Got a Fixed IP
And various upgrades to the old network

Yesterday (/users/Craig) and I upgraded to business service and a fixed IP from Comcast. It basically costs an extra 30 dollars a month and promises service no better than the residential service. The reality, at least currently, is awesome:

Download speeds went from roughly 12Mbit to 24Mbit. Uploads improved somewhat, from about 3Mbit to over 4Mbit. And the nearest 6to4 routers went from 16ms away to less than 10ms. For the first time ever, I saw an IPv6 connection to the servers I maintain at isc.org connect FASTER over IPv6 than IPv4 - ping times dropped from roughly 78ms using ipv4 to 55ms using 6in4.

Craig’s aging wireless router wasn’t fast enough to keep up, so I broke out the 5.8 ghz wireless-n routers I’ve been using, built a new version of openwrt for them (which has support for IPv6 in AP/STA mode - 300Mbit capable, in other words) and got those working, more or less. With a bunch of hand configuration, I got 24Mbit to the internet over my local wireless connection from upstairs to downstairs…

I had to turn off the firewalling features of the comcast router in order to have a reliably “up” ipv6 connection, (otherwise I would lose connectivity from the outside world inside of a minute or two of non-use) and switch to the openrd box for firewalling.

In the process of converting from my dynamic IP + 6in4 tunneling to the static IP + 6in4 tunneling I broke a couple things that I’m still in the process of tracking down. Notably internal routing broke (something is natting or babeld is acting up), as did Split DNS. I basically lost connectivity from upstairs to downstairs to the Internet somehow. While annoying as hell, I didn’t have time to fix it, so I also broke out Squid on my openrd box. After getting that working, I get about 22Mbit/sec through the proxy - not as fast as the direct connection, but enough to lower my annoyance at having a broken split DNS and default gateway to live with while I write…

I’ve added support for users pages, and started poking into what authentication and security issues exist in ikiwiki… commenting seems to work. Amusingly enough, because I hand coded my current proxy I had to switch my local name to mylaptop.local so I’d continue to be able to handle the wiki features via the web, which is already becoming addictive. And then I had to tell firefox to ignore .local urls for proxying.

I am hoping it “does the right thing” for user dirs, and commenting is robust. I’d really like to take my comments with me….

Update

1) My babel distribution of the default route was permitted… from DHCP! I needed to enable it when configured statically, which is protocol 4

{{ % highlight sh %}} #!/bin/sh

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

WANIP=$(ip -4 addr show dev eth0 ]( grep ‘inet ’ ]( awk ‘{print $2}’ ]( cut -d/ -f1) if [ -n “$WANIP” ] then V6PREFIX=$(printf ‘2002:%02x%02x:%02x%02x’ $(echo $WANIP ]( tr . ‘ ‘)) ip tunnel add tun6to4 mode sit ttl 255 remote any local $WANIP ip link set tun6to4 mtu 1280 ip link set tun6to4 up ip addr add $V6PREFIX:0::¹⁄₁₆ dev tun6to4 ip addr add $V6PREFIX:FFFF::¹⁄₆₄ dev eth0 ip addr add $V6PREFIX:1::¹⁄₆₄ dev eth1 ip -6 route add ::/0 via ::192.88.99.1 dev tun6to4 proto 4 # proto 4 is STATIC kill -HUP $(cat /var/run/radvd.pid) ping6 -c 2 2002:9514:3640:36:2e0:81ff:fe23:90d3 # Comcast was rejecting my first connects fi

exit 0

{{ % /highlight %}}

And in the babeld.conf file

redistribute ip ::/0 le 0 metric 128
redistribute local ip 0.0.0.0/0 le 0 proto 4 metric 128
redistribute local ip ::/0 le 0 proto 4 metric 128

2) I had a typo in my internal split dns. I’m still not sure if it’s doing the right thing to the outside world… basically internal ipv6 ips have to come from one port and go to another, now. I’d also not permitted connections from the new private IP’s on the wireless subnets in the bind acl, so the bind server refused connections.

February 10, 2011
683 words