The IPv6 Internet is not immune to breakage and so it seems prudent right now to ensure good connectivity to the big providers. Faelix takes IPv6 transit from TINet, but the possibility of a free 6-in-4 tunnel to Hurricane Electric as a backup path is too good to pass up.
Having put in my request to HE’s tunnelbroker.net I waited… and within 12 hours had a positive response that it was ready:
Looks good, tunnel and BGP configured on our side. You'll peer with ::1
of the tunnel's /64 allocation, and our ASN is 6939.
Here are some pseudonymised details:
Server IPv4 address: 216.66.84.50
Server IPv6 address: 2001:0db8:1234:5678::1/64
Client IPv4 address: 192.0.2.128
Client IPv6 address: 2001:0db8:1234:5678::2/64
Here is what I put in /etc/network/interfaces:
auto as6369v6to4
iface as6369v6to4 inet6 v4tunnel
address 2001:0db8:1234:5678::2
netmask 64
endpoint 216.66.84.50
local 192.0.2.128
ttl 255
And here is the appropriately pseudonymised example section from Quagga’s bgpd.conf:
router bgp 65500
neighbor 2001:0db8:1234:5678::1 remote-as 6939
neighbor 2001:0db8:1234:5678::1 update-source 2001:0db8:1234:5678::2
neighbor 2001:0db8:1234:5678::1 remove-private-AS
neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6i in
neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6o out
address-family ipv6
neighbor 2001:0db8:1234:5678::1 activate
neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6i in
neighbor 2001:0db8:1234:5678::1 route-map rm-AS6939tun-v6o out
exit-address-family
ipv6 prefix-list pl-transit-64-v6i seq 5 deny ::/0
ipv6 prefix-list pl-transit-64-v6i seq 10 permit ::/0 le 64
ipv6 prefix-list pl-AS41495-v6-to-upstream seq 5 permit 2001:0db8:666::/48 le 64
route-map rm-AS6939tun-v6i permit 10
match ipv6 address prefix-list pl-transit-64-v6i
set as-path prepend 6939 6939 6939
route-map rm-AS6939tun-v6o permit 10
match ipv6 address prefix-list pl-AS41495-v6-to-upstream
set as-path prepend 65500 65500 65500
