Even though IPv4 has been fully occupied, many people still not realized that they need to start implementing IPv6 for their services. In this post, I am going to show how to implement IPv6 connectivity to HTTP service which run on Apache.
We will use dual-stack configuration which allowed IPv4 and IPv6 run simultaneously in a single server. In this tutorial, I am assuming that we will use standard Apache installation which come from yum.
IPv6 Kernel Module
I am using CentOS 5.6 32bit and IPv6 module is disabled by default if not configured during first installation. You will see following error when you want to load IPv6 kernel module:
$ modprobe ipv6 FATAL: Module off not found.
This is not an issue if you are using CentOS 5.7 and later. So we need to enable the IPv6 module and make sure it is loaded into kernel.
Open /etc/modprobe.conf using text editor:
$ vim /etc/modprobe.conf
and delete following line:
alias ipv6 off options ipv6 disable=1
Save the file and reload probe for ipv6 module.
$ modprobe ipv6
To check whether ipv6 is correctly loaded, use lsmod command as below:
$ lsmod | grep ipv6 ipv6 270049 1 cnic
To complete the process, reboot the server.
Once done, lets see network interface in this server. We have 2 active interfaces: localhost (lo) and ethernet (eth0) which is the default route to Internet:
$ ip a 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:17:27:7f:9d brd ff:ff:ff:ff:ff:ff inet 220.127.116.11/26 brd 18.104.22.168 scope global eth0 inet6 fe80::216:17ff:fe27:7f9d/64 scope link
Get the IPv6
1. Lets check the IPv4 main IP of our server. Run following command to check:
$ curl cpanel.net/myip 22.214.171.124
2. Since we will configuring dual-stack protocol, we need to have our IPv6 connection to be tunnel into IPv4 connectivity. Hurrican Electric (HE) is providing this service for free. We need to create an account, create the IPv6 tunnel and configure it to our server.
Once registered, login into the portal and click ‘Create Regular Tunnel’ and add the main IPv4 of your server and select a tunnel location. Since this server is located in Europe, I will just select Berlin as refer in screenshot below:
3. Click ‘Create Tunnel’. You will then being redirected to a summary page. Go to ‘Example Configurations’ tab and select ‘Linux-route2’ as screenshot below:
That is the command that we need to execute in order to activate the IPv6 in the server.
Activate the IPv6
1. There can be 2 ways to activate the IPv6 interface whether using command line or using network interface configuration file. We will activate using command line and also create an network configuration file so we can use ifup and ifdown command to control the interface (just like normal interface script ifcfg-eth0).
2. Execute all commands as stated in the example configuration above:
$ modprobe ipv6 $ ip tunnel add he-ipv6 mode sit remote 126.96.36.199 local 188.8.131.52 ttl 255 $ ip link set he-ipv6 up $ ip addr add 2001:470:1f0a:6ef::2/64 dev he-ipv6 $ ip route add ::/0 dev he-ipv6 $ ip -f inet6 addr
3. Check whether the interface is up. You should get the IPv6 address provided by TunnelBroker:
$ ifconfig he-ipv6
4. Create the network config file. Go to /etc/sysconfig/network-scripts/ and create a new file using text editor called ifcfg-he:
$ vim /etc/sysconfig/network-scripts/ifcfg-he
And add following line:
DEVICE=he-ipv6 TYPE=sit BOOTPROTO=none ONBOOT=yes # set to "no" if you prefer to start the tunnel manually IPV6INIT=yes IPV6TUNNELIPV4=184.108.40.206 # Server IPv4 address IPV6ADDR=2001:470:1f0a:6ef::2 # Client IPv6 address
4. Add following line into /etc/sysconfig/network to make sure all IPv6 traffic will be routed through this interface:
5. Since this server already have APF firewall loaded, we need to disable it because APF is not supporting IPv6 yet. If you want to configure IPv6 firewall, configure your rules under /etc/sysconfig/ip6tables instead:
$ apf -f $ rm /etc/init.d/apf
6. You can bring the IPv6 up and down using ifup and ifdown command as below:
$ ifdown he-ipv6 $ ifup he-ipv6
Point Domain Name to IPv6
The next step should be DNS. We need our hostname resolvable to IPv6 when lookup. Login to the name server and add following AAAA record (IPv6 A record type):
www.mydomain.org A 220.127.116.11 www.mydomain.org AAAA 2001:470:1f0a:6ef::2
Done! Wait for DNS propagation to complete before you can test your website.
1. Since we want our website to be accessed via IPv4 and IPv6, the listen value in httpd.conf will remain as default. Open Apache configuration file located at /etc/httpd/conf/httpd.conf and find following line:
2. My new virtual host for the website will be as below:
NameVirtualHost 18.104.22.168:80 NameVirtualHost [2001:470:1f0a:6ef::2]:80 # VirtualHost for IPv4 <VirtualHost 22.214.171.124:80> ServerName www.mydomain.org ServerAdmin admin@localhost DocumentRoot /home/mydomain/public_html ErrorLog /home/mydomain/logs/error_log CustomLog /home/mydomain/logs/access_log combined </VirtualHost> # Virtual host for IPv6 <VirtualHost [2001:470:1f0a:6ef::2]:80> ServerName www.mydomain.org ServerAdmin admin@localhost DocumentRoot /home/mydomain/public_html ErrorLog /home/mydomain/logs/error_log CustomLog /home/mydomain/logs/access_log combined </VirtualHost>
3. Check Apache configuration file and start if configuration syntax is correct:
$ service httpd configtest $ service httpd restart
IPv6 Browsing Test
To test our website’s IPv6 browsing, I will use http://www.ipv6proxy.net/. I used this web proxy to access one of my page http://www.mydomain.org/ipv6.html and following result appear as below:
Done! Your website now can be accessed via IPv4 and IPv6!