Manual:Simple Static IPv6 Routing: Difference between revisions
Created page with "== Introduction == Lets make a simple routing setup illustrated in image below Image:simple-ipv6-routing.png Lets consider ISP is giving us prefix 2001:db8::/62 and prefi..." |
m →Configuration: correct ipv6 addresses from /62 prefix |
||
(2 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
__TOC__ | |||
== Introduction == | == Introduction == | ||
Line 39: | Line 41: | ||
<pre> | <pre> | ||
/ipv6 address | /ipv6 address | ||
add address=2001:db8:1::1/64 interface=ether3 advertise=yes | add address=2001:db8:0:1::1/64 interface=ether3 advertise=yes | ||
/ipv6 route | /ipv6 route | ||
add gateway=fe80::1:1%ether1 | add gateway=fe80::1:1%ether1 | ||
add dst-address=2001:db8:2::/64 gateway=fe80::219:d1ff:fe39:3535%ether2 | add dst-address=2001:db8:0:2::/64 gateway=fe80::219:d1ff:fe39:3535%ether2 | ||
</pre> | </pre> | ||
Line 50: | Line 52: | ||
<pre> | <pre> | ||
/ipv6 address | /ipv6 address | ||
add address=2001:db8:2::1/64 interface=ether2 advertise=yes | add address=2001:db8:0:2::1/64 interface=ether2 advertise=yes | ||
/ipv6 route | /ipv6 route | ||
Line 62: | Line 64: | ||
That is all required configuration. At this point all clients are directly reachable from remote locations. | That is all required configuration. At this point all clients are directly reachable from remote locations. | ||
{{Note | Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted access or attacks}} | {{Note | Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted access or attacks}} | ||
==See Also== | |||
* [[Manual:My_First_IPv6_Network | IPv6 routing example with tunnel broker]] | |||
{{cont}} | {{cont}} |
Latest revision as of 09:12, 12 February 2015
Introduction
Lets make a simple routing setup illustrated in image below
Lets consider ISP is giving us prefix 2001:db8::/62 and prefix is routed to us with link-local address (fe80::1:1).
Ether1 of Router1 is connected to ISP and will be the gateway of our networks. Router2 is connected to ether2 of Router1 and will act as a gateway for clients connected to it from LAN2. Router1 also connects one client to ether3. Our goal is to create setup so that clients from LAN1 can reach clients from LAN2 and all of them can connect to the internet.
Configuration
At first we need to find what link-local addresses are on Router1 and on Router's 2 ether1 for routing. We can do IPv6 routing without globally configuring addresses on every link that way addresses are not wasted. In current setup there is no global addresses even between ISP and our gateway.
[admin@R1] /ipv6 address> print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 DL fe80::219:d1ff:fe00:3511/64 ether1 no 1 DL fe80::219:d1ff:fe00:3512/64 ether2 no 1 DL fe80::219:d1ff:fe00:3513/64 ether3 no
[admin@R2] /ipv6 address> print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 DL fe80::219:d1ff:fe39:3535/64 ether1 no 1 DL fe80::219:d1ff:fe39:3536/64 ether2 no
Now we can start configuration.
Router1
/ipv6 address add address=2001:db8:0:1::1/64 interface=ether3 advertise=yes /ipv6 route add gateway=fe80::1:1%ether1 add dst-address=2001:db8:0:2::/64 gateway=fe80::219:d1ff:fe39:3535%ether2
Router2
/ipv6 address add address=2001:db8:0:2::1/64 interface=ether2 advertise=yes /ipv6 route add gateway=fe80::219:d1ff:fe00:3512%ether1
Notice how link local addresses are configured as gateways. We provide directly connected neighbour routers link-local address and explicitly specify on which interface ll address is reachable.
Added global addresses are with advertise flag meaning that RA will be used to automatically configure IPv6 addressing on the client PCs. Read more>>
That is all required configuration. At this point all clients are directly reachable from remote locations.
Note: Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted access or attacks
See Also
[ Top | Back to Content ]