Differences

This shows you the differences between two versions of the page.

doc:uci:network6 [2012/12/29 11:14]
steven
doc:uci:network6 [2014/08/25 17:20] (current)
cruvolo Describe consequences of ip6assign missing
Line 1: Line 1:
-====== IPv6 network configuration ====== +====== OpenWrt native IPv6-stack ====== 
-:!: The package ''ipv6-support'' must be installed to use. It will be available starting with the ''Barrier Breaker'' release.+| {{:meta:icons:tango:48px-construction.svg.png?nolink}} |  This page applies to Barrier Breaker, Attitude Adjustment release 12.09.1 and later OpenWrt versions only. It is not valid for Backfire 10.03 or Attitude Adjustment 12.09. See [[doc/howto/ipv6|Old IPv6 HowTo]] for these versions. |
-The IPv6 network configuration is located in ''/etc/config/network6''+===== Obtaining IPv6 support ===== 
-This file is responsible for defining the IPv6 operation of network interfaces defines in /etc/config/network+==== Barrier Breaker and later ==== 
-You can find [[doc/uci/network6#configuration.examples|configuration examples]] at the end of this site.+  * Native IPv6-support with DHCPv6, an RA & DHCPv6-Server and an IPv6-firewall are installed and configured by default. 
 +  * Transitioning technologies like ''6in4'', ''6rd'', ''6to4'' or ''ds-lite'' can be installed using the packages with the same names
 + * For WebUI-support install the package ''luci-proto-ipv6''.
-**''Hint:''** After editing and saving ''/etc/config/network6'' you need to execute 
-<code> 
-/etc/init.d/network restart 
-</code> 
-or use ifdown and ifup to stop and restart the network before any changes take effect. Rebooting the router will have the same effect but is not necessary. 
 +===== Implementation =====
-===== Global Configuration ===== +==== Features ==== 
-Global configuration options affecting all interfaces. These options are set inside the section ''global''.+ * Prefix Handling 
 +    * Management of prefixes, addresses and routes from upstream connections and local ULA-prefixes 
 +    * Management of prefix unreachable-routes, prefix deprecation (RFC 6204) and prefix classes 
 +    * Distribution of prefixes onto downstream interfaces (including size, ID  and class hints) 
 +    * Source-based policy routing to correctly handle multiple uplink interfaces, ingress policy filtering (RFC 6204)
 +  * Native IPv6 configuration
 +    * Automatic bootstrap from SLAAC, stateless DHCPv6, stateful DHCPv6, DHCPv6-PD and any combination
 +    * Handling of preferred and valid address and prefix lifetimes
 +    * Duplicate address and Link-MTU detection
 +    * DHCPv6 Extensions: Reconfigure, Information-Refresh, SOL_MAX_RT=3600
 +    * DHCPv6 Extensions: RDNSS, DNS Search Domain, NTP, SIP, ds-lite, prefix exclusion (experimental)
-==== Options ==== +  * IPv6 transitioning technologies 
-^ Name ^ Type ^ Default ^ Description ^ +   * Setup and management of IPv6-in-IPv4 tunnels (6rd, 6to4, 6in4) 
-| ''ula_prefix'' | <unset> or <IPv6-prefix> or "auto" | //<unset>// | <unset>: no ULA prefix \\ <IPv6-prefix>: the local ULA-prefix to distribute if set to a specific prefix \\ "auto": a new ULA prefix is generated when the interface goes up and then saved replacing "auto" with the new prefix |+    * Setup and management of IPv4-in-IPv6 tunnels (ds-lite) 
 +    * Support for 6rd setup from DHCP and ds-lite setup from DHCPv6 (experimental)
-===== Interfaces ===== +  * Downstream IPv6 configuration 
-Sections of type interfaces define the IPv6 behaviour for the logical network in /etc/config/network with the same name. Defining a section in network6 which does not have a counterpart in network will have no effect. IPv6 operation is always enabled whenever the referenced network is enabled.+   * Server support for Router Advertisement, DHCPv6 (stateless and stateful) and DHCPv6-PD 
 +    * Automatic detection of announced prefixes, delegated prefixes, default routes and MTU 
 +    * Change detection for prefixes and routes triggering resending of RAs and DHCPv6-Reconfigure 
 +    * Detection of client hostnames and export as augmented hosts-file 
 +    * Support for RA & DHCPv6-relaying and NDP-proxying to e.g. support uplinks without prefix delegation
-A minimal interface declaration consists of the following lines: 
-<code>config 'interface' 'wan' 
-        option 'mode' 'dhcpv6'</code> 
-  * ''wan'' is the //logical interface name// of the corresponding network interface +==== Compliance ==== 
- * ''dhcpv6'' specifies the //mode of operation//, dhcpv6 in this example+Our aim is to follow [[http://tools.ietf.org/html/rfc7084|RFC 7084]] where possible. 
