Cisco 887VA Native IPv6 with AAISP

It took me some time to get it right as the various guides out there didn’t cut it for my configuration but I’ve managed to get IPv6 natively working on my Cisco 887VA with my ISP Andrews & Arnold.

In my setup I am using the Cisco 887VA purely as a router which has 1 IP out of my /29 whilst other devices including my main firewall Pfsense sit behind it with it’s own external IP(s).

So first of all, in order to get the Cisco up and running with IPv6, ensure you have a /64 assigned in AAISP’s control pages to your line. Then run the following commands on your Cisco:

ipv6 source-route
ipv6 unicast-routing
ipv6 cef
ipv6 multicast-routing

conf t

int dialerX
ipv6 enable
ipv6 dhcp client pd myprefix rapid-commit

int vlan1
ipv6 address 2001:xxx:xxxx:xxxx::1/64

At this point, you should be able to ping google.com and have it successfully resolve to an IPv6 address (provided your DNS is serving it) and receive a response.

The next step is to assign another IPv6 /64 range for your ‘internal’ computers. I have assigned multiple /64’s as I have multiple VLAN’s all with a different purpose, but one should be enough for most people. If like me you have a firewall sat behind the Cisco with it’s own external address then you’ll want to assign it an IPv6 address out of the /64 subnet you’re using in ‘vlan1′ as defined on your Cisco. For example, you’d assign 2001:xxx:xxxx:xxxx::2/64 to your firewall.

In order to route another /64 range through to your internal hosts you’ll need to configure this on your internal LAN interface on your firewall then add a static route on the Cisco to tell it how to route it. Remember, in order to get to the /64 range in question your router needs to know where to send the packets.

ipv6 route 2002:xxx:xxxx:xxxx::1/64 2001:xxx:xxxx:xxxx::2

The above command basically says ‘route 2002:xxx:xxxx:xxxx::1/64 via 2001:xxx:xxxx:xxxx::2′ which is resident on our external interface on our firewall.

I may expand on this but it really is this simple, if you have any questions please feel free to comment.

Supermarket vs Branded Petrol

The old conundrum, which petrol or diesel is better for your car, Supermarket or Branded?

I was driving a friend to work the other day with the promise that he would give me a tenner towards my next top-up. We happened to be coming up towards a Morrisons petrol station but I decided that I would drive the extra mile or so to top-up at a BP instead due to the bad rep supermarket petrol gets. He remained silent for a while before saying that it would make no difference to my car and that it’s just as good as petrol from the likes of BP and Shell.

I’m inclined to disagree with him, not only because as a driver (he is not) I have had the chance to try different fuels from the likes of BP (both 95 RON and 97 RON) but I have also noticed a difference even with the premium fuels. For instance, even in a 12 year old Audi A3 I had and now with a 12 year old Astra Mk4 I’ve noticed not only an increase in performance but also better fuel consumption. Anything from 20-30 miles improvement over that of BP’s standard 95. I’ve also found that my cars will tend to run smoother and be less inclined to hesitate at junctions or roundabouts. This combined with numerous opinions across the internet from very intelligent people such as mechanics describing the curse of carbon build-up in engines due to the continued use of supermarket fuel, I feel the minimal amount of extra expenditure is more than justified. For instance, here is a forum link where a Landrover Technical Support guy was describing carbon build up on Freelander TD4 valves in the cylinder head due to the use of Supermarket petrol. Now, I don’t imagine Landrover would be pushing people to use more expensive fuel unless they saw a reason to do so as they won’t directly benefit from this in any way. http://www.vwt4forum.co.uk/archive/index.php/t-79037.html

All this combined with the knowledge that the branded fuel providers such as BP and Shell use different additives in their fuel clearly demonstrates that what they’re doing is enhancing the fuel in some way. So do I mind paying the extra few pence per litre? No, I don’t. After all, if you neglect your engine by feeding it crap in the first place you’re only going to need to fork out more for it down the line, so why not just buy the good stuff to start with.

Nagios User Password Expiry Check

I needed a plugin for Nagios that checked to see when a password for a user was nearly at it’s expiration date. I couldn’t find one so I decided to write a plugin.

This can be downloaded from the Nagios Exchange:

http://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check_expiry-2Esh/details

IPv6 tunneling between Cisco 887va and CentOS

I was sitting around bored at work one day and began reading about IPv6 over IPv4 tunnels. I had used them briefly before for experimentation but had never stuck with them due to privacy concerns. There are numerous tunnel brokers out there like sixxs.net and he.net but I wanted to setup something more private and secure.

