Bluetrait

I spent a bit of time last night getting more of my network IPv6 ready.

• My Bind DNS server can now answer queries on IPv6.
• dalegroup.net now has an IPv6 address
• I'm in the process of trying to get my name server (ns1.dalegroup.net) to have an IPv6 address.
• Mail server has an IPv6 address (although nothing is routed to the IPv6 address yet)

EDIT: And now my IPv6 tunnel is completely broken :( I've email aarnet and hopefully it will be working soon!

Just a quick development update.

The following is a list of the major changes that have happened since Code Example 1:

• Commenting Support
• Future Posting Support (via cron)
• Cron Support
• Basic Adding Post Support (with Categories)
• RSS Comments on Posts (with user detail support)
• Database Session Support (all sessions are stored in the database)
• Jquery
• SQLite database support now mostly works
• Contact Form (will be a default plugin) + Mailer Class
• Improvements to custom content

There are a couple of things that need doing before I can upgrade this site to Bluetrait 2:

• Spam Filtering
• Search
• Content Support (for my projects page etc)
• Admin Page (yes I haven't started on it yet!)
• Migration Script (to upgrade database)

The cron support is pretty cool and really easy to use. It will be used in future to handle update notifications, session garbage collection and "monthly database maintenance".

On another note this site is now accessible via IPv6 (2001:388:c021::20), which has already seen traffic!

I finally got an IPv6 tunnel going on my Netscreen SSG 5. So I thought I'd post the relevant configuration details here.

I'm currently running ScreenOS 5.4.0r3a0; there seems to be some WebUI bugs with IPv6 so it is best to do it via the command line.

Update: I just got a response back from JTAC. IPv6 is only supported on the ISG2000. So I'm unsure when/if it the WebUI bugs will be fixed.

Update2: IPv6 is now supported on the SSG 5 under screenos 6, the WEBUI bug has been fixed.

Background info:

• Trust interface 10.0.0.254/22 - bgroup0
• Untrust interface - bgroup2
• IPv6 broker (broker.aarnet.net.au) - 202.158.196.131
• IPv6 subnet - 2001:388:c021::1/64

The first step is to enable IPv6 on your Netscreen.

Type the following then save your config and restart the device:

Now let's setup the trust interface:

So we've setup my trust interface with the IPv6 subnet and autoconfiguration should be working.

Now let's setup a tunnel interface for the traffic to run through:

Now we'll setup a static route for IPv6 traffic to go through:

And finally we need to setup a policy to allow traffic out:

You may want to setup some policies to allow traffic in too.

That should be all you need to do.

I've done some basic IPv6 stuff in the past, which only involved a single IPv6 address and a connection to aarnet. I was going to look into setting up a tunnel on my router (a m0n0wall box) so that I had both a IPv4 address and a IPv6 address but it didn't support IPv6 stuff.

Anyway I've got my cisco 2651 up and connected to the internet and it has full IPv6 support so I decided to give it a go. Aarnet also give you an option to run a full /64 subnet, so I decided to give it a go.

The web interface outputs a shell script that gives you the configuration needed for the router. So I modified by config (with some small changes).

The last section (prefix-advertisement) is similar to DHCP, it assigns an IPv6 address to any IPv6 capable computer/OS. So both my Windows 2000 box (with IPv6 kit installed) and Mac OS X system were given a full routed IPv6 address. No dodgy natted connection here, a full routed /64 subnet. :)

The speed of the IPv6 is pretty good seeing as it is running through an aarnet tunnel.

_{electra:~ michaeldale$ ping vee-six.telstra.net
PING vee-six.telstra.net (203.50.0.254): 56 data bytes
64 bytes from 203.50.0.254: icmp_seq=0 ttl=56 time=21.330 ms
64 bytes from 203.50.0.254: icmp_seq=1 ttl=56 time=19.761 ms
64 bytes from 203.50.0.254: icmp_seq=2 ttl=56 time=21.125 ms
64 bytes from 203.50.0.254: icmp_seq=3 ttl=56 time=19.949 ms
^C
--- vee-six.telstra.net ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 19.761/20.541/21.330/0.693 ms
electra:~ michaeldale$ ping6 vee-six.telstra.net
PING6(56=40+8+8 bytes) 2001:388:c148:1:211:24ff:fe2a:f1b3 --> 2001:360::3
16 bytes from 2001:360::3, icmp_seq=0 hlim=58 time=25.059 ms
16 bytes from 2001:360::3, icmp_seq=1 hlim=58 time=25.874 ms
16 bytes from 2001:360::3, icmp_seq=2 hlim=58 time=23.465 ms
16 bytes from 2001:360::3, icmp_seq=3 hlim=58 time=24.281 ms
^C
--- vee-six.telstra.net ping6 statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 23.465/24.670/25.874 ms}

