Feb

How to become a Certified IPv6 Technician – Part One

by Rob Pickering on 2011 February 27

Internet Protocol version 6 (IPv6) is the “new” Internet addressing protocol created by the Internet Engineering Task Force (IETF) to deal with the exhaustion of the current IPv4 address space. What does that mean to you and I? Ultimately, it means very little. The transition from IPv4 to IPv6 has been going on, very slowly, for the last 13 years. However, something rather significant occurred on February 1, 2011, the last IPv4 blocks were allocated from IANA to the Regional Internet Registries (RIR) around the world. That means there are no more Internet Protocol version 4 addresses left to allocate to those authorities. So, when they’ve been allocated out, they’re gone forever.

This badge will track the total available IPv4 addresses at each registry:

Over the next several years, you will start to utilize IPv6, so now is the time to start to expose yourself to the IPv6 world. There is a fantastic resource found at Hurricane Electric for doing just that, an IPv6 Certification. In this article, I’m going to walk you through becoming an IPv6 Enthusiast, in my next article I will walk you through going from Enthusiast to a Sage, the top Certification that Hurricane Electric currently provides.

Newb

The first step to becoming a certified Newb (sorry just too funny) is signing up for a free account at Hurricane Electric. You’re going to eventually, probably, use their Tunnelbroker IPv6 service to enable you to talk on the IPv6 Internet, so go register for an account now. Once you have an account, you can access the IPv6 Certification program offered at Hurricane Electric. An IPv6 Newb is someone that can pass an initial IPv6 quiz. All of the answers to the quiz can be found in the IPv6 Primer. The only tricky question was one that asked about differentiating different address formats, and the Primer didn’t cover IPv6 addressing that well. So, here’s a hint: IPv6 addresses are Hexadecimal; they can only contain characters 0-9 and A-F.

If you pass the short quiz, congratulations, you’re now a certified IPv6 Newb.

Explorer

Taking the next step, you’re going to actually begin using IPv6 on your local computer. Chances are you cannot natively run IPv6 on the Internet. That would require your ISP to provide you with routable IPv6 space. However, that doesn’t mean you cannot talk on the Internet using IPv6, you just have to Tunnel it.

In order to get your IPv6 Explorer certification, you’re going to have to access a web page at Hurricane Electric over IPv6. To do this you’re going to have to tunnel IPv6 inside of IPv4. Fortunately, if you’re running a Macintosh and OS X, you’re in luck. Just download Miredo for OS X. Once you have it installed and enabled, you’ll be running IPv6 using the Teredo Tunneling Protocol. If you’re on Unix, you can download Miredo for your platform as well. For Windows, you probably already have a Teredo interface running, just check under the preferences for your network interface and set it to “Obtain an IPv6 address automatically”.

You should now be able to access IPv6-only websites, specifically the test page.
If the test page shows your IPv6 address, congratulations, you’re now a certified IPv6 Explorer.

If you wish, you can also test your IPv6 setup by using Jason Fesler’s excellent IPv6 Readiness Test.
Or surf Google via IPv6 here.
Finally, a nice resource to always quickly check your IPv6 address is here.

Make sure to take the Explorer Technical Test under Additional Tests in the left navigation if you want extra points.

Enthusiast

The IPv6 Enthusiast is someone who is beginning to have a solid understanding of this new protocol. For this certification, you’re going to have to enable a website that is reachable via IPv6. Hopefully, you’re on a Macintosh, as that’s the only example I’m going to walk through, though you shouldn’t have much of a problem getting any Unix/Linux variant working properly.

There are three ways you can accomplish this stage, and how you do it will depend on what you have:

An IPv6 Web Hosting Service such as webhosting.att.com (you may also host at Host Virtual for $10 a month)
If you have an IPv6-tunnel-capable Router (like an AirPort Extreme) you can build a tunnel and host on your Mac
It will probably work to just host on your Mac using your IPv6 Tunnel Address

For all of these options, you’re also going to need to have a DNS domain you can control. Because you’re going to have to serve up a AAAA DNS record for your website.

I decided to tunnel IPv6 on my AirPort Extreme so that my local computers could run dual-stack IPv4 and IPv6 without needing individual tunnels. Here’s how (it was super easy). First, access your AirPort Extreme (works on Time Capsule as well) using the AirPort Utility on your Macintosh.

