Teksavvy DSL dualstack IPv4 & IPv6 with Cisco

Setup for my configuration

Here’s a sample Cisco IOS configuration I used to run IPv4 and IPv6 over Teksavvy’s xDSL service. This setup worked well for me, but feel free to tweak it to suit your own network needs!

• VLAN 1 is LAN
• Dialer 1 is IPv4
• Dialer 2 is IPv6

I’m running this on a Cisco 800 series device.

Got IPv6 ?

To obtain IPv6 credentials, simply contact Teksavvy at ipv6@teksavvy.com. Their NOC team will then assign you two IPv6 subnets.

* One is /64 (2607:....:....:....::/64)
* Second is /56 (2607:....:....:....::/56)

The /64 subnet is reserved for routing and shouldn’t be used directly in your local network to avoid address conflicts. Because I use ipv6 address autoconfig, this subnet doesn’t explicitly appear in the configuration.

Start by dividing your assigned /56 into smaller subnets. A /64 subnet is a good choice—large enough for most local networks.

In my example, I split the /56 into 256 /64 subnets and selected the first one for my local network. It is identified as 2607:....:....:....::/64.

You can use online tool to help with this :

• http://www.gestioip.net/cgi-bin/subnet_calculator.cgi

Teksavvy IPv6 resolvers at this time are :

• 2607:f2c0::1
• 2607:f2c0::2

Security / ACL ?

Basic ACL are included to prevent local network to be exposed as each hosts will NOW have public IPv6. You should also disable IPv6 on all hosts you don’t want to reachable.

$ echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

Testing ?

Quick test to check (ping Google Public DNS over IPv6) :

[root@host ~]# ping6 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=53 time=52.1 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=53 time=52.0 ms
^C

Also you can browse to https://ipv6.google.com !

Cisco config

! NVRAM config last updated at 17:21:30 UTC Wed Aug 27 2014 by admin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myhostname
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
aaa authentication login userauthen local
aaa authorization network groupauthor local 
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
ip cef
ip domain name local
ipv6 unicast-routing
ipv6 cef
!
username admin privilege 15 password 0 cleartextpassword
!
!
ip ssh rsa keypair-name ssh
! 
interface Ethernet0
 no ip address
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 ip address 192.168.2.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ipv6 address 2607:....:....:....::/64 eui-64
 ipv6 nd prefix 2607:....:....:....::/64
 ipv6 nd ra lifetime 180
 ipv6 nd ra interval 60
 pppoe-client dial-pool-number 2
 pppoe-client dial-pool-number 1
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp authentication chap pap callin
 ppp chap hostname mylogin@teksavvy.com
 ppp chap password 0 cleartextpassword
 ppp pap sent-username mylogin@teksavvy.com password 0 cleartextpassword
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
!
interface Dialer2
 mtu 1492 
 ip address negotiated
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 2
 ipv6 address autoconfig
 ipv6 enable
 ipv6 dhcp client pd my_prefix rapid-commit
 ipv6 traffic-filter in-ipv6 in
 ppp authentication chap pap callin
 ppp chap hostname mylogin@hsiservice.net
 ppp chap password 0 cleartextpassword
 ppp pap sent-username mylogin@hsiservice.net password 0 cleartextpassword
 ppp ipcp dns request accept
 ppp ipcp address accept
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 permit ip any any
dialer-list 1 protocol ip permit
ipv6 route ::/0 Dialer2
!
ipv6 access-list in-ipv6
 sequence 20 permit icmp any any
 sequence 40 permit tcp any 2607:....:....:....::/64 gt 1025
 sequence 60 permit udp any 2607:....:....:....::/64 gt 1025
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 access-class 1 in
 exec-timeout 30 0
 privilege level 15
 transport preferred ssh
 transport input ssh
!
end

Thanks Teksavvy, you rock !

/network/ /self-hosted/