Chapter 2 Administering IPv6 (Tasks)

This chapter contains procedures for configuring IPv6 on hosts and routers. The text includes the following major topics:

• Enabling IPv6 Nodes

• Enabling IPv6 Nodes Task Map

• Monitoring IPv6

• Monitoring IPv6 Task Map

• Configuring IP in IP Tunnels

• Configuring IP in IP Tunnels Task Map

• Displaying IPv6 Name Service Information

• Displaying IPv6 Name Service Information Task Map

Enabling IPv6 Nodes

This section provides procedures that you might need to configure IPv6 nodes on your network.

The term node in this context refers either to a Solaris server or client host.

Enabling IPv6 Nodes Task Map

You can enable IPv6 on a system when you install the Solaris software. If you answered yes to enable IPv6 during the installation process, you can omit the following procedures to enable IPv6.

How to Enable IPv6 on a Node

1. Become superuser on the system where you want to enable IPv6.

2. Type the following for each interface.

   # touch /etc/hostname6.interface

   Interface

   Interface name, such as le0, le1.

3. Reboot the node

   ---

   Note –

   The reboot process sends router discovery packets. The router responds with a prefix. The response enables the node to configure the interfaces with an IPv6 address. Rebooting also restarts key network daemons in IPv6 mode.

   ---

4. Display the IPv6 addresses of all interfaces.

   # ifconfig -a6

   To show both IPv4 and IPv6 addresses, just use the -a option.

5. Add the IPv6 address to the appropriate name service as follows:

   • For NIS and NIS+, see How to Add IPv6 Addresses to NIS and NIS+.

   • For DNS, see How to Add IPv6 Addresses to DNS.

How to Configure a Solaris IPv6 Router

1. Become superuser on the system to become the router.

2. Edit the file /etc/inet/ndpd.conf with subnet prefixes by adding one or more of the following entries.

   See the in.ndpd(1M) man page for a list of variables and allowable values. For more information about the ndpd.conf file, see the ndpd.conf(4) man page.

   1. Add entries that specify router behavior for all interfaces.

      ifdefault variable value

   2. Add entries that specify the default behavior of prefix advertisement.

      prefixdefault variable value

   3. Add sets per interface parameter entries.

      if interface variable value

   4. Add advertisements for each entry for interface prefix information.

      prefix prefix/length interface variable value

3. Reboot the system.

Neighbor discovery (in.ndpd) relays the subnet address prefixes of the hosts to the hosts. Also, the next generation RIP routing protocol (in.ripngd) runs automatically.

Example—ndpd.conf Router Configuration File

# Send router advertisements out all NICs
ifdefault AdvSendAdvertisements on
# Advertise a global prefix and a 
# site local prefix on three interfaces.
# 0x9255 = 146.85
prefix 2:0:0:9255::0/64	 	hme0
prefix fec0:0:0:9255::0/64 	hme0
# 0x9256 = 146.86
prefix 2:0:0:9256::0/64 	hme1
prefix fec0:0:0:9256::0/64	hme1
# 0x9259 = 146.89
prefix 2:0:0:9259::0/64		hme2
prefix fec0:0:0:9259::0/64	hme2

How to Configure a 6to4 Router

Before you configure 6to4 routing on an IPv6 network, you must have done the following:

• Configured IPv6 on all appropriate nodes at the prospective 6to4 site, as described in How to Enable IPv6 on a Node.

• Selected at least one router with a connection to an IPv4 network to become the 6to4 router.

• Configured a globally unique IPv4 address for the prospective 6to4 router's interface to the IPv4 network. The IPv4 address must be static. Do not use a dynamically allocated IPv4 address. For instructions for configuring an IPv4 interface, see “Network Configuration Procedures” in System Administration Guide: IP Services

1. Become superuser on the prospective 6to4 router.

2. Configure a 6to4 pseudo-interface on the router by creating the /etc/hostname6.ip.6to4tun0 file.

   • If you plan to use the recommended convention of subnet ID=0 and host ID=1, use the short format for /etc/hostname6.ip.6to4tun0:

     tsrc IPv4 address up

   • If you plan to use other conventions for subnet ID and host ID, use the long format for /etc/hostname6.ip.6to4tun0:

     tsrc IPv4 address 2002:IPv4 address:subnet ID:host ID:/64 up

   The next table explains the parameters of /etc/hostname6.ip.6to4tun0 that are used in this step.

   tsrc	Indicates that this interface is used as a tunnel source
   IPv4 address	Specifies, in dotted decimal format, the IPv4 address that is configured on the physical interface to become the 6to4 pseudo-interface
   2002	(Optional) Specifies the 6to4 prefix
   IPv4 address	(Optional) Specifies, in hexadecimal, the IPv4 address of the pseudo-interface.
   subnet ID	(Optional) Specifies, in hexadecimal notation, a subnet ID other than 0
   host ID	(Optional) Specifies a host ID other than 1
   /64	Indicates that the address has a length of 64 bits.
   up	Directs ifconfig to configure the interface as “up”

   ---

   Note –

   Two IPv6 tunnels cannot have the same source and same destination addresses. Packets are dropped as a result. This type of event can happen if a 6to4 router also performs tunneling through atun.