electra:~ michaeldale$ traceroute6 vee-six.telstra.net
traceroute6 to vee-six.telstra.net (2001:360::3) from 2001:388:c148:1:211:24ff:fe2a:f1b3, 30 hops max, 12 byte packets
1 2001:388:c148:1:207:eff:fe80:5cc0 2.565 ms 1.756 ms 1.422 ms
2 2001:388:f000::246 25.438 ms 17.068 ms 19.847 ms
3 gigether0-2-0.bb1.a.syd.aarnet.net.au 37.864 ms 27.464 ms 22.706 ms
4 gigabitethernet3-0.bb3.a.syd.aarnet.net.au 28.522 ms 19.571 ms 17.456 ms
5 eth0.ipv6.broadway.aarnet.net.au 25.852 ms 16.863 ms 19.326 ms
6 2001:388:200:4::2 25.896 ms 23.23 ms 25.435 ms
7 2001:388:200:4::2 26.875 ms !P 23.721 ms !P 27.306 ms !P

And a trace to my mac (the second last hop is my cisco router) from here

_{traceroute6 to 2001:388:c148:1:211:24ff:fe2a:f1b3 (2001:388:c148:1:211:24ff:fe2a:f1b3) from 2001:1888:0:1:290:27ff:fe9a:4b0b, 64 hops max, 12 byte packets
1 puaiohi-fe1-0-1 1.761 ms 1.923 ms 1.961 ms
2 akepa-e0-0-7 2.737 ms 2.865 ms 2.922 ms
3 tunnel-henet-ca-us 62.519 ms 62.382 ms 62.737 ms
4 3ffe:81d0:ffff:1::1 61.172 ms 61.049 ms 61.039 ms
5 3ffe:80a::b1 63.145 ms 61.613 ms 63.022 ms
6 10gigether0-0-0.bb1.a.syd.aarnet.net.au 237.385 ms 227.818 ms 254.435 ms
7 broker1.a.syd.aarnet.net.au 222.550 ms 222.128 ms 223.146 ms
8 2001:388:f000::247 240.004 ms 238.553 ms 240.206 ms
9 2001:388:c148:1:211:24ff:fe2a:f1b3 241.638 ms 240.077 ms 239.622 m}

I have setup an IPv6 tunnel through AARNET

E:\>tracert vee-six.telstra.net

Tracing route to vee-six.telstra.net [2001:360::3] over a maximum of 30 hops:

1 22 ms 19 ms 18 ms 2001:388:f000::246
2 39 ms 53 ms 40 ms gigether0-2-0.bb1.a.syd.aarnet.net.au [2001:388:1:5001:204:e0ff:fe00:1022]
3 19 ms 17 ms 19 ms gigabitethernet2.7304.syd.aarnet.net.au [2001:388:1:5006:20f:23ff:fea3:ef02]
4 26 ms 26 ms 39 ms 2001:388:200:4::2
5 26 ms 24 ms 26 ms vee-six.telstra.net [2001:360::3]

Trace complete.

I'll have a play around with it some more later. :)

When I installed FreeBSD onto my server it setup an IPv6 address, funky I thought although I'm never going to use it. Anyway my Mac is also built on BSD and it too has an IPv6 address. So I tried a normal ping but it only supports IPv4 so I tried typing ping6 and it worked! Cool!

So anyway I now have two computers talking to each other with IPv6.

electra:~ michaeldale$ ping6 -I en1 fe80::200:e8ff:fe6c:557b
PING6(56=40+8+8 bytes) fe80::211:24ff:fe2a:f1b3 --> fe80::200:e8ff:fe6c:557b
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=0 hlim=64 time=1.365 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=1 hlim=64 time=1.338 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=2 hlim=64 time=1.382 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=3 hlim=64 time=2.111 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=4 hlim=64 time=1.433 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=5 hlim=64 time=1.379 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=6 hlim=64 time=1.346 ms
16 bytes from fe80::200:e8ff:fe6c:557b, icmp_seq=7 hlim=64 time=1.354 ms

--- fe80::200:e8ff:fe6c:557b ping6 statistics ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 1.338/1.463/2.111 ms

Also that connection is running over my wireless, pretty fast I thought. :)