IPv6Tunnels/ExampleConfigs
Example configs
Linux
Tunnel interface on Debian
auto marla-ipv6-spn iface marla-ipv6-spn inet6 v4tunnel mode ipip ttl 225 address 2001:67c:21bc:7fff:0001:2:0:2 netmask 120 local USER-IP-ADDRESS endpoint 79.98.105.18 gateway 2001:67c:21bc:7fff:0001:2:0:1
Tunnel interface on OpenWRT
Install the 6in4 package, and add something like this to /etc/config/network (change the addresses):
config interface 'crock6' option proto '6in4' option peeraddr '79.98.105.18' option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64' option ip6gw '2001:67c:21bc:7fff:0001:10:0:1' option ip6prefix '2001:67c:21bc:c::/64' option ttl '255'
quagga
In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.
Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".
(this is actually the live configuration of initLab)
bgpd.conf:
! router bgp 65535 bgp router-id 192.168.232.1 no bgp default ipv4-unicast neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533 neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10 neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533 neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10 ! address-family ipv6 network 2001:67c:21bc:4::/62 neighbor 2001:67c:21bc:7fff:2:1:0:1 activate neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out neighbor 2001:67c:21bc:7fff:2:1:1:1 activate neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out exit-address-family ! ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62 ipv6 prefix-list mine seq 15 deny any ! route-map external-out permit 10 match ipv6 address prefix-list mine ! route-map external-out deny 20 !
bird
This is /etc/bird/bird6.conf:
# Configure logging
#log syslog {
#log stderr all;
#log "tmp" all;
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
listen bgp v6only;
# Write your router id here, any ipv4 address that you have will do
router id 46.233.38.1;
# The direct protocol automatically generates device routes to
# all network interfaces. Can exist in as many instances as you wish
# if you want to populate multiple routing tables with device routes.
protocol direct {
interface "*";
}
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
learn;
persist;
scan time 20;
export all;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10;
}
filter ext_originate_ip6 {
# REPLACE WITH YOUR NET HERE
if (net = 2001:67c:21bc:4::/64 ) then accept;
else reject;
}
template bgp t_ext_ip6 {
# replace ASN here!
local as 65532;
export filter ext_originate_ip6;
}
# REPLACE NEIGHBOR IPs HERE
# Ipv6 bgp link to marla
protocol bgp marla_tbc_ip6 from t_ext_ip6 {
description "uplink to marla/tbc over ipv6";
neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533;
}
# Ipv6 bgp link to marla
protocol bgp tyler_tbc_ip6 from t_ext_ip6 {
description "uplink to tyler/tbc over ipv6";
neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533;
}
Mikrotik
TODO: explain config
/interface 6to4
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
marla-ipv6-bsc remote-address=79.98.105.18
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
tyler-ipv6-bst remote-address=78.128.1.18
/routing bgp instance
set default as=65531
/ipv6 address
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \
interface=marla-ipv6-bsc
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\
yes interface=bridge-lan
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \
interface=tyler-ipv6-bst
/routing bgp network
add network=2001:67c:21bc:2::/64 synchronize=no
/routing bgp peer
add address-families=ipv6 name=tyler remote-address=\
2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default
add address-families=ipv6 name=marla remote-address=\
2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default
Juniper
Juniper SRX
- XX.XX.XX.XX is your local ip address
interfaces {
ip-0/0/0 {
unit 0 {
tunnel {
source XX.XX.XX.XX;
destination 79.98.105.18;
ttl 255;
}
family inet6 {
address 2001:67c:21bc:7fff:0001:12:1:2/120;
}
}
unit 1 {
tunnel {
source XX.XX.XX.XX;
destination 78.128.1.18;
ttl 255;
}
family inet6 {
address 2001:67c:21bc:7fff:0002:12:0:2/120;
}
}
}
}
routing-options {
graceful-restart;
rib inet6.0 {
static {
route 2001:67c:21bc:e::/64 {
discard;
as-path {
origin igp;
}
}
}
}
router-id XX.XX.XX.XX;
autonomous-system 65529;
}
protocols {
bgp {
group IPv6-BG-Tunnels {
type external;
import import-IPv6-ludost-net;
family inet6 {
any;
}
export export-IPv6-ludost-net;
neighbor 2001:67c:21bc:7fff:0001:12:1:1 {
local-address 2001:67c:21bc:7fff:0001:12:1:2;
peer-as 200533;
local-as 65529;
}
neighbor 2001:67c:21bc:7fff:0002:12:0:1 {
local-address 2001:67c:21bc:7fff:0002:12:0:2;
peer-as 200533;
local-as 65529;
}
}
}
}
policy-options {
policy-statement export-IPv6-ludost-net {
term 0 {
from {
route-filter 2001:67c:21bc:e::/64 exact;
}
then accept;
}
term default {
then reject;
}
}
policy-statement import-IPv6-ludost-net {
term default {
then accept;
}
}
}
security {
forwarding-options {
family {
inet6 {
mode packet-based;
}
}
}
}