Adding Native IPv6 Support to ECS Instance

by Anish

Posted on Monday July 30, 2018

Referefce

This document provides an overview of various ways to tunnel IPv6 packets over IPv4 networks in ECS Instances

You can Add an routable IPv6 address in Cloud provider like Alicloud,Linonde,DigitalOcean

Before you Begin

Make Sure you have following prerequisites met on the ECS Side running on any cloud Provider

Precondition Check
ECS Instance is up and Running Pass
Having sudo privilege account or root account Pass
ECS Instance is assigned with public IP Pass
ECS Instance Security Group Allowing ICMP Pass

Tunnel broker:

A service that provides tunneled connectivity to the IPv6 Internet. Using Tunnel Broker an IPv6 access service can enable ECS Instances to access over IPv6 .

Few example of Tunnel brokers Providers

  • SixXS - IPv6 Deployment & Tunnel Broker
  • tunnelbroker.net - Hurricane Electric Free IPv6 Tunnel Broker
  • gogo6 Freenet6: Free and Easy IPv6 Connectivity

Hurricane Electric Tunnel broker

In this example we are using HE, tunnel provider

Format of assigned IPv6 addresses

The prefix length assigned to configured tunnels is 128 bits (/128). Tunnels are assigned from prefix 2001:470::/32

Creating HE Tunnel

Before creating a Tunnel make sure your ECS instance is up and running and having a routable IPv4 (Ex: 34.218.239.239) assigned

  1. Create an Account in HE
  2. Create Regular Tunnel
  3. When creating new tunnel provide the ECS IP address as show in the diagram
  4. Select the Location which is very close to Alicloud Region to avoid any Latency Issues

enter image description here

  1. Once the IPv6 tunnel is created in the HE, you will be displayed with Summary page with tunnel Endpoints note down to the new endpoint configuration

Configure ECS Interface

For EL6

if the ECS instances running on General linux configure * two new interfaces *sit0 for tunnel * and *sit1 for ipv6 address

|tunnel| ipv6 | |--|--| | sit0 | sit1| | ::216.66.22.2 | 2001:470:7:20a::2/64|

Copy and paste the following commands into a command window:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.22.2
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:7:20a::2/64
route -A inet6 add ::/0 dev sit1

Check the new interfaces is added sit1 is your IPv6 address which is added to the ECS Instance

[[email protected] ~]# ifconfig 
        eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
                inet 172.31.20.124  netmask 255.255.240.0  broadcast 172.31.31.255
                inet6 fe80::8e:5fff:fe78:dc2c  prefixlen 64  scopeid 0x20<link>
                ether 02:8e:5f:78:dc:2c  txqueuelen 1000  (Ethernet)
                RX packets 11345  bytes 15649422 (14.9 MiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 1097  bytes 99162 (96.8 KiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 8  bytes 648 (648.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 8  bytes 648 (648.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    sit0: flags=193<UP,RUNNING,NOARP>  mtu 1480
            inet6 ::127.0.0.1  prefixlen 96  scopeid 0x90<compat,host>
            inet6 ::172.31.20.124  prefixlen 96  scopeid 0x80<compat,global>
            sit  txqueuelen 1000  (IPv6-in-IPv4)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    sit1: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
            inet6 2001:470:7:20a::2  prefixlen 64  scopeid 0x0<global>
            inet6 fe80::ac1f:147c  prefixlen 64  scopeid 0x20<link>
            sit  txqueuelen 1000  (IPv6-in-IPv4)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

For EL7

Copy and paste the following commands into a command window by adjusting with your tunnel configuration

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local 34.218.239.239 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:7:20a::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

For Debian Ubuntu

Paste the following into /etc/network/interfaces: and adjust

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:470:7:20a::2
        netmask 64
        endpoint 216.66.22.2
        local 34.218.239.239
        ttl 255
        gateway 2001:470:7:20a::1

Windows 10

Copy and paste the following commands into a command window:

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel localaddress=34.218.239.239 remoteaddress=216.66.22.2
netsh interface ipv6 add address interface=IP6Tunnel address=2001:470:7:20a::2
netsh interface ipv6 add route prefix=::/0 interface=IP6Tunnel nexthop=2001:470:7:20a::1

Verify the tunnel is working

To verify you need to perform ping6

$ ping6 -c4 2001:470:7:20a::1 
PING 2001:470:7:20a::1(2001:470:7:20a::1) 56 data bytes
64 bytes from 2001:470:7:20a::1: icmp_seq=1 ttl=44 time=76.5 ms
64 bytes from 2001:470:7:20a::1: icmp_seq=2 ttl=44 time=76.5 ms
64 bytes from 2001:470:7:20a::1: icmp_seq=3 ttl=44 time=76.5 ms
64 bytes from 2001:470:7:20a::1: icmp_seq=4 ttl=44 time=76.6 ms

--- 2001:470:7:20a::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 76.515/76.563/76.653/0.343 ms

Alternatively you can use any Online Ipv6 ping the check Ipv6 address


Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from The Modern Cryptography CookBook for Just $9. Leanpub books Discount coupon first 100 reader. No hurry read the sample chapters here then decide.

Alternatively to support you can buy My all four Cryptography book Just $10.99


Referefce
  • The Modern Cryptography Book.
  • Go lang Cryptography for developers
  • Python Cryptography
  • Cryptography for JavaScript Developer


python Cryptography Topics
Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

Kubernetes for DevOps

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang ryptography for Developers