Chapter 17 Implementing IPv6
This chapter provides procedures for enabling IPv6, IPv6 routers, configuring
IPv6 addresses for DNS, NIS, and NIS+; creating tunnels between routers; running IPv6
additions to commands for diagnostics; and displaying IPv6 name service information.
This is a list of the step-by-step instructions in this chapter.
Enabling IPv6 Nodes
This section provides procedures you might need to configure IPv6 nodes on your
network.
Note -
The term node in this context refers either to a Solaris
server or client workstation.
Enabling IPv6 Nodes Task Map
Table 17-1 Enabling IPv6 Nodes
Task Map
Note -
You can enable IPv6 on a system when you install the Solaris software. If you
answered yes to enable IPv6 during the installation process,
you can omit the following IPv6 enabling procedure.
How to Enable IPv6 on a Node
-
Become superuser on the system where you want to enable IPv6.
-
On a command line, type the following for each interface.
# touch /etc/hostname6.interface
|
|
Interface
|
Interface
name, such as le0, le1.
|
-
Reboot.
Note -
Rebooting sends out router discovery packets and the router responds with a
prefix, enabling the node to configure the interfaces with an IP address. Rebooting
also restarts key networking daemons in IPv6 mode.
-
On a command line, type the following command to display the IPv6 addresses.
-
Add the IPv6 address to the appropriate name service as follows:
-
For NIS and NIS+, see "How to Add IPv6 Addresses to NIS
and NIS+".
-
For DNS, see "How to Add IPv6 Addresses to DNS".
How to Configure a Solaris IPv6
Router
-
Become superuser on the system that will act as a router.
-
Edit the file /etc/inet/ndpd.conf with subnet prefixes
by adding one or more of the following entries.
See the in.ndpd(1M)
man page for a list of variables and allowable values. For more information about
the ndpd.conf file, see the ndpd.conf(4) man page.
-
Add entries specifying router behavior for all interfaces.
-
Add entries specifying prefix advertisement default behaviors.
prefixdefault variable value
|
-
Add sets per interface parameter entries.
if interface variable value
|
-
Add advertises per interface prefix information entries.
prefix prefix/length interface variable value
|
-
Reboot the system.
Note -
Neighbor discovery (in.ndpd) relays to the hosts their
subnet address prefixes. Also, the RIPng routing protocol (in.ripngd)
runs automatically.
Example--ndpd.conf Router
Configuration File
# Send router advertisements out all NICs
ifdefault AdvSendAdvertisements on
# Advertise a global prefix and a
# site local prefix on three interfaces.
# 0x9255 = 146.85
prefix 2:0:0:9255::0/64 hme0
prefix fec0:0:0:9255::0/64 hme0
# 0x9256 = 146.86
prefix 2:0:0:9256::0/64 hme1
prefix fec0:0:0:9256::0/64 hme1
# 0x9259 = 146.89
prefix 2:0:0:9259::0/64 hme2
prefix fec0:0:0:9259::0/64 hme2
|
How to Add IPv6 Addresses to NIS
and NIS+
A new table has been added for NIS+ named ipnodes.org_dir.
It contains both IPv4 and IPv6 addresses for a host. The existing hosts.org_dir table, which contains only IPv4 addresses for a host, remains as it is
to facilitate existing applications. You must keep both the hosts.org_dir and ipnodes.org_dir tables consistent with the IPv4
addresses. This does not happen automatically. See "IPv6 Extensions to Solaris Name Services"
for an overview.
Administration of the new ipnodes.org_dir table is similar
to administering the hosts.org_dir. The same tools and utilities
that were used in administering the previous NIS+ tables are valid for ipnodes.org_dir. See Solaris Naming Administration Guide for complete details on how
to manipulate the NIS+ table.
The following procedure merges the entries from /etc/inet/ipnodes into the ipnodes.org_dir table (in verbose mode).
The NIS+ table was probably created by nistbladm(1), nissetup(1M),
or nisserver(1M).
