Difference between revisions of "IPv6Tunnels/ExampleConfigs"
Jump to navigation
Jump to search
(Created page with "''' Example configs ''' = Linux = Tunnel interface: <pre> auto marla-ipv6-spn iface marla-ipv6-spn inet6 v4tunnel mode ipip ttl 225 address 2001:67c:21bc:7fff:0001:2:0:2...") |
(Add an equal cost multipath switch and a description for it for bird 1.6.2+ users) |
||
(10 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
= Linux = | = Linux = | ||
Tunnel interface | == Tunnel interface on Debian == | ||
<pre> | <pre> | ||
auto marla-ipv6-spn | auto marla-ipv6-spn | ||
Line 14: | Line 14: | ||
endpoint 79.98.105.18 | endpoint 79.98.105.18 | ||
gateway 2001:67c:21bc:7fff:0001:2:0:1 | gateway 2001:67c:21bc:7fff:0001:2:0:1 | ||
</pre> | |||
== Tunnel interface on OpenWRT == | |||
Install the 6in4 package, and add something like this to /etc/config/network (change the addresses): | |||
<pre> | |||
config interface 'crock6' | |||
option proto '6in4' | |||
option peeraddr '79.98.105.18' | |||
option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64' | |||
option ip6gw '2001:67c:21bc:7fff:0001:10:0:1' | |||
option ip6prefix '2001:67c:21bc:c::/64' | |||
option ttl '255' | |||
</pre> | |||
== quagga == | |||
In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer. | |||
Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network". | |||
(this is actually the live configuration of initLab) | |||
bgpd.conf: | |||
<pre> | |||
! | |||
router bgp 65535 | |||
bgp router-id 192.168.232.1 | |||
no bgp default ipv4-unicast | |||
neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533 | |||
neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od | |||
neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10 | |||
neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533 | |||
neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc | |||
neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10 | |||
! | |||
address-family ipv6 | |||
network 2001:67c:21bc:4::/62 | |||
neighbor 2001:67c:21bc:7fff:2:1:0:1 activate | |||
neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out | |||
neighbor 2001:67c:21bc:7fff:2:1:1:1 activate | |||
neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out | |||
exit-address-family | |||
! | |||
ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62 | |||
ipv6 prefix-list mine seq 15 deny any | |||
! | |||
route-map external-out permit 10 | |||
match ipv6 address prefix-list mine | |||
! | |||
route-map external-out deny 20 | |||
! | |||
</pre> | |||
== bird == | |||
This is /etc/bird/bird6.conf: | |||
<pre> | |||
# Configure logging | |||
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; | |||
# Listen only on IPv6 | |||
listen bgp v6only; | |||
# Write your router id here, any ipv4 address that you have will do | |||
router id 46.233.38.1; | |||
# The direct protocol automatically generates device routes to | |||
# all network interfaces. Can exist in as many instances as you wish | |||
# if you want to populate multiple routing tables with device routes. | |||
protocol direct { | |||
interface "*"; | |||
} | |||
# This pseudo-protocol performs synchronization between BIRD's routing | |||
# tables and the kernel. If your kernel supports multiple routing tables | |||
# (as Linux 2.2.x does), you can run multiple instances of the kernel | |||
# protocol and synchronize different kernel tables with different BIRD tables. | |||
protocol kernel { | |||
export all; | |||
# Usually, only best routes are exported to the kernel protocol. With | |||
# path merging enabled, both best routes and equivalent non-best routes | |||
# are merged during export to generate one ECMP (equal-cost multipath) | |||
# route for each network. This is useful e.g. for BGP multipath. Note | |||
# that best routes are still pivotal for route export (responsible for | |||
# most properties of resulting ECMP routes), while exported non-best | |||
# routes are responsible just for additional multipath next hops. This | |||
# option also allows to specify a limit on maximal number of nexthops in | |||
# one route. By default, multipath merging is disabled. If enabled, | |||
# default value of the limit is 16. bird 1.6.2+ required. | |||
#merge paths; | |||
} | |||
# This pseudo-protocol watches all interface up/down events. | |||
protocol device { | |||
# Time in seconds between two scans of the network interface list. On | |||
# systems where we are notified about interface status changes | |||
# asynchronously (such as newer versions of Linux), we need to scan the | |||
# list only in order to avoid confusion by lost notification messages, | |||
# so the default time is set to a large value. | |||
#scan time 10; # Scan interfaces every 10 seconds | |||