 +Nevertheless compliance has not been verified yet. Please notify us if you find any standard violations.
-==== Modes for upstream interfaces ==== 
-These modes should be used for upstream-interfaces pointing to the default router (e.g. internet DSL, cable or ethernet connection). 
-^ Mode ^ Description ^ +The following requirements of RFC 67084 are currently known not to be met
-| ''static'' | Static configuration with fixed prefixes and / or ULA prefix only (e.g. for 6in4 tunnels) | + *  RFC 7084 W-6 (SHOULD-requirement): There is no PCP-Client currently integrated in the stack. 
-| ''dhcpv6'' | Adresses, prefixes and configuration information are acquired from an upstream router via RD and / or DHCPv6 | + *  RFC 7084 WAA-5 (SHOULD-requirement): The NTP-Server is requested and received but currently not processed or used.
-| ''6rd'' | Prefixes are calculated from a 6rd-tunnel (referenced network interface has proto=6rd) | +
-| ''6to4'' | Prefixes are calculated from a 6to4-tunnel interface (referenced network interface has proto=6to4) |+
-==== Modes for downstream interfaces ==== 
-These modes should be used for downstream-interfaces where clients or inferior routers are attached and the current device acts as a router for them. 
-^ Mode ^ Description ^ +===== Upstream configuration for WAN-Interfaces ===== 
-| ''router'' | Adresses and configuration information are distributed for connected devices (Router Discovery and DHCPv6 service is provided) | +The following sections describe the configuration of IPv6 connections to your ISP or an upstream router. Please note that most tunneling mechanisms like 6in4, 6rd and 6to4 may not work behind a NAT-router.
-| ''relay'' | Relay Router Discovery, DHCPv6 and Neighbor Discovery from a selected interface in dhcpv6-mode (so that both share the same /64) |+
-==== Options ==== 
-Depending on the used //mode of operation// several options may or may not be available. This is indicated by the column //Modes//. 
-^ Name ^ Type ^ Modes ^ Default ^ Description ^ +==== Native IPv6 connection ==== 
-| ''static_prefix'' | <list of IPv6-prefixes> | static, dhcpv6 | //<unset>// | static prefixes that are routed to this interface by an upstream router for distribution to other interfaces \\ :!: static prefixes are **not** assigned to the interface itself, use the [[doc/uci/network#protocol.static|ip6addr option]] in /etc/config/network to assign static adresses or prefixes to the local interface \\ :!: static prefixes are distributed automatically onto interfaces in router-mode depending on their ''advertise_prefix'' option, if you want to assign (some) subprefixes statically you must exclude these from the static prefix otherwise duplicate assignment might occur as the automatic assignment doesn't honour static assignments in /etc/config/network | +For an uplink with native IPv6-connectivity you can use the following example configuration. It will work both for uplinks supporting DHCPv6 with Prefix Delegation and those that don't support DHCPv6-PD or DHCPv6 at all (SLAAC-only).
