SixXS::Sunset 2017-06-06

FAQ : Connectivity (Tunnels and Subnets) : How do I give connectivity to other hosts on my subnet?

Other FAQ sections

  • FAQ Item
    • SixXS Prefixes
    • What is a "site"?
    • Operating System configuration

How do I give connectivity to other hosts on my subnet?

Per default every tunnel has a routed /64, the so-called "Default Subnet". This subnet is routed towards the <tunnel>::2 address and is directly available for connecting hosts on a separate link behind the tunnel. If one has multiple network segments that require a /64 behind the tunnel (eg wired, wireless, DMZ, etc) one will need to request a Full Subnet (/48).

You can find your subnets in your User Home.

The easiest way to use your subnet is to assign a /64 per switch network and then setup a Router Advertisement server. As SixXS serves out a /64 per default (Default Subnet) and a /48 (Full Subnet) on request you either have 1 /64 and in the case of the /48 the possiblity of having 65535 /64's and thus subnets inside your site.

A /48 is an end-site and should thus not be delegated to another administration. In case you want to connect multiple sites under different administration we suggest using multiple tunnels and subnets, unless of course the network is the same. See also the definition of a site below.

SixXS Prefixes

In the SixXS system three types of prefixes exist:

Tunnel/64Only tunnel::1 (PoP) and tunnel::2 (User Endpoint) are used
Default Subnet/64Routed towards tunnel::2, can be used to do Router Advertisement on one directly connected network behind the tunnel. Per default routed towards the tunnel
Full Subnet/48Routed towards tunnel::2, can be used to attach 65536 networks of each /64 behind the tunnel. Needs to be requested through the webinterface

Note thus that the user cannot use any other addresses but tunnel::2 for the tunnel prefix.

What is a "site"?

A site is defined as a network with one single administration. The moment a change occurs in administration, one is in a different site. Thus if you have one network operated by administration group X and another network operated by admin Y then those are two sites. Of course, when group X and Y, both administratively fall under group A, they can still be taken as to be a single site.

Operating System configuration

Under Linux the Router Advertisement (RA) server is called radvd, *BSD (KAME stack) calls it rtadvd. Clients can then be configured using RFC 2462 aka "IPv6 Stateless Address Autoconfiguration".

Select your Operating System
Linux - Router

Get yourself the radvd program. On Debian you can install the radvd program by doing an 'apt-get install radvd' other distributions have a similar name for the package.

Edit /etc/radvd.conf to contain something like:
interface eth1
  AdvSendAdvert on;
  prefix [IPv6 Prefix]/64

The full format is described in the manual pages of radvd. Note that a link has a prefixlength of /64.

You will also need to add a single IP out of the above block to the interface itself, this as the machine won't accept the RA from itself due to when forwarding is enabled, RA gets disabled.

Now start the radvd program and your machine should starting announces its routes.
Notez bien that this needs needs the net/ipv6/conf/all/forwarding sysctl to be 1 and that, depending on radvd version, you might have to add an IPv6 address out of the to-be-RA'd prefix on the interface before starting radvd.

Another thing you might want to do, to avoid traffic being routed back to the tunnel when you are not using all of your /48 is to point the /48 in its entirety to lo:
ip -6 ro add [IPv6 Prefix]/48 dev lo
On debian one can accomplish this from the network scripts.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker