IPv6 At Last
A few days ago I finally found some time to set up a proper dedicated FreeBSD PC router for my home network and started thinking about IPv6. Well, today I got a tunnel and a subnet from SixXS, and this post is being written on a fully IPv6-enabled laptop. It's a pity that RootBSD VPS servers do not support IPv6 yet, mainly because FreeBSD jails do not support it either, but hopefully it will change quite soon. Meanwhile, I have witnessed the
dancing kame - at last, was surprised by the high speed downloads over IPv6 - in spite of considerable overhead, and in general experienced the joy of the next-generation Internet technology (yeah, I know it's well over 10 years old).
SixXS
SixXS provides free IPv6 over IPv4 connectivity. They pay close attention to whomever applies for a tunnel. In fact, I got rejected once almost a year ago. It's their policy to require that your e-mail address is not freemail and is serviced by at least to MX servers. All of my reliable addresses with multiple MX's were freemail accounts, so I just chose one that wasn't recognized as free by their robot. Naturally, it was a mistake, since the human who checked my application spotted the violation quite easily.
I remember trying to explain to no avail that my non-free addresses all had only one MX record, but they were very reliable. Incidentally, just yesterday our one and only mx1.FreeBSD.org experienced a hardware failure and a few thousand people wished we had mx2.
Anyway, since our main FreeBSD cluster got full IPv6 connectivity a few months ago many fellow committers started getting IPv6 to their homes. That's when I learned from Stanislav Sedov that I could just tell the SixXS guys that I'm a FreeBSD developer - and they'll forget about MX-related policies. In fact, they even give you a bonus - extra 50 credit points which enable you to get a whole subnet very quickly.
The only SixXS guy I had a chance to talk to was Jeroen Massar. He proved to be quite friendly and very helpful. He is the author of the award-winning cross-platform aiccu tool, which performs IPv6 auto-configuration of most Unix-like and Windows systems.
FreeBSD and IPv6
I got a tunnel up and running within less than a day from requesting it, and it only took a minute to set up my FreeBSD router using aiccu. Now why would I want to use some auto-configuration gizmo when I can do everything manually? Well not only this aiccu tool configures a gif(4) tunnel exactly the same way I would do it, but it also contains a heartbeat client and can perform auto-reconfiguration whenever my dynamic IP changes. I could script it all myself, and maybe I will, but this time I wasn't really tempted to.
The tunnel went up just fine. It added only 30ms to RTT latency for most North-American hosts, so I guess IPv6 is the protocol I'll be using to access our FreeBSD servers. The next step was to request a subnet - so that I could get every host in my LAN IPv6-enabled (using NAT in IPv6 networks is possible, but to most people sounds like a dumb idea). The request was approved within a few minutes of filing it and yet a few minutes later my boxes were all auto-configured with real, externally reachable IPv6 addresses.
Router Advertisements
The thing that makes address auto-configuration in IPv6 so easy is router advertisements. At first I couldn't get it to work since my subnet is /48 while for auto-configuration to work you should advertise a /64 prefix (I need to reread the specs to remember if that's a standard requirement, or just a software quirk).
Gateway rc.conf:
sixxs_aiccu_enable="YES"
ipv6_enable="YES"
ipv6_gateway_enable="YES"
rtadvd_enable="YES"
rtadvd_interfaces="rl0"
ipv6_ifconfig_rl0="1234:567:890::77 prefixlen 64"
Client rc.conf:
ipv6_enable="YES"
That's it. After the static IPv6 address is configured on rl0 and rtadvd (comes with FreeBSD) started all other hosts on the same Ethernet get their addresses auto-configured. The low 64 bits of the full auto-configured 128-bit IPv6 address actually come from a slightly transformed MAC-address, which ensures there won't be any conflicts.
If not for latency and overhead, I'd probably disable local IPv4 networking right away, setting up a 4-over-6 compatibility layer. I'll have to wait until my ISP provides native IPv6 before I do that.
So it only takes a day to get fully IPv6-connected (well, and either a FreeBSD commit bit or a proper e-mail address). Don't hesitate to do it. If you request a /48 subnet, you'll get about 2^80 (that's over a million of billions of billions) real, globally-reachable addresses - for free! Surely enough for a kingdom of your own.