May 9, 2011
Getting IPv6 on an OpenBSD Box
Now that the number of IPv4 addresses is rapidly reducing – at the time of this posting Asia Pacific (APNIC) have about 2.3% of their available address space (about 75,000 /24s), Europe (RIPE) have about 9% (240,000 /24s) and the USA (ARIN) have about 10.5% (522,000 /24s), so it is becoming harder and harder for ISPs (and End-users) to get IPv4 addresses. So what does this mean for you ??
Well, it means, that over the next few months, especially in the Asia Pacific Region, customers will not be able to get any more IPv4 addresses, and will start to use IPv6. Now it is possible that their ISPs will host 6 to 4 gateways, so you can continue to use the IPv4 addresses you already have, OR they will simply not be able to access your sites, because IPv6 and IPv4 cannot talk to each other directly.
So, perhaps you should think about getting IPv6 available for your websites!.
Option 1 – Ask your ISP if they support it !!
If they do, they will probably give you a /48 (about 1,208,925,820,000,000,000,000,000 addresses) or at the very least a /64 (18,446,744,100,000,000,000 addresses) – there are 65,536 /64s in a /48 !
You simply configure this on your Ethernet interface, and away you go !
Option 2 – Get an IPv6 Tunnel from a Tunnel Broker
There are a number of providers that will give you IPv6 connectivity over IPv4. I have experience with two providers, but I am sure there are many more.
Hurricane Electric (http://www.tunnelbroker.net)
HE run tunnel pops at most major internet exchanges, and have a number of servers all around the world, so hopefully you should find a low latency server near to you. While you are there, consider signing up for their IPv6 Certification system
SixXS (http://www.sixxs.net)
SixXS also provide a number of POP locations, the majority are in Europe, but there are a number of POPs in the US, one in Brazil, and one in New Zealand,a feature that SixXS offer that Hurricane do not is the fact that you can use the AICCU system to access the SixXS pops if you are sitting behind a NAT. AICCU is part of the OpenBSD ports tree, so a ‘pkg_add aiccu’ should work if a binary package exists, or you can ‘use the source’ to build your own binary
When you have successfully signed up with your desired tunnel broker, they will provide instructions for a large variety of *nix operating systems with the configuration instructions
An example with SixXS is
In the file /etc/hostname.gif0 put:
tunnel [Your IPv4 Endpoint] [PoP IPv4 Endpoint] inet6 [Your IPv6 Endpoint] 128 dest [PoP IPv6 Endpoint] !/sbin/route add -inet6 default ::1 !/sbin/route change -inet6 default -ifp gif0
Congratulations, you should now be available on IPv6!!