Skip Navigation Links | |
Exit Print View | |
System Administration Guide: IP Services Oracle Solaris 10 8/11 Information Library |
Part I Introducing System Administration: IP Services
1. Oracle Solaris TCP/IP Protocol Suite (Overview)
2. Planning Your TCP/IP Network (Tasks)
3. Introducing IPv6 (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
7. Configuring an IPv6 Network (Tasks)
Enabling IPv6 on an Interface (Task Map)
How to Enable an IPv6 Interface for the Current Session
How to Enable Persistent IPv6 Interfaces
How to Turn Off IPv6 Address Autoconfiguration
IPv6 Router Configuration (Task Map)
How to Configure an IPv6-Enabled Router
Modifying an IPv6 Interface Configuration for Hosts and Servers
Modifying an IPv6 Interface Configuration (Task Map)
Using Temporary Addresses for an Interface
How to Configure a Temporary Address
How to Configure a User-Specified IPv6 Token
Administering IPv6-Enabled Interfaces on Servers
How to Enable IPv6 on a Server's Interfaces
Tasks for Configuring Tunnels for IPv6 Support (Task Map)
Configuring Tunnels for IPv6 Support
How to Manually Configure IPv6 Over IPv4 Tunnels
How to Manually Configure IPv6 Over IPv6 Tunnels
How to Configure IPv4 Over IPv6 Tunnels
Configuring Name Service Support for IPv6
How to Add IPv6 Addresses to DNS
How to Display IPv6 Name Service Information
How to Verify That DNS IPv6 PTR Records Are Updated Correctly
How to Display IPv6 Information Through NIS
How to Display IPv6 Information Independent of the Name Service
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering the DHCP Client
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
19. IP Security Architecture (Overview)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
24. Internet Key Exchange (Reference)
25. IP Filter in Oracle Solaris (Overview)
28. Administering Mobile IP (Tasks)
29. Mobile IP Files and Commands (Reference)
30. Introducing IPMP (Overview)
31. Administering IPMP (Tasks)
Part VII IP Quality of Service (IPQoS)
32. Introducing IPQoS (Overview)
33. Planning for an IPQoS-Enabled Network (Tasks)
34. Creating the IPQoS Configuration File (Tasks)
35. Starting and Maintaining IPQoS (Tasks)
36. Using Flow Accounting and Statistics Gathering (Tasks)
IPv6 networks are often isolated entities within the larger IPv4 world. Nodes on your IPv6 network might need to communicate with nodes on isolated IPv6 networks, either within your enterprise or remotely. Typically, you configure a tunnel between IPv6 routers, although IPv6 hosts can also function as tunnel endpoints. For tunnel planning information, refer to Planning for Tunnels in the Network Topology.
You can set up automatically or manually configured tunnels for the IPv6 network. The Oracle Solaris IPv6 implementation supports the following types of tunnel encapsulation:
IPv6 over IPv4 tunnels
IPv6 over IPv6 tunnels
IPv4 over IPv6 tunnels
6to4 tunnels
For conceptual descriptions of tunnels, see IPv6 Tunnels.
This procedure describes how to set up a tunnel from an IPv6 node to a remote IPv6 node over an IPv4 network.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
where n represents the tunnel number, beginning at zero for the first tunnel. Then, add entries by following these substeps:
tsrc IPv4-source-address tdst IPv4-destination-address up
addif IPv6-source-address IPv6-destination-address
Omit this substep if you want the address autoconfigured for this interface. You do not need to configure link-local addresses for your tunnel.
Example 7-7 Entry in the /etc/hostname6.ip.tun File for a Manual, IPv6 Over IPv4 Tunnel
This sample /etc/hostname6.ip.tun file shows a tunnel for which global source addresses and global destination addresses are manually configured.
tsrc 192.168.8.20 tdst 192.168.7.19 up addif 2001:db8:3c4d:8::fe12:528 2001:db8:3c4d:7:a00:20ff:fe12:1234 up
This procedure describes how to set up a tunnel from an IPv6 node to a remote IPv6 node over an IPv6 network.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Use the values 0, 1, 2, and so on, for n. Then, add entries by following these substeps.
tsrc IPv6-source-address tdst IPv6-destination-address IPv6-packet-source-address IPv6-packet-destination-address up
addif IPv6-source-address IPv6-destination-address up
Omit this step if you want the address autoconfigured for this interface. You do not need to configure link-local addresses for your tunnel.
