Scribd Logo
Carica

Benvenuto in Scribd!

  • MT001 Dualstack

    Caricato da

    Nona Nuban
    41 visualizzazioni16 pagine
    This document discusses setting up dual IPv6/IPv4 stack networking using Mikrotik routers. It describes configuring stateless IPv6 autoconfiguration where the router sends router advertisements and hosts automatically configure their IPv6 addresses. It also covers setting up an IPv6 tunnel through Hurricane Electric's tunnel broker service and routing for both IPv4 and IPv6 networks. Static IPv4 addresses are assigned to users via SSTP VPN connections to an upstream router. The network is demonstrated using multiple Mikrotik routers to represent different users on the network.

    Descrizione originale:

    Titolo originale

    MT001-Dualstack

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document discusses setting up dual IPv6/IPv4 stack networking using Mikrotik routers. It describes configuring stateless IPv6 autoconfiguration where the router sends router advertisements and hosts automatically configure their IPv6 addresses. It also covers setting up an IPv6 tunnel through Hurricane Electric's tunnel broker service and routing for both IPv4 and IPv6 networks. Static IPv4 addresses are assigned to users via SSTP VPN connections to an upstream router. The network is demonstrated using multiple Mikrotik routers to represent different users on the network.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    41 visualizzazioni16 pagine

    MT001 Dualstack

    Caricato da

    Nona Nuban
    This document discusses setting up dual IPv6/IPv4 stack networking using Mikrotik routers. It describes configuring stateless IPv6 autoconfiguration where the router sends router advertisements and hosts automatically configure their IPv6 addresses. It also covers setting up an IPv6 tunnel through Hurricane Electric's tunnel broker service and routing for both IPv4 and IPv6 networks. Static IPv4 addresses are assigned to users via SSTP VPN connections to an upstream router. The network is demonstrated using multiple Mikrotik routers to represent different users on the network.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 16

    Dual stack

    Dual stack using a Mikrotik router Andy Fletcher andy@x31.com MT001.1 2012/08/16

    This presentation by Andy Fletcher is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 UnportedLicense.

    Dual stack MT001-1

    Dual Stack
    Introduction
    This presentation shows how to add IPv6 dual stack to an existing network LAN segment using a Mikrotik router. In this case stateless autoconfiguration is used in which the router sends out router advertisements (RA) and the other hosts on the network use them to configure their network settings. Because there will be several demonstration users behind the Internet gateway VPN connections are configured to an upstream router which will allocate static IP addresses to each user. SSTP rather than PPTP is used to avoid issues with GRE. OpenVPN is another option. It is possible to do the same thing using a Linux server and RadVD.

    Dual stack MT001-1

    Dual Stack
    IPv6 Stateless Autoconfiguration
    In this case the router sends out router advertisements these contain the subnet prefix, timer values and various flags including DNS availability. Clients on the network listen for these advertisements and configure their IPv6 addresses using this prefix and their MAC address. Security is an issue as it is possible to have multiple and rogue routers on a LAN. It is a good idea to filter router advertisements on LAN switches on nonrouter ports.

    Dual stack MT001-1

    Dual Stack
    IPv6 upstream connection
    The free tunnelbroker service from Hurricane Electric is used. It is easiest to access this service with a static IP as they use 6in4 (protocol 41). It is possible to automatically update your endpoint address in the same way as DDNS however in this example static IP addresses are assigned via SSTP. Users should create an account at http://tunnelbroker.com/ and create a tunnel to their assigned static IP. Each tunnel comes with a point to point link and a single assigned /64 subnet for use on the LAN. An additional /48 network can be assigned on each tunnel if required for a larger network.

    Dual stack MT001-1

    Dual Stack
    Network diagram (ideal)
    The following diagram represents the network design for a small LAN. Note that the IPv6 gateway has a single network interface on which it access the local LAN for IPv4 and sends out IPv6 announcements.

    VPN Server Internet Hurricane Electric

    Local DSL Gateway

    IPv6 Gateway

    LAN Host

    LAN Host

    Dual stack MT001-1

    Dual Stack
    Network diagram (demonstration)
    The following diagram represents the network design that will be used for the demonstration. Each IPv6 gateway supports a local IPv4 subnet on an interface separated from the local LAN to prevent other LAN users being affected.