   ---

3. (Optional) Create additional 6to4 pseudo-interfaces on the router.

   Each prospective 6to4 pseudo-interface must have an already-configured, globally unique IPv4 address.

4. Run ifconfig to verify the status of the interface.

   # ifconfig ip.6to4tun0 inet6

   If the interface is correctly configured, you receive output that is similar to the following.

   ip.6to4tun0: flags=2200041<UP,RUNNING,NONUD,IPv6>mtu 1480 index 11 inet tunnel src 129.146.87.188 tunnel hop limit 60 inet6 2002:8192:56bb:56bb::1/64

5. Edit /etc/inet/ndpd.conf to advertise 6to4 routing.

   For detailed information, refer to ndpd.conf(4).

   1. Specify the subnet to receive the advertisement in the first line.

      Create an if entry with the following format:

      if subnet-interface AdvSendAdvertisements 1

      For example, to advertise 6to4 routing to the subnet that is connected to interface hme0, replace subnet-interface with hme0.

      if hme0 AdvSendAdvertisements 1

   2. Add the 6to4 prefix as the second line of the advertisement.

      Create a prefix entry with following format:

      prefix 2002:IPv4-address:subnet ID::/64 subnet-interface

      prefix 2002	Indicates a 6to4 prefix
      IPv4-address	Specifies, in hexadecimal representation, the unique IPv4 address of the 6to4 pseudo-interface
      subnet ID	Specifies, in hexadecimal, a subnet ID
      subnet-interface	Router interface to which the subnet is connected

6. Reboot the router.

   Alternatively, you can issue a sighup to /etc/inet/in.ndpd to begin sending router advertisements.. The IPv6 nodes on each subnet to receive the 6to4 prefix now autoconfigure with new 6to4–derived addresses.

7. Add the new 6to4–derived addresses of the nodes to the name service that is used at the 6to4 site.

   For instructions, go to How to Add IPv6 Addresses to DNS or How to Add IPv6 Addresses to NIS and NIS+.

Configuring Multiple Routers at the 6to4 Site

For a multiple router site, the routers behind the 6to4 router might require further configuration to support 6to4. If your site uses RIP, you must configure on each non-6to4 router static routes to the 6to4 router. If you use a commercial routing protocol, you do not need to create static routes to the 6to4 router.

Examples—6to4 Router Configuration

The following is an example of the short form of /etc/hostname6.ip.6to4tun0.

# cat /etc/hostname6.ip.6to4tun0
tsrc 129.146.87.188 up

Here is an example of the long form of /etc/hostname6.ip.6to4tun0.

# cat /etc/hostname6.ip.6to4tun0
tsrc 129.146.87.188 2002:8192:56bb::1/64 up

The following example shows output of ifconfig for a 6to4 pseudo-interface.

# ifconfig ip.6to4tun0 inet6
ip.6to4tun0: flags=2200041<UP,RUNNING,NONUD,IPv6> mtu 1480 index 11
        inet tunnel src 129.146.87.188
        tunnel hop limit 60 
        inet6 2002:8192:56bb::1/64 

The next sample /etc/inet/ndpd.conf file advertises 6to4 routing on two subnets.

if qfe0 AdvSendAdvertisements 1
prefix  2002:8192:56bb:1::/64 qfe0 

if qfe1 AdvSendAdvertisements 1
prefix  2002:8192:56bb:2::/64 qfe1

How to Add IPv6 Addresses to NIS and NIS+

A new table has been added for NIS+ named ipnodes.org_dir. The table contains both IPv4 and IPv6 addresses for a host. The existing hosts.org_dir table, which contains only IPv4 addresses for a host, remains the same to facilitate existing applications. Both the hosts.org_dir and ipnodes.org_dir tables must be consistent with the IPv4 addresses. See IPv6 Extensions to Solaris Name Services for an overview.

Administration of the new ipnodes.org_dir table is similar to administering the hosts.org_dir. The same tools and utilities that are used to administer the previous NIS+ tables are valid for ipnodes.org_dir. See System Administration Guide: Naming and Directory Services for details on how to manipulate the NIS+ table.

The following command merges the entries from /etc/inet/ipnodes into the ipnodes.org_dir table, in verbose mode. The NIS+ table was probably created by nistbladm(1), nissetup(1M), or nisserver(1M).

On a command line, type the following command:

% nisaddent -mv -f /etc/inet/ipnodes ipnodes

Use the following procedure to display the ipnodes.org_dir table.

On a command line, type the following command:

% nisaddent -d ipnodes

Two new maps have been added for NIS: ipnodes.byname and ipnodes.byaddr. These maps contain both IPv4 and IPv6 host name and address associations. The hosts.byname and hosts.byaddr maps, which contain only IPv4 host name and address associations, are unchanged so that they can facilitate existing applications. Administration of the new maps is similar to the maintenance of the hosts.byname and hosts.byaddr older maps. Again, it is important that when you update the hosts maps with IPv4 addresses that the new ipnode maps are also updated with the same information.

