website/docs/iproute2tunnel-en.xml - annotate

Return to iproute2tunnel-en.xml CVS log

Up to [DeepSpace6] / website / docs

1 mauro 1.1 <?xml version="1.0" encoding="iso-8859-1"?>
2 mauro 1.2 <!-- 3 vim: et ts=2 sw=2 4 --> 5 <article> 6 7 <title>Configuring tunnels with iproute2</title> 8 <author> 9 <a href="mailto:simone _at_ deepspace6.net">Simone Piunno</a> 10 </author> 11 12 <contents> 13
14 simone 1.3 <section name="iproute2">
15 mauro 1.2 16 <para> 17 <strong>iproute2</strong> is a package for advanced network 18 management under linux. In practice, it is composed of a 19 bunch of small utilities to dinamically configure the kernel 20 by means of <em>rtnetlink sockets</em> - a modern and 21 powerful interface for the configuration of the networking stack 22 implemented by <strong>Alexey Kuznetsov</strong> starting from the 23 2.2 kernel series. 24 </para> 25 26 <para> 27 The most interesting feature of <strong>iproute2</strong> is 28 that it replaces with a single integrated and organic command all 29 the functionalities we were used to find in <tt>ifconfig</tt>, 30 <tt>arp</tt>, <tt>route</tt> and <tt>iptunnel</tt> 31 (and it even adds some more!). 32 </para> 33 34 <para> 35 Nowadays <strong>iproute2</strong> is installed by default on 36 mauro 1.2 most major distributions, even if their initialization scripts are still built 37 on commands from the old <strong>net-tools</strong> package 38 (e.g. <tt>ifconfig</tt> or <tt>iptunnel</tt> - the latter is actually 39 deprecated). If your distribution doesn't include this important 40 package, you can always download it from 41 <a href="ftp://ftp.inr.ac.ru/ip-routing/">ftp://ftp.inr.ac.ru/ip-routing/</a> 42 and compile it yourself. 43 </para> 44 45 <para> 46 As the time of this writing, the worst defect of <strong>iproute2</strong> 47 is a relative lack of documentation, partially compensated by the fact that 48 the syntax of the <tt>ip</tt> command is very easy and similar to 49 the english language. We believe that people used to <tt>ifconfig</tt> and 50 <tt>route</tt> shouldn't encounter any problem using <tt>ip</tt> and that 51 they will feel at home in a matter of hours. In this document we will suppose 52 that the reader has already a good knowledge of basic networking concepts and 53 has used <tt>ifconfig</tt> and <tt>route</tt> in the past. 54 </para> 55 56 </section> 57 mauro 1.2
58 simone 1.3 <section name="Introduction to tunnels">
59 mauro 1.2 60 <para> 61 Let's imagine two Internet nodes wanting to exchange data traffic over a 62 protocol different from IPv4 or directed to a private LAN using 63 non-globally-valid IP addresses. This problem is typically solved using a 64 virtual point-to-point connection between the two nodes and we call this 65 configuration a <strong>tunnel</strong>. 66 </para> 67 68 <para> 69 You can think to every packet traveling over the network like it was an 70 envelope with a few bits inside and the sender's and receiver's addresses 71 written on. Tunnels simply hide this envelope inside an additional 72 one, with different sender and receiver, effectively diverting the packet's 73 trip. When the packet arrives to the external receiver (the one written on the 74 external envelope), the external envelope is removed and thrown away, so that 75 the packet can continue its travel to the real destinantion. 76 </para> 77 78 <para> 79 The two nodes putting and removing the additional envelope are called 80 mauro 1.2 <em>endpoints</em> and need to have a known IPv4 address. This is why tunnels 81 generally don't work when traversing a network address translation (NAT). 