It just so happens I have a /56 from a server provider which gave me the idea of setting up my own tunnel utilising IPv6 addresses I had readily available. I thought I’d outline the basic configuration below to help anyone else who may embark on something similar:

Server-Side (this can be a dedicated server or VPS at your provider)

All you need to do is have an IPv6 address configured on this server alongside your IPv4 address then simply issue the commands below to get a tunnel up and running and routing your IP addresses (for convenience I put this in /etc/rc.local):

## Wait 60 seconds before configuring IPv6 tunnel

sleep 60

## Configure IPv6 tunnel

ip tunnel add tun6in4 mode sit local  remote any
ip link set tun6in4 up
ip addr add 2001:xxxx:xxxx:xx2::2/64 dev tun6in4
ip route del 2001:xxxx:xxxx:x2::/64 dev tun6in4
ip route add 2001:xxxx:xxxx:x2::/64 via :: dev tun6in4
ip route add 2001:xxxx:xxxx:xx3::/64 via :: dev tun6in4
ip route add 2001:xxxx:xxxx:xx4::/64 via :: dev tun6in4
ip route add 2001:xxxx:xxxx:xx5::/64 via :: dev tun6in4
ip route add 2001:xxxx:xxxx:xx6::/64 via :: dev tun6in4
ip route add 2001:xxxx:xxxx:xx7::/64 via :: dev tun6in4
sysctl -w net.ipv6.conf.all.forwarding=1
ip route add ::/0 via 2001:xxxx:xxxx:xxx::1 dev eth0

I’ve had to obfuscate the IP’s above for security purposes but I’ve left the last digit visible to give you an idea of how the subnets are routed.

I then moved on to the Cisco 887va I have at home to configure the tunnel endpoint (client side):

Current configuration : 204 bytes
!
interface Tunnel0
 description ** Tunnel to Provider **
 no ip address
 ipv6 address 2001:xxxx:xxxx:xx3::1/64
 tunnel source 
 tunnel mode ipv6ip
 tunnel destination 
end

Make sure you configure an IPv6 IP in your default vlan out of one of the the /64’s you’ve routed across.

Happy IPv6’ing!

I had some help from other blogs/questions on the internet:

http://blog.danmassey.net/?p=827

http://superuser.com/questions/304786/ipv6-tunnel-via-own-linux-ipv6-connected-server

Configuring BT Infinity Business on Cisco 887VA

Ever since getting BT Infinity Business I have been reviewing several different VDSL2 enterprise modem options. The Cisco 887VA quickly appeared to be an affordable viable alternative to the standard Huawei HG612 modem that had been provided to me during the install.

My initial concerns were that the router wouldn’t be capable of the 80mbps down and 20mbps up speeds that my connection provided as the throughput reported by Cisco for the 887VA was only defined as 25mbps. There were a few other people around the net who had this router configured for use with BT Infinity but a lot of them were only on the 35mbps package and didn’t mention any throughput issues.

Suffice to say I decided to take the plunge and managed to get a second hand version off eBay at an incredibly reasonable price and as I’d be using it purely as a router I wouldn’t be using any of the ‘throughput killer’ features such as NAT and extensive ACL’s.

My complete working configuration (minus identifiable information and passwords) can be found below. I have a /28 IPv4 subnet with my Infinity Business connection meaning I have 13 useable IP’s, one of which needed to be assigned to the Cisco to become the gateway.

hostname#sh run
Building configuration...

Current configuration : 2883 bytes ! version 15.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ############# ! boot-start-marker boot system flash c880data-universalk9-mz.153-3.M.bin boot-end-marker ! ! enable secret 4 ######################## ! no aaa new-model memory-size iomem 10 ! ! no ip source-route ! ! no ip bootp server ip domain name ############ ip cef no ipv6 cef ! ! license udi pid CISCO887VA-K9 sn ######### ! ! username ###### privilege 15 secret 4 #################### ! ! controller VDSL 0 operating mode vdsl2 firmware filename flash:vdsl.bin-A2pv6C035d_d23j ! ip ssh version 2 ! ! interface Ethernet0 no ip address ip virtual-reassembly in no lldp transmit no lldp receive ! interface Ethernet0.101 encapsulation dot1Q 101 pppoe enable pppoe-client dial-pool-number 1 ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface FastEthernet0 description ###### no ip address spanning-tree portfast ! interface FastEthernet1 description ###### no ip address spanning-tree portfast ! interface FastEthernet2 description ###### no ip address spanning-tree portfast ! interface FastEthernet3 description ###### no ip address spanning-tree portfast ! interface Vlan1 ip address 217.x.x.x 255.255.255.240 ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Dialer0 mtu 1492 ip address negotiated no ip redirects no ip proxy-arp ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname xxxxx@xxxx.btclick.com ppp chap password 7 ########## ppp ipcp dns request ppp ipcp route default no cdp enable ! interface Dialer1 no ip address ! ip forward-protocol nd no ip http server no ip http secure-server ! ! no cdp run ! snmp-server community xxxxxxxxx RW 2 snmp-server location ##### snmp-server contact ###### snmp-server chassis-id Cisco887va-Router snmp-server enable traps snmp linkdown linkup coldstart warmstart snmp-server host x.x.x.x version 2c ####### access-list 1 permit x.x.x.x 0.0.0.15 access-list 2 permit x.x.x.x ! ! line con 0 password 7 ######### login no modem enable line aux 0 line vty 0 4 access-class 1 in exec-timeout 5 0 login local transport input ssh ! ntp server x.x.x.x ! end

Cleverhosting are now selling Virtual Private Servers

As some of you may know. I own my own company called, Cleverhosting.