Tools that are aware of IPv6 use the new NIS maps and the new NIS+ tables.

How to Add IPv6 Addresses to DNS

1. Become superuser on the primary or secondary DNS server for your IPv6 network.

2. Edit the appropriate DNS zone file by adding AAAA records for each IPv6–enabled host, as follows.

   host-name IN AAAA host-address

3. Edit the DNS reverse zone file and add PTR records, using the following format.

   host-address IN PTR host-name

For detailed information on DNS administration, refer to “DNS Administration (Reference)” in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Example—DNS Zone File

vallejo		IN		AAAA   2::9256:a00:20ff:fe12
IN		AAAA   fec0::9256:a00:20ff:fe12:528

Example—DNS Reverse Zone File

$ORIGIN	ip6.int.	
8.2.5.0.2.1.e.f.f.f.9.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0 \
	IN		PTR		vallejo.Eng.apex.COM.
8.2.5.0.2.1.e.f.f.f.9.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.0.c.e.f \
	IN		PTR		vallejo.Eng.apex.COM.

Monitoring IPv6

The following commands are modified to accommodate the Solaris implementation of IPv6.

• ifconfig(1M)

• netstat(1M)

• snoop(1M)

• ping(1M)

• traceroute(1M)

You can use the new additions to conduct diagnostics. For conceptual descriptions of these commands, see IPv6 Extensions to the ifconfig Utility and IPv6 Extensions to Existing Utilities.

Monitoring IPv6 Task Map

How to Display Interface Address Assignments

You can use the ifconfig command to display all address assignments as well as just IPv4 or IPv6 address assignments.

On the command line, type the following command.

% ifconfig [option]

For more information on the ifconfig command, see the ifconfig(1M) man page.

Example—Displaying Addressing Information for All Interfaces

% ifconfig -a
lo0: flags=1000849 mtu 8232 index 1
        inet 120.10.0.1 netmask ff000000 
le0: flags=1000843 mtu 1500 index 2
        inet 120.46.86.54 netmask ffffff00 broadcast 120.146.86.255
        ether 8:0:73:56:a8 
lo0: flags=2000849 mtu 8252 index 1
        inet6 ::1/128 
le0: flags=2000841 mtu 1500 index 2
        ether 8:0:20:56:a8 
        inet6 fe80::a00:fe73:56a8/10 
le0:1: flags=2080841 mtu 1500 index 2
        inet6 fec0::56:20ff:fe73:56a8/64 
le0:2: flags=2080841 mtu 1500 index 2
        inet6 2::56:a00:fe73:56a8/64

Example—Displaying Addressing Information for All IPv4 Interfaces

% ifconfig -a4
lo0: flags=1000849 mtu 8232 index 1
        inet 120.10.0.1 netmask ff000000 
le0: flags=1000843 mtu 1500 index 2
        inet 120.46.86.54 netmask ffffff00 broadcast 120.46.86.255
        ether 8:0:20:56:a8

Example—Displaying Addressing Information for All IPv6 Interfaces

% ifconfig -a6
lo0: flags=2000849 mtu 8252 index 1
        inet6 ::1/128 
le0: flags=2000841 mtu 1500 index 2
        ether 8:0:20:56:a8 
        inet6 fe80::a00:fe73:56a8/10 
le0:1: flags=2080841 mtu 1500 index 2
        inet6 fec0::56:20ff:fe73:56a8/64 
le0:2: flags=2080841 mtu 1500 index 2
        inet6 2::56:a00:fe73:56a8/64 
ip.6to4tun0: flags=2200041<UP,RUNNING,NONUD,IPv6> mtu 1480 index 11
        inet tunnel src 129.146.86.187 
        tunnel hop limit 60 
        inet6 2002:8192:56bb::1/64 

Example—Displaying Addressing Information for the 6to4 Pseudo-Interface

% ifconfig ip.6to4tun0 inet6
6to4tun0: flags=2200041<UP,RUNNING,NONUD,IPv6. mtu 1480 index 11
        inet tunnel src 172.16.213.81 
        tunnel hop limit 60 
        inet6 2002:ac10:d551::1/64 

How to Display Network Status

These procedures enable you to display the following structure formats for network data by using the netstat command:

• All sockets and routing table entries

• Inet address family for IPv4

• Inet6 address family for IPv6

• Statistics per interface—IPv6 or ICMPv6 counters

On the command line, type the following command.

% netstat [option]

For more information on the netstat command, see the netstat(1M) man page.