    VPN Server Internet Hurricane Electric

    Local DSL Gateway

    IPv6 Gateway IPv6 Gateway IPv6 Gateway

    Local PC Local PC Local PC

    Dual stack MT001-1

    Dual Stack
    IPv6 router networking
    The following physical configuration is used for the IPv6 routers:

    Local LAN to the Internet DHCP client eth1 IPv6 Gateway

    Test subnet 172.16.22.1/24 eth2 (eth3 to 5 are slaved from eth2) DHCP server pool: 172.16.22.10-39 DNS: 172.16.22.1 Default gateway: 172.16.22.1

    SSTP VPN connection to ro.x31.com

    Dual stack MT001-1

    Dual Stack
    Routing
    The following IPv4 routes are configured: 1. Default gateway from DHCP on eth1 2. Static route to HE configuration server (66.220.2.74/32) via SSTP link. Needed to configure tunnel. 3. Static route to HE tunnel endpoint (depends on the selected server) This configuration ensures that only IPv6 tunnel traffic goes to the VPN server and all other IPv4 traffic is routed as normal.

    Dual stack MT001-1

    Dual Stack
    Router general settings
    Make the following configuration on the Mikrotik routers. 1. Clear out the existing configuration 2. Leave the admin password blank (normally set a secure one). 3. Enable IPv6 in /system packages and reboot 4. Reflash with the latest Routeros version if required.

    Dual stack MT001-1

    Dual Stack
    LAN subnet
    Make the following configuration on the Mikrotik routers. 1. Connect eth1 to the LAN 2. Enable DHCP client on eth1, allow default gateway from DHCP but not DNS server. 3. Set DNS server to 8.8.8.8, 74.82.42.42 and 2001:470:20::2

    Dual stack MT001-1

    10

    Dual Stack
    Test subnet
    Make the following configuration on the Mikrotik routers. 1. Set eth3, 4 and 5 to slaves from eth2 2. Set eth2 to 172.16.22.1/24 3. Create a DHCP pool with 172.16.22.10-39 4. Create a DHCP server on eth2 with this pool, DNS server and default gateway set to 172.16.22.1. 5. Add an IPv4 masquerade rule for forwarded traffic going out on eth1. Create accept rules for established and related for input and forward tables. 6. Enable remote connections to DNS server

    Dual stack MT001-1

    11

    Dual Stack
    VPN
    1. Create a SSTP VPN connection to ro.x31.com. 2. Check it is running and ping 192.22.12.1 (the other end of the VPN) 3. Add static route to HE configuration server (66.220.2.74/32). Ping it. 4. Add static route to HE tunnel endpoint (depends on the selected server). Ping it.

    Dual stack MT001-1

    12

    Dual Stack
    IPv6 tunnel
    1. Log into your tunnelbroker account and create a tunnel to your assigned SSTP IP address. 2. Create your IPv6 tunnel (SIT0). Hint, use the example configurations. 3. Reboot your Mikrotik router. Important as tunnel will not come up properly otherwise. You should be able to ping the other end of your tunnel.

    Dual stack MT001-1

    13

    Dual Stack
    IPv6 test interface
    1. Log into your tunnelbroker account and locate your 'routed' IPv6 /64 subnet. 2. Assign the first address in this subnet (example 2001:470:1f0b:ac1::1) to eth2 3. Configure the IPv6 ND (neighbor discovery) options to Advertise DNS. On a PC connected to eth2 to 5 connect to the website http://test-ipv6.com/ and check your results.

    Dual stack MT001-1

    14

    Dual Stack
    IPv6 tunnel
    1. Log into your tunnelbroker account and create a tunnel to your assigned SSTP IP address. 2. Create your IPv6 tunnel (SIT0). Hint, use the example configurations. 3. Reboot your Mikrotik router. Important as tunnel will not come up properly otherwise. You should be able to ping the other end of your tunnel.

    Dual stack MT001-1

    15

    Dual stack

    Questions?

    Dual stack MT001-1

    16

    Potrebbero piacerti anche