-| ''prefix_action'' | "distribute" or "npt" or "none" | static, dhcpv6, 6rd, 6to4 | "distribute" | method to populate prefixes \\ "distribute": distribute prefixes accross interfaces \\ "npt": translate the global ULA-address from / to the received prefix :!: requires kernel >= 3.7 & ip6tables >= 1.4.17 (not yet upstream!) \\ "none": no action  | +
-| ''site_border'' | 0 or 1 | static, dhcpv6, 6rd, 6to4 | 1 | 0: don't enforce site-border \\ 1: create a site-border and block ULA-traffic from crossing over this interface | +
-| ''request_prefix'' | "auto" or 8-64 or "no" | dhcpv6 | ''auto'' | "auto": the prefix length is chosen by the upstream router \\ 8-64: a prefix of the given length is requested \\ "no": no prefix is requested | +
-| ''prefix_fallback'' | <unset> or "relay" or "masquerade" | dhcpv6 | <unset> | what to do when requesting a public address prefix is enabled and fails or is disabled \\ <unset>: no fallback \\ "relay": an RD-, DHCPv6- and NDP-Proxy is created for interfaces in router-mode with ''relay_master'' set to this interface \\ "masquerade": use 1:N-NAT masquerading :!: requires kernel >= 3.7 & ip6tables >= 1.4.17 (not yet upstream!) | +
-| ''peerdns'' | 0 or 1 | dhcpv6 | 1 | 0: don't accept DNS options \\ 1: accept DNS options from upstream router | +
-| ''advertise_prefix'' | 0 or 8-64 | router | ''64'' | 0: don't acquire any sub-prefixes for advertisement \\ 8-64: try to acquire a sub-prefix of certain length from interfaces in static or dhcpv6 mode for advertisement to clients | +
-| ''always_default'' | 0 or 1 | router | 0 | 0: only announce as default router if global prefixes are present \\ 1: always announce as default router when a default route is present (set this for NPT) +
-| ''relay_master'' | <unset> or <network6 interface> | router, relay | ''<unset>'' | <unset>: don't relay to this interface \\ <network6 interface>: the parent network for relaying \\ Note: for mode=router, a relay is only created under certain conditions (see description of ''prefix_fallback'' above) |+
-===== Configuration examples ===== 
- 
-==== Native IPv6 connection ==== 
-For an uplink with native IPv6-connectivity you can use the following settings. It will work both for uplinks supporting Prefix Delegation and those that don't. In the latter case the lan interface is brought into pseudo-bridge (relaying) mode. If you don't want this to happen either remove the prefix_fallback option from wan or the relay_master from lan or both. 
-/etc/config/network6+/etc/config/network
<code> <code>
config interface wan config interface wan
-        option mode            dhcpv6 +        option ipv6 1 # only required for PPP-based protocols 
-        option request_prefix  auto +        ...
-        option prefix_fallback  relay+
 +config interface wan6
 +        option ifname  @wan
 +        option proto    dhcpv6
config interface lan config interface lan
-        option mode            router +        option proto    static 
-        option advertise_prefix 64 +        option ip6assign 60 
-        option relay_master    wan+        ...
</code> </code>
-==== SixXS static 6in4 tunnel ====+:!: The package ''odhcp6c'' must be installed to use dhcpv6. See [[doc/uci/network#protocol.dhcpv6]] for advanced configuration options.
-For a "static" tunnel (without aiccu) the configuration is very simple: 
-  - For /etc/config/network add the tunnel interface.  No need to add anything to the LAN interface section. 
-  - For /etc/config/network6 change the tunnel interface name, give its correct "routed" /64 or /48 prefix in the static_prefix option and make sure that the type is 'static'. Disable wan upstream prefix requests. Optionally remove also the ULA prefix. 
-With those settings, the LAN interface will get automatically assigned the ::1 address from the routed /64 prefix and everything will just work.+==== Static IPv6 connection ==== 
 +Static configuration of the IPv6 uplink is supported as well. The following example demonstrates this.
