From e34e6d8598dc3ffffaaed1b0f45eecedaa2c4a23 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 31 Dec 2019 11:02:30 +0100 Subject: [PATCH] Mark drafts --- .../contents.lr | 0 .../contents.lr | 87 +++++++++++++++++++ .../contents.lr | 58 +++++++++++++ .../contents.lr | 0 .../contents.lr | 0 .../contents.lr | 0 .../contents.lr | 0 7 files changed, 145 insertions(+) rename content/u/blog/{hacking-an-ipv6-based-chat-system => DRAFT-hacking-an-ipv6-based-chat-system}/contents.lr (100%) create mode 100644 content/u/blog/DRAFT-how-to-route-ipv4-via-ipv6/contents.lr create mode 100644 content/u/blog/DRAFT-how-to-run-lxc-containers-with-ipv6-only/contents.lr rename content/u/blog/{how-to-support-open-source => DRAFT-how-to-suport-opensource}/contents.lr (100%) rename content/u/blog/{the-ungleich-ipv6-eco-system => DRAFT-the-ungleich-ipv6-eco-system}/contents.lr (100%) rename content/u/blog/{what-is-wrong-with-ipv4 => DRAFT-what-is-wrong-with-ipv4}/contents.lr (100%) rename content/u/blog/{what-open-source-and-ipv6-have-in-common => DRAFT-what-open-source-and-ipv6-have-in-common}/contents.lr (100%) diff --git a/content/u/blog/hacking-an-ipv6-based-chat-system/contents.lr b/content/u/blog/DRAFT-hacking-an-ipv6-based-chat-system/contents.lr similarity index 100% rename from content/u/blog/hacking-an-ipv6-based-chat-system/contents.lr rename to content/u/blog/DRAFT-hacking-an-ipv6-based-chat-system/contents.lr diff --git a/content/u/blog/DRAFT-how-to-route-ipv4-via-ipv6/contents.lr b/content/u/blog/DRAFT-how-to-route-ipv4-via-ipv6/contents.lr new file mode 100644 index 0000000..e0a5611 --- /dev/null +++ b/content/u/blog/DRAFT-how-to-route-ipv4-via-ipv6/contents.lr @@ -0,0 +1,87 @@ +title: How to route IPv4 via IPv6 +--- +pub_date: 2019-12-10 +--- +author: ungleich network +--- +twitter_handle: ungleich +--- +_hidden: yes +--- +_discoverable: no +--- +abstract: +Bringing IPv4 into the IPv6 world +--- +body: + +Imagine the following: you are running an IPv6 only network. And now +someone asks you to pass IPv4 traffic through it, without tunneling +it. Was sounds crazy at first, is actually quite feasible. + +## A short routing recap + +Routers have routing tables. The routing tables basically say +"if you receive a packet for this host, send it to that router". + +![IP routing](/u/image/ip-routing.png) + +The important thing about this process is that the information on +where to send it to, is **not in the packet**. + +## How to send IPv4 packets via IPv6 + +Because the next hop is not written into the IPv4 packet, the router +is free to forward the packet via any method it thinks is the +best. And if that happens to be IPv6 - well, it will forward the IPv4 +packet via an IPv6 neighbour. + +## A practical example! + +``` +[root@diamond ~]# ip -6 r +::1 dev lo proto kernel metric 256 pref medium +2a0a:e5c1:137::/48 dev wgungleich proto kernel metric 256 pref medium +fe80::/64 dev wlp0s20f3 proto kernel metric 256 pref medium +[root@diamond ~]# ip r +default via 192.168.84.1 dev wlp0s20f3 proto dhcp src 192.168.84.7 metric 302 +192.168.84.0/22 dev wlp0s20f3 proto dhcp scope link src 192.168.84.7 metric 302 +[root@diamond ~]# ip route add 10.0.0.0/8 via inet6 2a0a:e5c1:137::22 +[root@diamond ~]# ip -6 route +::1 dev lo proto kernel metric 256 pref medium +2a0a:e5c1:137::/48 dev wgungleich proto kernel metric 256 pref medium +fe80::/64 dev wlp0s20f3 proto kernel metric 256 pref medium +[root@diamond ~]# ip r +default via 