We’ve just released our own VPS packages based on the Xen HVM platform. Trust me when I say that these VPS’ are extremely quick and very competitively priced. We have a limited time promotional offer to grab one with your first month free. Simply use coupon code FB1MTH to get any of our VPS packages for free for 1 month.

See our packages here: Cheap VPS.

A new job

It’s been a while since I posted some sort of meaningful or interesting post, so I thought I’d post about the latest changes going on in my life.

Yesterday was the last day at my job where I worked as a Support Engineer looking after Dedicated Servers for a popular web hosting company here in the UK. I worked there for just over a year, but made the difficult decision to move on after various let downs, a severe increase in work and lack of fulfilled promises. It wasn’t all bad though, it gave me a really rewarding insight into the web hosting industry and how it operates. This was definitely useful for my own venture, Cleverhosting. I learnt a lot more about Linux in a very short space of time due to the majority of the companies infrastructure along with the dedicated servers we sold having Linux or a variation of Unix on them. This ultimately gave me the knowledge that helped me to acquire the new job I’m going to. This new job is definitely a lot more up my street than the previous. It’s a Systems Administrator role working specifically with Linux (namely CentOS) which means that I get to participate more in projects that are going on, rather than constantly fixing issues and taking calls. I expect this to be a big new challenge, one which I’m quite nervous about in all honesty. I have no idea what to expect.

Leaving the company I previously worked for brought up some rather odd emotions. I found myself quite saddened by my departure despite it being my own choice to leave. I made a lot of good friends whilst working there and I became accustomed to the day-to-day activities that I did so fully knew what to expect.

Anyway, I will more than likely type out a new post in the near future after starting my new position.

Tapco Link Firewire 4×6 Drivers

I am one of the proud owners of a Tapco audio interface, but I hadn’t used it for quite a while. So the other day when I went to Tapco’s site to try and download the drivers, I couldn’t find them! It appears they had been removed, and Mackie didn’t have them either.

Luckily, there was a backup of the drivers stored on my server which I later found, so I’m putting them on here for all to get hold of should they need them. The driver package has both 32-bit and 64-bit drivers.

Tapco LINK.firewire 4×6 drivers

Farcel2Go – I mean Parcel2Go

What an incredibly disappointing experience I’ve had with Parcel2Go over the last few days.

I purchased a courier service through them to pick up a rather large expensive parcel, and deliver to Maidenhead. I chose TNT through them as the courier to deliver this parcel and they arrived on Friday evening just before 6pm to pick up the parcel, with an aim to deliver it the Next Day. So great so far!

Saturday morning rolls round, and I see that they’ve confirmed successful delivery at 11:48am. Naturally I check the tracking information to ensure it’s got to the correct destination and that everything is in order. Much to my surprise, I found that they had delivered it to somewhere in Kettering, Northamptonshire, 90 miles away from it’s intended destination in Maidenhead. Of course, as soon as I saw this error, I got on the ‘Live Chat’ function of P2G’s website and inquired about why the tracker was showing my parcel as being delivered to Kettering. They completely overlooked my question and all associated issues, stating that the parcel had been delivered successfully to Kettering. I tried to point out that this was in fact incorrect, and so began the problems. I then phoned up TNT who confirmed the delivery had been made and signed for in Kettering to which I pointed out this was completely incorrect and that I’d have to contact Parcel2Go as I’m not the contract holder.

So far, Parcel2Go have been extremely unhelpful, with their ‘Live Chat’ being incredibly unhelpful, to the point of thinking that maybe there isn’t even a human sat on the other side! After numerous chats, I’ve e-mailed the ‘Head of Customer Services’ who has used the line, ‘We will investigate this for you and get back to you shortly.’ which I’ve heard numerous times before. I can only hope that something gets resolved very soon otherwise I will be out of pocket by a lot of money.

Follow the saga on my profile at Twitter: http://twitter.com/#keithrogers88

Any comments or advice are welcome.

UPDATE: Parcel2Go contacted me very quickly by phone after my tweet yesterday afternoon and my parcel magically arrived at it’s intended destination this morning. I’d like to thank them for their swift action on getting this resolved!