-:!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('sixxs' in this example) to the wan firewall-zone.(Additionally make sure that the ping checks from the tunnel endpoint will get through.)+/etc/config/network 
 +<code> 
 +config interface wan 
 +        option ifname  eth1 
 +        option proto    static 
 +        option ip6addr  2001:db80::2/64  # Own address 
 +        option ip6gw    2001:db80::1      # Gateway address 
 +        option ip6prefix 2001:db80:1::/48 # Prefix addresses for distribution to downstream interfaces 
 +        option dns      2001:db80::1      # DNS server 
 + 
 +config interface lan 
 +        option proto    static 
 +        option ip6assign 60 
 +        ... 
 +</code> 
 +For advanced configuration options see [[doc/uci/network#protocol.static]] 
 + 
 + 
 +==== 6in4 tunnel (HEnet tunnelbroker, sixxs static tunnel, ...) ==== 
 +6in4 tunnels are usually provided by external tunnel providers like HE.net or Sixxs. You can use the following example configuration as a basis.
/etc/config/network: /etc/config/network:
<code> <code>
 +config 'interface' 'wan6'
 +        option 'proto' '6in4'
 +        option 'mtu' '1424'                          # the IPv6 tunnel MTU (optional)
 +        option 'peeraddr' '62.12.34.56'              # the IPv4 tunnel endpoint
 +        option 'ip6addr' '2001:DB8:2222:EFGH::2/64'  # the IPv6 tunnel
 +        option 'ip6prefix' '2001:DB8:1234:ABCD::/64' # Your routed prefix (required!)
 +        # configuration options below are only valid for HEnet tunnels. ignore them for other tunnel providers.
 +        option tunnelid '123456' # HE.net tunnel id
 +        option username 'username' # HE.net username, which you use to login into tunnelbroker, not the User ID shows after you have login in.
 +        option password 'password' # HE.net password if there is no updatekey for tunnel
 +        option updatekey 'updatekey' # HE.net updatekey instead of password, default for new tunnels
 +
config 'interface' 'lan' config 'interface' 'lan'
-        option 'ifname' 'eth0.1' 
-        option 'type' 'bridge' 
        option 'proto' 'static'         option 'proto' 'static'
-        option 'ipaddr' '192.168.1.1' +        option ip6assign 60
-        option 'netmask' '255.255.255.0'+
... ...
-config 'interface' 'sixxs' 
-        option 'proto' '6in4' 
-        option 'mtu' '1424' 
-        option 'ttl' '64' 
-        option 'peeraddr' '62.12.34.56' 
-        option 'ip6addr' '2001:DB8:2345:EFGH::2/64' 
</code> </code>
-/etc/config/network6:+:!: If you choose a name for your tunnel-interface that is different from 'wan6' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall. 
 + 
 +:!: The package ''6in4'' must be installed to use 6in4-tunnels. See [[doc/uci/network#protocol.6in4.ipv6-in-ipv4.tunnel]] for advanved configuration options. 
 + 
 +:!: Note that HE.net assigns an "updatekey" by default for new tunnels since February 2014. If updatekey exists (visible in tunnel's advanced info page at the he.net site), it needs to be used instead of the password. Support for that option has been introduced in Openwrt trunk by r39646. Old tunnels without updatekey will continue to work with password. 
 + 
 + 
 +==== 6rd tunnel (ISP-provided IPv6 transition) ==== 
 +6rd is a tunnelmechanism based on 6to4. Unlike other tunneling mechanisms 6rd is usually provided by the ISP itself. 
 +Therefore you need to obtain the correct values for peeraddr, ip6prefix, ip6prefixlen and ip4prefixlen from your ISP. 
