Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
16 juin 2013 7 16 /06 /juin /2013 14:26

For this next part, we're going to see how to bring IPv6 internet connectivity to a whole subnet. For this, we will need an IPv6 capable Router, or to use a Windows PC as an IPv6 Router. We'll see both ways to do this.

 

The basic network topology looks like this :

 

Static7a.gif

 

To have Internet connectivity for a whole subnet, we need what is named a ' routed /64  subnet'.
This means that beside your Wan IPv6 IP, which is on a first subnet with the IPv6 ISP endpoint, we need another /64 subnet, for our IPv6 Lan. Finally, we need that second /64 subnet to be routed to by the ISP. That is a ' routed /64 subnet '.
To see how to create an IPv6 Internet Tunnel with Hurricane Electric, see this post : Static IPv6 Networking Part 5 : Internet Connectivity

At out Tunnel Details page, we see this :

 

Static7c.gif

 

We need to note :
the Server IPv4 and IPv6 Addresses : [D ] and [ E ]
the Client IPv4 and IPv6 Addresses : [ A ] and [ B ]
the routed /64 prefix : [ F ]

we need too our Client real IPv4 address : [ C ], which in most case is a private IPv4. It's the IPv4 address of the Router Wan side in this case. We will use this one as Client IPv4 Address.
please note that in this case, the client is our Router ( or Windows OS Router )

A Routed /64 subnet using an IPv6 Router

The network topology as a reminder :
Static7a

 

First, we need to setup the Wan side of our router. HE ( Hurricane Electric ) IPv6 tunneling type is IPv6inIPv4. We enter the IPv4 and IPv6 endpoints IP addresses, and choose a Lan IP address on the Routed /64 prefix subnet ( [ F ] ) :

 

Static7d.gif

 

For a reminder, we don't use the Local Connectivity tab on this setup. Here is how it should look like :

 

Static7e.gif

 

We then setup PC 1 and PC 2, using the /64 router prefix, and using the Router Lan IP as a default gateway. As an exemple :

Name                IP                        prefix length                  DG                     DNS1                                      DNS2
PC1 :                 [F]::40                 /64                                  [F]::1                   2001:4860:4860::8888       2001:4860:4860::8844
PC2 :                 [F]::41                 /64                                  [F]::1                   2001:4860:4860::8888       2001:4860:4860::8844


On last note : We need to take care of the Router IPv6 Firewall. Here is a basic, working configuration :

Static7f.gif

 

I'll focus on IPv6, and especially This D-link 626-L firewall implementation, in a following post.

 

We can now try our Internet connectivity :
tracert -d ipv6.google.com

A few notes : The D-Link DIR 626-L doesn't seem to be able to do DNSv6 relay.

 

A Routed /64 subnet using an Windows OS as an IPv6 Router

Here is the topology we're going to use :

Static7b.gif

 

Please note that we will need a switch behind OS Router 1. It can be any switch, or the switching side of an IPv4 Router. Just disable DHCP and verify the IPv4 subnet for this en-switched Router.

first, we will create the tunnel :

 

Static7g.gif

 

then, we will identify the [Idx] our 2 routing interfaces using this command :

 

netsh int ipv6 show interface

 

 

[ Idx1 ] = Lan side Interface

[ Idx2 ] = IP6Tunnel

 

 

and issue the forwarding command for both interfaces. replace [Idx1] and [Idx2] of course :

 

Static7h.gif

 

we then assign the address [ F ]::1 for the Lan Side Router's Interface
and setup PC 1 and PC 2 :

Name                IP                        prefix length                  DG                     DNS1                                      DNS2
PC1 :                 [F]::40                 /64                                  [F]::1                   2001:4860:4860::8888       2001:4860:4860::8844
PC2 :                 [F]::41                 /64                                  [F]::1                   2001:4860:4860::8888       2001:4860:4860::8844

 

On last note : We do not need to take care of the Windows OS IPv6 Router Firewall. Which is easy, but is a good reminder that you're essentially trusting your OS for firewalling issues. And here, it seems quiet comprehensive to say the least ...

We can now try our Internet connectivity :
tracert -d ipv6.google.com


A few last notes : we can turn our Windows OS into an IPv6 subnet access point using a single network interface. In this case, the network topology is this :

Static7i.gif

 

and we use the Windows OS IPv4 as client IPv4, and as IPv6 address we use [F]::1
( the IP6Tunnel interface is virtual after all, and receives the WAN IPv6 address )





Partager cet article

Repost 0
Published by computer outlines - dans IPv6
commenter cet article

commentaires

Présentation

  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact

Recherche

Liens