mandag 24. januar 2011

IPv6 at home

Ok, so it's time to get on the IPv6-bandwagon. That means:
  • setting up a firewall/router that can handle both IPv4 and IPv6
  • creating an address-policy for both protocols
  • setting up an IPv6-tunnel while waiting for my ISP to provide IPv6
For the firewall/router, I would like the following functionality:
  • DHCP for IPv4
  • Router advertisements (aka stateless autoconfiguration for IPv6, as defined in RFC 4862)
  • DNS for v4 and v6
  • 6in4 tunnel through Hurricane Electric
  • ntp-daemon for a local time-source
  • ssh for administration
  • running a linux-kernel in a xen virtual machine
  • basic linux-utilities provided by busybox
Some justifications for this setup:
  • running linux on regular hw gives more flexibility than on custom-hw (like a linksys)
  • however, I don't need much computing power for this, so a timeshare of my regular server is OK
  • Hurricane Electric seems to be the most used and easy to set up tunnel service
  • I would like to have a cliean IPv6-network internally and translate in the router, however, I have some clients that might not do IPv6 at all (like a blueray-player and the PS3), and even on regular plattforms, some features are missing (like: getting DNS-setup from the IPv6 autoconfig or even do DNS-lookups over IPv6)
  • IPv6 stateless autoconfiguration is far more elegant than DHCP. I would really like to use stateless autoconfigure for everything but servers, and set up other network parameters using DNS SRV-records or zeroconf/bonjour. But the support for this is scarce, so I'll stick with autoconfiguration for addresses and get the rest through DHCP (v4) for now. (Servers need statefull configuration anyway to have a stable IP-address independent of the network card)
So, the plan is:
  • set up a custom linux-system, running on xen
  • use busybox for providing basic utilities
  • ssh for remote login
  • use linux built in netfilter functionality to provide routing, NAT, filtering etc, configured with iptables
  • isc dhcp or dnsmasq for dhcp-functionality (dnsmasq probably has enough functionalit for IPv4, but has no DHCPv6-support. I will start with using dnsmasq for DHCP and use only stateless configuration of IPv6)
  • radvd sending router advertisement messages providing IPv6 stateless autoconfiguration.
  • dnsmasq for DNS
  • ntpd
kl.
Etiketter: ,

1 kommentar:

  1. Rolf Rander Næss26. januar 2011 kl. 21:47

    Looking at alternatives and re-considering the choices of the busybox-config, I have decided to use busybox for ntp and dhcp-client. It could probably serve my needs for dhcp-server and dns as well, but I like dnsmasq.

    SvarSlett

Abonner på: Legg inn kommentarer (Atom)