Differences
This shows you the differences between two versions of the page.
|
doc:uci:network6 [2012/12/29 11:14] steven |
doc:uci:network6 [2013/06/12 09:09] (current) steven |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPv6 network configuration ====== | + | ====== OpenWrt native IPv6-stack ====== |
| - | :!: The package ''ipv6-support'' must be installed to use. It will be available starting with the ''Barrier Breaker'' release. | + | | {{:meta:icons:tango:48px-construction.svg.png?nolink}} | This page applies to Barrier Breaker, Attitude Adjustment AFTER release 12.09 and later OpenWrt versions only. It is not valid for Backfire 10.03 or Attitude Adjustment 12.09. See [[doc/howto/ipv6|Old IPv6 HowTo]] for these versions. | |
| - | The IPv6 network configuration is located in ''/etc/config/network6''. | + | ===== Obtaining IPv6 support ===== |
| - | This file is responsible for defining the IPv6 operation of network interfaces defines in /etc/config/network. | + | ==== Barrier Breaker and later ==== |
| - | You can find [[doc/uci/network6#configuration.examples|configuration examples]] at the end of this site. | + | * Native IPv6-support with DHCPv6, an RA & DHCPv6-Server and an IPv6-firewall are installed and configured by default. |
| + | * Transitioning technologies like ''6in4'', ''6rd'', ''6to4'' or ''ds-lite'' can be installed using the packages with the same names. | ||
| + | * For WebUI-support install the package ''luci-proto-ipv6''. | ||
| - | **''Hint:''** After editing and saving ''/etc/config/network6'' you need to execute | ||
| - | <code> | ||
| - | /etc/init.d/network restart | ||
| - | </code> | ||
| - | or use ifdown and ifup to stop and restart the network before any changes take effect. Rebooting the router will have the same effect but is not necessary. | ||
| + | ==== Attitude Adjustment AFTER 12.09 ==== | ||
| + | * The meta-package ''ipv6-support'' installs support for native IPv6, IPv6-firewall and all transitioning technologies. It also configures a local ULA-prefix and a native IPv6-connection. | ||
| + | * You can also install single packages manually, however you should at least install ip6tables for firewall-support and 6relayd to make use of RA & DHCPv6 service for your lan-interfaces. | ||
| + | * The package ''odhcp6c'' installs support for native IPv6 connections. | ||
| + | * For WebUI-support install the package ''luci-proto-ipv6''. | ||
| - | ===== Global Configuration ===== | + | ===== Implementation ===== |
| - | Global configuration options affecting all interfaces. These options are set inside the section ''global''. | + | |
| + | ==== Features ==== | ||
| + | * Prefix Handling | ||
| + | * Management of prefixes, addresses and routes from upstream connections and local ULA-prefixes | ||
| + | * Management of prefix unreachable-routes, prefix deprecation (RFC 6204) and prefix classes | ||
| + | * Distribution of prefixes onto downstream interfaces (including size, ID and class hints) | ||
| + | * Source-based policy routing to correctly handle multiple uplink interfaces, ingress policy filtering (RFC 6204) | ||
| - | ==== Options ==== | + | * Native IPv6 configuration |
| - | ^ Name ^ Type ^ Default ^ Description ^ | + | * Automatic bootstrap from SLAAC, stateless DHCPv6, stateful DHCPv6, DHCPv6-PD and any combination |
| - | | ''ula_prefix'' | <unset> or <IPv6-prefix> or "auto" | //<unset>// | <unset>: no ULA prefix \\ <IPv6-prefix>: the local ULA-prefix to distribute if set to a specific prefix \\ "auto": a new ULA prefix is generated when the interface goes up and then saved replacing "auto" with the new prefix | | + | * Handling of preferred and valid address and prefix lifetimes |
| + | * Duplicate address and Link-MTU detection | ||
| + | * DHCPv6 Extensions: Reconfigure, Information-Refresh, SOL_MAX_RT=3600 | ||
| + | * DHCPv6 Extensions: RDNSS, DNS Search Domain, NTP, SIP, ds-lite, prefix exclusion (experimental) | ||
| - | ===== Interfaces ===== | + | * IPv6 transitioning technologies |
