How do I deploy IPv6 within a LAN using a Debian based router and prefix delegation?
You didn't say who your ISP was, but the following works on Comcast in areas where they have rolled out IPv6.
I had to use wide-dhcpv6-client since none of the other DHCPv6 clients could handle all of getting an address for the ISP-facing interface, prefix delegation, and Comcast's maximum /60 network mask at the same time.
After installing wide-dhcpv6-client, edit /etc/network/interfaces so your eth1 IPv6 settings look like this:
iface eth1 inet6 auto
post-up sysctl -w net.ipv6.conf.ext0.accept_ra=2
Edit /etc/wide-dhcpv6/dhcp6c.conf so it looks like this:
profile default
{
information-only;
request domain-name-servers;
request domain-name;
script "/etc/wide-dhcpv6/dhcp6c-script";
};
interface eth1 {
send rapid-commit;
send ia-na 0;
send ia-pd 0;
};
id-assoc na 0 {
};
id-assoc pd 0 {
prefix ::/60 infinity;
# Internal interface (LAN)
prefix-interface eth0 {
sla-len 4;
sla-id 0;
ifid 1;
};
};
The "na" section gets an IPv6 address for eth1 (facing your ISP). The "pd" section gets a prefix delegation for your internal network and will assign the IPv6 address "[prefix]::1" to eth0 (your internal interface). If you have additional internal networks, you can add additional "prefix-interface" sections for those interfaces and increment the "sla-id" for each one.
Then you need a router advertisement daemon on the system for your internal network. You can use either radvd or dnsmasq.
If you are using dnsmasq, the necessary additions to /etc/dnsmasq.conf for IPv6 are
# Enable IPv6 Router Advertisement (RA) features.
enable-ra
# Advertise delegated prefix based on the IPv6 address of eth0.
dhcp-range = ::1,constructor:eth0, ra-stateless, ra-names, 4h
You'll need to install the dnsmasq from Debian testing since the version that ships with Debian wheezy does not do router advertisements properly.
Then ifdown and ifup your external interface, make sure dhcp6c is running, and see if both your external and internal interface have IPv6 addresses other than the link-local ones (the "fe80::..." addresses). If all of that worked, restart dnsmasq, and the systems on your LAN should start automatically configuring IPv6 addresses for themselves.
If you're willing to replace your Debian by OpenWRT, then everything is set up automatically — recent versions of OpenWRT will ask for a DHCPv6 prefix delegation on the Wan interface, carve it into /64 bits, and use them for their LAN interfaces using RA and DHCPv6. No configuration is needed, all of this is set up out of the box.
If you have multiple routers in your network, you might want to experiment with having them set up automatically using the Homenet protocol suite. Homenet is implemented for OpenWRT using hnetd
, and for Linux using shncpd
. (Integrating shncpd
into Debian is an ongoing work, we could use your help.)