82 Moreover, if the tunnel is built throuh a firewall, the latter must be 83 configured ad hoc to permit this kind of traffic. 84 </para> 85 86 <para> 87 A typical tunnel usage is connecting two IPv6 nodes through an IPv4-only 88 network. The two nodes can build an IPv6-in-IPv4 tunnel pretending to have a 89 real direct point-to-point IPv6 connection, and this way they can link together 90 two IPv6 islands (6bone works this way, a web of tunnels). Tunnels for 91 IPv6-over-IPv4 transport come in two different flawors: automatic 92 (<a href="http://www.ietf.org/rfc/rfc2373.txt">RFC2373</a>) and manually 93 configured. In this document we will talk only of the latter type. 94 </para> 95 96 </section> 97
98 simone 1.3 <section name="Creating tunnels">
99 mauro 1.2 100 <para> 101 Creating tunnels with <strong>iproute2</strong> is very easy. First of 102 all you need a name for your tunnel. If you choose to name it <em>foo</em> 103 then you can create the tunnel with the command: 104 </para> 105 106 <command>ip tunnel add foo mode sit remote 192.168.1.42</command> 107 108 <para> 109 This way, you created a sit (IPv6-in-IPv4) tunnel with a remote endpoint 110 at the IP address 192.168.1.42. Notice that we have not specified which 111 IP address to use for the local side of the tunnel, which interface, and so on. 112 The result can be viewed with the command <command>ip tunnel show</command>: 113 </para>
114 mauro 1.1
115 mauro 1.2 <command>
116 mauro 1.1 [root@abulafia root]# ip tunnel show 117 sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 118 foo: ipv6/ip remote 192.168.1.42 local any ttl inherit
119 mauro 1.2 </command>
120 mauro 1.1
121 mauro 1.2 <para> 122 Our tunnel is the one in the 2nd row. Now we can also ask a list 123 of all available interfaces, regardless if they are real network 124 adapters or software simulations: 125 </para>
126 mauro 1.1
127 mauro 1.2 <command>
128 mauro 1.1 [root@abulafia root]# ip link show 129 1: lo: <loopback,up> mtu 16436 qdisc noqueue 130 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 131 2: eth0: <broadcast,multicast,up> mtu 1500 qdisc pfifo_fast qlen 100 132 link/ether 00:48:54:1b:25:30 brd ff:ff:ff:ff:ff:ff 133 4: sit0@none: <noarp> mtu 1480 qdisc noop 134 link/sit 0.0.0.0 brd 0.0.0.0 135 6: foo@none: <pointopoint,noarp> mtu 1480 qdisc noop 136 link/sit 0.0.0.0 peer 192.168.1.42
137 mauro 1.2 </command>
138 mauro 1.1
139 mauro 1.2 <para> 140 The fact that should get your attention is that while <em>lo</em> 141 and <em>eth0</em> are marked as being <em>up</em>, our tunnel is not. 142 To double check, the good old <tt>ifconfig</tt> says only: 143 </para>
144 mauro 1.1
145 mauro 1.2 <command>
146 mauro 1.1 [root@abulafia root]# ifconfig 147 eth0 link encap:ethernet hwaddr 00:48:54:1b:25:30 148 inet addr:192.168.0.1 bcast:192.168.0.255 mask:255.255.255.0 149 inet6 addr: fe80::248:54ff:fe1b:2530/10 scope:link 150 up broadcast running multicast mtu:1500 metric:1 151 rx packets:0 errors:0 dropped:0 overruns:0 frame:0 152 tx packets:8 errors:0 dropped:0 overruns:0 carrier:0 153 collisions:0 txqueuelen:100 154 rx bytes:0 (0.0 b) tx bytes:528 (528.0 b) 155 interrupt:9 base address:0x5000 156 157 lo link encap:local loopback 158 inet addr:127.0.0.1 mask:255.0.0.0 159 inet6 addr: ::1/128 scope:host 160 up loopback running mtu:16436 metric:1 161 rx packets:35402 errors:0 dropped:0 overruns:0 frame:0 162 tx packets:35402 errors:0 dropped:0 overruns:0 carrier:0 163 collisions:0 txqueuelen:0 164 rx bytes:3433996 (3.2 mb) tx bytes:3433996 (3.2 mb)
