Search

aiccu: add IPv6 connectivity to your machine

July 6th, 2008 edited by Alexey Beshenov

Article submitted by Caspar Clemens Mierau. Guess what? We still need you to submit good articles about software you like!

It’s time: no reason should prevent you from adding IPv6 connectivity to your machine. Of course it’s still an issue, as most ISPs don’t provide native IPv6. So in most cases the easiest way for you is to set up a tunnel to an IPv6 broker. There are currently several free brokers. I’ll show a simple way of getting IPv6 connectivity with the aiccu and SixXS.

Apply for an account

First you have to apply for an account on SixXS. Please note: as a kind of ISP, Sixxs really need valid information from you. You may give them a link to your Xing or LinkedIn profile.

Your application will be checked and (probably) approved. Wait for the mail. After that go to the SixXS website, request a new tunnel, and pick an entry point near you. This step also needs to be approved. Wait for the mail (it takes up to a day).

Set up aiccu

Now let’s get it running. Install the package aiccu (apt-get install aiccu). During installation you will be asked, which broker you are using. SixXS is already preconfigured, so choose it and input your account information. If everything is fine, aiccu will check SixXS and ask for your tunnel information.

Open a terminal and run ifconfig sixxs—it should show a new network interface with an IPv6 address. Now let’s check IPv6. Open Firefox and go to http://www.kame.net/. If the turtle logo is moving, your are using IPv6, if it does not, you don’t.

The SixXS credit system

You should understand the SixXS credit system. It’s used to limit users in repeating bad actions and to make sure they maintain their tunnels. For example if a static tunnel is down it will cost you some credits, thus you better keep it up. One could see the credit system as a bank, you got a credit limit and you can’t go over it and buy everything you want, but when you earn credits because your tunnel is up you can do a lot with it.

Security issues

Note that all your IPv6 traffic will be directed through the broker, so you have to take care of the security.

IPv6 content

Check http://www.sixxs.net/misc/coolstuff/ for interesting IPv6 content: high traffic news servers, the IPv6 freenode server and so on. Always keep in mind, that not every application is ready for IPv6 and many applications need to be configured for IPv6. With Debian/Ubuntu you should be able to use at least Firefox, Thunderbird, Pan, and Irssi.

aiccu is available in Debian since Etch, and in Ubuntu since Feisty

Happy networking!

Posted in Debian, Ubuntu |

9 Responses

  1. weakish Says:

    What’s the differences between aiccu and tspc (which is available for Debian and Ubuntu too)?

  2. David Fear Says:

    Do NOT use SixXS as a ipv6 tunnel broker, they will disable or delete your account for even the slightest problem or asking too many questions; and you will likely get insulted in the process too!

    Choose one from:
    http://en.linuxreviews.org/Free_IPv4_to_IPv6_Tunnel_Brokers

  3. Mackenzie Says:

    Hurricane Electric is the IPv6 broker I’ve been recommended by a v6 security researcher.

  4. ccm Says:

    @weakish: The tools differ in the implementations they use and therefore the broker they can access. Actually it is always a good idea to use the tool the IPv6 suggest to you, this will vary from broker to broker.

    @David: Well, I also read about people who got their accounts disabled. Actually I have no problems at all and know a project with a bigger setup running it for a longer period now. Therefore I cannot say “yes” or “no”. It’s nice to be able to choose a broker and SixXS is one of them. You’ll always find users moaning about something. But thank you very much for adding the list of brokers.

  5. Dwayne L Says:

    Why bother with a tunnel broker at all? Can’t you just use 6to4?

  6. ccm Says:

    @Dwayne:

    Let me quote RFC3053 - IPv6 Tunnel Broker from http://www.faqs.org/rfcs/rfc3053.html

    - 6to4 [3] has been designed to allow isolated IPv6 domains, attached to a wide area network with no native IPv6 support (e.g., the IPv4 Internet), to communicate with other such IPv6 domains with minimal manual configuration. The idea is to embed IPv4 tunnel addresses into the IPv6 prefixes so that any domain border router can automatically discover tunnel endpoints for outbound IPv6 traffic.

    The Tunnel Broker idea is an alternative approach based on the provision of dedicated servers, called Tunnel Brokers, to automatically manage tunnel requests coming from the users. This
    approach is expected to be useful to stimulate the growth of IPv6 interconnected hosts and to allow early IPv6 network providers to provide easy access to their IPv6 networks.

    The main difference between the Tunnel Broker and the 6to4 mechanisms is that the they serve a different segment of the IPv6 community:
    - the Tunnel Broker fits well for small isolated IPv6 sites, and especially isolated IPv6 hosts on the IPv4 Internet, that want to easily connect to an existing IPv6 network;
    - the 6to4 approach has been designed to allow isolated IPv6 sites to easily connect together without having to wait for their IPv4 ISPs to deliver native IPv6 services. This is very well suited for extranet and virtual private networks. Using 6to4 relays, 6to4 sites can also reach sites on the IPv6 Internet.

    In addition, the Tunnel Broker approach allows IPv6 ISPs to easily perform access control on the users enforcing their own policies on network resources utilization.

  7. Dwayne L Says:

    @ccm:

    The RFC is unconvincing (and it’s also “Informational”, so it by no means carries any authority on the matter). Both tunnel brokering and 6to4 encapsulate IPv6 inside IPv4 packets. Both have trouble working over NATs.

    Tunnel brokering is inherently inefficient, because it tries to do dynamic routing on top of an existing dynamic routing infrastructure.

    Let’s say Alice and Bob are both customers of the same (IPv4) ISP, and both use a tunnel broker somewhere further away. In order to communicate with each other, all the packets they exchange go through both of their respective tunnel servers.

    With 6to4, you make use of the existing IPv4 dynamic routing infrastructure in order to find an optimal route over the legacy IPv4 network. Had Alice and Bob used 6to4, none of their packets even have left their ISP’s network. This is a win for privacy, a win for security, and a win for efficient network utilization.

    There are only a few places where I see tunnel brokering being better than 6to4:

    1. For some reason there isn’t a 6to4 relay nearby (traceroute 192.88.99.1 to find out), *and* you do most of your IPv6 communication with hosts on the “real” IPv6 Internet.

    2. You can’t get a single static IPv4 address for your entire network, but you want a static IPv6 address.

  8. Zepetto Wolfsblut Says:

    Why would I want IPv6, what’s the point?

    PS. It would be nice if the required fields in this silly form were marked! (You really think I’m giving my email addy to you? LOL)

  9. Al Says:

    > Why would I want IPv6, what’s the point

    See http://en.linuxreviews.org/Why_you_want_IPv6

    > this silly form

    It’s just pure WordPress.