sun.com docs.sun.com My Sun Worldwide Sites

Previous Previous     Contents     Index     Next Next

ProcedureHow to Configure a 6to4 Tunnel to a 6to4 Relay Router


Caution Caution - Because of major security issues, by default, 6to4 relay router support is disabled in the Solaris OS. See Security Issues When Tunneling to a 6to4 Relay Router.


Before You Begin

Before you enable a tunnel to a 6to4 relay router, you must have completed the following tasks:

  • Configured a 6to4 router at your site, as explained in How to Configure a 6to4 Tunnel

  • Reviewed the security issues that are involved in tunneling to a 6to4 relay router

  1. Log in to the 6to4 router as Primary Administrator or as superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, "Working With the Solaris Management Console (Tasks)," in System Administration Guide: Basic Administration.

  2. Enable a tunnel to the 6to4 relay router by using either of the following formats:

    • Enable a tunnel to an anycast 6to4 relay router.

      # /usr/sbin/6to4relay -e

      The -e option sets up a tunnel between the 6to4 router and an anycast 6to4 relay router. Anycast 6to4 relay routers have the well-known IPv4 address 192.88.99.1. The anycast relay router that is physically nearest to your site becomes the endpoint for the 6to4 tunnel. This relay router then handles packet forwarding between your 6to4 site and a native IPv6 site.

      For detailed information about anycast 6to4 relay routers, refer to RFC 3068, "An Anycast Prefix for 6to4 Relay Routers".

    • Enable a tunnel to a specific 6to4 relay router.

      # /usr/sbin/6to4relay -e -a relay-router-address

      The -a option indicates that a specific router address is to follow. Replace relay-router-address with the IPv4 address of the specific 6to4 relay router with which you want to enable a tunnel.

    The tunnel to the 6to4 relay router remains active until you remove the 6to4 tunnel pseudo-interface.

  3. Delete the tunnel to the 6to4 relay router, when the tunnel is no longer needed:

    # /usr/sbin/6to4relay -d

  4. (Optional) Make the tunnel to the 6to4 relay router persistent across reboots.

    Your site might have a compelling reason to have the tunnel to the 6to4 relay router reinstated each time the 6to4 router reboots. To support this scenario, you must do the following:

    1. Edit the/etc/default/inetinit file.

      The line that you need to modify is at the end of the file.

    2. Change the "NO" value in the line ACCEPT6TO4RELAY=NO to "YES."

    3. (Optional) Create a tunnel to a specific 6to4 relay router that persists across reboots.

      For the parameter RELAY6TO4ADDR, change the address 192.88.99.1 to the IPv4 address of the 6to4 relay router that you want to use.

Example 7-14   Getting Status Information About 6to4 Relay Router Support

You can use the /usr/bin/6to4relay command to find out whether support for 6to4 relay routers is enabled. The next example shows the output when support for 6to4 relay routers is disabled, as is the default in the Solaris OS:

# /usr/sbin/6to4relay
6to4relay: 6to4 Relay Router communication support is disabled.

When support for 6to4 relay routers is enabled, you receive the following output:

# /usr/sbin/6to4relay
6to4relay: 6to4 Relay Router communication support is enabled.
IPv4 destination address of Relay Router=192.88.99.1

Configuring Name Service Support for IPv6

This section describes how to configure the DNS and NIS name services to support IPv6 services.


Note - LDAP supports IPv6 without requiring IPv6-specific configuration tasks.


For full details for administering DNS, NIS, and LDAP, refer to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

ProcedureHow to Add IPv6 Addresses to DNS

  1. Log in to the primary or secondary DNS server as Primary Administrator or as superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, "Working With the Solaris Management Console (Tasks)," in System Administration Guide: Basic Administration.

  2. Edit the appropriate DNS zone file by adding AAAA records for each IPv6-enabled node:

    host-name  IN   AAAA 	host-address

  3. Edit the DNS reverse zone file and add PTR records:

    host-address IN   PTR   hostname

    For detailed information on DNS administration, refer to System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Example 7-15   DNS Reverse Zone File

This example shows an IPv6 address in the reverse zone file.

$ORIGIN	ip6.int.	
8.2.5.0.2.1.e.f.f.f.9.2.0.0.a.0.6.5.2.9.0.0.0.0.0.0.0.0.2.0.0.0 \
	IN		PTR		vallejo.Eng.apex.COM.

ProcedureHow to Display IPv6 Name Service Information

You can use the nslookup command to display IPv6 name service information.

  1. Under your user account, run the nslookup command.

    % /usr/sbin/nslookup

    The default server name and address appear, followed by the nslookup command's angle bracket prompt.

  2. View information about a particular host by typing the following commands at the angle bracket prompt:

    >set q=any
    >host-name

  3. Type the following command to view only AAAA records:

    >set q=AAAA
    hostname

  4. Quit the nslookup command by typing exit.

Example 7-16   Using nslookup to Display IPv6 Information

This example shows the results of nslookup in an IPv6 network environment.

%  /usr/sbin/nslookup
Default Server:  dnsserve.local.com
Address:  10.10.50.85
> set q=AAAA
> host85
Server:  dnsserve.local.com
Address:  10.10.50.85

host85.local.com      IPv6 address = 2::9256:a00:fe12:528
> exit

Previous Previous     Contents     Index     Next Next
Company Info Contact Terms of Use Privacy Copyright 1994-2007 Sun Microsystems, Inc.