 + 
 + 
 +/etc/config/network:
<code> <code>
-config interface 'lan+config 'interface' 'wan6
-        option mode 'router+        option 'proto' '6rd
-        option advertise_prefix '64'+        option peeraddr '192.0.2.1' # The 6rd IPv4-gateway 
 +        option ip6prefix '2123::'  # Your ISP's IPv6-prefix 
 +        option ip6prefixlen '16'    # Your ISP's IPv6-prefix length 
 +        option ip4prefixlen '0'     # Your ISP's IPv4 prefix mask
-config interface 'sixxs+config 'interface' 'lan
-        option mode 'static' +        option 'proto' 'static' 
-        list static_prefix '2001:DB8:1234:ABCD::/64'+        option ip6assign 60 
 +...
</code> </code>
-==== HEnet 6in4 tunnel ====+:!: If you choose a name for your tunnel-interface that is different from 'wan6' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall.
-Also for a Hurricane Electric's tunnel the configuration is very simple: +:!: The package ''6rd'' must be installed to use 6rd-tunnels. See [[doc/uci/network#protocol.6rd.ipv6.rapid.deployment]] for advanved configuration options.
-  - For /etc/config/network add the tunnel interface including the tunnelid/username/password info. No need to add anything to the LAN interface section. +
-  - For /etc/config/network6 change the tunnel interface name, give its correct "routed" /64 or /48 prefix in the static_prefix option and make sure that the type is 'static'. Disable wan upstream prefix requests. Optionally remove also the ULA prefix.+
-With those settings, the LAN interface will get automatically assigned the ::1 address from the routed /64 prefix and everything will just work. +==== 6pe, L2TP tunnel, softwire (ISP-provided IPv6 transition) ==== 
 + 
 +This is another transitional mechanism for IPv6, used by some ISPs.  It relies on a L2TPv2 tunnel. 
 + 
 +Detailed configuration: [[doc/howto/ipv6.softwire]] 
 + 
 +==== 6to4 tunnel ==== 
 +6to4 is the simplest IPv6 tunneling mechanism and relies on publicly available gateways.
-:!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('henet' in this example) to the wan firewall-zone. 
/etc/config/network: /etc/config/network:
<code> <code>
 +config 'interface' 'wan6'
 +        option 'proto' '6to4'
 +
config 'interface' 'lan' config 'interface' 'lan'
-        option 'ifname' 'eth0.1' 
-        option 'type' 'bridge' 
        option 'proto' 'static'         option 'proto' 'static'
-        option 'ipaddr' '192.168.1.1' +        option ip6assign 60
-        option 'netmask' '255.255.255.0'+
... ...
-config 'interface' 'henet' 
-        option 'proto' '6in4' 
-        option 'mtu' '1424' 
-        option 'ttl' '64' 
-        option 'peeraddr' '62.12.34.56' 
-        option 'ip6addr' '2001:DB8:2222:EFGH::2/64' 
-        option tunnelid '123456' 
-        option username 'tb1234567890.12345678' 
-        option password 'password' 
</code> </code>
-/etc/config/network6:+ 
 +:!: If you choose a name for your tunnel-interface that is different from 'wan6' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall. 
 + 
 +:!: The package ''6to4'' must be installed to use 6to4-tunnels. See [[doc/uci/network#protocol.6to4.ipv6-in-ipv4.tunnel]] for advanved configuration options. 
 + 
 + 
 +==== Dual-Stack Lite tunnel (ds-lite IPv4 in IPv6) ==== 
 +ds-lite is a transitioning-mechanism which is used by ISPs to support legacy IPv4-connectivity over a native IPv6 connection. 
 + 
 +:!: ds-lite operation requires that IPv4 NAT is disabled. You should adjust your settings in /etc/config/firewall accordingly. 
 + 
 + 
 +/etc/config/network:
<code> <code>
-config interface 'lan+config 'interface' 'wan6
-        option mode 'router+        option 'ifname' 'eth1
-        option advertise_prefix '64'+        option 'proto' 'dhcpv6'
-config interface 'henet+config 'interface' 'wan
-        option mode 'static+        option 'proto' 'dslite
-        list static_prefix '2001:DB8:1111:ABCD::/64'+        option 'peeraddr' '2001:db80::1' # Your ISP's DS-Lite AFTR
</code> </code>
 +:!: If you choose a name for your tunnel-interface that is different from 'wan' make sure to add that name to the network-option of the firewall-zone 'wan' in /etc/config/firewall.