Example—Displaying All Sockets and Routing Table Entries

% netstat -a
UDP: IPv4
   Local Address         Remote Address     State
-------------------- -------------------- -------
      *.*                                   Unbound
      *.apexrpc                              Idle
      *.*                                   Unbound
			.
			.
UDP: IPv6
   Local Address                     Remote Address                   State
If  
--------------------------------- --------------------------------- -------
      *.*                                                           Unbound
      *.time                                                        Idle
      *.echo                                                        Idle
      *.discard                                                     Idle
      *.daytime                                                     Idle
      *.chargen                                                     Idle

TCP: IPv4
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
-------------------- -------------------- ----- ------ ----- ------ -------
      *.*                  *.*                0      0     0      0 IDLE
      *.apexrpc            *.*                0      0     0      0 LISTEN
      *.*                  *.*                0      0     0      0 IDLE
      *.ftp                *.*                0      0     0      0 LISTEN
localhost.427              *.*                0      0     0      0 LISTEN
      *.telnet             *.*                0      0     0      0 LISTEN
tn.apex.COM.telnet is.Eng.apex.COM         8760      0   8760     0 ESTABLISHED
tn.apex.COM.33528 np.apex.COM.46637        8760      0   8760     0 TIME_WAIT
tn.apex.COM.33529 np.apex.COM.apexrpc      8760      0   8760     0 TIME_WAIT
TCP: IPv6
   Local Address     Remote Address   Swind Send-Q  Rwind Recv-Q   State   If 
----------------- -----------------   ----- ------  ----- ------   -----
      *.*                 *.*             0      0      0      0   IDLE 
      *.ftp               *.*             0      0      0      0   LISTEN 
      *.telnet            *.*             0      0      0      0   LISTEN 
      *.shell             *.*             0      0      0      0   LISTEN 
      *.smtp              *.*             0      0      0      0   LISTEN
		.
		.
 2::56:8.login     something.1023    8640      0   8640      0 ESTABLISHED
 fe80::a:a8.echo   fe80::a:89        8640      0   8640      0 ESTABLISHED
 fe80::a:a8.ftp    fe80::a:90        8640      0   8640      0 ESTABLISHED

Example—Displaying Inet Address Family for IPv4

% netstat -f inet
TCP: IPv4
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
-------------------- -------------------- ----- ------ ----- ------ -------
tn.apex.COM.telnet    is.apex.COM.35388    8760      0  8760   0  ESTABLISHED
tn.apex.COM.1022      alive-v4.nfsd        8760      0  8760   0  ESTABLISHED
tn.apex.COM.1021      sl.apex.COM.nfsd     8760      0  8760   0  ESTABLISHED
.
.
tn.apex.COM.33539     np.apex.COM.apexrpc  8760      0  8760   0  TIME_WAIT

Example—Displaying Inet6 Address Family for IPv4

% netstat -f inet6
TCP: IPv6
   Local Address        Remote Address     Swind Send-Q Rwind Recv-Q   State      If 
-------------------- --------------------- ----- ------ ----- ------ ----------- -----
2::56:a8.login        something.1023       8640      0  8640      0 ESTABLISHED      
fe80::a0:a8.echo      fe80::a0:de.35389    8640      0  8640      0 ESTABLISHED      
.
.
fe80::a0:a8.ftp-data  fe80::a0:de.35394   25920      0 25920      0 TIME_WAIT      

Example—Displaying Statistics Per Interface, IPv6 or ICMPv6 Counters

% netstat -sa
RAWIP
        rawipInDatagrams    =  1407     rawipInErrors       =     0
        rawipInCksumErrs    =     0     rawipOutDatagrams   =     5
        rawipOutErrors      =     0

UDP
        udpInDatagrams      =  7900     udpInErrors         =     0
        udpOutDatagrams     =  7725     udpOutErrors        =     0