| - | Sections of type interfaces define the IPv6 behaviour for the logical network in /etc/config/network with the same name. Defining a section in network6 which does not have a counterpart in network will have no effect. IPv6 operation is always enabled whenever the referenced network is enabled. | + | * Setup and management of IPv6-in-IPv4 tunnels (6rd, 6to4, 6in4) |
| + | * Setup and management of IPv4-in-IPv6 tunnels (ds-lite) | ||
| + | * Support for 6rd setup from DHCP and ds-lite setup from DHCPv6 (experimental) | ||
| - | A minimal interface declaration consists of the following lines: | + | * Downstream IPv6 configuration |
| + | * Server support for Router Advertisement, DHCPv6 (stateless and stateful) and DHCPv6-PD | ||
| + | * Automatic detection of announced prefixes, delegated prefixes, default routes and MTU | ||
| + | * Change detection for prefixes and routes triggering resending of RAs and DHCPv6-Reconfigure | ||
| + | * Detection of client hostnames and export as augmented hosts-file | ||
| + | * Support for RA & DHCPv6-relaying and NDP-proxying to e.g. support uplinks without prefix delegation | ||
| - | <code>config 'interface' 'wan' | ||
| - | option 'mode' 'dhcpv6'</code> | ||
| - | * ''wan'' is the //logical interface name// of the corresponding network interface | ||
| - | * ''dhcpv6'' specifies the //mode of operation//, dhcpv6 in this example | ||
| - | ==== Modes for upstream interfaces ==== | + | ==== Compliance ==== |
| - | These modes should be used for upstream-interfaces pointing to the default router (e.g. internet DSL, cable or ethernet connection). | + | Our aim is to follow [[http://tools.ietf.org/html/rfc6204|RFC 6204]] and [[http://tools.ietf.org/html/draft-ietf-v6ops-6204bis-12|RFC 6204bis-12]] where possible. |
| + | Nevertheless compliance has not been verified yet. Please notify us if you find any standard violations. | ||
| - | ^ Mode ^ Description ^ | ||
| - | | ''static'' | Static configuration with fixed prefixes and / or ULA prefix only (e.g. for 6in4 tunnels) | | ||
| - | | ''dhcpv6'' | Adresses, prefixes and configuration information are acquired from an upstream router via RD and / or DHCPv6 | | ||
| - | | ''6rd'' | Prefixes are calculated from a 6rd-tunnel (referenced network interface has proto=6rd) | | ||
| - | | ''6to4'' | Prefixes are calculated from a 6to4-tunnel interface (referenced network interface has proto=6to4) | | ||
| - | ==== Modes for downstream interfaces ==== | + | The following requirements of RFC 6204 / RFC 6204-bis12 are currently known not to be met. |
| - | These modes should be used for downstream-interfaces where clients or inferior routers are attached and the current device acts as a router for them. | + | * RFC 6204-bis12 W-6 (SHOULD-requirement): There is no PCP-Client currently integrated in the stack. |
| + | * RFC 6204-bis12 WAA-5 (SHOULD-requirement): The NTP-Server is requested and received but currently not processed or used. | ||
| + | * RFC 6204-bis12 WAA-8 (MUST-requirement): The default value for SOL_MAX_RT has been set to 3600s, however the described DHCPv6-option has not been assigned an ID by IANA yet and thus is not supported. | ||
| - | ^ Mode ^ Description ^ | ||
| - | | ''router'' | Adresses and configuration information are distributed for connected devices (Router Discovery and DHCPv6 service is provided) | | ||
| - | | ''relay'' | Relay Router Discovery, DHCPv6 and Neighbor Discovery from a selected interface in dhcpv6-mode (so that both share the same /64) | | ||
| + | ===== Upstream configuration for WAN-Interfaces ===== | ||
| + | The following sections describe the configuration of IPv6 connections to your ISP or an upstream router. Please note that most tunneling mechanisms like 6in4, 6rd and 6to4 may not work behind a NAT-router. | ||
| - | ==== Options ==== | ||
| - | Depending on the used //mode of operation// several options may or may not be available. This is indicated by the column //Modes//. | ||
| - | ^ Name ^ Type ^ Modes ^ Default ^ Description ^ | ||
