IPv6

Setting up IPv6 on AIX 7.1

During doing cleanup of the OS and filesystems, I discovered that marduk got IPv6 recently...

Happy IPv6 Launch!

$ host marduk.sch.bme.hu
marduk.sch.bme.hu has address 152.66.211.195
marduk.sch.bme.hu has IPv6 address 2001:738:2001:2078:0:211:195:0

I still have some time to play with the machine while it is even up.

Setting up autoconf

First, I put the address on the interface: 

# chdev -l en1 -a netaddr6=2001:738:2001:2078:0:211:195:0

Then I found a document about autoconf, so I deleted the address and followed the doc:

# ifconfig en1 inet6 delete 2001:738:2001:2078:0:211:195:0
# ifconfig -a
en1: flags=1e080863,c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),LARGESEND,CHAIN>
       inet 152.66.211.195 netmask 0xfffff800 broadcast 152.66.215.255
        tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0
lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>
       inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
       inet6 ::1%1/0
        tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1

Here's what I was getting by following this IBM document:

Upgrading to IPv6 with IPv4 not configured in AIX 5.2 and later

# autoconf6 -i en1
# ifconfig -a
en1: flags=1e080863,c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),LARGESEND,CHAIN>
       inet 152.66.211.195 netmask 0xfffff800 broadcast 152.66.215.255
       inet6 fe80::209:6bff:fe2e:2d5c/64
        tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0
sit0: flags=8100041<UP,RUNNING,LINK0>
       inet6 ::152.66.211.195/96
lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>
       inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
       inet6 ::1%1/128
        tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
# startsrc -s ndpd-host
0513-059 The ndpd-host Subsystem has been started. Subsystem PID is 2949132.
# lssrc -s ndpd-host
Subsystem         Group            PID          Status
 ndpd-host        tcpip            2949132      active

This would be a router only setting

# no -o ip6forwarding
ip6forwarding = 0
# no -o ip6forwarding=1
Setting ip6forwarding to 1

Just for the record: a list of various 'no' params for IPv6

# no -a | grep ip6
               ip6_defttl = 64
                ip6_prune = 1
            ip6forwarding = 0
       ip6srcrouteforward = 1
                 maxnip6q = 20

Routing tables and NDP table with autoconf:

# netstat -rn
Routing tables
Destination        Gateway           Flags   Refs     Use  If   Exp  Groups
Route Tree for Protocol Family 2 (Internet):
default            152.66.215.254    UG        1     35681 en1      -      -
127/8              127.0.0.1         U         1         3 lo0      -      -
152.66.208.0       152.66.211.195    UHSb      0         0 en1      -   -   =>
152.66.208/21      152.66.211.195    U         0         2 en1      -      -
152.66.211.195     127.0.0.1         UGHS      0         1 lo0      -      -
152.66.215.255     152.66.211.195    UHSb      0         0 en1      -      -
Route Tree for Protocol Family 24 (Internet v6):
::/96              0.0.0.0           UC        0         0 sit0     -   -   =>
default            link#2            UC        0         0 en1      -      -
::1%1              ::1%1             UH        0         0 lo0      -      -
fe80::/64          link#2            UCX       0         0 en1      -      -
fe80::209:6bff:fe2e:2d5c                   UHXLWl    0         1 lo0  -      -
ff01::%1/16        ::1               U         0         0 lo0      -      -
ff02::/16          fe80::209:6bff:fe2e:2d5c U         1         9 en1   -      -
ff11::%1/16        ::1               U         0         0 lo0      -      -
ff12::/16          fe80::209:6bff:fe2e:2d5c U         0         0 en1   -      -
# ndp -a
? (fe80::209:6bff:fe2e:2d5c) at link#1 0:0:0:0:0:0 [loopback] permanent

Setting up a fixed IPv6 address

Here's where I left it with autoconf6

# ifconfig -a                             
en1: flags=1e080863,c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),LARGESEND,CHAIN>
        inet 152.66.211.195 netmask 0xfffff800 broadcast 152.66.215.255
        inet6 fe80::209:6bff:fe2e:2d5c/64
         tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0
sit0: flags=8100041<UP,RUNNING,LINK0>
        inet6 ::152.66.211.195/96
lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>
        inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
        inet6 ::1%1/128
         tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1

Deleted the autoconf address

# ifconfig en1 inet6 delete fe80::209:6bff:fe2e:2d5c/64

I had no idea about what the value of prefixlen should be...

# ifconfig en1 inet6 2001:738:2001:2078:0:211:195:0
inet6 needs prefixlen
# ifconfig en1 inet6 2001:738:2001:2078:0:211:195:0 prefixlen 16
# ifconfig -a                                                   
en1: flags=1e080863,c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),LARGESEND,CHAIN>
        inet 152.66.211.195 netmask 0xfffff800 broadcast 152.66.215.255
        inet6 2001:738:2001:2078:0:211:195:0/16
         tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0
sit0: flags=8100041<UP,RUNNING,LINK0>
        inet6 ::152.66.211.195/96
lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>
        inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
        inet6 ::1%1/128
         tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1

A ping didn't work, I tried a different prefixlen which failed for the first time...

# ifconfig en1 inet6 delete 2001:738:2001:2078:0:211:195:0/16
# ifconfig en1 inet6 2001:738:2001:2078:0:211:195:0 prefixlen 64
dad sendto NDsol: A route to the remote host is not available.