On a command line, type the following command:
% nisaddent -mv -f /etc/inet/ipnodes ipnodes
|
Use the following procedure to display the ipnodes.org_dir
table.
On a command line, type the following command:
Two new maps have been added for NIS: ipnodes.byname and ipnodes.byaddr. These maps contain both IPv4 and IPv6 hostname and address
associations. The existing hosts.byname and hosts.byaddr maps, which contain only IPv4 hostname and address associations, will
remain as they are to facilitate existing applications. Administration of the new
maps is similar to the maintenance of the older hosts.byname
and hosts.byaddr maps. Again, it is important that when you update
the hosts maps with IPv4 addresses that the new ipnode maps are
also updated with the same information.
Note -
IPv6 aware tools will use the new NIS and NIS+ maps and tables exclusively.
How to Add IPv6 Addresses to DNS
-
Become superuser on system that has DNS.
-
Edit the appropriate DNS zone file by adding AAAA records for the IPv6-enabled
host, using the following format.
host-name IN AAAA host-address
|
-
Edit the DNS reverse zone file and add PTR records, using the following format.
host-address IN PTR host-name
|
See RFC 1886 for more information about AAAA and PTR records.
Example--DNS Zone File
vallejo IN AAAA 2::9256:a00:20ff:fe12
IN AAAA fec0::9256:a00:20ff:fe12:528
|
Example--DNS Reverse Zone File
$ORIGIN ip6.int.
8.2.5.0.2.1.e.f.f.f.9.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0 \
IN PTR vallejo.Eng.apex.COM.
8.2.5.0.2.1.e.f.f.f.9.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.0.c.e.f \
IN PTR vallejo.Eng.apex.COM.
|
Monitoring IPv6
The following commands were modified to accommodate the Solaris implementation
of IPv6.
You can use the new additions to conduct diagnostics. For conceptiual descriptions
of these commands, see "IPv6 Extensions to the ifconfig
Utility" and "IPv6 Extensions to Existing Utilities".
Monitoring IPv6 Task Map
Table 17-2 Monitoring IPv6 Task
Map
How to Display Interface Address
Assignments
You can use the ifconfig command to display all address assignments
as well as just IPv4 or IPv6 address assignments.
On the command line, type the following command.
For more information on the ifconfig command, see the ifconfig(1M) man page.
Example--Displaying Addressing Information
for All Interfaces
% ifconfig -a
lo0: flags=1000849 mtu 8232 index 1
inet 120.10.0.1 netmask ff000000
le0: flags=1000843 mtu 1500 index 2
inet 120.46.86.54 netmask ffffff00 broadcast 120.146.86.255
ether 8:0:73:56:a8
lo0: flags=2000849 mtu 8252 index 1
inet6 ::1/128
le0: flags=2000841 mtu 1500 index 2
ether 8:0:20:56:a8
inet6 fe80::a00:fe73:56a8/10
le0:1: flags=2080841 mtu 1500 index 2
inet6 fec0::56:20ff:fe73:56a8/64
le0:2: flags=2080841 mtu 1500 index 2
inet6 2::56:a00:fe73:56a8/64
|
Example--Displaying Addressing Information
for All IPv4 Interfaces
% ifconfig -a4
lo0: flags=1000849 mtu 8232 index 1
inet 120.10.0.1 netmask ff000000
le0: flags=1000843 mtu 1500 index 2
inet 120.46.86.54 netmask ffffff00 broadcast 120.46.86.255
ether 8:0:20:56:a8
|
Example--Displaying Addressing Information
for All IPv6 Interfaces
% ifconfig -a6
lo0: flags=2000849 mtu 8252 index 1
inet6 ::1/128
le0: flags=2000841 mtu 1500 index 2
ether 8:0:20:56:a8
inet6 fe80::a00:fe73:56a8/10
le0:1: flags=2080841 mtu 1500 index 2
inet6 fec0::56:20ff:fe73:56a8/64
le0:2: flags=2080841 mtu 1500 index 2
inet6 2::56:a00:fe73:56a8/64
|
How to Display Network Status
These procedures enable you to display the following network data structure
formats using the netstat command:
-
All sockets and routing table entries
-
Inet address family for IPv4
-
Inet6 address family for IPv6
-
Statistics per interface--IPv6/ICMPv6 counters
On the command line, type the following command.