TCP     tcpRtoAlgorithm     =     4     tcpRtoMin           =   200
        tcpRtoMax           = 60000     tcpMaxConn          =    -1
				.
				.
IPv4    ipForwarding        =     2     ipDefaultTTL        =   255
        ipInReceives        =406345     ipInHdrErrors       =     0
        ipInAddrErrors      =     0     ipInCksumErrs       =     0
				.
				.
IPv6 for lo0
        ipv6Forwarding      =     2     ipv6DefaultHopLimit =     0
        ipv6InReceives      =     0     ipv6InHdrErrors     =     0
				.
				.
IPv6 for le0
        ipv6Forwarding      =     2     ipv6DefaultHopLimit =   255
        ipv6InReceives      =   885     ipv6InHdrErrors     =     0
				.
				.
IPv6    ipv6Forwarding      =     2     ipv6DefaultHopLimit =   255
        ipv6InReceives      =   885     ipv6InHdrErrors     =     0
				.
				.
ICMPv4  icmpInMsgs          =   618     icmpInErrors        =     0
        icmpInCksumErrs     =     0     icmpInUnknowns      =     0
        icmpInDestUnreachs  =     5     icmpInTimeExcds     =     0
				.
				.
ICMPv6 for lo0
        icmp6InMsgs         =     0     icmp6InErrors       =     0
        icmp6InDestUnreachs =     0     icmp6InAdminProhibs =     0
				.
				.
ICMPv6 for le0
        icmp6InMsgs         =   796     icmp6InErrors       =     0
        icmp6InDestUnreachs =     0     icmp6InAdminProhibs =     0
        icmp6InTimeExcds    =     0     icmp6InParmProblems =     0
				.
				.
ICMPv6  icmp6InMsgs         =   796     icmp6InErrors       =     0
        icmp6InDestUnreachs =     0     icmp6InAdminProhibs =     0
				.
				.
ICMPv6 for ip.6to4tun0
        icmp6InMsgs         =    57     icmp6InErrors       =     0
        icmp6InDestUnreachs =    57     icmp6InAdminProhibs =     0
        icmp6InTimeExcds    =     0     icmp6InParmProblems =     0
        icmp6InPktTooBigs   =     0     icmp6InEchos        =     0
        icmp6InEchoReplies  =     0     icmp6InRouterSols   =     0
        icmp6InRouterAds    =     0     icmp6InNeighborSols =     0
        icmp6InNeighborAds  =     0     icmp6InRedirects    =     0
        icmp6InBadRedirects =     0     icmp6InGroupQueries =     0
        icmp6InGroupResps   =     0     icmp6InGroupReds    =     0
        icmp6InOverflows    =     0
        icmp6OutMsgs        =    57     icmp6OutErrors      =     0
        icmp6OutDestUnreachs=    57     icmp6OutAdminProhibs=     0
        icmp6OutTimeExcds   =     0     icmp6OutParmProblems=     0
        icmp6OutPktTooBigs  =     0     icmp6OutEchos       =     0
        icmp6OutEchoReplies =     0     icmp6OutRouterSols  =     0
        icmp6OutRouterAds   =     0     icmp6OutNeighborSols=     0
        icmp6OutNeighborAds =     0     icmp6OutRedirects   =     0
        icmp6OutGroupQueries=     0     icmp6OutGroupResps  =     0
        icmp6OutGroupReds   =     0

IGMP:
       2542 messages received
          0 messages received with too few bytes
          0 messages received with bad checksum
       2542 membership queries received
				.
				.

How to Control the Display Output of IPv6 Related Commands

You can control the output of the netstat and ifconfig commands. Create a file that is named inet_type in the /etc/default directory. Then, specify the value of the DEFAULT_IP variable. For more information about the inet_type, see the inet_type(4) man page.

1. Create the /etc/default/inet_type file.

2. Make one of the following entries, as needed.

   • To display IPv4 information only, type:

     DEFAULT_IP=IP_VERSION4

   • To display both IPv4 and IPv6 information, type:

     DEFAULT_IP=BOTH

     Or

     DEFAULT_IP=IP_VERSION6

The -4 and -6 flags in ifconfig override the value set in the inet_type file. The -f flag in netstat also overrides the value that is set in the inet_type file.

Examples—Controlling Output to Select IPv4 and IPv6 Information

• When you specify the DEFAULT_IP=BOTH or DEFAULT_IP=IP_VERSION6 variable in the inet_type file, you should have the following results:

  % ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 120.10.0.1 netmask ff000000 le0: flags=1000843 mtu 1500 index 2 inet 120.46.86.54 netmask ffffff00 broadcast 120.46.86.255 ether 8:0:20:56:a8 lo0: flags=2000849 mtu 8252 index 1 inet6 ::1/128 le0: flags=2000841 mtu 1500 index 2 ether 8:0:20:56:a8 inet6 fe80::a00:fe73:56a8/10 le0:1: flags=2080841 mtu 1500 index 2 inet6 fec0::56:a00:fe73:56a8/64 le0:2: flags=2080841 mtu 1500 index 2 inet6 2::56:a00:fe73:56a8/64

• When you specify the DEFAULT_IP=IP_VERSION4 variable in the inet_type file, you should have the following results:

  % ifconfig -a lo0: flags=849 mtu 8232 inet 120.10.0.1 netmask ff000000 le0: flags=843 mtu 1500 inet 120.46.86.54 netmask ffffff00 broadcast 120.46.86.255 ether 8:0:20:56:a8

How to Monitor Only IPv6 Network Traffic

In this procedure, you use the snoop command to display all IPv6 packets.

1. Become superuser.

2. On the command line, type the following command.

   # snoop ip6

For more information on the snoop command, see the snoop(1M) man page.

Example—Displaying Only IPv6 Network Traffic

# snoop ip6
Using device /dev/le (promiscuous mode)
fe80::a0:a1 -> ff02::9     IPv6  S=fe80::a0:a1 D=ff02::9 LEN=892
fe80::a0:de -> fe80::a0:a8 IPv6  S=fe80::a0:de D=fe80::a0:a8 LEN=104
fe80::a0:a8 -> fe80::a0:de IPv6  S=fe80::a0:a8 D=fe80::a0:de LEN=104
fe80::a0:a1 -> ff02::9     IPv6  S=fe80::a0:a1 D=ff02::9 LEN=892
fe80::a0:de -> fe80::a0:a8 IPv6  S=fe80::a0:de D=fe80::a0:a8 LEN=104
ping -afe80::a0:a8 -> fe80::a0:de IPv6  S=fe80::a0:a8 D=fe80::a0:de LEN=152
fe80::a0:a1 -> ff02::9     IPv6  S=fe80::a0:a1 D=ff02::9 LEN=892
fe80::a0:de -> fe80::a0:a8 IPv6  S=fe80::a0:de D=fe80::a0:a8 LEN=72
fe80::a0:a8 -> fe80::a0:de IPv6  S=fe80::a0:a8 D=fe80::a0:de LEN=72
fe80::a0:a8 -> fe80::a0:de IPv6  S=fe80::a0:a8 D=fe80::a0:de LEN=72
fe80::a0:de -> fe80::a0:a8 IPv6  S=fe80::a0:de D=fe80::a0:a8 LEN=72

How to Probe All Multi-homed Host Addresses

In this procedure, you use the ping command to check all addresses.