Example 7-8 Entry in the /etc/hostname6.ip6.tun File for an IPv6 Over IPv6 Tunnel
This example shows the entry for an IPv6 over IPv6 tunnel.
tsrc 2001:db8:3c4d:22:20ff:0:fe72:668c tdst 2001:db8:3c4d:103:a00:20ff:fe9b:a1c3 fe80::4 fe80::61 up
This procedure explains how to configure a tunnel between two IPv4 hosts over an IPv6 network. You would use this procedure if your corporate network is heterogeneous, with IPv6 subnets that separate IPv4 subnets.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps:
Example 7-9 Entry in the /etc/hostname6.ip6.tun for an IPv4 Over IPv6 Tunnel
This example shows the entry for an IPv4 over IPv6 tunnel.
tsrc 2001:db8:3c4d:114:a00:20ff:fe72:668c tdst 2001:db8:3c4d:103:a00:20ff:fe9b:a1c3 10.0.0.4 10.0.0.61 up
If your IPv6 network needs to communicate with a remote IPv6 network, consider using automatic, 6to4 tunnels. The process of configuring a 6to4 tunnel includes configuring the boundary router as a 6to4 router. The 6to4 router functions as the endpoint of a 6to4 tunnel between your network and an endpoint router at a remote IPv6 network.
Before You Begin
Before you configure 6to4 routing on an IPv6 network, you must have done the following:
Configured IPv6 on all appropriate nodes at the prospective 6to4 site, as described in Modifying an IPv6 Interface Configuration for Hosts and Servers.
Selected at least one router with a connection to an IPv4 network to become the 6to4 router.
Configured a globally unique IPv4 address for the prospective 6to4 router's interface to the IPv4 network. The IPv4 address must be static.
Note - Do not use a dynamically allocated IPv4 address, as described in Chapter 12, About DHCP (Overview). Global dynamically allocated addresses might change over time, which can adversely affect your IPv6 addressing plan.
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
If you plan to use the recommended convention of subnet ID=0 and host ID=1, use the short format for /etc/hostname6.ip.6to4tun0:
tsrc IPv4-address up
If you plan to use other conventions for the subnet ID and host ID, use the long format for /etc/hostname6.ip.6to4tun0:
tsrc IPv4-address 2002:IPv4-address:subnet-ID:interface-ID:/64 up
The required parameters for /etc/hostname6.ip.6to4tun0 follow:
Indicates that this interface is used as a tunnel source.
Specifies, in dotted-decimal format, the IPv4 address that is configured on the physical interface to become the 6to4 pseudo-interface.
The remaining parameters are optional. However, if you specify one optional parameter, you must specify all optional parameters.
Specifies the 6to4 prefix.
Specifies, in hexadecimal notation, the IPv4 address of the pseudo-interface.
Specifies, in hexadecimal notation, a subnet ID other than 0.
Specifies an interface ID other than 1.
Indicates that the 6to4 prefix has a length of 64 bits.
Configures the 6to4 interface as “up.”
Note - Two IPv6 tunnels on your network cannot have the same source address and the same destination address. Packets are dropped as a result. This type of event can happen if a 6to4 router also performs tunneling through the atun command. For information about atun, refer to the tun(7M) man page.
Each prospective 6to4 pseudo-interface must have an already configured, globally unique IPv4 address.
# ifconfig ip.6to4tun0 inet6
If the interface is correctly configured, you receive output that is similar to the following:
ip.6to4tun0: flags=2200041<UP,RUNNING,NONUD,IPv6>mtu 1480 index 11 inet tunnel src 111.222.33.44 tunnel hop limit 60 inet6 2002:6fde:212c:10:/64
For detailed information, refer to the ndpd.conf(4) man page.
Create an if entry with the following format:
if subnet-interface AdvSendAdvertisements 1
For example, to advertise 6to4 routing to the subnet that is connected to interface hme0, replace subnet-interface with hme0.
if hme0 AdvSendAdvertisements 1
Create a prefix entry with following format:
prefix 2002:IPv4-address:subnet-ID::/64 subnet-interface
Alternatively, you can issue a sighup to the /etc/inet/in.ndpd daemon to begin sending router advertisements. The IPv6 nodes on each subnet to receive the 6to4 prefix now autoconfigure with new 6to4-derived addresses.