| - | | ''static_prefix'' | <list of IPv6-prefixes> | static, dhcpv6 | //<unset>// | static prefixes that are routed to this interface by an upstream router for distribution to other interfaces \\ :!: static prefixes are **not** assigned to the interface itself, use the [[doc/uci/network#protocol.static|ip6addr option]] in /etc/config/network to assign static adresses or prefixes to the local interface \\ :!: static prefixes are distributed automatically onto interfaces in router-mode depending on their ''advertise_prefix'' option, if you want to assign (some) subprefixes statically you must exclude these from the static prefix otherwise duplicate assignment might occur as the automatic assignment doesn't honour static assignments in /etc/config/network | | ||
| - | | ''prefix_action'' | "distribute" or "npt" or "none" | static, dhcpv6, 6rd, 6to4 | "distribute" | method to populate prefixes \\ "distribute": distribute prefixes accross interfaces \\ "npt": translate the global ULA-address from / to the received prefix :!: requires kernel >= 3.7 & ip6tables >= 1.4.17 (not yet upstream!) \\ "none": no action | | ||
| - | | ''site_border'' | 0 or 1 | static, dhcpv6, 6rd, 6to4 | 1 | 0: don't enforce site-border \\ 1: create a site-border and block ULA-traffic from crossing over this interface | | ||
| - | | ''request_prefix'' | "auto" or 8-64 or "no" | dhcpv6 | ''auto'' | "auto": the prefix length is chosen by the upstream router \\ 8-64: a prefix of the given length is requested \\ "no": no prefix is requested | | ||
| - | | ''prefix_fallback'' | <unset> or "relay" or "masquerade" | dhcpv6 | <unset> | what to do when requesting a public address prefix is enabled and fails or is disabled \\ <unset>: no fallback \\ "relay": an RD-, DHCPv6- and NDP-Proxy is created for interfaces in router-mode with ''relay_master'' set to this interface \\ "masquerade": use 1:N-NAT masquerading :!: requires kernel >= 3.7 & ip6tables >= 1.4.17 (not yet upstream!) | | ||
| - | | ''peerdns'' | 0 or 1 | dhcpv6 | 1 | 0: don't accept DNS options \\ 1: accept DNS options from upstream router | | ||
| - | | ''advertise_prefix'' | 0 or 8-64 | router | ''64'' | 0: don't acquire any sub-prefixes for advertisement \\ 8-64: try to acquire a sub-prefix of certain length from interfaces in static or dhcpv6 mode for advertisement to clients | | ||
| - | | ''always_default'' | 0 or 1 | router | 0 | 0: only announce as default router if global prefixes are present \\ 1: always announce as default router when a default route is present (set this for NPT) | | ||
| - | | ''relay_master'' | <unset> or <network6 interface> | router, relay | ''<unset>'' | <unset>: don't relay to this interface \\ <network6 interface>: the parent network for relaying \\ Note: for mode=router, a relay is only created under certain conditions (see description of ''prefix_fallback'' above) | | ||
| - | |||
| - | ===== Configuration examples ===== | ||
| ==== Native IPv6 connection ==== | ==== Native IPv6 connection ==== | ||
| - | For an uplink with native IPv6-connectivity you can use the following settings. It will work both for uplinks supporting Prefix Delegation and those that don't. In the latter case the lan interface is brought into pseudo-bridge (relaying) mode. If you don't want this to happen either remove the prefix_fallback option from wan or the relay_master from lan or both. | + | For an uplink with native IPv6-connectivity you can use the following example configuration. It will work both for uplinks supporting DHCPv6 with Prefix Delegation and those that don't support DHCPv6-PD or DHCPv6 at all (SLAAC-only). |
| - | /etc/config/network6 | + | /etc/config/network |
| <code> | <code> | ||
| config interface wan | config interface wan | ||
| - | option mode dhcpv6 | + | option ipv6 1 # only required for PPP-based protocols |
| - | option request_prefix auto | + | ... |
| - | option prefix_fallback relay | + | |
| + | config interface wan6 | ||
| + | option ifname @wan | ||
