32.10. IPv6

Originally Written by Aaron Kaplan.
Restructured and Added by Tom Rhodes.
Extended by Brad Davis.

IPv6, also known as IPng IP next generation, is the new version of the well known IP protocol, also known as IPv4. FreeBSD includes the KAME IPv6 reference implementation. FreeBSD comes with everything needed to use IPv6. This section focuses on getting IPv6 configured and running.

In the early 1990s, people became aware of the rapidly diminishing address space of IPv4. Given the expansion rate of the Internet, there were two major concerns:

IPv6 deals with these and many other issues by providing the following:

There are other useful features of IPv6:

For more information see:

32.10.1. Background on IPv6 Addresses

There are different types of IPv6 addresses: unicast, anycast, and multicast.

Unicast addresses are the well known addresses. A packet sent to a unicast address arrives at the interface belonging to the address.

Anycast addresses are syntactically indistinguishable from unicast addresses but they address a group of interfaces. The packet destined for an anycast address will arrive at the nearest (in router metric) interface. Anycast addresses may only be used by routers.

Multicast addresses identify a group of interfaces. A packet destined for a multicast address will arrive at all interfaces belonging to the multicast group.

Note:

The IPv4 broadcast address, usually xxx.xxx.xxx.255, is expressed by multicast addresses in IPv6.

Table 32.2. Reserved IPv6 Addresses
IPv6 addressPrefixlength (Bits)DescriptionNotes
::128 bitsunspecifiedEquivalent to 0.0.0.0 in IPv4.
::1128 bitsloopback addressEquivalent to 127.0.0.1 in IPv4.
::00:xx:xx:xx:xx96 bitsembedded IPv4The lower 32 bits are the compatible IPv4 address.
::ff:xx:xx:xx:xx96 bitsIPv4 mapped IPv6 addressThe lower 32 bits are the IPv4 address for hosts which do not support IPv6.
fe80:: - feb::10 bitslink-localEquivalent to the loopback address in IPv4.
fec0:: - fef::10 bitssite-local 
ff::8 bitsmulticast 
001 (base 2)3 bitsglobal unicastAll global unicast addresses are assigned from this pool. The first 3 bits are 001.

32.10.2. Reading IPv6 Addresses

The canonical form is represented as: x:x:x:x:x:x:x:x, with each x being a 16 bit hex value. For example: FEBC:A574:382B:23C1:AA49:4592:4EFE:9982.

Often an address will have long substrings of all zeros. One such substring per address can be abbreviated by ::. Also, up to three leading 0s per hex quad can be omitted. For example, fe80::1 corresponds to the canonical form fe80:0000:0000:0000:0000:0000:0000:0001.

A third form is to write the last 32 bit part in the well known (decimal) IPv4 style with dots (.) as separators. For example, 2002::10.0.0.1 corresponds to the hexadecimal canonical representation 2002:0000:0000:0000:0000:0000:0a00:0001, which in turn is equivalent to 2002::a00:1.

Here is a sample entry from ifconfig(8):

# ifconfig
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::200:21ff:fe03:8e1%rl0 prefixlen 64 scopeid 0x1 ether 00:00:21:03:08:e1 media: Ethernet autoselect (100baseTX ) status: active

fe80::200:21ff:fe03:8e1%rl0 is an auto configured link-local address. It is generated from the MAC address as part of the auto configuration.

For further information on the structure of IPv6 addresses, see RFC3513.

32.10.3. Getting Connected

Currently, there are four ways to connect to other IPv6 hosts and networks:

  • Contact an Internet Service Provider to see if they offer IPv6.

  • SixXS offers tunnels with end-points all around the globe.

  • Tunnel via 6-to-4 as described in RFC3068.

  • Use the net/freenet6 port for a dial-up connection.

32.10.4. DNS in the IPv6 World

There used to be two types of DNS records for IPv6. The IETF has declared AAAA records as the current standard.

Using AAAA records is straightforward. Assign the hostname to the IPv6 address in the primary zone DNS file:

MYHOSTNAME AAAA MYIPv6ADDR

Current versions of named(8) and dns/djbdns support AAAA records.