-==== 6rd configuration ==== +:!: The package ''ds-lite'' must be installed to use ds-lite-tunnels. See [[doc/uci/network#protocol.dslite.dual-stack.lite]] for advanved configuration options.
-6rd configuration is similar to the other tunnel protocols except that the IPv6 prefixes are automatically calculated and need not be define with ''static_prefix''+
-Make sure to ask your ISP for the correct values for peeraddr, ip6prefix, ip6prefixlen and ip4prefixlen.+
-With these settings, the LAN interface will get automatically assigned the ::2 address from the routed-prefix and everything will just work. 
-:!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('6rd' in this example) to the wan firewall-zone. 
-/etc/config/network:+===== Downstream configuration for LAN-Interfaces ===== 
 + 
 +OpenWrt includes a flexible local prefix delegation mechanism. 
 +It can be tuned for each downstream-interface individually with 3 parameters which are all optional: 
 +  * ''ip6assign'': Prefix size used for assigned prefix to the interface (e.g. 64 will assign /64-prefixes) 
 +  * ''ip6hint'': Subprefix ID to be used if available (e.g. 1234 with an ip6assign of 64 will assign prefixes of the form ...:1234::/64) 
 +  * ''ip6class'': Filter for prefix classes to accept on this interface (e.g. wan6 will only assign prefixes with class "wan6" but not e.g. "local") 
 + 
 + 
 +ip6assign and / or ip6hint-settings might be ignored if the desired subprefix cannot be assigned. In this case OpenWrt will first try to assign a prefix with the same length but different subprefix-ID. 
 +If this fails as well the prefix length is reduced until the assignment can be satisfied. If ip6hint is not set an arbitrary ID will be chosen. Setting the ip6assign-parameter to a value < 64 will allow the DHCPv6-server to hand out all but the first /64 via DHCPv6-Prefix Delegation to downstream routers on the interface. If the ip6hint is not suitable for the given ip6assign it will be rounded down to the nearest possible value. 
 + 
 +If ip6class is not set then all prefix classes are accepted on this interface. The default class for a prefix is the interface-name (e.g. "wan6") or "local" for the ULA-prefix. 
 +This can be used to select upstream interfaces from which subprefixes are assigned. For prefixes received from dynamic-configuration methods like DHCPv6 it is possible that the prefix-class 
 +is not equal to the source-interface but e.g. augmented with an ISP-provided numeric prefix class-value. 
 + 
 + 
 +Example (/etc/config/network):
<code> <code>
-config 'interface' '6rd' +config globals globals 
-        option 'proto' '6rd' +        option ula_prefix fd00:db80::/48 
-        option peeraddr '192.0.2.1' + 
-        option ip6prefix '2123::' +config interface wan6 
-        option ip6prefixlen '16' +        option proto static 
-        option ip4prefixlen '0'+        option ip6prefix 2001:db80::/56 
 +        ... 
 + 
 +config interface lan 
 +        option proto static 
 +        option ip6assign 60 
 +        option ip6hint 10 
 +        ... 
 + 
 +config interface guest 
 +        option proto static 
 +        option ip6assign 64 
 +        option ip6hint abcd 
 +        list ip6class wan6 
 +        ...
</code> </code>
-/etc/config/network6:+The results of that configuration would be: 
 + 
 +  * The ''lan'' interface will be assigned the prefixes 2001:db80:0:10::/60 and fd00:db80:0:10::/60. 
 +  * The DHCPv6-server can offer both prefixes except 2001:db80:0:10::/64 and fd00:db80:0:10::/64 to downstream routers on ''lan'' via DHCPv6-PD. 