| + | option proto dhcpv6 | ||
| config interface lan | config interface lan | ||
| - | option mode router | + | option proto static |
| - | option advertise_prefix 64 | + | option ip6assign 60 |
| - | option relay_master wan | + | ... |
| </code> | </code> | ||
| - | ==== SixXS static 6in4 tunnel ==== | + | :!: The package ''odhcp6c'' must be installed to use dhcpv6. See [[doc/uci/network#protocol.dhcpv6]] for advanved configuration options. |
| - | For a "static" tunnel (without aiccu) the configuration is very simple: | ||
| - | - For /etc/config/network add the tunnel interface. No need to add anything to the LAN interface section. | ||
| - | - For /etc/config/network6 change the tunnel interface name, give its correct "routed" /64 or /48 prefix in the static_prefix option and make sure that the type is 'static'. Disable wan upstream prefix requests. Optionally remove also the ULA prefix. | ||
| - | With those settings, the LAN interface will get automatically assigned the ::1 address from the routed /64 prefix and everything will just work. | + | ==== Static IPv6 connection ==== |
| + | Static configuration of the IPv6 uplink is supported as well. The following example demonstrates this. | ||
| - | :!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('sixxs' in this example) to the wan firewall-zone.(Additionally make sure that the ping checks from the tunnel endpoint will get through.) | + | /etc/config/network |
| + | <code> | ||
| + | config interface wan | ||
| + | option ifname eth1 | ||
| + | option proto static | ||
| + | option ip6addr 2001:db80::2/64 # Own address | ||
| + | option ip6gw 2001:db80::1 # Gateway address | ||
| + | option ip6prefix 2001:db80:1::/48 # Prefix addresses for distribution to downstream interfaces | ||
| + | option dns 2001:db80::1 # DNS server | ||
| + | |||
| + | config interface lan | ||
| + | option proto static | ||
| + | option ip6assign 60 | ||
| + | ... | ||
| + | </code> | ||
| + | For advanced configuration options see [[doc/uci/network#protocol.static]] | ||
| + | |||
| + | |||
| + | ==== 6in4 tunnel (HEnet tunnelbroker, sixxs static tunnel, ...) ==== | ||
| + | 6in4 tunnels are usually provided by external tunnel providers like HE.net or Sixxs. You can use the following example configuration as a basis. | ||
| /etc/config/network: | /etc/config/network: | ||
| <code> | <code> | ||
| + | config 'interface' 'wan6' | ||
| + | option 'proto' '6in4' | ||
| + | option 'mtu' '1424' # the IPv6 tunnel MTU (optional) | ||
| + | option 'peeraddr' '62.12.34.56' # the IPv4 tunnel endpoint | ||
| + | option 'ip6addr' '2001:DB8:2222:EFGH::2/64' # the IPv6 tunnel | ||
| + | option 'ip6prefix' '2001:DB8:1234:ABCD::/64' # Your routed prefix (required!) | ||
| + | # configuration options below are only valid for HEnet tunnels. ignore them for other tunnel providers. | ||
| + | option tunnelid '123456' # HE.net tunnel id | ||
| + | option username 'tb1234567890.12345678' # HE.net username | ||
| + | option password 'password' # HE.net password | ||
| + | |||
| config 'interface' 'lan' | config 'interface' 'lan' | ||
| - | option 'ifname' 'eth0.1' | ||
| - | option 'type' 'bridge' | ||
| option 'proto' 'static' | option 'proto' 'static' | ||
| - | option 'ipaddr' '192.168.1.1' | + | option ip6assign 60 |
| - | option 'netmask' '255.255.255.0' | + | |
| ... | ... | ||
| - | config 'interface' 'sixxs' | ||
| - | option 'proto' '6in4' | ||
| - | option 'mtu' '1424' | ||
| - | option 'ttl' '64' | ||
| - | option 'peeraddr' '62.12.34.56' | ||
| - | option 'ip6addr' '2001:DB8:2345:EFGH::2/64' | ||
| </code> | </code> | ||
| - | /etc/config/network6: | + | :!: If you choose a name for your tunnel-interface that is different from 'wan6' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall. |
| + | |||
| + | :!: The package ''6in4'' must be installed to use 6in4-tunnels. See [[doc/uci/network#protocol.6in4.ipv6-in-ipv4.tunnel]] for advanved configuration options. | ||
| + | |||
| + | |||
| + | ==== 6rd tunnel (ISP-provided IPv6 transition) ==== | ||
