Enabling IPv6 on CentOS 5.6

 

Some additional information about IPv6 support and configuration is available from the CentOS wiki at:

http://wiki.centos.org/FAQ/CentOS5

These are the steps I followed to get IPv6 to work.

Edit the network file:

vi /etc/sysconfig/network

Set IPv6 networking to ‘yes’:

NETWORKING_IPV6=yes

Exit and save these changes.

Option 1, EUI-64 auto-assigned IPv6 address:

Edit the interface file:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

If you want to have an auto-assigned IPv6 address based on EUI-64 auto-configuration:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
HWADDR=00:13:21:0D:0D:B9 # Required for EUI-64 auto addressing.
DHCP_HOSTNAME=v6LAB-WWW1.opr.test.statefarm.org
IPV6INIT=yes # Enables IPv6 addressing on interface.
IPV6_AUTOCONF=yes # Enables EUI 64 auto-addressing.
#IPV6ADDR=
#IPV6_DEFAULTGW=

HWADDR and DHCP_HOSTNAME should be updated to match the specifics of each server but is likely automatically configured from install.

Exit and save these changes.

Option 2, static IPv6 address:

Edit the interface file:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

So it the file should look something like this:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
HWADDR=00:13:21:0D:0D:B9 # Required for EUI-64 auto addressing.
# Optional for static.
DHCP_HOSTNAME=v6LAB-WWW1.opr.test.statefarm.org
IPV6INIT=yes # Enables IPv6 addressing on interface.
IPV6_AUTOCONF=no
IPV6ADDR=AAAA::260:3EFF:FE11:5001
IPV6_DEFAULTGW=AAAA::260:3EFF:FE11:6780

HWADDR, DHCP_HOSTNAME , IP6ADDR, and IPV6_DEFAULTGW should be updated to match the specifics of each server.

Exit and save these changes.

Restart the interfaces with the new options:

service network restart

If there is no error message, IPv6 setup is complete. Jump to IPv6 Test and Validation.

If you get this kernel error:

CRITICAL : [ipv6_test] Kernel is not compiled with IPv6 support

See the section for Enabling IPv6 on CentOS 5.6 Kernal (if needed).

Enabling IPv6 on CentOS 5.6 Kernal (if needed)

The kernel options to support IPv6 on the Ethernet modules need to be enabled. Edit the module probe configuration file:

vi /etc/modprobe.conf

Search for these two lines and comment them out if they exist:

#alias net-pf-10 off
#alias ipv6 off

And change this one from ‘1’ to ‘0’:

options ipv6 disable=0

So these lines look like this:

#Uncomment the next two lines to disable IPv6 support at boot.
#alias net-pf-10 off
#alias ipv6 off
#Swap commented/uncommented lines below to disable IPv6 support at boot.
#options ipv6 disable=1
options ipv6 disable=0

The only way for the new module options to take place is by a reboot:

shutdown –r now

IPv6 Test and Validation

With IPv6 enabled, we can confirm the interface has at least two IPv6 addresses. A global and a link(local) address:

[root@v6LAB-W1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:13:21:0D:0D:B9
inet6 addr: aaaa::213:21ff:fe0d:db9/64 Scope:Global
inet6 addr: fe80::213:21ff:fe0d:db9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:63 errors:0 dropped:0 overruns:0 frame:0
TX packets:96 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6813 (6.6 KiB) TX bytes:15909 (15.5 KiB)
Interrupt:209 Memory:fdef0000-fdf00000

We can ping the router (like Windows, the command is ping6):

[root@v6LAB-W1 ~]# ping6 aaaa::260:3eff:fe11:6780
PING aaaa::260:3eff:fe11:6780(aaaa::260:3eff:fe11:6780) 56 data bytes
64 bytes from aaaa::260:3eff:fe11:6780: icmp_seq=0 ttl=64 time=0.594 ms
64 bytes from aaaa::260:3eff:fe11:6780: icmp_seq=1 ttl=64 time=0.541 ms
64 bytes from aaaa::260:3eff:fe11:6780: icmp_seq=2 ttl=64 time=0.529 ms
64 bytes from aaaa::260:3eff:fe11:6780: icmp_seq=3 ttl=64 time=0.546 ms
--- aaaa::260:3eff:fe11:6780 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.529/0.552/0.594/0.034 ms, pipe 2
[root@v6LAB-W1 ~]#

If we console into the router, we can ping our new server:

v6LAB-R1#
v6LAB-R1#ping aaaa::213:21ff:fe0d:db9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to AAAA::213:21FF:FE0D:DB9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
v6LAB-R1#

And ssh to it:

v6LAB-R1#
v6LAB-R1#ssh -l root aaaa::213:21ff:fe0d:db9
Password:
Last login: Wed May 25 05:48:50 2011 from localhost6.localdomain6
[root@v6LAB-W1 ~]#
[root@v6LAB-W1 ~]#

Apache/HTTPD configuration

No special configuration is necessary to enable IPv6 requests on Apache.

