../guides

IPv6 Implementation Example

This is how we deployed IPv6 in a small office with ADSL internet access environment catering for all mainstream BYODs. 

The Environment

IP assignment

Typically a SOHO type internet connection will be assigned from 1 to 6 (a /29 perhaps) IPv4 addresses and should receive a /48 (65536 /64 subnets) allocation (see RFC3177).

In the example below the IAP is aaisp and is assigned 1 IPv4 and a /48 IPv6.  Subnets of /64 can each be assigned in a control panel to be routed onto the connection.

A /48 seems wastefull, but never the less that is what you should end up with.

Devices
  • Mac / Apple (wired and wireless), iMac, iPhones and iPad
  • PC (wired and wireless), ThinkPads with Debian, Windows 7 and Windows 10
  • Android (wireless) v2.3 (Gingerbread), v4.4 (KitKat), v5.1 (Lollipop)
  • Snom and Digium PoE VoIP handsets (wired)
  • Assorted other devices and operating systems
Infrastructure on site
  • Layer 3
    • Router (RaspberryPi) EDIT: Some readers have expressed concern about this choice of device.  It is capable of saturating an ADSL line, cheap, resillient and easy to configure and (in the event of failure) have onsite non-IT staff replace the SD card. For FTTC or FTTP or Metro Ethernet connections there are other ARM or Intel based products that will work with exactly the same configuration.
  • Layer 2
    • Wireless Access Point (TP-LINK TL-WDR3600 N600 with OpenWRT 12.09)
    • PoE switches (DLink DGS1008P and LinkSys GS748TP)

Logical Network Layout

This solution uses VLANs and multiple SSIDs to provide for 2 networks. 

One (VLAN10) provides stateful autoconfiguration using DHCP v4 and v6 and radvd, this should be considered the default.

One (VLAN11) provides stateful autoconfiguration using DHCP v4 and stateless autoconfiguration using only radvd for IPv6.

Network Diagram

Config files

Certain elements (not related specifically to this article) have been removed / anonymised in the configs included below.

/etc/radvd.conf
interface eth0.10 {
        AdvSendAdvert on;
        AdvManagedFlag on;
        AdvOtherConfigFlag on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        prefix 2001:db8:0000:ca10::/64 {
                AdvOnLink on;            
                AdvAutonomous off;
                AdvRouterAddr on;
        };
        RDNSS 2001:db8::2021 2001:db8::2020
        {
        };
};


## Android devices are in VLAN.11

interface eth0.11 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 60;
        prefix 2001:db8:0000:ca11::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2001:db8::2021 2001:db8::2020
        {
        };
};
/etc/dhcp/dhcpd6.conf
ddns-update-style none;
log-facility local7;

authoritative;

option dhcp6.name-servers 2001:db8::2021, 2001:db8::2020;
option dhcp6.domain-search "local.local";
option dhcp6.server-id 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD;
option dhcp-renewal-time 3600;
option dhcp-rebinding-time 7200;

subnet6 2001:db8:0000:ca10:0000:0000:0000:0000/64 {
range6 2001:db8:0000:ca10:0000:0000:0001:0000 2001:db8:0000:ca12:0000:0000:0001:ffff;
range6 2001:db8:0000:ca10:: temporary;
default-lease-time 3600;
max-lease-time 7200;
}
/etc/dhcp/dhcpd.conf
ddns-update-style none;
log-facility local7;
authoritative;

subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.200;
option domain-name-servers 8.8.8.8;
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
default-lease-time 3600;
max-lease-time 7200;
}

subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.100 192.168.11.200;
option domain-name-servers 8.8.8.8;
option routers 192.168.11.1;
option broadcast-address 192.168.11.255;
default-lease-time 3600;
max-lease-time 7200;
}

If you have any comment or would like help, please contact us.  IPv6 is quite new and there are few experts.  We have been deploying hosted services with dual stack IPv6 as well as implementing dual stack in an office environment since 2014.

This is a technical document, you might be more interested in WHY you should do this.

The Goal Enable IPv6

Support a reasonable SOHO setup - VoIP phones and a ecclectic collection of BYOD devices connected via Wired and Wireless to a typical ADSL (copper) internet connection with QoS.

No Guest Subnet was required (or set up), but this could have been included.

We do want to be able to VPN into the site to access any LAN connected devices that might be being worked on for whatever reason.

The Problem

This Techrepublic article on Android's lack of DHCPv6 will explain the "Android Problem".  Android does not configure stateful IPv6.

Stateful configuration is important for any situation where liability may need to be determined it provides a constant connection between an IP address and a device.  Specifically stateful configuration allows audit, tracking and management capabilities.

Never-the-less, A stateless configuration will need to be provided for Android devices.  This complicates network set up, but should still be possible without massive expense.

An Additional Issue with wireless

RFC asks IPv6 admins to quiet routers so mobile devices don't have to wake up quite so often

 

Valid XHTML 1.1 Strict CIS ZA | CIS UK

© Commercial Internet Solutions Limited (2019-)
Registered in England and Wales, Company No. 07276867

Full QR Code

Brief QR Code Take a look at our QR code, if you hover over it you can scan our full VCard.

Commercial Internet Solutions provides internet applications and services to Small Business clients around London. from our Tier 4 hosting facility - Custodian in Maidstone Kent using n+1 redundant Supermicro servers.

We provide fast web and secure (SSL) imap and pop3 email hosting and cheap, compliant easy to use email marketing software.

We host, manage and backup Microsoft Windows Small Business Servers, dedicated Linux servers and Asterisk/ SIP based VoIP PBX solutions.