AirPort Extreme IPv6 Tunnel

Select the Advanced tab, the IPv6 configuration pane, and select Tunnel as the IPv6 Mode.

Now, create an IPv6 Tunnel at Hurricane Electric using their Tunnelbroker service. You’ll provide them the IPv4 address that your AirPort Extreme uses to access the Internet, as the origination point of your IPv6 tunnel, HE will provide you back a bunch of information about your tunnel.

Configure your AirPort Extreme

Configure your AirPort Extreme using the following information from Hurricane Electric:

Set the AirPort Extreme Remote IPv4 Address to be the Tunnelbroker Server IPv4 address
Set the AirPort Extreme WAN IPv6 Address to be the Tunnelbroker Client IPv6 address (remove /64 from the end)
Set the AirPort Extreme IPv6 Default Route to be the Tunnelbroker Server IPv6 address (remove /64 from the end)
Set the AirPort Extreme LAN IPv6 Address to be the Tunnelbroker Routed /64 (remove /64 from the end)

Update your AirPort Extreme and it should reboot, when it comes back you should have an IPv6 Tunnel running to Hurricane Electric.

For some reason my AirPort Extreme constantly reports an IPv6 Tunnel Error. However, I’ve tested the heck out of it, and it works fine, so if you have this problem and everything is working, don’t worry about it.

Secure your IPv6 Installation

You also want to secure your IPv6 installation and enable Web Server access. While you may have a Firewall today, that Firewall is either going to block ALL IPv6 traffic (by preventing Protocol 41 from passing) or NONE, so you need to have an IPv6 Firewall. Fortunately, Apple provided one in the AirPort Extreme. First, make sure you have Block incoming IPv6 connections enabled on this pane, then select the IPv6 Firewall pane. Under Exceptions click the plus ( + ) sign to add an exception to the Firewall.

Allow HTTP access through IPv6

Create the exception for HTTP using the following settings:

Set the Description to anything you want, I used Web Server
Set the IPv6 Address to your Macintosh’s IPv6 address (go to http://www.whatismyipv6.net/ to find it, or check your TCP/IP settings under the Network Preference Pane
Allow Specific TCP and UDP ports
Enter 80 under TCP Port(s) to enable HTTP traffic to your server

Configure your Macintosh

This is easy, you know, because it’s a Macintosh, and because it’s IPv6. Just make sure that Configure IPv6 is set to Automatically. Chances are this is already done, in which case you should see your newly acquired IPv6 Address on this screen.

Configure Macintosh for IPv6

To verify that your IPv6 address is working on the Internet, you can use Hurricane Electric’s Looking Glass. It should auto-fill with your current IPv6 address.

Hurricane Electric Looking Glass

Select Ping and just make sure your IPv6 address is in the text field before clicking Probe. Your output should look something like this:

Hurricane Electric Ping Output

If you get valid responses, congratulations, your Macintosh is on the IPv6 Internet.

Configure your Web Server

Let’s get your Macintosh serving a web page. Fortunately, this is as simple as checking a box. Go to System Preferences, select the Sharing Preference Pane, and check the Web Sharing checkbox.

Enable Web Sharing

Next, you’ll have to configure forward IPv6 DNS (known as a AAAA Record) for your web server. Hurricane Electric will allow you to host your domain name’s DNS on their servers. Setting up the NS records for your domain is beyond the scope of this article, and it’s long enough, but once you’ve pointed your domain to he.net, you’ll be able to setup a AAAA record for your website name pointing to the IPv6 address of your Macintosh. To add your domain hosting at HE use the Free DNS link at Hurricane Electric, then add your domain using the Add a new domain link in the left navigation.

Hurricane Electric Add Domain

Select a host name for your web server, then add it to your domain using HE’s hosting service by clicking the Edit Zone button for your newly added domain. Once there, add a AAAA record for your new host name pointing to the IP address that your Macintosh was assigned above, and you’re finished.

Hurricane Electric AAAA Record

You now have a valid IPv6 DNS record for your IPv6 connected Macintosh and a valid HTTP server! We’re just about done. Now is a good time to test that everything is working properly, using Hurricane Electric’s IPv6 Port Scanner. You should see, at a minimum, that Port 80 (HTTP) is open (in my screen shot, I’ve skipped ahead and you’ll also see Port 25 (SMTP) is open):

Hurricane Electric Port Scan

If your Port Scan checks out and HE can see your web server port, you’re ready to take the Certification Test and place the special file name that HE provides in your /Library/WebServer/Documents directory. If HE is successful in pulling the file, congratulations you’re now a Certified IPv6 Enthusiast !