} | |||
protocol static { | |||
# REPLACE WITH YOUR NET HERE | |||
route 2001:67c:21bc:4::/64 unreachable; # Sink route | |||
} | |||
filter ext_originate_ip6 { | |||
# REPLACE WITH YOUR NET HERE | |||
if (net = 2001:67c:21bc:4::/64 ) then accept; | |||
else reject; | |||
} | |||
template bgp t_ext_ip6 { | |||
# replace ASN here! | |||
local as 65532; | |||
export filter ext_originate_ip6; | |||
} | |||
# REPLACE NEIGHBOR IPs HERE | |||
# IPv6 bgp link to marla | |||
protocol bgp marla_tbc_ip6 from t_ext_ip6 { | |||
description "uplink to marla/tbc over ipv6"; | |||
neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533; | |||
# preference 110; # Set higher preference for Marla | |||
} | |||
# IPv6 bgp link to tyler | |||
protocol bgp tyler_tbc_ip6 from t_ext_ip6 { | |||
description "uplink to tyler/tbc over ipv6"; | |||
neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533; | |||
} | |||
</pre> | |||
= Mikrotik = | |||
TODO: explain config | |||
<pre> | |||
/interface 6to4 | |||
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\ | |||
marla-ipv6-bsc remote-address=79.98.105.18 | |||
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\ | |||
tyler-ipv6-bst remote-address=78.128.1.18 | |||
/routing bgp instance | |||
set default as=65531 | |||
/ipv6 address | |||
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \ | |||
interface=marla-ipv6-bsc | |||
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\ | |||
yes interface=bridge-lan | |||
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \ | |||
interface=tyler-ipv6-bst | |||
/routing bgp network | |||
add network=2001:67c:21bc:2::/64 synchronize=no | |||
/routing bgp peer | |||
add address-families=ipv6 name=tyler remote-address=\ | |||
2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default | |||
add address-families=ipv6 name=marla remote-address=\ | |||
2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default | |||
</pre> | |||
= Juniper = | |||
== Juniper SRX == | |||
* XX.XX.XX.XX is your local ip address | |||
<pre> | |||
interfaces { | |||
ip-0/0/0 { | |||
unit 0 { | |||
tunnel { | |||
source XX.XX.XX.XX; | |||
destination 79.98.105.18; | |||
ttl 255; | |||
} | |||
family inet6 { | |||
address 2001:67c:21bc:7fff:0001:12:1:2/120; | |||
} | |||
} | |||
unit 1 { | |||
tunnel { | |||
source XX.XX.XX.XX; | |||
destination 78.128.1.18; | |||
ttl 255; | |||
} | |||
family inet6 { | |||
address 2001:67c:21bc:7fff:0002:12:0:2/120; | |||
} | |||
} | |||
} | |||
} | |||
routing-options { | |||
graceful-restart; | |||
rib inet6.0 { | |||
static { | |||
route 2001:67c:21bc:e::/64 { | |||
discard; | |||
as-path { | |||
origin igp; | |||
} | |||
} | |||
} | |||
} | |||
router-id XX.XX.XX.XX; | |||
autonomous-system 65529; | |||
} | |||
protocols { | |||
bgp { | |||
group IPv6-BG-Tunnels { | |||
type external; | |||
import import-IPv6-ludost-net; | |||
family inet6 { | |||
any; | |||
} | |||
export export-IPv6-ludost-net; | |||
neighbor 2001:67c:21bc:7fff:0001:12:1:1 { | |||
local-address 2001:67c:21bc:7fff:0001:12:1:2; | |||
peer-as 200533; | |||
local-as 65529; | |||
} | |||
neighbor 2001:67c:21bc:7fff:0002:12:0:1 { | |||
local-address 2001:67c:21bc:7fff:0002:12:0:2; | |||
peer-as 200533; | |||
local-as 65529; | |||
} | |||
} | |||
} | |||
} | |||
policy-options { | |||
policy-statement export-IPv6-ludost-net { | |||
term 0 { | |||
from { | |||
route-filter 2001:67c:21bc:e::/64 exact; | |||
} | |||
then accept; | |||
} | |||
term default { | |||
then reject; | |||
} | |||
} | |||
policy-statement import-IPv6-ludost-net { | |||
term default { | |||
then accept; | |||
} | |||
} | |||
} | |||
security { | |||
forwarding-options { | |||
family { | |||
inet6 { | |||
mode packet-based; | |||
} | |||
} | |||
} | |||
} | |||
</pre> | </pre> |
Latest revision as of 01:11, 12 October 2016
Example configs
Linux
Tunnel interface on Debian
auto marla-ipv6-spn iface marla-ipv6-spn inet6 v4tunnel mode ipip ttl 225 address 2001:67c:21bc:7fff:0001:2:0:2 netmask 120 local USER-IP-ADDRESS endpoint 79.98.105.18 gateway 2001:67c:21bc:7fff:0001:2:0:1
Tunnel interface on OpenWRT
Install the 6in4 package, and add something like this to /etc/config/network (change the addresses):
config interface 'crock6' option proto '6in4' option peeraddr '79.98.105.18' option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64' option ip6gw '2001:67c:21bc:7fff:0001:10:0:1' option ip6prefix '2001:67c:21bc:c::/64' option ttl '255'
quagga
In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.
Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".
