Thursday, October 1, 2015

Getting my home 2811 ready for IPv6...finally!

IT'S ABOUT TIME I KNOW.

 Ok.  Now that we've determined that I'm a lazy-ass..lets get started.

First things first...we need to get IPv6 enabled globally:



That was easy!  Now we need to get an IPv6 address from my ISP..and hopefully a block.  I've HEARD that you can get a /60 from Comcast.  Why is this significant?

For simplicity and route summarisation purposes...the longest subnet prefix length is /64.  That means if we were to get a /64 from Comcast...we'd be limited to only a single subnet.  If we get....a /60, for example..then we'd have 4 hexadecimals to play with!  That means 16 /64 subnets....each with 18,446,744,073,709,551,616..or a total of 2.9514791e+20.  Just barely enough for my home network!

So now to get an IPv6 address to peer with Comcast.  Since I have no idea what to use..I obviously can't use a static..so I need to get one from them..via DHCP.

Problem is.."ipv6 address dhcp" is not even an option on my current version of code.  Assuming this to be a code issue...I upgraded from 12.4 to 15.1(4).  After a quick reboot I verified..voila!  The command is available!

But we want to influence the carrier to give us something other than a /64 prefix...how can we approach this?  IPv6 has something called "prefix-delegation" to simplify delegation of prefixes from a delegating router (Comcast) to requesting routers (My 2811).  Comcast will support a /60..should the device on the other end be "smart" enough enough to request one (via PD!).  By using the command "ipv6 dhcp client pd hint ::/60" we can let Comcast know that we're ready to receive a /60..should they be willing!  We can then assign a name to whatever prefix they are kind enough to give out...so should it change..we can dynamically change the configuration on our 2811 to match it!  While we could assign this statically....we may find ourselves in a situation where the prefix has changed and our addresses no longer work.

Here is the config I currently have on my WAN interface:






Note: In addition to the commands I reviewed...I ALSO have "ipv6 address autoconfig default" enabled.  All this does is install a default route (::/0) to the link-local address of my ISP.  I could have done this statically...but for residential purposes (I don't own anything IP/IPv6 wise)..I'd rather it happen dynamically.















Lets do some verification!


Awesome!  We got an IPv6 address from Comcast!  Can we ping the other side?



Awesome!  Lets see if we got a prefix from Comcast!






This gives us a bunch of sexy information!

1.  We see the hint we sent them (::/60)
2.  We see that Comcast has granted us the prefix 2601:282:4100:A2B0::/60!
3.  We see the prefix name "COMCAST" is associated with the /60 they gave us.






Now to try and use this /60 they gave us...I intend to carve out the 2601:282:4100:A2B0::/60 into 16 /64 prefixes:

2601:0282:4100:a2b0:0000:0000:0000:0000/64
2601:0282:4100:a2b1:0000:0000:0000:0000/64
2601:0282:4100:a2b2:0000:0000:0000:0000/64
2601:0282:4100:a2b3:0000:0000:0000:0000/64
2601:0282:4100:a2b4:0000:0000:0000:0000/64
2601:0282:4100:a2b5:0000:0000:0000:0000/64
2601:0282:4100:a2b6:0000:0000:0000:0000/64
2601:0282:4100:a2b7:0000:0000:0000:0000/64
2601:0282:4100:a2b8:0000:0000:0000:0000/64
2601:0282:4100:a2b9:0000:0000:0000:0000/64
2601:0282:4100:a2ba:0000:0000:0000:0000/64
2601:0282:4100:a2bb:0000:0000:0000:0000/64
2601:0282:4100:a2bc:0000:0000:0000:0000/64
2601:0282:4100:a2bd:0000:0000:0000:0000/64
2601:0282:4100:a2be:0000:0000:0000:0000/64
2601:0282:4100:a2bf:0000:0000:0000:0000/64

As I said before...this MAY change, so we want to build out our config to allow this.




By using the syntax "IPv6 address COMCAST ::1/64," we're telling the SVI to use the address 2601:0282:4100:a2b0::1/64.












As you could probably see in the config, I've also told our SVI to act as DHCP server.  I created a DHCP pool called "COMCASTPOOL" to do one thing: Assign DNS to connecting hosts.






Furthermore, I've enabled IPv6 with the "ipv6 enable."

The hosts connected to this VLAN will get their prefix information from the network.  They will then use their MAC addresses to automagically create an IPv6 address.


You'll note that this host as an IP address with the same prefix as the SVI (2601:282:4100:A2B0::/64) and a gateway of the link-local address of the SVI (FE80::21E:F7FF:FE9E:6C98).

Also, the DNS servers I confiured in my DHCP pool are available!

Yay!  But what if we want a second subnet?

The syntax I used on the second SVI was similar: "ipv6 address COMCAST ::1:0:0:0:1/64"  This should make the 4th 16-bit segment "A2B1."


Yayyy!




One last helpful command (in my opinion)

This will show us the prefix we received...and where it is applied (on the 2 SVIs)!



Now lets see if this is working!





Testing using the site test-ipv6.com








Testing with Google




Testing with Facebook






Cool!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)