Having recently moved my home infrastructure to a primarily Apple OS X Server / Synology NAS base (see my previous posts), I decided to investigate the practicalities of deploying a full IPv6 / IPv4 co-existence setup on my home network and maybe even to enable IPv6 for Internet access as well. I was not sure how feasible this would be or how difficult. I was amazed at how easy it was!
Firstly, virtually every piece of equipment and OS that we use at home seems to be fully IPv6 capable:
- Apple Airport Extreme Wifi base station and router
- OS X
- OS X Server services (apart from the VPN server)
- Synology NAS, including DNS server
- iOS 7 on iPhone, iPad and Apple TV
- Windows 7
The next question was how easy it might be to get actual IPv6 Internet access. My ISP (Virgin Media) is not yet natively deploying IPv6 but a quick search revealed TunnelBroker from Hurricane Electric. This allows you to setup a (free) account and then create one or more IPv6 over IPv4 tunnels to allow your home IPv6 network to access the IPv6 Internet over an IPv4 connection. The site also provides a lot of useful information on IPv6 in general, how to configure it on many different OS and its current level of adoption across the Internet. It was quite surprising to me to see how many web sites and companies already have an IPv6 presence on the Internet. Among the top names are Google and Wikipedia.
So, having created my tunnel the next thing was to configure the Airport Extreme router to use it. I anticipated that this might be difficult or complex but it was in fact very simple, almost scarily so, by just following the comprehensive information provided on the TunnelBroker web site. It is recommended that you have the latest Airport router firmware, which I already did.
At this point I should mention a very important thing about IPv6 and the Internet. With good old IPv4, your router typically implements NAT which essentially ‘hides’ your home network from the Internet and makes it much harder for any of the nasty things lurking in the darker corners of the Internet to invade your home network. It also makes it more complex to expose services (web sites, e-mail servers etc.) on the Internet but that is generally considered a price worth paying for the protection. This is not the case with IPv6.; the whole idea behind IPv6 is that all devices should be visible on, and accessible from, the Internet by default; there is deliberately no concept of NAT. However, any router that supports IPv6 should provide an IPv6 firewall function. You should be very sure to turn this on and configure it suitably to avoid unwelcome ‘visitors’ to your home network. The Apple Airport Extreme has a comprehensive IPv6 firewall so I enabled this and setup a rule to only expose our public web-site via IPv6. For now I am leaving all our the services that we expose via IPv4 (mail, calendar, contacts etc.) fire walled even though they use SSL, require authentication etc. As use of IPv6 becomes more common over the next few years I will open those up too.
Now that we were connected to the IPv6 Internet the next thing was to setup the home network. IPv6 has an ‘auto configuration’ mechanism and this works very well. The router is responsible for assigning fully routable (i.e. public) IPv6 addresses to every device that asks for one. Due to the way that IPv6 address allocation works, each device on the home network will always get the same public address allocated for each interface (IPv6 addresses are assigned to interfaces not hosts). This made it easy to add all the necessary IPv6 addresses into my home DNS setup so machines could easily find out each others IPv6 addresses and talk to each other via IPv6. I was pleased to discover that the OS X Server DNS server and the DNS server in the Synology NAS both fully support IPv6. Not only do they support adding IPv6 addresses for hosts and defining IPv6 reverse zones but they also support DNS queries via IPv6. Cool!
Once all my main machines (Server, NAS, Mac and Windows clients) were setup to use IPv6, the next thing was to test it out! I embarked on a program to test all our internal services to see if they worked over IPv6. The great news is that they do! Here are the services that I have tested and confirmed to work over IPv6:
- SMB/SMB2 file sharing to Apple Server / Synology NAS from Mac and Windows clients
- AFP file sharing to Apple Server and Synology NAS from Mac and Windows clients
- NFS file sharing to Apple Server and Synology NAS from Mac and Windows clients
- OS X Server web access (HTTP and HTTPS) including Wiki service and Profile/Devcie Manager service
- DNS (OS X Server and Synology NAS)
- Caching (app store and software updates)
- Time Machine
- Open Directory
So pretty much everything with the exception of VPN; but I’m not quite sure yet (more research needed) how VPN works in an IPv6 environment anyway!
Lastly I tried accessing a few of the IPv6 enabled web sites out there and was delighted to see that Safari (Mac), FireFox (Mac and Windows) and Chrome (Mac and Windows) seem happy to use IPv6 if the web-site is accessible over it (I did not test Internet Explorer since I never use that).
I have to conclude that IPv6 seems very mature, much more so than I had imagined and I will be leaving my home setup configured for full dual-stack operation in readiness for when my ISP starts to support IPv6 natively. Until then I will continue with TunnelBroker.