(this is actually the live configuration of initLab)
bgpd.conf:
! router bgp 65535 bgp router-id 192.168.232.1 no bgp default ipv4-unicast neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533 neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10 neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533 neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10 ! address-family ipv6 network 2001:67c:21bc:4::/62 neighbor 2001:67c:21bc:7fff:2:1:0:1 activate neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out neighbor 2001:67c:21bc:7fff:2:1:1:1 activate neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out exit-address-family ! ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62 ipv6 prefix-list mine seq 15 deny any ! route-map external-out permit 10 match ipv6 address prefix-list mine ! route-map external-out deny 20 !
bird
This is /etc/bird/bird6.conf:
# Configure logging log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; # Listen only on IPv6 listen bgp v6only; # Write your router id here, any ipv4 address that you have will do router id 46.233.38.1; # The direct protocol automatically generates device routes to # all network interfaces. Can exist in as many instances as you wish # if you want to populate multiple routing tables with device routes. protocol direct { interface "*"; } # This pseudo-protocol performs synchronization between BIRD's routing # tables and the kernel. If your kernel supports multiple routing tables # (as Linux 2.2.x does), you can run multiple instances of the kernel # protocol and synchronize different kernel tables with different BIRD tables. protocol kernel { export all; # Usually, only best routes are exported to the kernel protocol. With # path merging enabled, both best routes and equivalent non-best routes # are merged during export to generate one ECMP (equal-cost multipath) # route for each network. This is useful e.g. for BGP multipath. Note # that best routes are still pivotal for route export (responsible for # most properties of resulting ECMP routes), while exported non-best # routes are responsible just for additional multipath next hops. This # option also allows to specify a limit on maximal number of nexthops in # one route. By default, multipath merging is disabled. If enabled, # default value of the limit is 16. bird 1.6.2+ required. #merge paths; } # This pseudo-protocol watches all interface up/down events. protocol device { # Time in seconds between two scans of the network interface list. On # systems where we are notified about interface status changes # asynchronously (such as newer versions of Linux), we need to scan the # list only in order to avoid confusion by lost notification messages, # so the default time is set to a large value. #scan time 10; # Scan interfaces every 10 seconds } protocol static { # REPLACE WITH YOUR NET HERE route 2001:67c:21bc:4::/64 unreachable; # Sink route } filter ext_originate_ip6 { # REPLACE WITH YOUR NET HERE if (net = 2001:67c:21bc:4::/64 ) then accept; else reject; } template bgp t_ext_ip6 { # replace ASN here! local as 65532; export filter ext_originate_ip6; } # REPLACE NEIGHBOR IPs HERE # IPv6 bgp link to marla protocol bgp marla_tbc_ip6 from t_ext_ip6 { description "uplink to marla/tbc over ipv6"; neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533; # preference 110; # Set higher preference for Marla } # IPv6 bgp link to tyler protocol bgp tyler_tbc_ip6 from t_ext_ip6 { description "uplink to tyler/tbc over ipv6"; neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533; }
Mikrotik
TODO: explain config
/interface 6to4 add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\ marla-ipv6-bsc remote-address=79.98.105.18 add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\ tyler-ipv6-bst remote-address=78.128.1.18 /routing bgp instance set default as=65531 /ipv6 address add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \ interface=marla-ipv6-bsc add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\ yes interface=bridge-lan add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \ interface=tyler-ipv6-bst /routing bgp network add network=2001:67c:21bc:2::/64 synchronize=no /routing bgp peer add address-families=ipv6 name=tyler remote-address=\ 2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default add address-families=ipv6 name=marla remote-address=\ 2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default
Juniper
Juniper SRX
- XX.XX.XX.XX is your local ip address
interfaces { ip-0/0/0 { unit 0 { tunnel { source XX.XX.XX.XX; destination 79.98.105.18; ttl 255; } family inet6 { address 2001:67c:21bc:7fff:0001:12:1:2/120; } } unit 1 { tunnel { source XX.XX.XX.XX; destination 78.128.1.18; ttl 255; } family inet6 { address 2001:67c:21bc:7fff:0002:12:0:2/120; } } } } routing-options { graceful-restart; rib inet6.0 { static { route 2001:67c:21bc:e::/64 { discard; as-path { origin igp; } } } } router-id XX.XX.XX.XX; autonomous-system 65529; } protocols { bgp { group IPv6-BG-Tunnels { type external; import import-IPv6-ludost-net; family inet6 { any; } export export-IPv6-ludost-net; neighbor 2001:67c:21bc:7fff:0001:12:1:1 { local-address 2001:67c:21bc:7fff:0001:12:1:2; peer-as 200533; local-as 65529; } neighbor 2001:67c:21bc:7fff:0002:12:0:1 { local-address 2001:67c:21bc:7fff:0002:12:0:2; peer-as 200533; local-as 65529; } } } } policy-options { policy-statement export-IPv6-ludost-net { term 0 { from { route-filter 2001:67c:21bc:e::/64 exact; } then accept; } term default { then reject; } } policy-statement import-IPv6-ludost-net { term default { then accept; } } } security { forwarding-options { family { inet6 { mode packet-based; } } } }