I recently discovered Vagrant and after some experimentation and reading I set about replacing all my ESXi and HyperV hosts with Linux based hypervisors.
After installation of the RPM package creating a VM was as simple as issuing;
vagrant box add minimal-centos-56 http://dl.dropbox.com/u/9227672/centos-5.6-x86_64-netinstall-4.1.6.box
vagrant init minimal-centos-56
vagrant up
After confirming everything was up and running I needed to recreate my SIXXS tunnel host. This would require a VM with multiple NICs specifically bound to explicit physical NICs which are connected to the various different firewall / routers (ASA 5505, Pix 501 and a NetScreen 5GT)
Vagrant::Config.run do |config|
config.vm.box = "minimal-centos-56"
config.vm.network :bridged
config.vm.network :bridged
end
Deceptively simple.
Once this new VM was up (and I’d chosen the right physical > virtual NIC matchups) I installed AICCU, added my SIXXS credentials, configured some static routes and everything was back up and running!
yum install aiccu
/etc/init.d/aiccu start
/sbin/route -A inet6 add 2000::/3 gw 2a01:348:6:148::1
/sbin/ip -6 route add 2a01:348:18e:4::/64 via 2a01:348:18e:2::2
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
Linux Host:
eth0 Link encap:Ethernet HWaddr 08:00:27:09:0D:64
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe09:d64/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19315 errors:0 dropped:0 overruns:0 frame:0
TX packets:16077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1489167 (1.4 MiB) TX bytes:2974043 (2.8 MiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:69:BA:06
inet addr:78.86.196.202 Bcast:78.86.207.255 Mask:255.255.240.0
inet6 addr: fe80::a00:27ff:fe69:ba06/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1505557 errors:0 dropped:0 overruns:0 frame:0
TX packets:852881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:436833717 (416.5 MiB) TX bytes:207749750 (198.1 MiB)
eth2 Link encap:Ethernet HWaddr 08:00:27:CF:30:BA
inet6 addr: 2a01:348:18e:2::1/64 Scope:Global
inet6 addr: fe80::a00:27ff:fecf:30ba/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:222925 errors:0 dropped:0 overruns:0 frame:0
TX packets:143519 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36068991 (34.3 MiB) TX bytes:128214969 (122.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:234 errors:0 dropped:0 overruns:0 frame:0
TX packets:234 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27630 (26.9 KiB) TX bytes:27630 (26.9 KiB)
sixxs Link encap:IPv6-in-IPv4
inet6 addr: 2a01:348:6:148::2/64 Scope:Global
inet6 addr: fe80::4e56:c4ca/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:610596 errors:0 dropped:0 overruns:0 frame:0
TX packets:689073 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:273917533 (261.2 MiB) TX bytes:189567021 (180.7 MiB)
ASA 5505:
CP-ASA-1# sh ipv6 ?
access-list Show hit counters for access policies
icmp Show ICMPv6 access rules configured on all interfaces
interface IPv6 interface status and configuration
local Show IPv6 local pool information
mld Multicast group membership information
neighbor Show IPv6 neighbor cache entries
route Show IPv6 routes
routers Show local IPv6 routers
traffic IPv6 traffic statistics
CP-ASA-1# sh ipv6 interface
DualStack_Internal is up, line protocol is up
IPv6 is enabled, link-local address is fe80::222:55ff:fe2a:a42c
Global unicast address(es):
2a01:348:18e:4::1, subnet is 2a01:348:18e:4::/64
Joined group address(es):
ff02::1
ff02::2
ff02::1:ff00:1
ff02::1:ff2a:a42c
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 10 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
IPv4_WAN is up, line protocol is up
IPv6 is enabled, link-local address is fe80::222:55ff:fe2a:a42c
No global unicast address is configured
Joined group address(es):
ff02::1
ff02::2
ff02::1:ff2a:a42c
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
IPv6_WAN is up, line protocol is up
IPv6 is enabled, link-local address is fe80::222:55ff:fe2a:a42c
Global unicast address(es):
2a01:348:18e:2::2, subnet is 2a01:348:18e:2::/64
Joined group address(es):
ff02::1
ff02::2
ff02::1:ff00:2
ff02::1:ff2a:a42c
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.