Make sure to take the Enthusiast Technical Test under Additional Tests in the left navigation.

Administrator

The IPv6 Administrator not only runs a valid IPv6 addressed web site, but also a valid IPv6 addressed mail server. For this certification, you’re going to have to configure a mail server that resolves via DNS, can be connected to over IPv6, and will receive email. Apple OS X 10.6 (Snow Leopard) includes a Postfix mail server, which I’ll walk you through configuring in the next article; along with the other Certification levels.

Update – 20110228

Sam Bowne (@sambowne) has created a similar list of instructions for Microsoft Windows users, you can get those here.

Tagged as: airport, apple, certification, futures, howto, IPv4, IPv6, osx

http://Samsclass.info Sam Bowne

Thanks for these great instructions! I have been teaching students how to do this with Windows, and now I added a link to here for my Mac users.

http://samsclass.info/ipv6/proj/he-cert-win.html

http://robpickering.com Rob Pickering

Sam, thanks for the Tweets as well. I checked out the Windows article you linked, and have provided a link in this article now.

Great job!

http://tcuthbertson.com Tim Cuthbertson

Excellent article. Thanks very much. I have already made it to Explorer and I think I can get to Enthusiast if I can figure out the part about “Enable Web Sharing” on my Ubuntu Linux host.

http://robpickering.com Rob Pickering

Tim, if you can’t, let me know. I can help you get Ubuntu setup and going as well (UNIX is a passion of mine). Just drop me a line in the Contact tab at the top of the page.

http://www.dickson.me.uk/ Billy Dickson

I really enjoyed your article, thanks for the information it helped me with a few pointers I really wasn’t clear on. Started the course on Monday on my home Linux machine as a Newb

As of today I’m a Sage! Do you happen to have any Linux help pages?
Billy Dickson recently posted..Setting up a IPv6 Gateway on Hurricane Electric using Ubuntu 10042

http://robpickering.com Rob Pickering

Billy, glad you liked the article. I don’t have specific Linux instructions, but just about everything I did on the Macintosh will work with Linux (provided you download and install the various packages like Postfix and Apache 2).

Joshua D’Alton

Cool article I’ve linked to some interested people
J. Spencer Love

When I set up a tunnel to HE using my AirPort Extreme, I also got a persistent but harmless tunnel error. I lived with it for a while, but eventually I figured out what was causing it: I had the server IPv6 address and the client IPv6 address swapped. I exchanged them using Airport Utility, and the error went away.

It’s interesting that the implementations were able to work despite this configuration error. In more detail, I had the addresses filled in with 2001:470:1f06:XXXX::1 above 2001:470:1f06:XXXX::2. When set correctly, the ::2 address is above the ::1 address in the Advanced/IPv6/Tunnel/Manually configuration page. It’s glaringly obvious now, but when I set it up initially, it was late, and I found the terminology confusing; it’s not the same as the terminology used on the tunnelbroker.net web site, where the order is Server (::1) above Client (::2).
http://robpickering.com Rob Pickering

Thanks Frederik, I’ve updated the article’s link.

Previous post: What I Learned about Time Machine backups from timedog

Next post: How to become a Certified IPv6 Technician – Part Two

What's Hot
Rob Wrote
iTunes ExcuseBox
Dropbox
Dropbox is a great way to share files and backup your data to the cloud.
If you enjoyed any of my articles and you don't have a Dropbox account, consider using my referral link to sign up for a free account and Dropbox will give BOTH of us an extra 256MB of storage! For free.

Referral Link
Get to Know Me:
View more by @robpickering »
Archives
Article Categories:
- Apple/Mac (6)
- Featured (1)
- How-To (10)
- Opinion (2)
- Personal (1)
- Review (7)
- Security (3)
- Warcraft (4)
Tag Cloud
apple backup finance futures howto macintosh osx quicken software warcraft
Blogroll
Success with Thesis

My blog is powered by the Thesis Wordpress Theme. If you like what you see, and you want to get your blog or website noticed with amazing design flexibility, fast loading times, and SEO capabilities that are unmatched, then just check out the The Thesis Theme for WordPress now.
Advertisement

S	M	T	W	T	F	S
« Jan				Mar »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28

How to become a Certified IPv6 Technician – Part One