165 mauro 1.2 </command>
166 mauro 1.1
167 mauro 1.2 <para> 168 So we must remember that the <tt>ip link</tt> command shows all 169 available interfaces, regardless of them being activated or not. 170 To activate <em>foo</em>, we use the command: 171 </para>
172 mauro 1.1
173 mauro 1.2 <command>ip link set foo up</command>
174 mauro 1.1
175 mauro 1.2 <para> 176 and to deactivate it: 177 </para>
178 mauro 1.1
179 mauro 1.2 <command>ip link set foo down</command>
180 mauro 1.1
181 mauro 1.2 <para> 182 To completely discard our tunnel we use: 183 </para>
184 mauro 1.1
185 mauro 1.2 <command>ip tunnel del foo</command> 186 187 </section>
188 mauro 1.1
189 simone 1.3 <section name="Special tunnels">
190 mauro 1.1
191 mauro 1.2 <para> 192 In the previous paragraph, we've seen how to build an IPv6-in-IPv4 tunnel, 193 now we'll examine a few different situations. 194 </para>
195 mauro 1.1
196 mauro 1.2
197 simone 1.3 <subsection name="GRE tunnels">
198 mauro 1.1
199 mauro 1.2 <para> 200 If you don't need IPv6 but for example you want to carry normal 201 IPv4 traffic through a non-cooperating transit network, then you'd 202 better use <tt>mode gre</tt> instead of <tt>mode sit</tt>. 203 For example: 204 </para>
205 mauro 1.1
206 mauro 1.2 <command>
207 mauro 1.1 [root@abulafia root]# ip tunnel add foo4 mode gre remote 192.168.1.42 208 [root@abulafia root]# ip tunnel show 209 gre0: gre/ip remote any local any ttl inherit nopmtudisc 210 foo4: gre/ip remote 192.168.1.42 local any ttl inherit 211 [root@abulafia root]# ip link show 212 1: lo: <loopback,up> mtu 16436 qdisc noqueue 213 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 214 2: eth0: <broadcast,multicast,up> mtu 1500 qdisc pfifo_fast qlen 100 215 link/ether 00:48:54:1b:25:30 brd ff:ff:ff:ff:ff:ff 216 7: gre0@none: <noarp> mtu 1476 qdisc noop 217 link/gre 0.0.0.0 brd 0.0.0.0 218 9: foo4@none: <pointopoint,noarp> mtu 1476 qdisc noop 219 link/gre 0.0.0.0 peer 192.168.1.42
220 mauro 1.2 </command>
221 mauro 1.1
222 mauro 1.2 <para> 223 GRE is a particular tunnelling protocol supported by Cisco 224 routers which is capable to carry different protocols over IPv4. 225 There's another kind of tunnels implemented by linux: 226 <tt>ipip</tt>. The latter is also useful for IPv4-in-IPv4 227 encapsulation, but it's implemented only by linux and does only 228 unicast IP over IP (so you can't transport for example IPX or 229 broadcasts). In general, GRE is better. 230 </para> 231
232 simone 1.3 </subsection>
233 mauro 1.2
234 simone 1.3 <subsection name="Explicit local endpoint">
235 mauro 1.2 236 <para> 237 Even if the kernel is smart enough to choose for you, it could 238 be a good idea to explicitly force the local IP address and interface 239 we're going to use for tunneling. To do that, we can use the 240 <tt>local</tt> and <tt>dev</tt> parameters: 241 </para>
242 mauro 1.1
243 mauro 1.2 <command>
244 mauro 1.1 [root@abulafia root]# ip tunnel add foo mode sit local 192.168.0.1 remote 192.168.1.42 dev eth0 245 [root@abulafia root]# ip tunnel show 246 sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 247 foo: ipv6/ip remote 192.168.1.42 local 192.168.0.1 dev eth0 ttl inherit 248 [root@abulafia root]# ip link show 249 1: lo: <loopback,up> mtu 16436 qdisc noqueue 250 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 251 2: eth0: <broadcast,multicast,up> mtu 1500 qdisc pfifo_fast qlen 100 252 link/ether 00:48:54:1b:25:30 brd ff:ff:ff:ff:ff:ff 253 4: sit0@none: <noarp> mtu 1480 qdisc noop 254 link/sit 0.0.0.0 brd 0.0.0.0 255 11: foo@eth0: <pointopoint,noarp> mtu 1480 qdisc noop 256 link/sit 192.168.0.1 peer 192.168.1.42