For more information on the netstat command, see the netstat(1M) man page.
Example--Displaying All Sockets and Routing
Table Entries
% netstat -a
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
*.* Unbound
*.apexrpc Idle
*.* Unbound
.
.
UDP: IPv6
Local Address Remote Address State
If
--------------------------------- --------------------------------- -------
*.* Unbound
*.time Idle
*.echo Idle
*.discard Idle
*.daytime Idle
*.chargen Idle
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
*.* *.* 0 0 0 0 IDLE
*.apexrpc *.* 0 0 0 0 LISTEN
*.* *.* 0 0 0 0 IDLE
*.ftp *.* 0 0 0 0 LISTEN
localhost.427 *.* 0 0 0 0 LISTEN
*.telnet *.* 0 0 0 0 LISTEN
tn.apex.COM.telnet is.Eng.apex.COM 8760 0 8760 0 ESTABLISHED
tn.apex.COM.33528 np.apex.COM.46637 8760 0 8760 0 TIME_WAIT
tn.apex.COM.33529 np.apex.COM.apexrpc 8760 0 8760 0 TIME_WAIT
TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
----------------- ----------------- ----- ------ ----- ------ -----
*.* *.* 0 0 0 0 IDLE
*.ftp *.* 0 0 0 0 LISTEN
*.telnet *.* 0 0 0 0 LISTEN
*.shell *.* 0 0 0 0 LISTEN
*.smtp *.* 0 0 0 0 LISTEN
.
.
2::56:8.login something.1023 8640 0 8640 0 ESTABLISHED
fe80::a:a8.echo fe80::a:89 8640 0 8640 0 ESTABLISHED
fe80::a:a8.ftp fe80::a:90 8640 0 8640 0 ESTABLISHED
|
Example--Displaying Inet Address Family
for IPv4
% netstat -f inet
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
tn.apex.COM.telnet is.apex.COM.35388 8760 0 8760 0 ESTABLISHED
tn.apex.COM.1022 alive-v4.nfsd 8760 0 8760 0 ESTABLISHED
tn.apex.COM.1021 sl.apex.COM.nfsd 8760 0 8760 0 ESTABLISHED
.
.
tn.apex.COM.33539 np.apex.COM.apexrpc 8760 0 8760 0 TIME_WAIT
|
Example--Displaying Inet6 Address Family
for IPv4
% netstat -f inet6
TCP: IPv6
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
-------------------- --------------------- ----- ------ ----- ------ ----------- -----
2::56:a8.login something.1023 8640 0 8640 0 ESTABLISHED
fe80::a0:a8.echo fe80::a0:de.35389 8640 0 8640 0 ESTABLISHED
.
.
fe80::a0:a8.ftp-data fe80::a0:de.35394 25920 0 25920 0 TIME_WAIT
|
Example--Displaying Statistics Per Interface:
IPv6/ICMPv6 Counters
% netstat -sa
RAWIP
rawipInDatagrams = 1407 rawipInErrors = 0
rawipInCksumErrs = 0 rawipOutDatagrams = 5
rawipOutErrors = 0
UDP
udpInDatagrams = 7900 udpInErrors = 0
udpOutDatagrams = 7725 udpOutErrors = 0
TCP tcpRtoAlgorithm = 4 tcpRtoMin = 200
tcpRtoMax = 60000 tcpMaxConn = -1
.
.
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives =406345 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
.
.
IPv6 for lo0
ipv6Forwarding = 2 ipv6DefaultHopLimit = 0
ipv6InReceives = 0 ipv6InHdrErrors = 0
.
.