On the command line, type the following command.

% ping -a ipng11 ipng11 (2::102:a00:fe79:19b0) is alive ipng11 (fec0::102:a00:fe79:19b0) is alive ipng11 (190.68.10.75) is alive

For more information on the ping command, see the ping(1M) man page.

How to Trace All Routes

In this procedure, you use the traceroute command to trace all routes.

On the command line, type the following command.

% traceroute -a <hostname>

For more information on the traceroute command, see the traceroute(1M) man page.

Example—Tracing All Routes

% traceroute -a ipng11
traceroute: Warning: Multiple interfaces found; using 2::56:a0:a8 @ le0:2
traceroute to ipng11 (2::102:a00:fe79:19b0),30 hops max, 60 byte packets
 1  ipng-rout86 (2::56:a00:fe1f:59a1)  35.534 ms  56.998 ms * 
 2  2::255:0:c0a8:717  32.659 ms  39.444 ms *
 3  ipng61.Eng.apex.COM (2::103:a00:fe9a:ce7b)  401.518 ms  7.143 ms *
 4  ipng12-00 (2::100:a00:fe7c:cf35)  113.034 ms  7.949 ms *
 5  ipng11 (2::102:a00:fe79:19b0)  66.111 ms *  36.965 ms

traceroute: Warning: Multiple interfaces found; using fec0::56:a8 @ le0:1
traceroute to ipng11 (fec0::10:b0), 30 hops max, 60 byte packets
 1  ipng-rout86 (fec0::56:a00:fe1f:59a1) 96.342 ms  78.282 ms 88.327 ms
 2  ipng8-tun1 (fec0::25:0:0:c0a8:717)  268.614 ms  508.416 ms  438.774 ms
 3  ipng61.Eng.apex.COM (fec0::103:a00:fe9a:ce7b)  6.356 ms * 713.166 ms
 4  ipng12-00 (fec0::100:a00:fe7c:cf35)  7.409 ms * 122.094 ms
 5  ipng11 (fec0::102:a00:fe79:19b0)  10.620 ms * *

traceroute to ipng11.eng.apex.com (190.68.10.75),30 hops max,40 byte packets
 1  rmpj17c-086.Eng.apex.COM (120.46.86.1)  4.360 ms  3.452 ms  3.479 ms
 2  flrmpj17u.Eng.apex.COM (120.46.17.131)  4.062 ms  3.848 ms  3.505 ms
 3  ipng8.Eng.apex.COM (120.68.7.23)  4.773 ms *  4.294 ms
 4  ipng61.Eng.apex.COM (120.68.10.104)  5.128 ms  5.362 ms *
 5  ipng12-20.Eng.apex.COM (120.68.10.62)  7.298 ms  5.444 ms *
 6  ipng11.Eng.apex.COM (120.68.10.75)  8.053 ms  6.394 ms *

Configuring IP in IP Tunnels

This section describes how you manually configure IP in IP tunnels. For information on configuring an automatic 6to4 tunnel, refer to How to Configure a 6to4 Router.

IPv6 supports the following types of tunnel encapsulation:

• IPv4 over IPv4 tunnels

• IPv6 over IPv4 tunnels (native IPv6 and 6to4)

• IPv6 over IPv6 tunnels

• IPv4 over IPv6 tunnels

• IPv6 to IPv6 over 6to4 tunnels

• 6to4 site tunnel to 6to4 relay router to native IPv6 site

For conceptual descriptions of tunnels, see Solaris Tunneling Interfaces for IPv6 and Tunneling Mechanism.

Configuring IP in IP Tunnels Task Map

How to Configure IPv6 Over IPv4 Tunnels

The best way to pass IPv6 packets over an IPv4 network is to use an automatic 6to4 tunnel. For instructions for implementing 6to4 routing at your site, refer to How to Configure a 6to4 Router.

1. Become superuser.

2. Create the file /etc/hostname6.ip.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

   1. Add the tunnel source addresses. Then, add the tunnel destination addresses.

      tsrc IPv4-source-addr tdst IPv4-destination-addr up

   2. (Optional) Add a logical interface for the source and destination IPv6 addresses.

      addif IPv6-source-address IPv6-destination-address up

      Omit this step if you want the address autoconfigured for this interface. You do not need to configure link-local addresses for your tunnel. Link-local addresses are configured automatically.

