Manual:Simple Static IPv6 Routing
Lets make a simple routing setup illustrated in image below
Lets consider ISP is giving us prefix 2001:db8::/62 and prefix is routed to us with link-local address (fe80::1:1).
Ether1 of Router1 is connected to ISP and will be the gateway of our networks. Router2 is connected to ether2 of Router1 and will act as a gateway for clients connected to it from LAN2. Router1 also connects one client to ether3. Our goal is to create setup so that clients from LAN1 can reach clients from LAN2 and all of them can connect to the internet.
At first we need to find what link-local addresses are on Router1 and on Router's 2 ether1 for routing. We can do IPv6 routing without globally configuring addresses on every link that way addresses are not wasted. In current setup there is no global addresses even between ISP and our gateway.
[admin@R1] /ipv6 address> print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 DL fe80::219:d1ff:fe00:3511/64 ether1 no 1 DL fe80::219:d1ff:fe00:3512/64 ether2 no 1 DL fe80::219:d1ff:fe00:3513/64 ether3 no
[admin@R2] /ipv6 address> print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 DL fe80::219:d1ff:fe39:3535/64 ether1 no 1 DL fe80::219:d1ff:fe39:3536/64 ether2 no
Now we can start configuration.
/ipv6 address add address=2001:db8:0:1::1/64 interface=ether3 advertise=yes /ipv6 route add gateway=fe80::1:1%ether1 add dst-address=2001:db8:0:2::/64 gateway=fe80::219:d1ff:fe39:3535%ether2
/ipv6 address add address=2001:db8:0:2::1/64 interface=ether2 advertise=yes /ipv6 route add gateway=fe80::219:d1ff:fe00:3512%ether1
Notice how link local addresses are configured as gateways. We provide directly connected neighbour routers link-local address and explicitly specify on which interface ll address is reachable.
Added global addresses are with advertise flag meaning that RA will be used to automatically configure IPv6 addressing on the client PCs. Read more>>
That is all required configuration. At this point all clients are directly reachable from remote locations.
Note: Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted access or attacks
[ Top | Back to Content ]