IPv6 for le0
ipv6Forwarding = 2 ipv6DefaultHopLimit = 255
ipv6InReceives = 885 ipv6InHdrErrors = 0
.
.
IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255
ipv6InReceives = 885 ipv6InHdrErrors = 0
.
.
ICMPv4 icmpInMsgs = 618 icmpInErrors = 0
icmpInCksumErrs = 0 icmpInUnknowns = 0
icmpInDestUnreachs = 5 icmpInTimeExcds = 0
.
.
ICMPv6 for lo0
icmp6InMsgs = 0 icmp6InErrors = 0
icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0
.
.
ICMPv6 for le0
icmp6InMsgs = 796 icmp6InErrors = 0
icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0
icmp6InTimeExcds = 0 icmp6InParmProblems = 0
.
.
ICMPv6 icmp6InMsgs = 796 icmp6InErrors = 0
icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0
.
.
IGMP:
2542 messages received
0 messages received with too few bytes
0 messages received with bad checksum
2542 membership queries received
.
.
|
How to Control the Display Output
of IPv6 Related Commands
You can control the output of the netstat and ifconfig commands by creating a file named inet_type in the /etc/default directory and specifying the value of the DEFAULT_IP variable.
For more information about the inet_type, see the inet_type(4) man page.
-
Create the /etc/default/inet_type file.
-
Make one of the following entries, as needed.
-
To display IPv4 information only, enter:
-
To display both IPv4 and IPv6 information, enter:
or
Note -
The -4 and -6 flags in ifconfig
and -f flag in netstat override the value set in
the inet_type file (if it exists).
Examples--Controlling Output to Select IPv4
and IPv6 Information
How to Monitor Only IPv6 Network
Traffic
In this procedure you use the snoop command to display all
IPv6 packets.
-
Become superuser.
-
On the command line, type the following command.
For more information on the snoop command, see the snoop(1M) man page.
Example--Displaying Only IPv6 Network Traffic
# snoop ip6
Using device /dev/le (promiscuous mode)
fe80::a0:a1 -> ff02::9 IPv6 S=fe80::a0:a1 D=ff02::9 LEN=892
fe80::a0:de -> fe80::a0:a8 IPv6 S=fe80::a0:de D=fe80::a0:a8 LEN=104
fe80::a0:a8 -> fe80::a0:de IPv6 S=fe80::a0:a8 D=fe80::a0:de LEN=104
fe80::a0:a1 -> ff02::9 IPv6 S=fe80::a0:a1 D=ff02::9 LEN=892
fe80::a0:de -> fe80::a0:a8 IPv6 S=fe80::a0:de D=fe80::a0:a8 LEN=104
fe80::a0:a8 -> fe80::a0:de IPv6 S=fe80::a0:a8 D=fe80::a0:de LEN=152
fe80::a0:a1 -> ff02::9 IPv6 S=fe80::a0:a1 D=ff02::9 LEN=892
fe80::a0:de -> fe80::a0:a8 IPv6 S=fe80::a0:de D=fe80::a0:a8 LEN=72
fe80::a0:a8 -> fe80::a0:de IPv6 S=fe80::a0:a8 D=fe80::a0:de LEN=72
fe80::a0:a8 -> fe80::a0:de IPv6 S=fe80::a0:a8 D=fe80::a0:de LEN=72
fe80::a0:de -> fe80::a0:a8 IPv6 S=fe80::a0:de D=fe80::a0:a8 LEN=72
|
How to Probe All Multihomed Host
Addresses
In this procedure you use the ping command to check all addresses.
On the command line, type the following command.
% ping -a ipng11
ipng11 (2::102:a00:fe79:19b0) is alive
ipng11 (fec0::102:a00:fe79:19b0) is alive
ipng11 (190.68.10.75) is alive
|
For more information on the ping command, see the ping(1M) man page.
How to Trace All Routes
In this procedure you use the traceroute command to trace
all routes.
On the command line, type the following command.
% traceroute -a <hostname>
|
For more information on the traceroute command, see the traceroute(1M) man page.
