Difference between revisions of "Enable IPv6"

From MythTV Official Wiki
Jump to: navigation, search
(Moved out of my sandbox, added ULA Python script + some cleanup)
 
(Remove calculator, suggest search, reformat, correct sample addresses (fd not fe))
Line 14: Line 14:
 
Stop all frontends and backends.
 
Stop all frontends and backends.
  
Using <code>mythtv-setup</code> go to the General page, enter the
+
Using <code>mythtv-setup</code> on the Master Backend, go to the General page, enter the
address of choice in the Local Backend IP address: and in the
+
address of choice in the <code>Local Backend IP address:</code> and in the
Master Backend IP address: fields.
+
<code>Master Backend IP address:</code> fields.
  
 
The fields should look like this.
 
The fields should look like this.
 
<pre>
 
<pre>
Local Backend IP address:  fe01:a:b:1::123
+
Local Backend IP address:  fd01:a:b:1::123
Master Backend IP address: fe01:a:b:1::123
+
Master Backend IP address: fd01:a:b:1::123
 
</pre>
 
</pre>
  
 
Note that addresses aren't enclosed in brackets (<code>[]</code>) nor is there
 
Note that addresses aren't enclosed in brackets (<code>[]</code>) nor is there
a trailing percent sign with a Scope ID (<code>%eth0</code>.)
+
a trailing percent sign and Scope ID (<code>%eth0</code>.)
  
 
Use <code>mythtv-setup</code> to configure any slave
 
Use <code>mythtv-setup</code> to configure any slave
Line 39: Line 39:
 
within a LAN.
 
within a LAN.
  
A [[#ULA creation script]] is at the end of this Wiki.
+
[Note that ULAs have bit 8 set and are,
 +
therefore, global addresses - no self respecting router
 +
will pass these addresses out on the internet.]
 +
 
 +
Use a search engine and look for: 'Unique Local Address generator'
 +
to find a site that will create ULAs correctly.
  
 
Details on constructing ULAs can be found in
 
Details on constructing ULAs can be found in
 
[http://tools.ietf.org/html/rfc4193#section-3.2.2 RFC 4193].
 
[http://tools.ietf.org/html/rfc4193#section-3.2.2 RFC 4193].
  
MythTV must have a Global (e.g. 2001:db8::1) address configured '''only'''
+
MythTV must have a globally routeble (e.g. <code>2001:db8::1</code>) address configured '''only'''
 
if it is necessary to run MythTV from a frontend/slave located outside
 
if it is necessary to run MythTV from a frontend/slave located outside
 
of the Master Backend's LAN.
 
of the Master Backend's LAN.
  
Site Local (fec0::/10) addresses were deprecated in 2004.
+
Site Local (<code>fec0::/10</code>) addresses were deprecated in 2004.
  
Host (::1) and Link Local (fe80::/64) addresses are not
+
Host (::1) and Link Local (<code>fe80::/64</code>) addresses are not
 
routable and shouldn't be used.
 
routable and shouldn't be used.
  
Line 57: Line 62:
 
<pre>
 
<pre>
 
inet6 addr: fe80::222:22ff:fe22:2222/64 Scope:Link
 
inet6 addr: fe80::222:22ff:fe22:2222/64 Scope:Link
inet6 addr: fe01:a:b:1::123/64 Scope:Site
+
inet6 addr: fd01:a:b:1::123/64 Scope:Global
 
inet6 addr: 2001:db8::123/64 Scope:Global
 
inet6 addr: 2001:db8::123/64 Scope:Global
 
</pre>
 
</pre>
Line 72: Line 77:
 
<pre>
 
<pre>
 
192.168.1.123              masterbe.local    masterbe
 
192.168.1.123              masterbe.local    masterbe
fe01:a:b:1::123            masterbe.local    masterbe
+
fd01:a:b:1::123            masterbe.local    masterbe
 
2001:db8::123              masterbe.local    masterbe
 
2001:db8::123              masterbe.local    masterbe
 
</pre>
 
</pre>
Line 99: Line 104:
 
==What if there's a problem==
 
==What if there's a problem==
  
*Make sure IPv6 hasn't been disabled either system wide or for the interface MythTV. Type:
+
*Make sure IPv6 hasn't been disabled either system wide or for the interface MythTV will use. Type:
  
 
<code>sysctl -a | grep ipv6</code>
 
<code>sysctl -a | grep ipv6</code>
Line 113: Line 118:
 
net.ipv6.bindv6only = 1
 
net.ipv6.bindv6only = 1
 
</pre>
 
</pre>
and IPv6 is active and the MythTV system is sill using '''IPv4''' addresses, they will fail to connect until they are converted to use '''IPv6''' addresses, as IPv4 addresses won't be able to connect to the backend ({{Ticket|9820}}, {{Ticket|9840}} and {{Ticket|10165}}.)
+
and IPv6 is active and the MythTV system is sill configured with '''IPv4''' addresses, clients will fail to connect until they are converted to use '''IPv6''' addresses, as IPv4 addresses won't be able to connect to the backend ({{Ticket|9820}}, {{Ticket|9840}} and {{Ticket|10165}}.)
  
