[plug] Exploring world of ipv6 - tunnels

James Bromberger james at rcpt.to
Wed Nov 17 10:22:28 WST 2010 

On 17/11/2010 08:42, Bill Kenworthy wrote:
> Is anyone actually seriously using IPv6 at the home or small business
> level? - or is it only backbone/ISP uplinks and the like.
>
> and is anyone IPv6 only yet?

AFAIK, only Internode are offering IPv6; not sure if they are
dual-stacking it (ie, IPv4 and IPv6 together). There's not many DSL
modems that support it yet - I know Billion have one firmware for one
model that they released about 4 months ago - I'm still waiting for an
IPv6 release for my Billion 7800N, aparently now scheduled for Q1 2011
(see [1]).

As for tunnelling, I've been using HE's free tunnels for the last year
or so from my Debian box; my box is doing radvd on the local subnet so
workstations also pick up a routed allocation as well. I have a cron
script which runs periodically to ensure the tunnel is up. Only down
side with HE is that their closest tunnel end point is (latency wise)
Los Angeles.

Some details for those wanting to play along, I have
/etc/network/interfaces with:

    *iface eth0 inet6 static
      address 2001:470:f29c::1
      netmask 64

    iface henet inet6 v4tunnel
      endpoint 66.220.18.42
      address 2001:470:c:b5c::2
      netmask 64
      gateway 2001:470:c:b5c::1
      ttl 64*

And a simple /etc/radvd.conf with:

    *interface eth0 {
      AdvSendAdvert on;
      prefix 2001:470:f29c::/64
      {
      };*


And my script which fires off to refresh the tunnel should I move
dynamic IPs on my DSL is:

    *HEUSER=deadbeefdeadbeefdeadbeefdeadbeef  # hash of username
    HEPASS=ffffffffffffffffffffffffffffffff  # md5 of passwd
    HETUNNEL=81754                           # tunnel ID from site
    HETHEIR4END=66.220.18.42                 # LA end point
    HEYOUR6END=2001:470:c:b5c::2             # What they assigned me
    HETHEIR6END=2001:470:c:b5c::1            # Their end of the tunnel
    PINGTIMEOUTSECS=2                        # Make sure this is enough
    # Do we have v4 connectivity first?
    if ! ( ping -W $PINGTIMEOUTSECS -q -n -c 1 $HETHEIR4END > /dev/null )
    then
      exit 1
    fi
    # Do we already have v6 working to their end?
    if ( ping6 -W $PINGTIMEOUTSECS -q -n -c 1 $HETHEIR6END > /dev/null )
    then
      exit
    fi
    /sbin/ifdown henet
    curl -k -s
    "https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$HEPASS&user_id=$HEUSER&tunnel_id=$HETUNNEL"
    sleep 1
    /sbin/ifup henet
    *


I was talking to WAIX about getting a tunnel endpoint here in Perth and
permit anyone to get a similar service locally; it may be some time yet.
I know iiNet aren't interested in offering IPv6. form the people I have
spoken to thus far.

If you're looking to ping6 or browse to some stuff:

    * http://ipv6.google.com/
    * http://www.ucc.asn.au/
    * http://ipv6.james.rcpt.to/ - my site virtually hosted in the UK
    * http://revo.james.rcpt.to/ - my Acer Aspire Revo here at home on
      the end of my HE tunnel - nothing on here
    * not much else....


BTW, If you're entering a native IPv6 address in Firefox, you need to
enter it inside square braces "[" and "]" as
http://[2001:470:c:b5c::2]/. If you have a non standard port, it comes
after the closing brace, as in http://[2001:470:c:b5c::2]:80/.


