36arn

36arn is IPv6-enabled

This website and the 36arn.co.uk mail server are now IPv6-enabled. In other words, they are accessible using the "new" 128-bit address scheme, which will become ubiquitous as the pool of 32-bit addresses runs dry and the demand for connected devices (the so-called Internet of Things) increases.

Many parts of the world already have a well developed IPv6 infrastructure, but the UK is dragging its feet in my opinion. My ISP, PlusNet, has had various trials of IPv6 for a while. However, there is no sign of any kind of roll-out. There are a number of issues related to IPv6 which seem to be causing ISPs to put it off, insteading looking at stop-gap alternatives such as CG-NAT. I personally think that the main reason is that although IPv6 is relatively easy to understand for the technically minded, it is more difficult for non-technical or semi-technical people to understand. Things like NAT, with which many people are familiar, don't really apply with IPv6.

In this article, I'll explain how I've managed to deploy IPv6 despite my strictly IPv4 ISP, and my less-than-helpful domain registrar!

There are two big hurdles to overcome in order to implement IPv6. Firstly, you need an IPv6-capable router. My router is a home built affair running Sophos UTM, which deals admirably with IPv6 (although I did have to add in new firewall rules). The second, and larger, hurdle is that you need an IPv6 ISP. Like most UK ISPs, my ISP (PlusNet) does not provide IPv6 to its broadband clients. The solution is to use a 6in4 tunnel. This system wraps IPv6 packets in an IPv4 wrapper, and routes it to somewhere that can unwrap it and then route it over the proper IPv6 network. In other words, it bypasses the ISP's lack of IPv6, in a similar way to using a VPN.

I'm using a free 6in4 tunnel from Hurricane Electric. They provide Points of Presence in various locations around the world, so I'm using my local one (London). The tunnel provides a routable /64 set of addresses (in other words, 18 quintillion addresses - that's quite a lot). Once I had set up my router, enabled RADVD (the Router Advertisement Daemon -  autoconfiguration for IPv6, a bit like DHCP), and enabled IPv6 on my Windows 7 desktop machine, I was then able to visit ipv6.google.com, to prove that IPv6 was working.

Moving on to the servers, first I had to add static IPv6 addresses for them, within my routable addresses. Then, I had to add forward and reverse DNS entries for the servers in the BIND zone files. These included NS records for the DNS server itself. Reverse lookups (PTR records) are rather long for IPv6, and I had some initial problems simply through typos.

The final stage was to add IPv6 glue records. Although not strictly necessary for me, these allow pure IPv6 DNS queries to be executed, hence allowing systems in an IPv6-only network to find my servers. This was harder than it should have been, because 123-reg, my domain registrar, do not support IPv6 glue records. Shame on them. Even worse, they charge £9.99+VAT to transfer a domain away. Needless to say, I coughed up the money mainly as a point of principle, and transfered to Gandi (and I won't be using 123-reg any more for any new domains, that's for sure).

Hurricane Electric provide an easy to follow route to IPv6 certification, at various levels. This basically gives you a certificate you can print youself, and if you reach the final stage you can claim a free tee-shirt! I'll let you know what it's like when I receive mine.

This article is deliberately light on technical details. If you're interested in deploying IPv6 yourself, or you're stuck on something, please get in touch. I may be able to help.

Submit to FacebookSubmit to Google PlusSubmit to TwitterSubmit to LinkedIn