| + | 6rd is a tunnelmechanism based on 6to4. Unlike other tunneling mechanisms 6rd is usually provided by the ISP itself. | ||
| + | Therefore you need to obtain the correct values for peeraddr, ip6prefix, ip6prefixlen and ip4prefixlen from your ISP. | ||
| + | |||
| + | |||
| + | /etc/config/network: | ||
| <code> | <code> | ||
| - | config interface 'lan' | + | config 'interface' 'wan6' |
| - | option mode 'router' | + | option 'proto' '6rd' |
| - | option advertise_prefix '64' | + | option peeraddr '192.0.2.1' # The 6rd IPv4-gateway |
| + | option ip6prefix '2123::' # Your ISP's IPv6-prefix | ||
| + | option ip6prefixlen '16' # Your ISP's IPv6-prefix length | ||
| + | option ip4prefixlen '0' # Your ISP's IPv4 prefix mask | ||
| - | config interface 'sixxs' | + | config 'interface' 'lan' |
| - | option mode 'static' | + | option 'proto' 'static' |
| - | list static_prefix '2001:DB8:1234:ABCD::/64' | + | option ip6assign 60 |
| + | ... | ||
| </code> | </code> | ||
| - | ==== HEnet 6in4 tunnel ==== | + | :!: If you choose a name for your tunnel-interface that is different from 'wan6' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall. |
| - | Also for a Hurricane Electric's tunnel the configuration is very simple: | + | :!: The package ''6rd'' must be installed to use 6rd-tunnels. See [[doc/uci/network#protocol.6rd.ipv6.rapid.deployment]] for advanved configuration options. |
| - | - For /etc/config/network add the tunnel interface including the tunnelid/username/password info. No need to add anything to the LAN interface section. | + | |
| - | - For /etc/config/network6 change the tunnel interface name, give its correct "routed" /64 or /48 prefix in the static_prefix option and make sure that the type is 'static'. Disable wan upstream prefix requests. Optionally remove also the ULA prefix. | + | |
| - | With those settings, the LAN interface will get automatically assigned the ::1 address from the routed /64 prefix and everything will just work. | ||
| - | :!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('henet' in this example) to the wan firewall-zone. | + | ==== 6to4 tunnel ==== |
| + | 6to4 is the simplest IPv6 tunneling mechanism and relies on publicly available gateways. | ||
| /etc/config/network: | /etc/config/network: | ||
| <code> | <code> | ||
| + | config 'interface' 'wan6' | ||
| + | option 'proto' '6to4' | ||
| + | |||
| config 'interface' 'lan' | config 'interface' 'lan' | ||
| - | option 'ifname' 'eth0.1' | ||
| - | option 'type' 'bridge' | ||
| option 'proto' 'static' | option 'proto' 'static' | ||
| - | option 'ipaddr' '192.168.1.1' | + | option ip6assign 60 |
| - | option 'netmask' '255.255.255.0' | + | |
| ... | ... | ||
| - | config 'interface' 'henet' | ||
| - | option 'proto' '6in4' | ||
| - | option 'mtu' '1424' | ||
| - | option 'ttl' '64' | ||
| - | option 'peeraddr' '62.12.34.56' | ||
| - | option 'ip6addr' '2001:DB8:2222:EFGH::2/64' | ||
| - | option tunnelid '123456' | ||
| - | option username 'tb1234567890.12345678' | ||
| - | option password 'password' | ||
| </code> | </code> | ||
| - | /etc/config/network6: | ||
| - | <code> | ||
| - | config interface 'lan' | ||
| - | option mode 'router' | ||
| - | option advertise_prefix '64' | ||
| - | config interface 'henet' | + | :!: If you choose a name for your tunnel-interface that is different from 'wan6' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall. |
| - | option mode 'static' | + | |
| - | list static_prefix '2001:DB8:1111:ABCD::/64' | + | :!: The package ''6to4'' must be installed to use 6to4-tunnels. See [[doc/uci/network#protocol.6to4.ipv6-in-ipv4.tunnel]] for advanved configuration options. |
| - | </code> | + | |
| - | ==== 6rd configuration ==== | + | ==== Dual-Stack Lite tunnel (ds-lite IPv4 in IPv6) ==== |
| - | 6rd configuration is similar to the other tunnel protocols except that the IPv6 prefixes are automatically calculated and need not be define with ''static_prefix''. | + | ds-lite is a transitioning-mechanism which is used by ISPs to support legacy IPv4-connectivity over a native IPv6 connection. |