 +  * The ''guest'' interface will only get assinged the prefix 2001:db80:0:abcd::/64 due to the class filter. 
 + 
 + 
 +===== Router Advertisement & DHCPv6 ===== 
 + 
 +OpenWrt features a versatile RA & DHCPv6 server and relay. Per default SLAAC, stateless and stateful DHCPv6 are enabled on an interface. If there are prefix of size /64 or greater present then addresses will be handed out from each prefix. If all prefixes on an interface have a size greater /64 then DHCPv6-Prefix Delegation is enabled for downstream-routers. If a default route is present the router advertises itself as default router on the interface. 
 + 
 +OpenWrt is also able to detect when there is no prefix available from an upstream interface and can switch into relaying mode automatically to extend the upstream interface configuration onto its downstream interfaces. This is useful for putting an OpenWrt behind another IPv6-router which doesn't offer prefixes via DHCPv6-PD. 
 + 
 +Example configuration section for SLAAC + DHCPv6 server mode (/etc/config/dhcp)
<code> <code>
-config interface 'lan' +config dhcp lan 
-       option mode 'router' +   option dhcpv6 server 
-       option advertise_prefix '64'+   option ra server 
 +</code>
-config interface '6rd' +Example configuration section for SLAAC alone (/etc/config/dhcp) 
-       option mode '6rd'+<code> 
 +config dhcp lan 
 +    option dhcpv6 disabled 
 +    option ra server
</code> </code>
 +Example configuration section for relaying (/etc/config/dhcp)
 +<code>
 +config dhcp wan6
 +    option dhcpv6 relay
 +    option ra relay
 +    option ndp relay
 +    option master 1
 +config dhcp lan
 +    option dhcpv6 relay
 +    option ra relay
 +    option ndp relay
 +</code>
-==== 6to4 tunnel ==== +:!: The package ''odhcpd'' must be installed to provide these services.
-6to4 configuration is similar to the other tunnel protocols except that the IPv6 prefixes are automatically calculated and need not be define with ''static_prefix''.+
-With these settings, the LAN interface will get automatically assigned the ::2 address from the routed-prefix and everything will just work. 
-:!: For traffic to flow correctly, you need set up the firewall correctly. Add the tunnel interface ('6to4' in this example) to the wan firewall-zone.+===== Routing Mangement ===== 
 +OpenWrt uses a source-address and source-interface based policy-routing system. This is required to correctly handle different uplink interfaces. 
 +Each delegated prefix is added with an unreachable route to avoid IPv6-routing loops.
-/etc/config/network:+To determine the current status of routes you can consult the information provided by ''ifstatus''. 
 + 
 +Example (ifstatus wan6):
<code> <code>
-config 'interface' '6to4' +... 
-        option 'proto' '6to4'+        "ipv6-address": [ 
 +                { 
 +                        "address": "2001:db80::a00:27ff:fe67:cd9c", 
 +                        "mask": 64, 
 +                        "preferred": 1681, 
 +                        "valid": 7081 
 +                } 
 +        ], 
 +        "ipv6-prefix": [ 
 +                { 
 +                        "address": "2001:db80:0:100::", 
 +                        "mask": 56, 
 +                        "preferred": 86282, 
 +                        "valid": 86282, 
 +                        "class": "wan6", 
 +                        "assigned": { 
 +                                "lan": { 
 +                                        "address": "2001:db80:0:110::", 
 +                                        "mask": 60 
 +                                } 
 +                        } 
 +                } 
 +        ], 
 +        "route": [ 
 +                { 
 +                        "target": "2001:db80::", 
 +                        "mask": 48, 
 +                        "nexthop": "fe80::800:27ff:fe00:0", 
 +                        "metric": 1024, 
 +                        "valid": 7081 
 +                }, 
 +                { 
 +                        "target": "::", 
 +                        "mask": 0, 
 +                        "nexthop": "fe80::800:27ff:fe00:0", 
 +                        "metric": 1024, 
 +                        "valid": 7081 
 +                } 
 +        ], 
 +...
