Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
5 juin 2013 3 05 /06 /juin /2013 10:21

For this next part in the Static IPv6 Networking serie, we're going to complicate our network topology a little bit more.

We will chain 2 IPv6 Routers, so to route 3 ULA subnets. We'll see how to make an IPv6 Router out of a Windows computer, in case you don't have a second IPv6 Router. Finally, we will try to add a third IPv6 Router, to route 4 ULA Subnets.

 

Here is the basic topologywe'll use :

 

Static3R2.gif

 

but first, let's see how to make an IPv6 Router from a Windows PC.

 

How to make a Windows PC into an IPv6 Router

 

Static3d.gif

 

 

It's very easy to turn a modern Windows OS ( starting with Vista ) into a Router. You just need the PC to have 2 interfaces cards.

 

First, identify your interfaces' Idx ( Index ) using the netsh int ipv6 show interface

Then, activate forwarding on both interfaces using netsh int ipv6 set interface [Idx] forwarding=enable

Here it is :

 

Static3e.gif

 

 

You don't have to create routes, they're automatically set up between the two network interfaces :

 

Static3f.gif

 

 

2 IPv6 Routers Setup : 1 Network Router + 1 Windows OS Router

 

 

Here is the network topology we will put in place :

 

Static3R1

 

 

 

There are three subnets :           fd07:432d:ce02:3::/64

                                                         fd07:432d:ce02:2::/64

                                                         fd07:432d:ce02:1::/64

 

D-Link DIR 626-L requires you to set a default gateway, so we'll assign it DG : fd07:432d:ce02:2::1

The other hosts or nodes are set without default gateway. We will setup routes manually.

 

First, we will loosen up a little our IPv6 ping firewall rules, as we want all the hosts and nodes on the network to be able to ping each other :

 

Static3h.gif

 

 

here we're using a IPv6 range fd07:432d:ce02:1::100- fd07:432d:ce02:10::254, thus allowing 10 subnets.

 

On the other side, we disable Wan ping from ouside, to tighten up a little our network security :

 

Static3g.gif

 

 

So are PC1 and PC2 able to ping each other ? Well, no. The core of the matter is routing.

 

To check the registered routes on a Windows OS, just type :

netsh int ipv6 show route :

 

Static3j.gif

 

To check the registered routes on our D-Link Dir 626L Router, check :

 

Status ) IPv6 Routing

 

 

Static3i.gif

 

 

 

When checking all routes, we see that :

 

PC 1 has no route to subnets fd07:432d:ce02:2::/64 and  fd07:432d:ce02:1::/64

Router 1 has route to all three subnets, thanks to its fd07:432d:ce02:2::1 Default Gateway

Router 2 has no route to subnet fd07:432d:ce02:3::/64

PC 2 has no route to subnets fd07:432d:ce02:2::/64 and  fd07:432d:ce02:3::/64

 

 

 

here is how we add the fd07:432d:ce02:2::/64 route to PC 1 :

 

identify the outgoing network interface          netsh int ipv6 show interface

add the route                                                      netsh int ipv6 add route [ destination network / prefix ] [ Idx ] [ gateway ]

check the new routing table                             netsh int ipv6 show route

 

Static3k.gif

 

 

likewise, we add on PC 1 the route to the fd07:432d:ce02:2::/64 network :

 

netsh int ipv6 add route fd07:432d:ce02:3::/64 10 fd07:432d:ce02:3::1

 

 

we add on Router 2 ( Windows OS ) the route to fd07:432d:ce02:3::/64 subnet :

 

netsh int ipv6 add route fd07:432d:ce02:3::/64 10 fd07:432d:ce02:2::230

 

 

we add on PC 2 the routes to fd07:432d:ce02:2::/64 and fd07:432d:ce02:3::/64 subnets :

 

netsh int ipv6 add route fd07:432d:ce02:2::/64 10 fd07:432d:ce02:1::254

netsh int ipv6 add route fd07:432d:ce02:3::/64 10 fd07:432d:ce02:1::254

 

 

 

all hosts and nodes on teh network are now able to ping each other. A tracert exemple :

 

Static3l.gif

 

 

 

2 IPv6 Routers Setup : 2 Network Routers

 

 

For this second setup, we will line two D-Link Dir 626 L Routers.

This time, we will use default gateway for all hosts and nodes on the network map, except for PC 2.

Its is a kind of downstreaming network topology.

 

 

Static3R2

 

The downstream topology :

 

Static3R2b.gif

 

The goal, this time again, is to have all host and nodes able to ping each other, plus PC 1 to remote

connect to the two Routers.

 

First, remember to check the firewalling rules. ( See above on this page )

We too have to add a firewall rule to Router 1 to allow Webadmin of Router 2 :

Advanced ) IPv6 Firewall

 

 

Static3m.gif

 

Then, check all routes using netsh on Windows or status tab on Network Routers

 

We have to set a route for PC 2 to subnets fd07:432d:ce02:2::/64 and fd07:432d:ce02:3::/64 :

 

netsh int ipv6 add route fd07:432d:ce02:2::/64 10 fd07:432d:ce02:1::254

netsh int ipv6 add route fd07:432d:ce02:3::/64 10 fd07:432d:ce02:1::254

 

 

We too have to set a route on Router 2 to subnet fd07:432d:ce02:3::/64 :

 

Static3n.gif

 

Here is the new Router 2 routing table :

 

Static3o.gif

 

Router 1 and PC 1 don't need no additionnal routes. All Hosts and nodes on the network can now ping each other.

As an exemple, let's ping PC 1 from Router 2, usin the Tools Tab  :

 

Static3p.gif

 

 

 

3 IPv6 Routers setup : 2 network routers + 1 Windows OS Router

 

 

 

Let's quickly check the network topology, and routing needs, if we add a Windows OS Router as a third IPv6 Router in our network. It looks like this :

 

Static3R3.gif

 

 

Here is the streaming topology that results from the DGs ( Default Gateways ) setup :

 

Static3R3b.gif

 

 

what are the routes that need to be added, for every host to be able to reach any host on the network ?

 

PC 1 needs no added route ( it has a unique fd07:432d:ce02:3::1 gateway )

 

PC 4 needs no added route ( it has a unique fd07:432d:ce02:4::200 gateway )

 

Router 1 needs a route to the fd07:432d:ce02:4::/64 subnet

 

Router 2 needs routes to the fd07:432d:ce02:3::/64 and the fd07:432d:ce02:4::/64 subnets

 

Router 3 ( ie Server ) needs a route to the fd07:432d:ce02:3::/64 subnet

 

PC 2 needs routes to the fd07:432d:ce02:2::/64 fd07:432d:ce02:3::/64 and fd07:432d:ce02:4::/64 subnets

 

Here is how we add these routes:

 

Router 1 :

 

Static3q.gif

 

Router 2 :

 

Static3r.gif

 

Router 3 :

 

Static3s.gif

 

 

PC 2 :

 

Static3t.gif

 

All network hosts can now reach each others.

 

 

Why not to set a default gateway to PC2 ? Well, we could obviously. But don't forget the true meaning of a default gateway : It's the EVERYTHING way, so for security reason, you might prefer to assign specific routes.

 

 

Conclusions

 

To summ it all up : a network host or node has knowledge of only the directly connected subnets ( ie the subnets he belongs to )

 

Make extensive use of ping, tracert, and netsh int ipv6 show route or Routers' route status to debug your network

 

Do this debugging FROM different places in your network

 

Don't forget to check your firewalls

Partager cet article

Repost 0
Published by computer outlines - dans IPv6
commenter cet article

commentaires

Présentation

  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact

Recherche

Liens