| - | Make sure to ask your ISP for the correct values for peeraddr, ip6prefix, ip6prefixlen and ip4prefixlen. | + | |
| - | With these settings, the LAN interface will get automatically assigned the ::2 address from the routed-prefix and everything will just work. | + | :!: ds-lite operation requires that IPv4 NAT is disabled. You should adjust your settings in /etc/config/firewall accordingly. |
| - | :!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('6rd' in this example) to the wan firewall-zone. | ||
| /etc/config/network: | /etc/config/network: | ||
| <code> | <code> | ||
| - | config 'interface' '6rd' | + | config 'interface' 'wan6' |
| - | option 'proto' '6rd' | + | option 'ifname' 'eth1' |
| - | option peeraddr '192.0.2.1' | + | option 'proto' 'dhcpv6' |
| - | option ip6prefix '2123::' | + | |
| - | option ip6prefixlen '16' | + | config 'interface' 'wan' |
| - | option ip4prefixlen '0' | + | option 'proto' 'dslite' |
| + | option 'peeraddr' '2001:db80::1' # Your ISP's DS-Lite AFTR | ||
| </code> | </code> | ||
| - | /etc/config/network6: | + | :!: If you choose a name for your tunnel-interface that is different from 'wan' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall. |
| + | |||
| + | :!: The package ''ds-lite'' must be installed to use ds-lite-tunnels. See [[doc/uci/network#protocol.dslite.dual-stack.lite]] for advanved configuration options. | ||
| + | |||
| + | |||
| + | |||
| + | ===== Downstream configuration for LAN-Interfaces ===== | ||
| + | |||
| + | OpenWrt includes a flexible local prefix delegation mechanism. | ||
| + | It can be tuned for each downstream-interface individually with 3 parameters which are all optional: | ||
| + | * ''ip6assign'': Prefix size used for assigned prefix to the interface (e.g. 64 will assign /64-prefixes) | ||
| + | * ''ip6hint'': Subprefix ID to be used if available (e.g. 1234 with an ip6assign of 64 will assign prefixes of the form ...:1234::/64) | ||
| + | * ''ip6class'': Filter for prefix classes to accept on this interface (e.g. wan6 will only assign prefixes with class "wan6" but not e.g. "local") | ||
| + | |||
| + | |||
| + | ip6assign and / or ip6hint-settings might be ignored if the desired subprefix cannot be assigned. In this case OpenWrt will first try to assign a prefix with the same length but different subprefix-ID. | ||
| + | If this fails as well the prefix length is reduced until the assignment can be satisfied. If ip6hint is not set an arbitrary ID will be chosen. Setting the ip6assign-parameter to a value < 64 will allow the DHCPv6-server to hand out all but the first /64 via DHCPv6-Prefix Delegation to downstream routers on the interface. If the ip6hint is not suitable for the given ip6assign it will be rounded down to the nearest possible value. | ||
| + | |||
| + | If ip6class is not set then all prefix classes are accepted on this interface. The default class for a prefix is the interface-name (e.g. "wan6") or "local" for the ULA-prefix. | ||
| + | This can be used to select upstream interfaces from which subprefixes are assigned. For prefixes received from dynamic-configuration methods like DHCPv6 it is possible that the prefix-class | ||
| + | is not equal to the source-interface but e.g. augmented with an ISP-provided numeric prefix class-value. | ||
| + | |||
| + | |||
| + | Example (/etc/config/network): | ||
| <code> | <code> | ||
| - | config interface 'lan' | + | config globals globals |
| - | option mode 'router' | + | option ula_prefix fd00:db80::/48 |
| - | option advertise_prefix '64' | + | |
| - | config interface '6rd' | + | config interface wan6 |
| - | option mode '6rd' | + | option proto static |
| + | option ip6prefix 2001:db80::/56 | ||
| + | ... | ||
| + | |||
| + | config interface lan | ||
| + | option proto static | ||
| + | option ip6assign 60 | ||
| + | option ip6hint 10 | ||
| + | ... | ||
| + | |||
| + | config interface guest | ||
| + | option proto static | ||