257 mauro 1.2 </command>
258 mauro 1.1
259 mauro 1.2 <para> 260 Please notice that now the interface is labeled as <em>foo@eth0</em>, 261 to remind us where the tunnel has been explicitly connected. 262 </para> 263
264 simone 1.3 </subsection>
265 mauro 1.2
266 simone 1.3 <subsection name="Time-to-live">
267 mauro 1.2 268 <para> 269 When using tunnels, creating accidental loops in the network it's easy. 270 To limit the problem, it's fundamental to generate packets with a low TTL 271 value. Initial TTL can be specified by the <tt>ttl</tt> parameter in 272 <command>ip tunnel add</command>. The default value is inherited from the 273 network interface the tunnel is associated to. The 274 <a href="http://www.iana.org">Internet Assigned Numbers Authority</a> 275 suggests using 64 for TTL. 276 </para> 277
278 simone 1.3 </subsection>
279 mauro 1.2 </section> 280
281 simone 1.3 <section name="Assigning an IP address to the interface">
282 mauro 1.2 283 <para> 284 Like any other network interface, tunnels can have one or 285 more addresses assigned to them. 286 </para>
287 mauro 1.1
288 mauro 1.2
289 simone 1.3 <subsection name="Main address">
290 mauro 1.2 291 <para> 292 Assigning the main address is straightforward: 293 </para>
294 mauro 1.1
295 mauro 1.2 <command>
296 mauro 1.1 ip addr add 3ffe:9001:210:3::42/64 dev foo 297 ip addr add 192.168.0.2/24 dev foo4 298 ip addr add 10.20.30.40/8 dev eth0
299 mauro 1.2 </command>
300 mauro 1.1
301 mauro 1.2 <para> 302 The number immediately following the slash is to suggest to the 303 kernel the network prefix we prefer, useful to automatically compute 304 broadcast address and netmask on IPv4 LANs (this is called CIDR 305 notation). However, tunnels are point-to-point interfaces and this 306 number is then ignored. 307 </para> 308 309 <para> 310 Note: to be able to assign an IP address to an interface, first 311 you need to activate the interface using 312 <command>ip link set interfacename up</command>. 313 </para> 314 315 <para> 316 To remove an address from an interface, you can obviously use 317 <tt>del</tt> instead of <tt>add</tt>: 318 </para>
319 mauro 1.1
320 mauro 1.2 <command>
321 mauro 1.1 ip addr del 3ffe:9001:210:3::42/64 dev foo 322 ip addr del 192.168.0.2/24 dev foo4
323 mauro 1.2 </command>
324 mauro 1.1
325 mauro 1.2 <para> 326 We can even ask for a list of all the IP addresses in use on our server: 327 </para>
328 mauro 1.1
329 mauro 1.2 <command>
330 mauro 1.1 [root@abulafia root]# ip addr show 331 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 332 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 333 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 334 inet6 ::1/128 scope host 335 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 336 link/ether 00:48:54:1b:25:30 brd ff:ff:ff:ff:ff:ff 337 inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0 338 inet6 fe80::248:54ff:fe1b:2530/10 scope link 339 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop 340 link/sit 0.0.0.0 brd 0.0.0.0 341 5: foo@NONE: <POINTOPOINT,NOARP> mtu 1480 qdisc noop 342 link/sit 0.0.0.0 peer 192.168.1.42 343 inet6 3ffe:9001:210:3::42/64 scope global 344 inet6 fe80::c0a8:1/10 scope link
345 mauro 1.2 </command> 346