192.168.84.1 dev wlp0s20f3 proto dhcp src 192.168.84.7 metric 302 +10.0.0.0/8 via inet6 2a0a:e5c1:137::22 dev wgungleich +192.168.84.0/22 dev wlp0s20f3 proto dhcp scope link src 192.168.84.7 metric 302 +[root@diamond ~]# +``` + +## More in the cloud + +Actually, what happens behind the scenes is that the VM is running VNC +(we are also experimenting with XRDP), so I have actually full access +to a remote Linux desktop via browser and can even run applications +like libreoffice, blender or gimp remotely. + +Because I think it's a cool thing to have, our team at ungleich added +it as an offer to our [Black IPv6 Friday +Crowdfunding](https://swiss-crowdfunder.com/campaigns/black-ipv6-friday?locale=en). + +Below you can actually see how it looks like: + + +root@beebox ~ # route add 192.168.0.0/16 2a0a:e5c1:100::1 +add net 192.168.0.0/16: gateway 2a0a:e5c1:100::1 +root@beebox ~ # route -n get 192.168.1.2 + route to: 192.168.1.2 +destination: 192.168.0.0 + mask: 255.255.0.0 + gateway: 2a0a:e5c1:100::1 + interface: tun3 + if address: 2a0a:e5c1:11e::1 + priority: 8 (static) + flags: + use mtu expire + 2 0 0 diff --git a/content/u/blog/DRAFT-how-to-run-lxc-containers-with-ipv6-only/contents.lr b/content/u/blog/DRAFT-how-to-run-lxc-containers-with-ipv6-only/contents.lr new file mode 100644 index 0000000..72768fd --- /dev/null +++ b/content/u/blog/DRAFT-how-to-run-lxc-containers-with-ipv6-only/contents.lr @@ -0,0 +1,58 @@ +title: How to run LXC containers in IPv6 networks +--- +pub_date: 2019-12-20 +--- +author: ungleich virtualisation team +--- +twitter_handle: ungleich +--- +_hidden: yes +--- +_discoverable: no +--- +abstract: + +--- +body: + +## Assumptions + +You have a computer with at least a /64 network routed to it. + + + +## Architecture + +bridge, radvd, + + +## Configure LXC + + +[root@diamond ~]# cat /etc/lxc/default.conf +#lxc.net.0.type = empty +lxc.net.0.type = veth +lxc.net.0.link = brlxc +lxc.net.0.flags = up + + +## Create a bridge + + +## Configuring radvd + +``` +interface brlxc +{ + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 5; + AdvDefaultLifetime 10; + + prefix 2a0a:e5c1:137:cafe::/64 { + }; + + RDNSS 2a0a:e5c0:2:1::5 2a0a:e5c0:2:1::6 { AdvRDNSSLifetime 6000; }; + DNSSL nicotest.ungleich.ch { AdvDNSSLLifetime 6000; } ; +}; +``` diff --git a/content/u/blog/how-to-support-open-source/contents.lr b/content/u/blog/DRAFT-how-to-suport-opensource/contents.lr similarity index 100% rename from content/u/blog/how-to-support-open-source/contents.lr rename to content/u/blog/DRAFT-how-to-suport-opensource/contents.lr diff --git a/content/u/blog/the-ungleich-ipv6-eco-system/contents.lr b/content/u/blog/DRAFT-the-ungleich-ipv6-eco-system/contents.lr similarity index 100% rename from content/u/blog/the-ungleich-ipv6-eco-system/contents.lr rename to content/u/blog/DRAFT-the-ungleich-ipv6-eco-system/contents.lr diff --git a/content/u/blog/what-is-wrong-with-ipv4/contents.lr b/content/u/blog/DRAFT-what-is-wrong-with-ipv4/contents.lr similarity index 100% rename from content/u/blog/what-is-wrong-with-ipv4/contents.lr rename to content/u/blog/DRAFT-what-is-wrong-with-ipv4/contents.lr diff --git a/content/u/blog/what-open-source-and-ipv6-have-in-common/contents.lr b/content/u/blog/DRAFT-what-open-source-and-ipv6-have-in-common/contents.lr similarity index 100% rename from content/u/blog/what-open-source-and-ipv6-have-in-common/contents.lr rename to content/u/blog/DRAFT-what-open-source-and-ipv6-have-in-common/contents.lr