| + | option ip6assign 64 | ||
| + | option ip6hint abcd | ||
| + | list ip6class wan6 | ||
| + | ... | ||
| </code> | </code> | ||
| + | The results of that configuration would be: | ||
| + | * The ''lan'' interface will be assigned the prefixes 2001:db80:0:10::/60 and fd00:db80:0:10::/60. | ||
| + | * The DHCPv6-server can offer both prefixes except 2001:db80:0:10::/64 and fd00:db80:0:10::/64 to downstream routers on ''lan'' via DHCPv6-PD. | ||
| + | * The ''guest'' interface will only get assinged the prefix 2001:db80:0:abcd::/64 due to the class filter. | ||
| - | ==== 6to4 tunnel ==== | ||
| - | 6to4 configuration is similar to the other tunnel protocols except that the IPv6 prefixes are automatically calculated and need not be define with ''static_prefix''. | ||
| - | With these settings, the LAN interface will get automatically assigned the ::2 address from the routed-prefix and everything will just work. | + | ===== Router Advertisement & DHCPv6 ===== |
| - | :!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('6to4' in this example) to the wan firewall-zone. | + | OpenWrt features a versatile RA & DHCPv6 server and relay. Per default SLAAC, stateless and stateful DHCPv6 are enabled on an interface. If there are prefix of size /64 or greater present then addresses will be handed out from each prefix. If all prefixes on an interface have a size greater /64 then DHCPv6-Prefix Delegation is enabled for downstream-routers. If a default route is present the router advertises itself as default router on the interface. |
| - | /etc/config/network: | + | OpenWrt is also able to detect when there is no prefix available from an upstream interface and can switch into relaying mode automatically to extend the upstream interface configuration onto its downstream interfaces. This is useful for putting an OpenWrt behind another IPv6-router which doesn't offer prefixes via DHCPv6-PD. |
| + | |||
| + | Example configuration (/etc/config/6relayd) | ||
| <code> | <code> | ||
| - | config 'interface' '6to4' | + | config server |
| - | option 'proto' '6to4' | + | option network 'lan guest' # service interface where Router Advertisement and DHCPv6 are provided |
| + | option rd 'server' # enable router advertisements | ||
| + | option dhcpv6 'server' # enable DHCPv6 server | ||
| + | option management_level '1' # announced RA/DHCPv6-mode (0: stateless, 1: stateless + stateful, 2: stateful) | ||
| + | # Remove the following 2 lines to disable fallback-mode | ||
| + | option master 'wan6' # master interface to use for relaying if there is no prefix delegated to it | ||
| + | option fallback_relay 'rd dhcpv6 ndp' # if the master doesn't provide a delegated prefix fallback to proxying RA, DHCPv6 & NDP | ||
| </code> | </code> | ||
| - | /etc/config/network6: | + | :!: The package ''6relayd'' must be installed to provide these services. See [[doc/uci/6relayd]] for advanved configuration options. |
| + | |||
| + | |||
| + | ===== Routing Mangement ===== | ||
| + | OpenWrt uses a source-address and source-interface based policy-routing system. This is required to correctly handle different uplink interfaces. | ||
| + | Each delegated prefix is added with an unreachable route to avoid IPv6-routing loops. | ||
| + | |||
| + | To determine the current status of routes you can consult the information provided by ''ifstatus''. | ||
| + | |||
| + | Example (ifstatus wan6): | ||
| <code> | <code> | ||
| - | config interface 'lan' | + | ... |
| - | option mode 'router' | + | "ipv6-address": [ |
| - | option advertise_prefix '64' | + | { |
| + | "address": "2001:db80::a00:27ff:fe67:cd9c", | ||
| + | "mask": 64, | ||
| + | "preferred": 1681, | ||
| + | "valid": 7081 | ||
| + | } | ||
| + | ], | ||
| + | "ipv6-prefix": [ | ||
| + | { | ||
| + | "address": "2001:db80:0:100::", | ||
| + | "mask": 56, | ||
| + | "preferred": 86282, | ||
| + | "valid": 86282, | ||
| + | "class": "wan6", | ||
| + | "assigned": { | ||
| + | "lan": { | ||
| + | "address": "2001:db80:0:110::", | ||