347 simone 1.3 </subsection>
348 mauro 1.1
349 simone 1.3 <subsection name="Aliasing">
350 mauro 1.2 351 <para> 352 When using multiple addresses on a single interface, people used 353 to <tt>ifconfig</tt> will be surprised noting that multiple 354 <command>ip addr add</command> commands do not generate fictitious 355 interfaces like <em>eth0:1</em>, <em>eth0:2</em> and so on. 356 This is a legacy naming scheme coming from the 2.0 kernel version 357 and nowadays no more mandated. For example: 358 </para>
359 mauro 1.1
360 mauro 1.2 <command>
361 mauro 1.1 [root@abulafia root]# ip addr add 192.168.0.11/24 dev eth0 362 [root@abulafia root]# ip addr show eth0 363 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 364 link/ether 00:48:54:1b:25:30 brd ff:ff:ff:ff:ff:ff 365 inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0 366 inet 192.168.0.11/24 scope global secondary eth0 367 inet6 fe80::248:54ff:fe1b:2530/10 scope link 368 [root@abulafia root]# ifconfig 369 eth0 Link encap:Ethernet HWaddr 00:48:54:1B:25:30 370 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 371 inet6 addr: fe80::248:54ff:fe1b:2530/10 Scope:Link 372 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 373 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 374 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 375 collisions:0 txqueuelen:100 376 RX bytes:0 (0.0 b) TX bytes:528 (528.0 b) 377 Interrupt:9 Base address:0x5000 378 379 lo Link encap:Local Loopback 380 inet addr:127.0.0.1 Mask:255.0.0.0 381 inet6 addr: ::1/128 Scope:Host 382 mauro 1.1 UP LOOPBACK RUNNING MTU:16436 Metric:1 383 RX packets:34732 errors:0 dropped:0 overruns:0 frame:0 384 TX packets:34732 errors:0 dropped:0 overruns:0 carrier:0 385 collisions:0 txqueuelen:0 386 RX bytes:3386912 (3.2 Mb) TX bytes:3386912 (3.2 Mb) 387 388 foo Link encap:IPv6-in-IPv4 389 inet6 addr: 3ffe:9001:210:3::42/64 Scope:Global 390 inet6 addr: fe80::c0a8:1/10 Scope:Link 391 UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 392 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 393 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 394 collisions:0 txqueuelen:0 395 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
396 mauro 1.2 </command>
397 mauro 1.1
398 mauro 1.2 <para> 399 Our addictional IP address is reported by <command>ip addr show</command> 400 and works, but <tt>ifconfig</tt> doesn't even know of its existence! 401 To solve the problem we can use the <tt>label</tt> parameter: 402 </para>
403 mauro 1.1
404 mauro 1.2 <command>
405 mauro 1.1 [root@abulafia root]# ip addr add 192.168.0.11/24 label eth0:1 dev eth0 406 [root@abulafia root]# ip addr show eth0 407 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 408 link/ether 00:48:54:1b:25:30 brd ff:ff:ff:ff:ff:ff 409 inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0 410 inet 192.168.0.11/24 scope global secondary eth0:1 411 inet6 fe80::248:54ff:fe1b:2530/10 scope link 412 [root@abulafia root]# ifconfig 413 eth0 Link encap:Ethernet HWaddr 00:48:54:1B:25:30 414 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 415 inet6 addr: fe80::248:54ff:fe1b:2530/10 Scope:Link 416 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 417 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 418 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 419 collisions:0 txqueuelen:100 420 RX bytes:0 (0.0 b) TX bytes:528 (528.0 b) 421 Interrupt:9 Base address:0x5000 422 423 eth0:1 Link encap:Ethernet HWaddr 00:48:54:1B:25:30 424 inet addr:192.168.0.11 Bcast:0.0.0.0 Mask:255.255.255.0 425 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 426 mauro 1.1 Interrupt:9 Base address:0x5000
