On Tue, 19 Aug 2014, Charles Musser wrote:
Hi,
I'm experimenting with using IPv6 via a tunnel broker provided by an
ISP. The tunnel works, but I want to confirm my understanding of the
commands they gave me to set it up. These are the commands:
ifconfig gif0 tunnel 50.1.94.112 72.52.104.74
ifconfig gif0 inet6 alias 2001:470:1f04:204::2 2001:470:1f04:204::1 prefixlen
128
route -n add -inet6 default 2001:470:1f04:204::1
The first and third commands make sense to me; they set up an IPv4
tunnel interface and a default route for IPv6. After reading the
ifconfig(8) man page) I think I sort of understand what the second one
does. Side note: the two IPv6 addresses provided by the tunnel
broker are defined, in their terminology, as follows: <prefix>::1 is
the "server IPv6 address" and <prefix>::2 is the "client IPv6
address". Given that, I think the following is true:
- <prefix>::1 is the local address of the interface on the IPv6
network.
No, *::2 is local.
- The "alias" parameter is superfluous in this case. I tried it without
that and got the same result: an operating tunnel.
If it works, ifconfig is being smart, but why not make your intent
explicit? The tunnel is across the ip4 addresses; this command adds
aliases, or close enough.
- Because gif0 is a point-to-point interface, <prefix>::2 (the
server IP) is interpreted as the "dest_address" parameter mentioned
in the ifconfig(8) man page.
It's ambiguous when you write "the server IP" because the remote end
of the tunnel is a server, and if you're configuring a router rather
than a host then that's a server too. Addr *:2 is local in that it's
an address of your gif(4) interface. The ifconfig(8) synopsis is
simpler than gif configuration, but yes *::2 is like "dest_address".
Addr *::1 is remote. Try 'netstat -nvrf inet6 | grep 2001:' and find
that *::1 has the G (gateway) flag, and host *::2 has a route to *::1.
Also look at something using the interface, maybe ntpd. Look at the
address with 'netstat -nvf inet6 | grep 123' (no -r there), and
see that *::2 is local.
HE likely provided you a /64 prefix for your use, or maybe you have
to request it (I have an HE tunnel but don't remember all details; their
website is helpful). Those addrs would be in a different /48
than the tunnel addrs. If you're setting up a router your assigned
/64 prefix can be assigned to an internal interface with "alias"
like 'inet6 alias </64 net prefix> 64'. Then point rtadvd at that
interface.
-Ed
