As someone who is building little compact flash and USB flash based BSD boxes for various tasks, I can quite happily say its entirely possible to build diskless based Linux/BSD routers which are upgraded about as easy as upgrading a Cisco router (ie, copy over new image, run "save-config" script, reboot.) Its been that way for quite some time.
If there's interest I'll hack up a FreeBSD nanobsd image with ipv6 support, a routing daemon (whatever people think is good enough) and whatever other stuff is "enough" to act as a 6to4 gateway.
You too can build diskless core2duo software routers for USD $1k.
Nathan Ward has packaged up a FreeBSD image that runs on Soekris boxes which incorporates 6to4 and Teredo. A binary TUI release can be downloaded from Nathan's website, as well as a nice article by Geoff Huston.
Reverse 6to4 delegation can be requested at: https://6to4.nro.net, please check the instructions at https://6to4.nro.net/6to4_reverse/non_2002/index.html.
If you announce a 6to4 prefix, make sure to add your ASN to the list of ISPs currently announcing a 6to4 prefix.
Jordi's AfriNIC posting
This info provides the steps required in order to configure your BSD box as a 6to4 Relay.
In order to proceed, you need to have a public IPv4 address on that box, your own IPv6 prefix (provided by AfriNIC in this case) and IPv6 transit.
The BSD box need to support stf pseudo-interface, FreeBSD 5.4 or higher version is recommended, for FreeBSD 4.9 you need to recompile the kernel adding "pseudo-device stf". NetBSD 1.5 supports stf pseudo-interface compiling the kernel. Also need to have IPv6 support and IPv6 routing enabled.
If you need help in order to acquire your IPv6 prefix from AfriNIC, let us know and we can help even with the request form.
Similarly, we are able to help in making sure you have the right configuration for IPv6 in your BSD and you can get IPv6 transit (native or tunneling) either from your upstream, or alternatively, if that's not possible, we will be able to provide free IPv6 transit to third party networks.
Running a 6to4 relay on Linux
Tested on 2.6.24-19-generic (ubuntu hardy).
Create this bash script
#!/bin/bash echo 1 > /proc/sys/net/ipv6/conf/default/forwarding echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding ip -4 addr add 220.127.116.11/32 dev eth0 # enabling forwarding makes the RA added default gateway disappear, so # it has to be added manually. ip -6 route add ::/0 via YOUR_GATEWAY dev eth0 ip route flush dev tun6to4 2>/dev/null ip link set dev tun6to4 down ip tun del tun6to4 ip tunnel add tun6to4 mode sit ttl 100 remote any local 18.104.22.168 ip link set dev tun6to4 up ip -6 route add 2002::/16 dev tun6to4 ip -6 route add ::/96 dev tun6to4 metric 1
Remember that you need to update access lists for the network the 6to4 relay is on. Allow 22.214.171.124 into the network. As it sends packets from 2002:: you need to allow spoofed outgoing packets.
If you are running a Linux based 6to4 relay you should consider applying this patch.
Create an stf interface
In case it doesn't exist, create an stf interface.
Run these commands in a terminal:
ifconfig stf create
By default the stf interface is not enabled.
Add local 6to4 address to interface (note: prefix length 16 is very important!)
ifconfig stf0 inet6 6to4addr prefixlen 16
ifconfig stf0 inet6 2002:c001:0203::1 prefixlen 16
Configure IPv6 connectivity
Because we are configuring a 6to4 relay it should have IPv6 connectivity (either native or via a tunnel) through an IPv6 gateway (for our example we use 2001:7f9:1::1 as GW address). After having configured an IPv6 address on the corresponding interface, the default route should be configured:
If our IPv6 interface is interface ne0:
To configure the IPv6 address:
ifconfig ne0 inet6 alias 2001:7f9:1::2
To add a default route:
route add -inet6 default 2001:7f9:1::1
Configure prefix advertisements
Somewhere on the Relay network, the device in charge of announcing prefixes (typically a BGP router) should announce 2002::/16 prefix to its IPv6 peerings.
This would allow native IPv6 nodes to reach 6to4 nodes (2002::/16 addresses).
Regarding the IPv4 reachability of the Relay there are two options:
- Configure the 6to4 anycast IPv4 address (126.96.36.199) and announce the anycast prefix (188.8.131.52/24) to the site IPv4 peerings.
- :6to4 hosts will be able to find it automatically, with no need for any manual configuration.
- Use another public IPv4 address.
- :Some kind of advertisement of the IPv4 address is needed (usually a FQDN-Fully Qualified Domain Name) in order to allow others to configure our relay.
This will allow 6to4 nodes (2002::/16 addresses) to reach native IPv6 nodes through our relay.
Making your configuration persistent
In order to make your configuration persistent, a script could be used that is executed at boot time. The idea is to have a script that executes all the commands needed to configure everything as desired.
This example for Linux takes the local host public IPv4 address as an argument:
#!/bin/sh IPV4=$1 PARTS=`echo $IPV4 | tr . ' '` PREFIX48=`printf "2002:%02x%02x:%02x%02x" $PARTS` STF_IF="stf0" STF_NET6="$PREFIX48":0000 STF_IP6="$STF_NET6"::1 ifconfig $STF_IF inet6 $STF_IP6 prefixlen 16 alias ifconfig ne0 inet6 alias 2001:7f9:1::2 route add -inet6 default 2001:7f9:1::1
For FreeBSD add this to /etc/rc.conf:
Configuration examples may vary for other BSD distributions.
Remove a 6to4 tunnel using "ip" and a dedicated tunnel device
Remove a 6to4 interface address
ifconfig stf0 inet6 -alias 2002:c001:0203::1
Remove 6to4 prefix route
First we can see the route table with:
Now we can delete the route entry for 2002::/16 prefix via <gateway_IPv6> with:
route delete -inet6 2002::/16 <gateway_IPv6>