NEIGHBOR IPs HERE<br />
<br />
# IPv6 bgp link to marla<br />
protocol bgp marla_tbc_ip6 from t_ext_ip6 {<br />
description "uplink to marla/tbc over ipv6";<br />
neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533;<br />
# preference 110; # Set higher preference for Marla<br />
}<br />
<br />
# IPv6 bgp link to tyler<br />
protocol bgp tyler_tbc_ip6 from t_ext_ip6 {<br />
description "uplink to tyler/tbc over ipv6";<br />
neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533;<br />
}<br />
<br />
<br />
</pre><br />
<br />
= Mikrotik =<br />
TODO: explain config<br />
<br />
<pre><br />
/interface 6to4<br />
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\<br />
marla-ipv6-bsc remote-address=79.98.105.18<br />
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\<br />
tyler-ipv6-bst remote-address=78.128.1.18<br />
/routing bgp instance<br />
set default as=65531<br />
/ipv6 address<br />
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \<br />
interface=marla-ipv6-bsc<br />
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\<br />
yes interface=bridge-lan<br />
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \<br />
interface=tyler-ipv6-bst<br />
/routing bgp network<br />
add network=2001:67c:21bc:2::/64 synchronize=no<br />
/routing bgp peer<br />
add address-families=ipv6 name=tyler remote-address=\<br />
2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default<br />
add address-families=ipv6 name=marla remote-address=\<br />
2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default<br />
</pre><br />
<br />
= Juniper =<br />
<br />
== Juniper SRX ==<br />
<br />
* XX.XX.XX.XX is your local ip address<br />
<br />
<pre><br />
<br />
interfaces {<br />
ip-0/0/0 {<br />
unit 0 {<br />
tunnel {<br />
source XX.XX.XX.XX;<br />
destination 79.98.105.18;<br />
ttl 255;<br />
}<br />
family inet6 {<br />
address 2001:67c:21bc:7fff:0001:12:1:2/120;<br />
}<br />
}<br />
unit 1 {<br />
tunnel {<br />
source XX.XX.XX.XX;<br />
destination 78.128.1.18;<br />
ttl 255;<br />
}<br />
family inet6 {<br />
address 2001:67c:21bc:7fff:0002:12:0:2/120;<br />
}<br />
}<br />
}<br />
}<br />
routing-options {<br />
graceful-restart;<br />
rib inet6.0 {<br />
static {<br />
route 2001:67c:21bc:e::/64 {<br />
discard;<br />
as-path {<br />
origin igp;<br />
}<br />
}<br />
}<br />
}<br />
router-id XX.XX.XX.XX;<br />
autonomous-system 65529;<br />
}<br />
protocols {<br />
bgp {<br />
group IPv6-BG-Tunnels {<br />
type external;<br />
import import-IPv6-ludost-net;<br />
family inet6 {<br />
any;<br />
}<br />
export export-IPv6-ludost-net;<br />
neighbor 2001:67c:21bc:7fff:0001:12:1:1 {<br />
local-address 2001:67c:21bc:7fff:0001:12:1:2;<br />
peer-as 200533;<br />
local-as 65529;<br />
}<br />
neighbor 2001:67c:21bc:7fff:0002:12:0:1 {<br />
local-address 2001:67c:21bc:7fff:0002:12:0:2;<br />
peer-as 200533;<br />
local-as 65529;<br />
}<br />
}<br />
}<br />
}<br />
policy-options {<br />
policy-statement export-IPv6-ludost-net {<br />
term 0 {<br />
from {<br />
route-filter 2001:67c:21bc:e::/64 exact;<br />
}<br />
then accept;<br />
}<br />
term default {<br />
then reject;<br />
}<br />
}<br />
policy-statement import-IPv6-ludost-net {<br />
term default {<br />
then accept;<br />
}<br />
}<br />
}<br />
security {<br />
forwarding-options {<br />
family {<br />
inet6 {<br />
mode packet-based;<br />
}<br />
}<br />
}<br />
}<br />
</pre></div>
Ignisf