One of the biggest disincentives for serious sites to support IPv6 is
the lack of money opportunities - yep, that old chestnut. IPv4 has well
established GeoIP that permits web sites to generate revenue (thus
supplying you with free or subsidised content) via advertising. There
are very few established IPv6 Geo databases around - I think MaxMind
have one. Compare to IPv4, where the free Geo::IP is in most distros
(country level only, but that's often good enough) means that many web
sites don't see any advantage in supporting IPv6 - if the web sites
advertising platforms only support IPv4, then they'll not support you
avoiding their advertising techniques that generate them money.

By money, I mean that a single click can earn upwards of $5 - $10 per
click if you have good GeoIP and other targetting metrics - as that
leads to a high conversion rate (ie, a purchase of a product). So we're
not talking small change here.

Thus, if the web sites you're browsing don't want this, then the only
people to get an advantage would be your ISP (via the ease of getting v6
address space). They'll have to v6 -> v4 for you so you get similar
GeoIP IPv4.

Looking at the top 25 sites visited in Australia [2], i've just tested
them and Google search is the only one I could find that has a AAAA, and
that's on a separate DNS name (ipv6.google.com, not www.google.com). So
if you visit the "normal" published URLs, that's a big 0%.

Also, many home DSL routers don't do DNS lookups for AAAA. I've had to
explicitly tell my Billion router to hand out DHCP addresses with the
DNS server set to my Linux box. So even if people have a tunnel set up,
and RADVD running, if they're using their default DHCP on IPv4 with
their default DNS settings, they're not getting AAAA records returned,
so they never use the tunnel!

Anyway, I think the sites that are next most likely to start to offer
their content over native IPv6 are those that don't use any advertising,
and aren't using any 3rd party metrics tracking that can't be bothered
to update. Government? Banking? Non profits?


I lack the time to make this message shorter. HTH, HAND. :)

  James

[1] http://au.billion.com/forums/index.php?showtopic=12040
[2]
http://www.brisbanetimes.com.au/technology/technology-news/top-25-mostvisited-websites-in-australia-20101112-17ptg.html
> BillK
>
> On Wed, 2010-11-17 at 08:34 +0800, Craig Foster wrote:
>> GoGo6 (Go6.net), SixXS (sixxs.net)and Hurricane Electric (he.net) all do tunnel broking, and all of them have copy and paste ifconfig scripts available.
>> GoGo6 config can also be used on AARNet's broker (broker.aarnet.net.au)
>>
>> HE also have tests / certification, not that it's industry regarded :P
>>
>> IPv6 completely bypasses NAT and IPv4 firewalls, but it just means you need to configure an IPv6 firewall where each machine has an internet address...
>>
>> Been dual homed on AARNet for a little bit, and on HE for about a year.
>>
>> CraigF.
>>
>>> -----Original Message-----
>>> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf
>>> Of Tim
>>> Sent: Wednesday, 17 November 2010 8:05 AM
>>> To: plug
>>> Subject: [plug] Exploring world of ipv6 - tunnels
>>>
>>> I'm starting to explore the world of ipv6. Seeing as I'm on a telstra wireless
>>> broadband connected, I'm double natted. I'm thinking that to best play with
>>> ipv6 I need a tunnel somewhere. I know there are a number of tunnel brokers,
>>> sixxs and gogo6 are the first that come up.
>>> I also have a server that has a ipv6 address.
>>> So my options are to use a tunnel broker, or setup my own tunnel to my server
>>> and go from there.
>>> Any suggestions (linux server and client)? What works best, easiest.
>>> How secure are the tunnels?
>>>
>>> Thanks
>>>
>>> Tim
>>> p.s. Using ubuntu, so tunnel software in ubuntu repo's would be nice


-- 
*James Bromberger*
Aus Mobile: +61 422 166 708
Email: james /_AT_/ rcpt.to, Web: www.james.rcpt.to
<http://www.james.rcpt.to/>
MSN: james/_AT_/rcpt.to, AIM: JamesEBromberger, Skype: james.bromberger
(/_AT_/ -> @)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20101117/0a74ce9a/attachment.html>

More information about the plug mailing list