How to: Attain „Sage“ IPv6 certification from Hurricane Elect
A bit of an intro about IPv6:
The most notable feature of IPv6 is that it’s has an unbelievable amount of permutations. IPv6 uses 128 bits for addresses compared to the puny 32 bit address IPv4 has. Beyond that, there’s a lot of low level stuff that’s beyond the scope of this guide but the most notable features are that the packets have very minimal overhead so network equipment has to work less, built in QoS support, stateless address configuration so there’s no need for NAT and better security.
When you request an IPv6 tunnel from a broker, they usually give you a /64 prefix. The last four octets of an IPv6 address is considered inside a LAN. Thi means that the minimum number of IPs brokers can assign you are 65535^4 IP addresses per tunnel for your use. For comparison, this unbelievable amount is more than entire IPv4 address space. You can freely assign each VM its own unique public IP if you wanted. Want to run 52 websites? Sure. 43 Ventrillo servers? sure. Want to run 80 different TF2 servers all running on 27015? why not? IPv6 has so much addresses because it was designed so that the limit could never be reached. Tunnel brokers like SiXXs, Hurricane Electric, Gogo6 are practically giving away IP addresses.
Why does it matter to you?
IPv6 is here to stay. World IPv6 day was last year so It’s going to affect you soon as ISPs are starting to roll them out. Comcast has it online and is running natively, Verizon is nearing roll-out to FiOS customers and China is on the way to becoming the first nation that’s completely IPv6. This means that as tech lovers or sysadmins, we all need to learn the basics because IPv6 is now in the present. This thread will guide you through attaining the (currently) highest level of IPv6 certification from Hurricane Electric.
Why I made this guide:
When I first finished this certification, I manually set up my own E-mail, Web, and Bind9 authoritative servers on SmartOS (illumos) complete with SOA, DNS, reverse DNS, MX, A, AAAA and CNAME entries. It wasn’t rocket science for me but I won’t tell you to go open vi to edit bind9 zones on here like other guides. This will be pure GUI.
The test gives no instructions on how toany of the parts. It’s an open book test that tells you to set up a server and then tells you to press a button so he.net’s server can test your configuration. According to the statistics on he.net, only about 10% of people who attempt the certification are able to get „Sage“. I’m here to change that so this guide will not be a guide of how I did it around the first time. This is a method I designed so this certification to be done as fast as possible. I retook this test to make this guide and did it in about 3 hours complete with taking screenshots to write this guide. You can probably do it in less time.
I will bold the essential steps for those who just want to skim through this guide.
Getting your foot in the door:
This certification is by no means an exhaustive test on everything about IPv6. Some missing things that you also need to understand are routing advertisements (sort of like NAT/DHCP in IPv4) because this that knowledge will play a role once you start keying in your own static IPv6 addresses. These tests will simply demonstrate that you have knowledge of both theory and practice of using IPv6 on a practical systems like:
- Web client (browser)
- Web server
- Email server
- Nameservers (DNS)
The only things you will need are:
- Free Domain ( freenom.com )
- An IPv6 Tunnel
- An e-mail server or (gmail account)
- An authoritative nameserver or ( BIND9 )
Lets get started.