</code> </code>
 +Interpretation:
 +  * On the interface 2 routes are provided: 2001:db80::/48 and a default-route via the router fe80::800:27ff:fe00:0.
 +  * These routes can only be used by locally generated traffic and traffic with a suitable source-address, that is either one of the local addresses or an address out of the delegated prefix.
-/etc/config/network6:+:!: OpenWrt adds IPv6-routes (like default routes) to specific routing-tables and not the main-table thus they may not be seen by default. You can use the command ''ip -6 rule'' to list all current routing policies. 
 + 
 +===== Migration from Attitude Adjustment 12.09 and earlier ===== 
 + 
 +==== IPv6 Forwarding ==== 
 +To ensure that IPv6 forwarding is working correctly, please check that your /etc/sysctl.conf contains the following entries:
<code> <code>
-config interface 'lan' +net.ipv6.conf.default.forwarding=1 
-       option mode 'router' +net.ipv6.conf.all.forwarding=1 
-       option advertise_prefix '64'+</code>
-config interface '6to4+==== Downstream configuration for LAN-Interfaces ==== 
-       option mode '6to4'+It is discouraged to use **ip6addr** to set addresses / prefixes on downstream interfaces (e.g. lan) because it can easily lead to conflicts with the local address delegation. 
 +Also it might lead to unexpected result or brokenness due to the source-based policy-routing used in the IPv6-stack. 
 + 
 +Please use the new options **ip6assign** and **ip6hint** instead. 
 + 
 +Example: If your delegated prefix is 2001:db80:1234::/48 and you want your lan interface to have the subprefix 2001:db80:1234:5678::/64 you could use the following configuration: 
 +<code> 
 +config 'interface' 'lan
 +       option 'proto' 'static' 
 +      option 'ip6assign' '64' 
 +      option 'ip6hint' '5678' 
 +      ...
</code> </code>
 +
 +If the router can ping6 the internet, but lan machines get "Destination unreachable: Unknown code 5" or "Source address failed ingress/egress policy" then the **ip6assign** option is missing on your lan interface.
 +
 +==== Router Advertisement & DHCPv6 ====
 +The use of radvd is now unnecessary. The service 6relayd is used for Router Advertisement and DHCPv6 and picks up addresses from interfaces automatically.
 +To configure the 6relayd service see [[doc/uci/6relayd]].
 +
 +
 +==== Upstream Configuration for WAN-Interfaces ====
 +
 +=== Generic Changes ===
 +Router Advertisements are not accepted by default anymore and thus OpenWrt will not configure itself with default routes and / or addresses. Also the interface-options **accept_ra** and **send_rs** have been removed.
 +You should add an interface with proto dhcpv6 - also for receiving RAs only - as described in [[#native.ipv6.connection|Native IPv6 Connection]].
 +
 +
 +=== 6in4 tunnel and Static IPv6 connection ===
 +It is now necessary to add your routed-prefix (e.g. routed /48  of your tunnel) as option **ip6prefix** to the tunnel/static-interface in /etc/config/network.
 +If you omit this option your lan-clients will not be able to reach the internet.
 +
 +Example:
 +<code>
 +config 'interface' 'wan6'
 +        option 'proto' '6in4'
 +        option 'peeraddr' '62.12.34.56
 +        option 'ip6addr' '2001:DB8:2222:EFGH::2/64'
 +        option 'ip6prefix' '2001:DB8:1234:ABCD::/64' # <- Your routed prefix
 +        ...
 +</code>
 +
 +
 +=== 6rd and 6to4 tunnel ===
 +Your public address prefix is now automatically calculated and sent to the network subsystem (netifd).
 +You should follow the advice for [[#downstream.configuration.for.lan-interfaces1|lan-interface configuration]].

Back to top

doc/uci/network6.1356776057.txt.bz2 · Last modified: 2012/12/29 11:14 by steven