IPv6/BGP Tunnel to Hurricane Electric on Debian with Quagga
The IPv6 Internet is not immune to breakage and so it seems prudent right now to ensure good connectivity to the big providers. Faelix takes IPv6 transit from TINet, but the possibility of a free 6-in-4 tunnel to Hurricane Electric as a backup path is too good to pass up.
Having put in my request to HE’s tunnelbroker.net I waited… and within 12 hours had a positive response that it was ready:
Looks good, tunnel and BGP configured on our side. You'll peer with ::1 of the tunnel's /64 allocation, and our ASN is 6939.
Here are some pseudonymised details:
Server IPv4 address: 216.66.84.50 Server IPv6 address: 2001:0db8:1234:5678::1/64 Client IPv4 address: 192.0.2.128 Client IPv6 address: 2001:0db8:1234:5678::2/64
Here is what I put in /etc/network/interfaces:
auto as6369v6to4
iface as6369v6to4 inet6 v4tunnel
address 2001:0db8:1234:5678::2
netmask 64
endpoint 216.66.84.50
local 192.0.2.128
ttl 255
And here is the appropriately pseudonymised example section from Quagga’s bgpd.conf:
router bgp 65500 neighbor 2001:0db8:1234:5678::1 remote-as 6939 neighbor 2001:0db8:1234:5678::1 update-source 2001:0db8:1234:5678::2 neighbor 2001:0db8:1234:5678::1 remove-private-AS neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6i in neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6o out address-family ipv6 neighbor 2001:0db8:1234:5678::1 activate neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6i in neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6o out exit-address-family ipv6 prefix-list pl-transit-64-v6i seq 5 deny ::/0 ipv6 prefix-list pl-transit-64-v6i seq 10 permit ::/0 le 64 ipv6 prefix-list pl-AS41495-v6-to-upstream seq 5 permit 2001:0db8:666::/48 le 64 route-map rm-AS6939tun-v6i permit 10 match ipv6 address prefix-list pl-transit-64-v6i set as-path prepend 6939 6939 6939 route-map rm-AS6939tun-v6o permit 10 match ipv6 address prefix-list pl-AS41495-v6-to-upstream set as-path prepend 65500 65500 65500