When you finish configuring the tunnels, you must reboot.

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.

If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry for IPv6 Configuration File to Autoconfigure IPv6 Addresses

This example shows a tunnel for which all IPv6 addresses are autoconfigured.

tsrc 129.146.86.138 tdst 192.168.7.19 up

Example—Entry in the IPv6 Configuration File for Manually Configured Addresses

This example shows a tunnel for which global source and global destination addresses are manually configured. The site-local source and site-local destination addresses are also manually configured.

tsrc 120.46.86.138 tdst 190.68.7.19 up
addif fec0::1234:a00:fe12:528 fec0::5678:a00:20ff:fe12:1234 up
addif 2::1234:a00:fe12:528 2::5678:a00:20ff:fe12:1234 up

How to Configure IPv6 Over IPv6 Tunnels

1. Become Superuser.

2. Create the file /etc/hostname6.ip6.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

   1. Add the tunnel source address. Then, add the tunnel destination address.

      tsrc IPv6-source-address tdst IPv6-destination-address IPv6-packet-source-address IPv6-packet-destination-address up

   2. (Optional) Add a logical interface for the source and destination IPv6 addresses.

      addif IPv6-source-address IPv6-destination-address up

      Omit this step if you want the address autoconfigured for this interface. You do not need to configure link-local addresses for your tunnel. Link-local addresses are configured automatically.

When you finish configuring the tunnels, you must reboot.

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.

If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry in the IPv6 Configuration File to Create an IPv6 over IPv6 Tunnel

This example shows the entry for an IPv6 over IPv6 tunnel.

tsrc 2000::114:a00:20ff:fe72:668c tdst 2000::103:a00:20ff:fe9b:a1c3
fe80::4 fe80::61 up

How to Configure IPv4 Over IPv6 Tunnels

1. Become Superuser.

2. Create the file /etc/hostname.ip6.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

   1. Add the tunnel source address. Then, add the tunnel destination address.

      tsrc IPv6-source-address tdst IPv6-destination-address tunnel-IPv4-source-address tunnel-IPv4-destination-address up

   2. (Optional) Add a logical interface for the source and destination IPv6 addresses.

      addif IPv6-source-address IPv6-destination-address up

When you finish configuring the tunnels, you must reboot.

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.

If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry in the IPv4 Configuration File to Create an IPv4 Over IPv6 Tunnel

This example shows the entry for an IPv4 over IPv6 tunnel.

tsrc 2000::114:a00:20ff:fe72:668c tdst 2000::103:a00:20ff:fe9b:a1c3
10.0.0.4 10.0.0.61 up

How to Configure IPv4 Over IPv4 Tunnels

1. Become Superuser.

2. Create the file /etc/hostname.ip.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

   1. Add the tunnel source address. Then, add the tunnel destination address.

      tsrc IPv4-source-address tdst IPv4-destination-address tunnel-IPv4-source-address tunnel-IPv4-destination-address up

   2. (Optional) Add a logical interface for the source and destination IPv4 addresses.

      addif IPv4-source-address IPv4-destination-address up

When you finish configuring the tunnels, you must reboot.

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.

If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry in the IPv4 Configuration File to Create an IPv4 Over IPv4 Tunnel

This example shows the entry for an IPv4 over IPv4 tunnel.

tsrc 120.46.86.158 tdst 120.46.86.122
10.0.0.4 10.0.0.61 up

How to Configure Your Router to Advertise Over Tunneling Interfaces

Following these steps for each tunnel.

1. Become superuser.

2. Edit the /etc/inet/ndpd.conf file. Add entries by using the following steps.

   1. Enable router advertisement over the tunneling interface.

      if ip.tunn AdvSendAdvertisements 1

   2. Add prefixes as needed.

      prefix interface-address ip.tunn

3. Reboot.

How to Configure a 6to4 Tunnel to a 6to4 Relay Router

Because of major security issues, by default 6to4 relay router support is disabled in the Solaris operating system. See Considerations for Tunnels to a 6to4 Relay Router and Internet Draft, Security Considerations for 6to4.

Before you enable a tunnel to a 6to4 relay router, you must have completed the following tasks:

• Configured a 6to4 router at your site, as explained in How to Configure a 6to4 Router.

• Reviewed the security issues that are involved in tunneling to a 6to4 relay router.

1. Become superuser on the 6to4 router.

2. Enable a tunnel to the 6to4 relay router by using either of the following formats:

   • Enable a tunnel to an anycast 6to4 relay router.

     # /usr/sbin/6to4relay -e

     The -e option sets up a tunnel between the 6to4 router and an anycast 6to4 relay router. Anycast 6to4 relay routers have the well-known IPv4 address 192.88.99.1. The anycast relay router that is physically nearest to your site becomes the endpoint for the 6to4 tunnel. This relay router then handles packet forwarding between your 6to4 site and a native IPv6 site.

     For detailed information about anycast 6to4 relay routers, refer to RFC 3068, "An Anycast Prefix for 6to4 Relay Routers"

   • Enable a tunnel to a specific 6to4 relay router.