After installing Apache, it needs to be set to start at boot using this command:

[root@v6LAB-W1 ~]#chkconfig --level 2345 httpd on

Tweet forwarded by @russruns

cmross: Will seek this out later today.  Steve Jobs banner in the Windy City a nice tribute http://t.co/UjlQ2eG0 via @zite

Original Tweet: http://twitter.com/cmross/status/123434197460324352

Sent via TweetDeck (www.tweetdeck.com)

Steve Jobs -- 1955-2011

 

 

http://www.apple.com

http://www.apple.com/stevejobs/

F5 LTM GTM IPv6 quick hit

Just quick note, F5 products LTM and GTM work just great with IPv6.  But IPv6 address shortening (double-colons '::') is not permitted in the GUI or tmsh.

LTM and GTM are Linux based systems, so if you are using BASH, the standard rules apply.

But if you are using the GUI or tmsh, IPv6 addresses must be fully completed.

This:

fe80:0:0:0:201:d7ff:fed4:d041

Not this:

fe80::201:d7ff:fed4:d041
    ^^  Cannot have a double colon.

IPv6 SLAAC(er)

Promoted as a feature of IPv6, allows a device to connect to a network and receive an addresses without the administrative overhead of managing a DHCP.

But there are a few limitations that limit its usefulness in an enterprise environment:

• SLAAC only works with /64 subnets. No more, no less.
• SLAAC does not hand out DNS information (or any Windows domain specific info).

You get an address, a fixed subnet, and a default gateway. Period. This doesn't make it entirely useless, but definitely SLAAC is not a DHCP killer.

To enable a Cisco router to being making SLAAC announcements, all you need to do is configure an interface with an IPv6 address and a /64 subnet:

interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
ipv6 address 2001:1890:1208:240::1/64

This line:

ipv6 address 2001:1890:1208:240::1/64

causes the router to begin making ND announcements which permit other devices to SLAAC themselves. We can verify announcements with a show ipv6 interface:

V6-R1-2911#sh ipv6 int gi0/1
GigabitEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::xxxx:xxxx:xxxx:xxxx
No Virtual link-local address(es):
Global unicast address(es):
   2001:xxxx:xxxx:xxxx::1, subnet is 2001:xxxx:xxxx:xxxx::/58
Joined group address(es):
   FF02::1
   FF02::2
   FF02::1:FF00:1
   FF02::1:FFFD:CCC1
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
V6-R1-2911#

So you've got IPv6...

...now what?

This site contains a list of websites with verified IPv6 connectivity. Regularly updated and tested. Also provides the resolved IPv6 address so you can perform basic ping testing in case your DNS is flaky (anyone else have this problem?).

Global IPv6 Deployment Progress Report

Haven't ruled out a problem on the local end, but we do get better (but not 100%) responses from:

Public DNS servers:

	IPv6	IPv4
Open DNS	2620:0:ccc::2 2620:0:ccd::2	208.67.222.222 208.67.220.220
Google Public DNS	2001:4860:4860::8888 2001:4860:4860::8844	8.8.8.8 8.8.4.4

Flickr API

This falls into the category of both work and fun.  Many of my clients use an online host to manage their photos. My personal favorite is Flickr. Whether you’re a professional photographer looking to expand your market or show off your latest, or you’re in a sales/marketing/promotion role and sharing pictures from the latest trade show, or simply have a need to share more than a handful of digital photographs, a photo-specific hosting site makes the job much easier and allows you to focus on results rather than the process.

Flickr provides the ability to easily embed photos in other applications and a highly extensible API for extracting and using photos for your own customized needs.

Before you begin creating scripts, you’ll need a Flickr API key.

From your account page, click on the “Sharing & Extending” tab.

Scroll down to “Your API keys” and click on the link to the right, which likely says “You have no API keys assigned to this account.”

Click on the “GET A KEY” button.

For now, we’ll stick with non-commercial applications, so click on “APPLY FOR A NON-COMMERCIAL KEY”.

You’ll need a name and description for you app.  For now, we can name it “Test Key” and give it a similar description. After reading the terms of use, confirm and check the boxes and click “SUBMIT”.

You’ll be given two hex strings, a “key” and a “secret”.  Since we created non-commercial keys, save these and don’t share with anyone.  You’ll want to copy/paste someplace for quick reference, but you can always retrieve them from your account page if necessary.

With your API key, we can now begin writing a script.

Once again, Perl provides a readily available repository called Flickr::API.  Use cpan to install:

cpan> install Flickr::API

I’d also recommend having Data::Dumper available.

cpan> install Data::Dumper

The first script will simply confirm your perl module is working properly and your API key is functionally.  Fortunately Flickr provides a test method.  Make sure to replace your_key_here with your Flickr API key (not your secret).

# C:\Perl\bin\perl.exe

use Flickr::API;
use Data::Dumper;

my $api = new Flickr::API({'key' => 'your_key_here’});

my $response = $api->execute_method('flickr.test.echo');

print "Success:\t$response->{success}\n";
print "Error code:\t$response->{error_code}\n";
print "\n\n\n";
#print Dumper ($response);

For now, leave the last line (Dumper) commented out. Running the perl command should give you these results:

R> perl Flickr-test.pl
Success:        1
Error code:     0

If the results are flipped (success: 0 and error: 1), there’s a high probability your key isn’t correct, or there were problems with the Flickr::API module.