Some distributions keep these options: <code>/etc/sysctl.d</code>.
+
*Some distributions keep these options: <code>/etc/sysctl.d</code>. Look for file names like <code>60-bindv6only.conf</code> for example, and put <code>net.ipv6.bindv6only = 0</code> in it.
 
+
If there are no files with the value(s) that need to be changed, create a file like <code>60-bindv6only.conf</code> for example, and put <code>net.ipv6.bindv6only = 0</code> in it.
+
  
 
*Be sure any firewalls have been adjusted to accept the IPv6 addresses being used.
 
*Be sure any firewalls have been adjusted to accept the IPv6 addresses being used.
Line 123: Line 126:
 
*MySQL connections are currently selected by the information in config.xml and mysql.txt files. Unless a version of MySQL that supports IPv6 is being used, no changes are required.
 
*MySQL connections are currently selected by the information in config.xml and mysql.txt files. Unless a version of MySQL that supports IPv6 is being used, no changes are required.
  
If there are entries in <code>/etc/hosts</code> (etc.), for both IPv4 and
+
*If there are entries in <code>/etc/hosts</code> (etc.), for both IPv4 and IPv6 addresses that have the same hostname (which is perfectly legal,) make sure the host's preferences pick IPv4 first. <code>/etc/gai.conf</code> may exist and control this.
IPv6 addresses that have the same hostname (which is perfectly
+
legal,) make sure the host's preferences pick IPv4 first.
+
<code>/etc/gai.conf</code> may exist and control this.
+
  
 
Back to [[#IPv6 Configuration]]
 
Back to [[#IPv6 Configuration]]
Line 157: Line 157:
 
...
 
...
 
tcp6  0 0 :::6543                :::*                LISTEN      2123/mythbackend
 
tcp6  0 0 :::6543                :::*                LISTEN      2123/mythbackend
tcp6  0 0 fe01:a:b:1::123:6543 fe01:a:b:1::456:35220  ESTABLISHED 2123/mythbackend
+
tcp6  0 0 fd01:a:b:1::123:6543 fd01:a:b:1::456:35220  ESTABLISHED 2123/mythbackend
tcp6  0 0 fe01:a:b:1::123:6543 fe01:a:b:1::456:35219  ESTABLISHED 2123/mythbackend
+
tcp6  0 0 fd01:a:b:1::123:6543 fd01:a:b:1::456:35219  ESTABLISHED 2123/mythbackend
 
</pre>
 
</pre>
  
Line 190: Line 190:
  
 
Back to [[#IPv6 Configuration]]
 
Back to [[#IPv6 Configuration]]
 
==ULA creation script==
 
 
Useful '''only''' if IPv6 is active on the host
 
running this script.
 
 
This isn't a perfect version of the requirements in
 
[http://tools.ietf.org/html/rfc4193#section-3.2.2 RFC 4193]
 
(needs acceses to 64 bit NTP time.)
 
 
Adjust <code>myInterface</code> and <code>myNetwork</code>
 
to suit local needs.
 
 
Add interface IDs to its output. For example,
 
<code>fe01:a:b:1:<add local interface ID here></code> would become
 
<code>fe01:a:b:1::123</code> and
 
<code>fe01:a:b:1::456</code> for the hosts used throughout this Wiki.
 
 
<code>python-qt4</code> may need to installed first.
 
 
<pre>
 
#!/usr/bin/env python
 
 
from PyQt4 import QtNetwork
 
import hashlib, time
 
 
myInterface = 'eth0'
 
mySubnet    = '1'
 
 
interface = QtNetwork.QNetworkInterface.interfaceFromName(myInterface)
 
for ipaddress in interface.addressEntries():
 
    if ipaddress.ip().toString().startsWith('FE80:'):
 
        eui64plus = ipaddress.ip().toString()
 
        break
 
 
key = '%s %s' % (time.time(), eui64plus)
 
sha1 = hashlib.sha512(key).hexdigest()
 
print 'ULA = fe{}:{}:{}:{}:<add local interface ID here>' \
 
    .format(sha1[118:120], sha1[120:124], sha1[124:128], mySubnet)
 
</pre>
 
 
Back to [[#Which IPv6 address should be used?]]
 

Revision as of 19:14, 31 December 2011

0.25pre [8bf5157]cgitgithub allows users the option of connecting to MythTV via IPv6

IPv6 Configuration

Interfaces typically have multiple IPv6 addresses. For help picking the right one, see #Which IPv6 address should be used?.

If IPv6 is known to be working, just complete the following. Otherwise, see #Prerequsites.

Stop all frontends and backends.

Using mythtv-setup on the Master Backend, go to the General page, enter the address of choice in the Local Backend IP address: and in the Master Backend IP address: fields.

The fields should look like this.

Local Backend IP address:  fd01:a:b:1::123
Master Backend IP address: fd01:a:b:1::123

Note that addresses aren't enclosed in brackets ([]) nor is there a trailing percent sign and Scope ID (%eth0.)

Use mythtv-setup to configure any slave backends with their own IPv6 addresses.

Restart the backend(s). Frontends will connect to them via IPv6 as they're restarted.