Example--Tracing All Routes
% traceroute -a ipng11
traceroute: Warning: Multiple interfaces found; using 2::56:a0:a8 @ le0:2
traceroute to ipng11 (2::102:a00:fe79:19b0),30 hops max, 60 byte packets
1 ipng-rout86 (2::56:a00:fe1f:59a1) 35.534 ms 56.998 ms *
2 2::255:0:c0a8:717 32.659 ms 39.444 ms *
3 ipng61.Eng.apex.COM (2::103:a00:fe9a:ce7b) 401.518 ms 7.143 ms *
4 ipng12-00 (2::100:a00:fe7c:cf35) 113.034 ms 7.949 ms *
5 ipng11 (2::102:a00:fe79:19b0) 66.111 ms * 36.965 ms
traceroute: Warning: Multiple interfaces found; using fec0::56:a8 @ le0:1
traceroute to ipng11 (fec0::10:b0), 30 hops max, 60 byte packets
1 ipng-rout86 (fec0::56:a00:fe1f:59a1) 96.342 ms 78.282 ms 88.327 ms
2 ipng8-tun1 (fec0::25:0:0:c0a8:717) 268.614 ms 508.416 ms 438.774 ms
3 ipng61.Eng.apex.COM (fec0::103:a00:fe9a:ce7b) 6.356 ms * 713.166 ms
4 ipng12-00 (fec0::100:a00:fe7c:cf35) 7.409 ms * 122.094 ms
5 ipng11 (fec0::102:a00:fe79:19b0) 10.620 ms * *
traceroute to ipng11.eng.apex.com (190.68.10.75),30 hops max,40 byte packets
1 rmpj17c-086.Eng.apex.COM (120.46.86.1) 4.360 ms 3.452 ms 3.479 ms
2 flrmpj17u.Eng.apex.COM (120.46.17.131) 4.062 ms 3.848 ms 3.505 ms
3 ipng8.Eng.apex.COM (120.68.7.23) 4.773 ms * 4.294 ms
4 ipng61.Eng.apex.COM (120.68.10.104) 5.128 ms 5.362 ms *
5 ipng12-20.Eng.apex.COM (120.68.10.62) 7.298 ms 5.444 ms *
6 ipng11.Eng.apex.COM (120.68.10.75) 8.053 ms 6.394 ms *
|
Configuring IPv6 Over IPv4 Tunnels
This section describes how you configure IPv6 over IPv4 tunnels.
For conceptual descriptions of tunnels, see "Solaris Tunneling Interfaces for IPv6"
and "Tunneling Mechanism".
How to Configure IPv6 Over IPv4
Tunnels
-
Become superuser.
-
Create the file /etc/hostname6.ip.tunn
(where n is 0, 1, 2, and so on) and add entries using the
following steps.
-
Add the tunnel source and tunnel destination addresses.
tsrc IPv4-source-addr tdst IPv4-destination-addr up
|
-
(Optional) Add a logical interface for the source and destination IPv6 addresses.
addif IPv6-source-address IPv6-destination-address up
|
Omit this step if you want the address autoconfigured for this interface. You
do not need to configure link-local addresses for your tunnel because they are automatically
configured.
When you finish configuring the tunnels, you must reboot.
Note -
You must perform the same steps at the other end of the tunnel for bidirectional
communication to occur.
If your system is to be configured as a router, you must also configure your
router to advertise over tunneling interfaces before rebooting (see "How to Configure Your Router to
Advertise Over Tunneling Interfaces").
Example--IPv6 Configuration File Entry to
Autoconfigure IPv6 Addresses
This is an example of a tunnel for which all IPv6 addresses are autoconfigured.
tsrc 129.146.86.138 tdst 192.168.7.19 up
|
Example--IPv6 Configuration File Entry for
Manually Configured Addresses
This is an example of a tunnel for which global and site local source and destination
addresses are manually configured.
tsrc 120.46.86.138 tdst 190.68.7.19 up
addif fec0::1234:a00:fe12:528 fec0::5678:a00:20ff:fe12:1234 up
addif 2::1234:a00:fe12:528 2::5678:a00:20ff:fe12:1234 up
|
How to Configure Your Router to
Advertise Over Tunneling Interfaces
Do the following steps for each tunnel.
