Supporting IPv6 on a Linux Server Node
The current version of the IP protocol, IPv4, has proved to be robust, easily implemented, interoperable and has stood the test of scaling to the size of today's Internet, most of which uses IPv4—now nearly 20 years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems. The initial design of IPv4 did not take into consideration several issues that are of great importance today, such as a large address space providing a solution for the address crunch problem, mobility, security, autoconfiguration and quality of service.
To address these concerns, the Internet Engineering Task Force (IETF) has developed a suite of protocols and standards known as the IP version 6 (IPv6), which incorporates many of the concepts and proposed methods for updating IPv4. Some of the IPv6 features include a new header format, a larger address space (128 bits), an efficient and hierarchical addressing and routing infrastructure, the availability of stateless and stateful address security, built-in security, better support of mobility and a new protocol for neighboring node interaction. As a result, IPv6 is not only going to fix a number of problems in IPv4, it also will add many improvements. IPv6 is expected to replace IPv4 gradually, with the two coexisting for a number of years during a transition period.
There are two main IPv6 implementations for Linux: the implementation that comes as part of the Linux kernel and the USAGI (UniverSAl playGround for IPv6) implementation. The USAGI Project works to deliver a production-quality IPv6 protocol stack for Linux, tightly collaborating with the WIDE, KAME and TAHI Projects. It is run by volunteers from various organizations contributing to the Linux and the IPv6 communities via the delivery of the IPv6 protocol stack. Currently, there are many efforts in the different distributions teams, and USAGI is trying to unify them so that there is one IPv6 implementation for all Linux distributions.
For the purpose of this article, we use Linux kernel 2.4.5 from kernel.org. We first show how to build a kernel with IPv6 support, then how to upgrade the basic networking software to support IPv6 and finally, how to connect your IPv6-enabled server to the IPv6 Internet using the services from the www.freenet6.net Project.
The first step is to download the Linux kernel from kernel.org and uncompress it:
tar -xzf linux-2.4.5.tar.gz
You will have a directory called linux. You need to move this directory into /usr/src and rename it linux-2.4.5 to reflect the kernel version. Next, you need to create a link to the 2.4.5 source directory:
ln -s /usr/src/linux-2.4.5 /usr/src/linuxHaving done that, you need to configure the new kernel to enable support for IPv6:
cd /usr/src/linux make xconfig (or menuconfig)We need to enable two options in the kernel configuration. First, go to Code Maturity Level and enable development/incomplete code/drivers:
"Prompt for development and/or incomplete code/drivers" YES
Then go to the Networking Options. There you will enable the IPv6 protocol:
IPv6 Protocol (EXPERIMENTAL) YES
This is all the configuration you need at the kernel level. Next, you should save this configuration and exit by clicking on the Save and Exit button (see Figure 3). This will create a .config file in /usr/src/linux, which is the kernel configuration file. Now you are ready to compile the kernel by following these steps:
make clean make dep make bzImage
The result will be a new kernel image created in /usr/src/linux/arch/i386/boot/. If you added other features as modules you need to compile and install the modules by applying:
make modules make modules_install
At this point you need to copy the new IPv6-enabled boot image to /boot:
cp /usr/src/linux/arch/i386/boot/bzImage /boot/bzImage.ipv6and update your System.map file:
cp /usr/src/linux/System.map \ /boot/System.map-2.4.5-ipv6 ln -fs /boot/System.map-2.4.5-ipv6 /boot/System.mapThe only remaining step is to update /etc/lilo.conf file to add an entry for the new IPv6-enabled kernel. Edit the /etc/lilo.conf file and add a new entry as follows:
image=/boot/bzImage.ipv6 label=linux_ipv6 root=/dev/hda1 # change this to reflect your own # partition read-onlyThen update the LILO configuration by applying
/sbin/liloThis will add an entry called linux_ipv6 that will be presented at LILO at boot time. You are now ready to reboot your server. When LILO comes up, choose to boot linux_ipv6. Et voilà! Your system will boot with IPv6 support in the kernel. Type ifconfig at the prompt to verify and see the outcome. It should show the IPv6 local address ::1 in your loopback configuration (see Figure 4).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- AdaCore's SPARK Pro
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide