Build your own IPv6 lab on the cheap, part 2

You're so close to creating your own IPv6-ready lab -- now InfoWorld's Matt Prigge takes you through the final steps

1 2 3 4 Page 3
Page 3 of 4

Then apply both of these rules to the tun0 interface:

set interfaces tunnel tun0 firewall in ipv6-name 'tun-in'

set interfaces tunnel tun0 firewall local ipv6-name 'tun-local'

set firewall ipv6-name tun-in default-action 'drop'

At this point, you should be able to ping from the router out to the other end of the IPv6 tunnel (this IPv6 IP will be listed in the Hurricane Electric Tunnel Details dialog next to Server IPv6 Address):

ping6 2001:470:XXXX:XXXX::1

If you get replies, you've done well up to this point.

Configuring the internal network for IPv6

The next task is to get IPv6 running on the inside interface. As I mentioned earlier, there is no NAT in IPv6; if you want to route traffic into a separate IPv6 subnet behind your router, you'll need a block of publicly routable IPs.

Fortunately, there are literally trillions upon trillions of them, so there' s no problem getting them allocated. In the Hurricane Electric Tunnel Details dialog, you'll see that the provider has already routed a /64 network across your pipe in addition to the /64 it gave you for the tunnel itself. There's also a link in the lower half of the screen that reads "Allocate /48," which allows you to cut a larger network for yourself (a /48 is 65,536 /64s).

In general, most IPv6 host networks will consist of 64 bits of network space (exactly half of the total 128-bit address). That's a huge amount of space -- enough for about 18 quintillion hosts. Obviously, you'd never have that many hosts on one network together, but it leaves enough space for hosts to be able to freely auto-generate their own addresses and never risk overlapping with another host.

If you want to be able to field more than one /64 network (say, to support a DMZ on a third Ethernet interface), you'll need a larger allocation. If you're just looking to provide address space for the inside (eth1) network on your router, the /64 is perfect and you won't need to allocate a /48.

Using the pre-allocated /64 you'll find in the Tunnel Details dialog next to "Routed /64," you can address the eth1 interface of your router:

set interfaces ethernet eth1 address '2001:470:XXXX:XXXX::1/64'

Next, you'll want to configure your router to advertise itself so that IPv6 hosts on your network can autoconfigure themselves to match the configuration of your router:

set interfaces ethernet eth1 ipv6 router-advert prefix '2001:470:XXXX:XXXX::/64'

set interfaces ethernet eth1 ipv6 router-advert send-advert 'true'

Related:
1 2 3 4 Page 3
Page 3 of 4
How to choose a low-code development platform