Suddenly, 16 isn't accepted either:

# ifconfig en1 inet6 2001:738:2001:2078:0:211:195:0 prefixlen 16
dad sendto NDsol: A route to the remote host is not available.

In the meantime, I don't need this, as this machine doesn't route packages:

# no -o ip6forwarding=0
Setting ip6forwarding to 0

Trying again and it accepts 64 now:

# ifconfig en1 inet6 2001:738:2001:2078:0:211:195:0
inet6 needs prefixlen
# ifconfig en1 inet6 2001:738:2001:2078:0:211:195:0 prefixlen 64

I can ping myself now

# ping 2001:738:2001:2078:0:211:195:0
PING 2001:738:2001:2078:0:211:195:0: (2001:738:2001:2078:0:211:195:0): 56 data bytes
64 bytes from 2001:738:2001:2078:0:211:195:0: icmp_seq=0 ttl=255 time=0.275 ms

NDP discovery or 'broadcast' ping still doesn't show anything

# ndp -a
? (2001:738:2001:2078:0:211:195:0) at link#1 0:9:6b:2e:2d:5c [loopback] permanent
# ping -o en1 ff02::1                
PING ff02::1: (ff02::1): 56 data bytes
0821-069 ping: sendto: A route to the remote host is not available.
ping: wrote ff02::1 64 chars, ret=-1

Routing

Here is my routing table after the above steps:

# netstat -r
Routing tables
Destination        Gateway           Flags   Refs     Use  If   Exp  Groups
Route Tree for Protocol Family 2 (Internet):
default            router.sch.bme.hu UG        1     37568 en1      -      -   
127/8              loopback          U         1         3 lo0      -      -   
152.66.208.0       marduk.sch.bme.hu UHSb      0         0 en1      -      -   =>
152.66.208/21      marduk.sch.bme.hu U         0       165 en1      -      -   
marduk.sch.bme.hu  loopback          UGHS      0         1 lo0      -      -   
152.66.215.255     marduk.sch.bme.hu UHSb      0         0 en1      -      -   
Route Tree for Protocol Family 24 (Internet v6):
::/96              0.0.0.0           UC        0         0 sit0     -      -   
::1%1              ::1%1             UH        0         0 lo0      -      -   
ff01::%1/16        ::1               U         0         0 lo0      -      -   
ff11::%1/16        ::1               U         0         0 lo0      -      -

Adding the route for IPv6:

# chdev -l inet0 -a rout6=net,,,,,'default','2001:738:2001:2078:0:215:254:0'
inet0 changed
# lsattr -El inet0 -a rout6 -F value                                        
net,,,,,::,2001:738:2001:2078:0:215:254:0
# netstat -rnf inet6
Routing tables
Destination        Gateway           Flags   Refs     Use  If   Exp  Groups
Route Tree for Protocol Family 24 (Internet v6):
::/96              0.0.0.0           UC        0         0 sit0     -      -   =>
default            2001:738:2001:2078:0:215:254:0 UG       56       247 en1      -      -   
::1%1              ::1%1             UH        0         0 lo0      -      -   
2001:738:2001:2078::/64 link#2            UCX      27         0 en1      -      -   
2001:738:2001:2078:0:211:195:0                   UHXLWl    0        86 lo0      -      -   
ff01::%1/16        ::1               U         0         0 lo0      -      -   
ff02::16%1         link#2            UHXLW     0         5 en1      -      -   
ff02::1:ff95:0%1   link#2            UHXLW     0         4 en1      -      -   
ff11::%1/16        ::1               U         0         0 lo0      -      -

'Broadcast' ping started to work:

# ping -o en1 ff02::1
PING ff02::1: (ff02::1): 56 data bytes
64 bytes from 2001:738:2001:2078:0:211:195:0: icmp_seq=0 ttl=255 time=5.219 ms
64 bytes from 2001:738:2001:2078:0:xxx:xxx:0: icmp_seq=0 ttl=64 time=5.311 ms (DUP!)
64 bytes from 2001:738:2001:2078:0:xxx:xxx:0: icmp_seq=0 ttl=64 time=5.349 ms (DUP!)
64 bytes from fe80::21b:38ff:fe5d:a839: icmp_seq=0 ttl=255 time=5.384 ms (DUP!)
64 bytes from fe80::218:f3ff:feb3:9eec: icmp_seq=0 ttl=255 time=5.419 ms (DUP!)

Results

I cannot ping the router via IPv6, but ping works via IPv4

I cannot ping anything outside the LAN

I can resolve any hostname via both IPv4 and v6

Name resolution

netsvc.conf

If you disabled IPv6, you should re-enable it:

# hosts = local4, bind4

hosts = local, bind

resolv.conf

You should put your IPv6 nameserver here. If you add the line 'options inet6', the IPv6 (AAAA) records will be searched in the first place.

IPv6 Policy

This is something AIX specific about RFC 3484:

# ipv6policy -show
POLICY
address=::ffff:0.0.0.0
prefix=96,precedence=10,label=4
address=::
prefix=96,precedence=20,label=3
address=2002::
prefix=16,precedence=30,label=2
address=::
prefix=0,precedence=40,label=1
address=::1
prefix=128,precedence=50,label=0

See man ipv6policy.

Summary

chdev -l $iface -a netaddr6=$your_ipv6_address -a prefixlen=64
chdev -l inet0 -a rout6==net,,,,,default,$your_ipv6_route
vi /etc/netsvc.conf # optional
vi /etc/resolv.conf # optional

Documentation

man autoconf6

man ifconfig

man ipv6policy

man ndpd-host