| + | "mask": 60 | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | ], | ||
| + | "route": [ | ||
| + | { | ||
| + | "target": "2001:db80::", | ||
| + | "mask": 48, | ||
| + | "nexthop": "fe80::800:27ff:fe00:0", | ||
| + | "metric": 1024, | ||
| + | "valid": 7081 | ||
| + | }, | ||
| + | { | ||
| + | "target": "::", | ||
| + | "mask": 0, | ||
| + | "nexthop": "fe80::800:27ff:fe00:0", | ||
| + | "metric": 1024, | ||
| + | "valid": 7081 | ||
| + | } | ||
| + | ], | ||
| + | ... | ||
| + | </code> | ||
| + | Interpretation: | ||
| + | * On the interface 2 routes are provided: 2001:db80::/48 and a default-route via the router fe80::800:27ff:fe00:0. | ||
| + | * These routes can only be used by locally generated traffic and traffic with a suitable source-address, that is either one of the local addresses or an address out of the delgated prefix. | ||
| - | config interface '6to4' | + | :!: OpenWrt adds IPv6-routes (like default routes) to specific routing-tables and not the main-table thus they may not be seen by default. You cab use the command ''ip -6 rule'' to list all current routing policies. |
| - | option mode '6to4' | + | |
| + | ===== Migration from Attitude Adjustment 12.09 and earlier ===== | ||
| + | |||
| + | ==== Downstream configuration for LAN-Interfaces ==== | ||
| + | It is discouraged to use **ip6addr** to set addresses / prefixes on downstream interfaces (e.g. lan) because it can easily lead to conflicts with the local address delegation. | ||
| + | Also it might lead to unexpected result or brokenness due to the source-based policy-routing used in the IPv6-stack. | ||
| + | Please use the new options **ip6assign** and **ip6hint** instead. | ||
| + | |||
| + | Example: If your delegated prefix is 2001:db80:1234::/48 and you want your lan interface to have the subprefix 2001:db80:1234:5678::/64 you could use the following configuration: | ||
| + | <code> | ||
| + | config 'interface' 'lan' | ||
| + | option 'proto' 'static' | ||
| + | option 'ip6assign' '64' | ||
| + | option 'ip6hint' '5678' | ||
| + | ... | ||
| </code> | </code> | ||
| + | |||
| + | |||
| + | ==== Router Advertisement & DHCPv6 ==== | ||
| + | The use of radvd is now unnecessary. The service 6relayd is used for Router Advertisement and DHCPv6 and picks up addresses from interfaces automatically. | ||
| + | To configure the 6relayd service see [[doc/uci/6relayd]]. | ||
| + | |||
| + | |||
| + | ==== Upstream Configuration for WAN-Interfaces ==== | ||
| + | |||
| + | === Generic Changes === | ||
| + | Router Advertisements are not accepted by default anymore and thus OpenWrt will not configure itself with default routes and / or addresses. Also the interface-options **accept_ra** and **send_rs** have been removed. | ||
| + | You should add an interface with proto dhcpv6 - also for receiving RAs only - as described in [[#native.ipv6.connection|Native IPv6 Connection]]. | ||
| + | |||
| + | |||
| + | === 6in4 tunnel and Static IPv6 connection === | ||
| + | It is now necessary to add your routed-prefix (e.g. routed /48 of your tunnel) as option **ip6prefix** to the tunnel/static-interface in /etc/config/network. | ||
| + | If you omit this option your lan-clients will not be able to reach the internet. | ||
| + | |||
| + | Example: | ||
| + | <code> | ||
| + | config 'interface' 'wan6' | ||
| + | option 'proto' '6in4' | ||
| + | option 'peeraddr' '62.12.34.56 | ||
| + | option 'ip6addr' '2001:DB8:2222:EFGH::2/64' | ||
| + | option 'ip6prefix' '2001:DB8:1234:ABCD::/64' # <- Your routed prefix | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | |||
| + | === 6rd and 6to4 tunnel === | ||
| + | Your public address prefix is now automatically calculated and sent to the network subsystem (netifd). | ||
| + | You should follow the advice for [[#downstream.configuration.for.lan-interfaces1|lan-interface configuration]]. | ||
doc/uci/network6.1356776057.txt.bz2 · Last modified: 2012/12/29 11:14 by steven
This text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.