IPv6 Launchipv6 ready

IPv6 tunnel + rDNS on Amazon EC2 running Ubuntu 

World IPv6 Launch is coming - in this how to, we're going to enable IPv6 tunnel in Amazon EC2 instance.

Currently Amazon did not provide a direct, native IPv6 connectivity for their instances, so we have to use a tunnel for this task. After testing several tunnel providers we selected Hurricane Electric's tunnel broker service because:

1) It is completely free
2) They have locations all over the world so you can pick the nearest one which will reduce the network delays
3) You can route /64 or even /48 block to your server, which is absolutely enough for any kind of application

Setting-up the tunnel

Create an account with tunnelbroker.net

In the field IPv4 Endpoint (Your side) enter your public IPv4 IP address and select the nearest available location.

In the Tunnel Details page you must write somewhere the following information:
1) Server IPv4 Address
2) Client IPv6 Address
3) Routed /64

Then lets configure the IPv6 tunnel in Ubuntu:
stan@datacentrix:~$ sudo nano /etc/network/interfaces

# write the following lines in the end of the file
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
netmask 64
endpoint any
ttl 64
up ip -6 route add 2000::/3 via ::$SERVER_IPv4_ADDRESS dev he-ipv6
up ip -6 addr add $ROUTED_IP_1/128 dev he-ipv6
up ip -6 addr add $ROUTED_IP_2/128 dev he-ipv6
down ip -6 route flush dev he-ipv6

Let's assume that your routed /64 block is 2001:470:1f15:123::/64

You can use 2001:470:1f15:123::1:1 2001:470:1f15:123::2:1 etc. for $ROUTED_IP_X variables.

Tunnel behind NAT

Because all Amazon EC2 instances are behind NAT we can't use directly the external IP in the configuration file. You should replace $LOCAL_ADDRESS with your internal IP which you could get by running ifconfig eth0 from console.

When you finished with interfaces file it's time to bring that interface up with

stan@datacentrix:~$ sudo ifup he-ipv6
stan@datacentrix:~$ ping6 -n datacentrix.org

Congratulations - now you have IPv6 connectivity on your Amazon EC2 instance!

IPv6 reverse records with BIND

In order to configure the reverse records you will need at least two DNS servers online. Using BIND the configuration will look like:

stan@datacentrix:~$ sudo nano /etc/bind/named.conf.local

zone "" {
type master;
file "/var/cache/bind/ipv6-tunnel.db";

Our routed /64 is 2001:470:1f15:123::/64 which is a shortened version of 2001:0470:1f15:0123:: - reversing the number and we have (for 0123), 5.1.f.1 (for 1f15), (for 0470) and (for 2001) with ipv6.arpa extension. Let's create the /var/cache/bind/ipv6-tunnel.db zone file now.

rDNS zone file

stan@datacentrix:~$ sudo nano /var/cache/bind/ipv6-tunnel.db

$TTL 3600
@ IN SOA admin.example.com. (
2012050401 ; Serial number (YYYYMMdd)
14400 ; Refresh time
3600 ; Retry time
2000000 ; Expire time
3600 ; Default TTL (bind 8 ignores this, bind 9 needs it)

; Name server entries
IN NS ns1.example.com.
IN NS ns2.example.com.
$ORIGIN IN PTR host1.example.com. IN PTR host2.example.com.

ns1 and ns2.example.com must be defined in Tunnel Details => rDNS Delegations

We're defining rDNS records for 2001:470:1f15:123::1:1 and 2001:470:1f15:123::2:1. $ORIGIN line is cutting the first half of the address (which is the routed block) so we should handle the rest.

2001:470:1f15:123::1:1 is the shortened version of 2001:0470:1f15:0123:0000:0000:0001:0001

2001:470:1f15:123::2:1 is the shortened version of 2001:0470:1f15:0123:0000:0000:0002:0001

Reversing the numbers and we have and for the zone file.

Reload the BIND9 configuration and test the new records:

stan@datacentrix:~$ sudo service bind9 reload
stan@datacentrix:~$ nslookup 2001:470:1f13:123::1:1 name = host1.example.com.

stan@datacentrix:~$ nslookup 2001:470:1f13:123::2:1 name = host2.example.com.

That's it - now you should configure all applications which needs IPv6 access.

Comments - IPv6 tunnel + rDNS on Amazon EC2 running Ubuntu

Add Comment

Fill out the form below to add your own comments.

Insert Special:

Moderation is turned on for this blog. Your comment will require the administrators approval before it will be visible.

Tagged as: , , , , , , , , , , , , , , , ,

| 1 | 2 | 3 | 4 | Next> Last>>