Which IPv6 address should be used?

The most likely choice is a Unique Local Address (ULA.) Use ULA's if all access to the backend will be within a LAN.

[Note that ULAs have bit 8 set and are, therefore, global addresses - no self respecting router will pass these addresses out on the internet.]

Use a search engine and look for: 'Unique Local Address generator' to find a site that will create ULAs correctly.

Details on constructing ULAs can be found in RFC 4193.

MythTV must have a globally routeble (e.g. 2001:db8::1) address configured only if it is necessary to run MythTV from a frontend/slave located outside of the Master Backend's LAN.

Site Local (fec0::/10) addresses were deprecated in 2004.

Host (::1) and Link Local (fe80::/64) addresses are not routable and shouldn't be used.

To list currently assigned IPv6 addresses, type: ifconfig ethX | grep inet6

inet6 addr: fe80::222:22ff:fe22:2222/64 Scope:Link
inet6 addr: fd01:a:b:1::123/64 Scope:Global
inet6 addr: 2001:db8::123/64 Scope:Global

In the above, the middle address is probably the best choice. It is also probably one that must be assigned manually.

If the desired address doesn't exist, use the configuration tool provided with the host's distribution to add it.

Entries in /etc/hosts (DHCP, router etc.) are optional. The following is an example for one host:

192.168.1.123              masterbe.local    masterbe
fd01:a:b:1::123            masterbe.local    masterbe
2001:db8::123              masterbe.local    masterbe

Back to #IPv6 Configuration

Prerequsites

Verify that IPv6 is active on each MythTV host.

If ssh, for example, is known to work, a simple test (run from the Master Backend) is:

for HOST in <list all frontend and slave backends here>
do  ssh -6 $HOST ls -l /bin/ls
done

If the test works for all frontends and slave backends, the system is ready for conversion.

If the above fails, see the following section.

Back to #IPv6 Configuration

What if there's a problem

  • Make sure IPv6 hasn't been disabled either system wide or for the interface MythTV will use. Type:

sysctl -a | grep ipv6

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
  • If:
net.ipv6.bindv6only = 1

and IPv6 is active and the MythTV system is sill configured with IPv4 addresses, clients will fail to connect until they are converted to use IPv6 addresses, as IPv4 addresses won't be able to connect to the backend (#9820, #9840 and #10165.)

  • Some distributions keep these options: /etc/sysctl.d. Look for file names like 60-bindv6only.conf for example, and put net.ipv6.bindv6only = 0 in it.
  • Be sure any firewalls have been adjusted to accept the IPv6 addresses being used.
  • MySQL connections are currently selected by the information in config.xml and mysql.txt files. Unless a version of MySQL that supports IPv6 is being used, no changes are required.
  • If there are entries in /etc/hosts (etc.), for both IPv4 and IPv6 addresses that have the same hostname (which is perfectly legal,) make sure the host's preferences pick IPv4 first. /etc/gai.conf may exist and control this.

Back to #IPv6 Configuration

Tools and sample output

These examples are all from a host with mythbackend running and using IPv6. MySQL is running and using IPv4. Obviously, they can be run on frontends and slave backends.

Warning.png Warning: The output of some tools and in logfiles may expose IPv6 addresses. Some addresses contain a modified MAC address or globally addressable IPv6 addresses. When posting output to a public form, consider camouflaging them.

To make sure mythbackend and mysqld are listening for connections:

sudo netstat -pant | egrep '3306|6543'

When the backend is running, but no frontends are connected, expect:

tcp   0 0  0.0.0.0:3306      0.0.0.0:*     LISTEN      1436/mysqld     
tcp6  0       0 :::6543           :::*     LISTEN      2123/mythbackend

With a frontend connected, expect:

tcp   0 0 0.0.0.0:3306            0.0.0.0:*            LISTEN      1436/mysqld     
tcp   0 0 192.168.1.123:3306      192.168.1.200:33878  ESTABLISHED 1436/mysqld     
...
tcp6  0 0 :::6543                 :::*                 LISTEN      2123/mythbackend
tcp6  0 0 fd01:a:b:1::123:6543 fd01:a:b:1::456:35220   ESTABLISHED 2123/mythbackend
tcp6  0 0 fd01:a:b:1::123:6543 fd01:a:b:1::456:35219   ESTABLISHED 2123/mythbackend

If installed, nmap may help diagnose the reason that a connection fails. For example, a firewall could be blocking access.

nmap -P0 -p 3306,6543 -6 --reason someHostName

The expected response is:

PORT     STATE SERVICE REASON
3306/tcp closed mysql   conn-refused
6543/tcp open   mythtv  syn-ack

Port 3306 fails in this test, as expected, because the MySQL version doesn't support IPv6 (remove the -6 flag above and this will work.)

As always, both mythbackend and mythfrontend can be started with additional logging enabled:

<code>mythbackend --verbose general,network --nodblog --quiet \
    --logpath=/var/log/mythtv --loglevel=debug</code>

A currently running backend's logging can be changed with:

mythbackend --setverbose network --quiet --nodblog

Back to #IPv6 Configuration