32.10.5. Applying the Needed Changes to /etc/rc.conf

32.10.5.1. IPv6 Client Settings

These settings configure a machine on a LAN which acts as a client, not a router. To instruct rtsol(8) to autoconfigure the interface on boot on FreeBSD 9.x and later, add this line to rc.conf:

ipv6_prefer="YES"

For FreeBSD 8.x, add:

ipv6_enable="YES"

To statically assign the IPv6 address, 2001:471:1f11:251:290:27ff:fee0:2093, to fxp0, add the following for FreeBSD 9.x:

ifconfig_fxp0_ipv6="inet6 2001:471:1f11:251:290:27ff:fee0:2093 prefixlen 64"

Note:

Be sure to change prefixlen 64 to the appropriate value for the subnet.

For FreeBSD 8x, add:

ipv6_ifconfig_fxp0="2001:471:1f11:251:290:27ff:fee0:2093"

To assign a default router of 2001:471:1f11:251::1, add the following to /etc/rc.conf:

ipv6_defaultrouter="2001:471:1f11:251::1"

32.10.5.2. IPv6 Router/Gateway Settings

This section demonstrates how to take the directions from a tunnel provider and convert it into settings that will persist through reboots. To restore the tunnel on startup, add the following lines to /etc/rc.conf.

The first entry lists the generic tunneling interfaces to be configured. This example configures one interface, gif0:

gif_interfaces="gif0"

To configure that interface with a local endpoint of MY_IPv4_ADDR to a remote endpoint of REMOTE_IPv4_ADDR:

gifconfig_gif0="MY_IPv4_ADDR REMOTE_IPv4_ADDR"

To apply the IPv6 address that has been assigned for use as the IPv6 tunnel endpoint, add the following line for FreeBSD 9.x and later:

ifconfig_gif0_ipv6="inet6 MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDR"

For FreeBSD 8.x, add:

ipv6_ifconfig_gif0="MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDR"

Then, set the default route for IPv6. This is the other side of the IPv6 tunnel:

ipv6_defaultrouter="MY_IPv6_REMOTE_TUNNEL_ENDPOINT_ADDR"

32.10.5.3. IPv6 Tunnel Settings

If the server is to route IPv6 between the rest of the network and the world, the following /etc/rc.conf setting will also be needed:

ipv6_gateway_enable="YES"

32.10.6. Router Advertisement and Host Auto Configuration

This section demonstrates how to setup rtadvd(8) to advertise the IPv6 default route.

To enable rtadvd(8), add the following to /etc/rc.conf:

rtadvd_enable="YES"

It is important to specify the interface on which to do IPv6 router solicitation. For example, to tell rtadvd(8) to use fxp0:

rtadvd_interfaces="fxp0"

Next, create the configuration file, /etc/rtadvd.conf as seen in this example:

fxp0:\ :addrs#1:addr="2001:471:1f11:246::":prefixlen#64:tc=ether:

Replace fxp0 with the interface to be used and 2001:471:1f11:246:: with the prefix of the allocation.

For a dedicated /64 subnet, nothing else needs to be changed. Otherwise, change the prefixlen# to the correct value.

32.10.7. IPv6 and IPv6 Address Mapping

When IPv6 is enabled on a server, there may be a need to enable IPv4 mapped IPv6 address communication. This compatibility option allows for IPv4 addresses to be represented as IPv6 addresses. Permitting IPv6 applications to communicate with IPv4 and vice versa may be a security issue.

This option may not be required in most cases and is available only for compatibility. This option will allow IPv6-only applications to work with IPv4 in a dual stack environment. This is most useful for third party applications which may not support an IPv6-only environment. To enable this feature, add the following to /etc/rc.conf:

ipv6_ipv4mapping="YES"

Reviewing the information in RFC 3493, section 3.6 and 3.7 as well as RFC 4038 section 4.2 may be useful to some adminstrators.

This, and other documents, can be downloaded from http://ftp.FreeBSD.org/pub/FreeBSD/doc/

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.

For questions about this documentation, e-mail <doc@FreeBSD.org>.