Alexander Leidinger

Just another weblog


IPv6 in my LAN

After enabling IPv6 in my WLAN router, I also enabled IPv6 in my FreeBSD sys­tems. I have to tell that the IPv6 chap­ter in the FreeBSD hand­book does not con­tain as much infor­ma­tion as I would like to have about this.

Con­fig­ur­ing the inter­faces of my two 9-current sys­tems to also carry a spe­cific IPv6 address (an easy one from the ULA I use) was easy after read­ing the man-page for rc.conf. After a lit­tle bit of exper­i­ment­ing it came down to:

ifconfig_rl0_ipv6=“inet6 ::2:1 pre­fixlen 64 accept_rtadv“
ipv6_defaultrouter=”<router address>”

Apart from this address (I chose it because the IPv4 address ends in “.2″, this way I can add some easy to remem­ber addresses for this machine if needed), I also have two auto­mat­i­cally con­fig­ured addresses. One is with the same ULA and some not so easy to remem­ber end (con­structed from the MAC address), and one is from the offi­cial pre­fix the router con­structed out of the offi­cial IPv4 address from the ISP (+ the same end than the other end).

Addi­tion­ally I also have all my jails on this machine with an IPv6 address now (yes, they are like “…:2:100″ with the :100 because the IPv4 address ends in “.100″). Still TODO is the con­ver­sion of all the ser­vices in the jails to also lis­ten on the IPv6 address.

I already changed the con­fig of my inter­nal DNS to have the IPv6 addresses for all sys­tems, lis­ten on the IPv6 address (when I add an IPv6 net­work to allow-query/allow-query-cache/allow-recursion bind does not want to start). And as I was there, I also enabled the DNSSEC ver­i­fi­ca­tion (but I get a lot of error mes­sages in the logs: “unable to con­vert errno to isc_result: 42: Pro­to­col not avail­able”, one search result which talks exactly about this error tells it is a “cos­metic error”…).

I noticed that an IPv6 ping between two phys­i­cal machines takes a lit­tle bit more time than an IPv4 ping (no IPsec enabled). It sur­prised me that this is such a notice­able dif­fer­ence (not within the std-dev at all):

— ping sta­tis­tics —
10 pack­ets trans­mit­ted, 10 pack­ets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.168÷0.193÷0.220÷0.017 ms

— ping6 sta­tis­tics —
10 pack­ets trans­mit­ted, 10 pack­ets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.207÷0.325÷0.370÷0.047 ms

The infor­ma­tion I miss in the FreeBSD hand­book in the IPv6 chap­ter is what those other IPv6 related ser­vices are and when/how to con­fig­ure them. I have an idea now what this radvd is, but I am not sure what the inter­ac­tion is with the accept_rtadv set­ting for ifcon­fig (and I do not think I need it, as my WLAN router seems to do it already). I know that I get the IPv6-friendly net­work neigh­bor­hood dis­played with ndp(8). I did not have a look at enabling IPv6 mul­ti­cast sup­port in FreeBSD, and I do not know what those other IPv6 options for rc.conf do.

GD Star Rat­ing
GD Star Rat­ing
IPv6 in my LAN, 10.0 out of 10 based on 1 rating

Tags: , , , , , , , , ,

One Response to “IPv6 in my LAN

  1. Lapo Says:

    Route Adver­tise­ment allows zero-configuration, i.e. auto­matic address setup with the cor­rect pre­fix and a suf­fix taken from the MAC.
    OTOH rtadvd is the server part and you cor­rectly stip­u­lated that you do not need it; not unless the that FreeBSD host is also an IPv6 router, e.g. one of his inter­faces act as gate­way to another local net­work in a dif­fer­ent (or longer) prefix.

    GD Star Rating
    GD Star Rating

Leave a Reply