-
Become superuser.
-
Edit the file /etc/inet/ndpd.conf and add entries using
the following steps.
-
Enable router advertisement over the tunneling interface.
if ip.tunn AdvSendAdvertisements 1
|
-
Add prefixes as needed.
prefix interface-address ip.tunn
|
-
Reboot.
Displaying IPv6 Name Service Information
This section provides procedures to display IPv6 Name Service information.
Displaying IPv6 Name Service Information Task Map
Table 17-3 Displaying IPv6 Name
Service Information Task Map
How to Display IPv6 Name Service
Information
In this procedure, you use the nslookup command to display
IPv6 name service information.
-
On the command line, type the following command:
The default server name and address appear, followed by the nslookup command angle bracket prompt.
-
To see information about a particular host, type the following commands at the
angle bracket prompt:
-
To see only AAAA records, type the following command at the angle bracket prompt:
-
Quit the command by typing exit.
Example--Using nslookup
to Display IPv6 Information
% /usr/sbin/nslookup
Default Server: space1999.Eng.apex.COM
Address: 120.46.168.78
> set q=any
> vallejo
Server: space1999.Eng.apex.COM
Address: 120.46.168.78
vallejo.ipv6.eng.apex.com IPv6 address = fec0::9256:a00:fe12:528
vallejo.ipv6.eng.apex.com IPv6 address = 2::9256:a00:fe12:528
> exit
|
How to Verify That DNS IPv6 PTR
Records Were Updated Correctly
In this procedure you use the nslookup command to display
DNS IPv6 PTR records.
-
On the command line, type the following command:
The default server name and address display, followed by the nslookup command angle bracket prompt.
-
To see the PTR records, type the following command at the angle bracket prompt:
-
Quit the command by typing exit.
Example--Using nslook to
Display PTR Records
% /usr/sbin/nslookup
Default Server: space1999.Eng.apex.COM
Address: 120.46.168.78
> set q=PTR
> 8.2.5.0.2.1.e.f.f.f.0.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0.ip6.int
8.2.5.0.2.1.e.f.f.f.0.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0.ip6.int name =
vallejo.ipv6.Eng.apex.COM
ip6.int nameserver = space1999.Eng.apex.COM
> exit
|
How to Display IPv6 Information
Through NIS
In this procedure you use the ypmatch command to display
IPv6 information through NIS.
On the command line, type the following command:
% ypmatch host-name ipnodes.byname
|
The information about host-name displays.
Example 17-1 Example--Using ypmatch to Display IPv6 Information Through NIS
% ypmatch vallejo ipnodes.byname
fec0::9256:a00:20ff:fe12:528 vallejo
2::9256:a00:20ff:fe12:528 vallejo
|
How to Display IPv6 Information
Through NIS+
In this procedure you use the nismatch command to display
IPv6 information through NIS.
On the command line, type the following command:
% nismatch host-name ipnodes.org-dir
|
The information about host-name displays.
Example 17-2 Example--Using nismatch to Display IPv6 Information Through NIS+
% nismatch vallejo ipnodes.org_dir
vallejo vallejo fec0::9256:a00:20ff:fe12:528
vallejo vallejo 2::9256:a00:20ff:fe12:528
|
How to Display IPv6 Information
Independent of Name Service
On the command line, type the following command:
% getent ipnodes host-name
|
The information about host-name displays.
Example 17-3 Example--Using getent
to Display IPv6 Information Independent of Name Service
% getent ipnodes vallejo
2::56:a00:fe87:9aba vallejo vallejo
fec0::56:a00:fe87:9aba vallejo vallejo
|
Télécharger cet ouvrage au format PDF (1868 Ko)