For instructions, go to Configuring Name Service Support for IPv6.
Example 7-10 6to4 Router Configuration (Short Form)
The following is an example of the short form of /etc/hostname6.ip.6to4tun0:
# cat /etc/hostname6.ip.6to4tun0 tsrc 111.222.33.44 up
Example 7-11 6to4 Router Configuration (Long Form)
Here is an example of the long form of /etc/hostname6.ip.6to4tun0:
# cat /etc/hostname6.ip.6to4tun0 tsrc 111.222.33.44 2002:6fde:212c:20:1/64 up
Example 7-12 ifconfig Output Showing 6to4 Pseudo-Interface
The following sample shows output of the ifconfig command for a 6to4 pseudo-interface:
# ifconfig ip.6to4tun0 inet6 ip.6to4tun0: flags=2200041<UP,RUNNING,NONUD,IPv6> mtu 1480 index 11 inet tunnel src 192.168.87.188 tunnel hop limit 60 inet6 2002:c0a8:57bc::1/64
Example 7-13 6to4 Advertisements in/etc/inet/ndpd.conf
The following sample /etc/inet/ndpd.conf file advertises 6to4 routing on two subnets:
if qfe0 AdvSendAdvertisements 1 prefix 2002:c0a8:57bc:10::/64 qfe0 if qfe1 AdvSendAdvertisements 1 prefix 2002:c0a8:57bc:2::/64 qfe1
For a multiple router site, the routers behind the 6to4 router might require further configuration to support 6to4. If your site uses RIP, you must configure on each non-6to4 router the static routes to the 6to4 router. If you use a commercial routing protocol, you do not need to create static routes to the 6to4 router.
Caution - Because of major security issues, by default, 6to4 relay router support is disabled in Oracle Solaris. See Security Issues When Tunneling to a 6to4 Relay Router. |
Before You Begin
Before you enable a tunnel to a 6to4 relay router, you must have completed the following tasks:
Configured a 6to4 router at your site, as explained in How to Configure a 6to4 Tunnel
Reviewed the security issues that are involved in tunneling to a 6to4 relay router
The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Enable a tunnel to an anycast 6to4 relay router.
# /usr/sbin/6to4relay -e
The -e option sets up a tunnel between the 6to4 router and an anycast 6to4 relay router. Anycast 6to4 relay routers have the well-known IPv4 address 192.88.99.1. The anycast relay router that is physically nearest to your site becomes the endpoint for the 6to4 tunnel. This relay router then handles packet forwarding between your 6to4 site and a native IPv6 site.
For detailed information about anycast 6to4 relay routers, refer to RFC 3068, "An Anycast Prefix for 6to4 Relay Routers".
Enable a tunnel to a specific 6to4 relay router.
# /usr/sbin/6to4relay -e -a relay-router-address
The -a option indicates that a specific router address is to follow. Replace relay-router-address with the IPv4 address of the specific 6to4 relay router with which you want to enable a tunnel.
The tunnel to the 6to4 relay router remains active until you remove the 6to4 tunnel pseudo-interface.
# /usr/sbin/6to4relay -d
Your site might have a compelling reason to have the tunnel to the 6to4 relay router reinstated each time the 6to4 router reboots. To support this scenario, you must do the following:
The line that you need to modify is at the end of the file.
For the parameter RELAY6TO4ADDR, change the address 192.88.99.1 to the IPv4 address of the 6to4 relay router that you want to use.
Example 7-14 Getting Status Information About 6to4 Relay Router Support
You can use the /usr/bin/6to4relay command to find out whether support for 6to4 relay routers is enabled. The next example shows the output when support for 6to4 relay routers is disabled, as is the default in Oracle Solaris:
# /usr/sbin/6to4relay 6to4relay: 6to4 Relay Router communication support is disabled.
When support for 6to4 relay routers is enabled, you receive the following output:
# /usr/sbin/6to4relay 6to4relay: 6to4 Relay Router communication support is enabled. IPv4 remote address of Relay Router=192.88.99.1