427 mauro 1.2 </command>
428 mauro 1.1
429 mauro 1.2 <para> 430 Notice that we can choose any arbitrary string as the label. 431 We're not forced to use the 2.0 naming scheme; we must comply 432 to it only if we care having backward compatibility with 433 <tt>ifconfig</tt>. 434 </para> 435
436 simone 1.3 </subsection>
437 mauro 1.1
438 simone 1.3 <subsection name="Which IP for the tunnel.">
439 mauro 1.1
440 mauro 1.2 <para> 441 Choosing a global/public IP address (respectively an IPv6 442 address for SIT/IPv6-in-IPv4 tunnels and an IPv4 address for 443 GRE/IPv4-in-IPv4 tunnels) for the local endpoint of the 444 tunnel is probably the best thing we can do when our computer 445 is a single host and not a router providing IPv6 connectivity 446 to a whole LAN. 447 </para>
448 mauro 1.1
449 mauro 1.2 <para> 450 Instead, if we're configuring a router, we'd better use 451 a link-local address for SIT/IPv6-in-IPv4 tunnels (in IPv6 452 link-local addresses are assigned automatically by means of 453 stateless address autoconfiguration or manually configured) 454 and a private address for GRE/IPv4-in-IPv4 tunnels (IPv4 has 455 no link-local addresses). The valid address will then be 456 only on eth0 (or the interface on the LAN side). 457 Notice that in this configuration you need to activate 458 forwarding among interfaces, using these commands: 459 </para>
460 mauro 1.1
461 mauro 1.2 <command>
462 mauro 1.1 sysctl -w net.ipv4.conf.all.forwarding=1 # for GRE (IPv4-in-IPv4) 463 sysctl -w net.ipv6.conf.all.forwarding=1 # for SIT (IPv6-in-IPv4)
464 mauro 1.2 </command>
465 mauro 1.1
466 mauro 1.2 <para>
467 simone 1.4 For IPv4 you can even decide to enable forwarding only between a
468 mauro 1.2 couple of interfaces, in this case you could use these commands: 469 </para>
470 mauro 1.1
471 mauro 1.2 <command>
472 simone 1.4 sysctl -w net.ipv4.conf.eth0.forwarding=1 473 sysctl -w net.ipv4.conf.pippo.forwarding=1
474 mauro 1.2 </command>
475 simone 1.4 <para><strong>Note</strong>: meaning of this switch is different for 476 IPv6 and doesn't work as expected, see kernel documentation for more 477 information.</para>
478 mauro 1.1
479 simone 1.3 </subsection>
480 mauro 1.2 </section>
481 mauro 1.1
482 simone 1.3 <section name="Routing">
483 mauro 1.1
484 mauro 1.2 <para> 485 Now that our tunnel is configured, we have to specify which traffic 486 will be directed through it. For IPv6 the most common choice is the 487 following: 488 </para>
489 mauro 1.1
490 mauro 1.2 <command>ip route add 2000::/3 dev foo</command>
491 mauro 1.1
492 mauro 1.2 <para> 493 This way all IPv6 traffic going to addresses starting with 3 bits 494 equal to 001 (that is, all global unicast IPv6 address space) will be 495 directed to the <em>foo</em> interface. This is only one 8th of the 496 available IPv6 address space, but you are guaranteed that every possible 497 remote host will be in this range. 498 </para>
499 mauro 1.1
500 mauro 1.2 <para> 501 We can see the IPv4 routing table this way: 502 </para>
503 mauro 1.1
504 mauro 1.2 <command>
505 mauro 1.1 [root@abulafia root]# ip route 506 192.168.0.0/24 dev eth0 scope link 507 127.0.0.0/8 dev lo scope link
508 mauro 1.2 </command>
509 mauro 1.1
510 mauro 1.2 <para> 511 and the IPv6 routing table this way: 512 </para>
513 mauro 1.1
514 mauro 1.2 <command>