     # /usr/sbin/6to4relay -e -a relay-router-address

     The -a option indicates that a specific router address is to follow. Replace relay-router-address with the IPv4 address of the specific 6to4 relay router with which you want to enable a tunnel.

   The tunnel to the 6to4 relay router remains active until you remove the 6to4 tunnel pseudo-interface.

3. Delete the tunnel to the 6to4 relay router, when no longer needed, by typing the following:

   # /usr/sbin/6to4relay -d

4. (Optional) Make the tunnel to the 6to4 relay router persistent across reboots.

   Your site might have a compelling reason to have the tunnel to the 6to4 relay router reinstated each time the 6to4 router reboots. To support this scenario, you must do the following.

   1. Edit the/etc/default/inetinit file.

      The line that you need to modify is at the end of the file.

   2. Change the “NO” value in the line ACCEPT6TO4RELAY=NO to “YES.”

   3. (Optional) Create a tunnel to a specific 6to4 relay router that persists across reboots.

      For the parameter RELAY6TO4ADDR, change the address 192.88.99.1 to the IPv4 address of the 6to4 relay router that you want to use.

Examples—Getting Status Information About 6to4 Relay Router Support

You can use /usr/bin/6to4relay to find out whether support for 6to4 relay routers is enabled. The next example shows the output when support for 6to4 relay routers is disabled, as is the default in the Solaris operating system:

# /usr/sbin/6to4relay
6to4relay: 6to4 Relay Router communication support is disabled.

When support for 6to4 relay routers is enabled, you receive the following output:

# /usr/sbin/6to4relay
6to4relay: 6to4 Relay Router communication support is enabled.
IPv4 destination address of Relay Router=192.88.99.1

Displaying IPv6 Name Service Information

This section provides procedures to display IPv6 name service information.

Displaying IPv6 Name Service Information Task Map

How to Display IPv6 Name Service Information

In this procedure, you use the nslookup command to display IPv6 name service information.

1. On the command line, type the following command:

   % /usr/sbin/nslookup

   The default server name and address appear, followed by the nslookup command angle bracket prompt.

2. To see information about a particular host, type the following commands at the angle bracket prompt:

   >set q=any >host-name

3. To see only AAAA records, type the following command at the angle bracket prompt:

   >set q=AAAA

4. Quit the command by typing exit.

Example—Using nslookup to Display IPv6 Information

%  /usr/sbin/nslookup
Default Server:  space1999.Eng.apex.COM
Address:  120.46.168.78
> set q=any
> vallejo
Server:  space1999.Eng.apex.COM
Address:  120.46.168.78

vallejo.ipv6.eng.apex.com      IPv6 address = fec0::9256:a00:fe12:528
vallejo.ipv6.eng.apex.com      IPv6 address = 2::9256:a00:fe12:528
> exit

How to Verify That DNS IPv6 PTR Records Are Updated Correctly

In this procedure, you use the nslookup command to display PTR records for DNS IPv6.

1. On the command line, type the following command:

   % /usr/sbin/nslookup

   The default server name and address display, followed by the nslookup command angle bracket prompt.

2. To see the PTR records, type the following command at the angle bracket prompt:

   >set q=PTR

3. Quit the command by typing exit.

Example—Using nslook to Display PTR Records

%  /usr/sbin/nslookup
Default Server:  space1999.Eng.apex.COM
Address:  120.46.168.78
> set q=PTR
> 8.2.5.0.2.1.e.f.f.f.0.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0.ip6.int

8.2.5.0.2.1.e.f.f.f.0.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0.ip6.int name = 
vallejo.ipv6.Eng.apex.COM
ip6.int nameserver = space1999.Eng.apex.COM
> exit

How to Display IPv6 Information Through NIS

In this procedure, you use the ypmatch command to display IPv6 information through NIS.

On the command line, type the following command:

% ypmatch host-name ipnodes.byname

The information about host-name displays.

Example 2–1 Example—Using ypmatch to Display IPv6 Information Through NIS

% ypmatch vallejo ipnodes.byname
fec0::9256:a00:20ff:fe12:528    vallejo
2::9256:a00:20ff:fe12:528       vallejo

How to Display IPv6 Information Through NIS+

In this procedure, you use the nismatch command to display IPv6 information through NIS.

On the command line, type the following command:

% nismatch host-name ipnodes.org-dir

The information about host-name displays.

Example 2–2 Example—Using nismatch to Display IPv6 Information Through NIS+

% nismatch vallejo ipnodes.org_dir
vallejo vallejo fec0::9256:a00:20ff:fe12:528 
vallejo vallejo 2::9256:a00:20ff:fe12:528  

How to Display IPv6 Information Independent of Name Service

On the command line, type the following command:

% getent ipnodes host-name

The information about host-name displays.

Example 2–3 Example—Using getent to Display IPv6 Information Independent of Name Service

% getent ipnodes vallejo
2::56:a00:fe87:9aba        vallejo vallejo
fec0::56:a00:fe87:9aba     vallejo vallejo