515 mauro 1.1 [root@abulafia root]# ip -6 route 516 2000::/3 dev foo proto kernel metric 256 mtu 1480 advmss 1420 517 fe80::/10 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 518 fe80::/10 dev foo proto kernel metric 256 mtu 1480 advmss 1420 519 ff00::/8 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 520 ff00::/8 dev foo proto kernel metric 256 mtu 1480 advmss 1420 521 default dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 522 unreachable default dev lo metric -1 error -101
523 mauro 1.2 </command>
524 mauro 1.1
525 mauro 1.2 <para> 526 If you need to specify a gateway (this is not for tunnels) then 527 you can add the <tt>via</tt> parameter, for example: 528 </para>
529 mauro 1.1
530 mauro 1.2 <command>ip route add 192.168.1.0/24 via 192.168.0.254 dev eth0</command>
531 mauro 1.1
532 mauro 1.2 <para> 533 To remove a route you can obviously use <command>ip route del</command> 534 but be careful: if you write <command>ip route del default</command> you're 535 removing the default IPv4 route, not the IPv6 one! To remove the IPv6 536 default destination you need to use <command>ip -6 route del default</command>. 537 </para>
538 mauro 1.1
539 mauro 1.2 </section> 540
541 simone 1.3 <section name="A complete example">
542 mauro 1.2 543 <para> 544 This is a typical IPv6 tunnel for 6bone: 545 </para>
546 mauro 1.1
547 mauro 1.2 <command>
548 mauro 1.1 ip tunnel add $TUNNEL mode sit local any remote $V4_REMOTEADDR ttl 64 549 ip link set $TUNNEL up 550 ip addr add $V6_LOCALADDR dev $TUNNEL 551 ip route add 2000::/3 dev $TUNNEL
552 mauro 1.2 </command>
553 mauro 1.1
554 mauro 1.2 <para> 555 where <command>$TUNNEL</command> is an arbitrary name assigned to the 556 tunnel, <command>$V4_REMOTEADDR</command> is the IPv4 address of the remote 557 end of the tunnel and <command>$V6_LOCALADDR</command> is the IPv6 local 558 address assigned to our host. We've used the <command>any</command> value 559 for the <command>local</command> endpoint address because this way we can 560 handle a dynamic IPv4 address (e.g. assigned by a dialup connection 561 to the ISP). Obviosly we need to inform our tunnel broker when 562 our address changes but this is out of the scope of this writing, also 563 because there's no general standard procedure. 564 </para> 565 566 <para> 567 To shut down the tunnel: 568 </para> 569 570 <command>ip tunnel del $TUNNEL</command> 571 572 <para> 573 also automatically removes the routing entry and the address. 574 </para> 575 mauro 1.2 576 </section>
577 mauro 1.1
578 simone 1.3 <section name="Links">
579 mauro 1.2 580 <link> 581 <a href="http://www.iana.org/">Internet assigned numbers authority</a> 582 </link> 583 <link> 584 <a href="ftp://ftp.inr.ac.ru/ip-routing/">iproute2 ftp site</a> 585 </link> 586 <link> 587 <a href="http://www.ietf.org/rfc/rfc2784.txt">RFC2784 - Generic Routing Encapsulation (GRE)</a> 588 </link> 589 <link> 590 <a href="http://www.ietf.org/rfc/rfc2373.txt">RFC2373 - IP Version 6 Addressing Architecture</a> 591 </link> 592 <link> 593 <a href="http://www.ietf.org/rfc/rfc2893.txt">RFC2893 - Transition Mechanisms for IPv6 Hosts and Routers</a> 594 </link> 595 <link> 596 <a href="http://www.ietf.org/internet-drafts/draft-ietf-ngtrans-introduction-to-ipv6-transition-08.txt">An overview of the introduction of IPv6 in the Internet</a> 597 </link> 598 <link> 599 <a href="http://www.ngnet.it/">ngnet</a> 600 mauro 1.2 </link> 601 602 </section>
603 mauro 1.1
604 mauro 1.2 </contents>
605 mauro 1.1
606 mauro 1.2 </article>

The CVS admin