IPv6 is a lot less complicated that you think.
Once you get past the hex codes and once you see that basic concepts and tools are similar, you’re in good shape to start using it.
Table of Contents
Ping IPv6
One of the most complicated things if you’ve never worked with IPv6 is to use the PING command. To use the ping command under most circumstances, you may need:
- To use the
ping6command instead ofping, e.g.ping6 google.com - An IPv6 enabled workstation or an IPv6 website to ping from
- Specify the interface from which to ping
The second point is important, because under some circumstances if you ping and IPv6 address you might get Invalid Argument like below:
ping6 fe80::88e9:97ff:fec3:aae0 PING fe80::88e9:97ff:fec3:aae0(fe80::88e9:97ff:fec3:aae0) 56 data bytes ping6: sendmsg: Invalid argument
The solution is to specify a % and the interface name, for example:
ping6 fe80::88e9:97ff:fec3:aae0%ens18
Add a default IPv6 Route
Example:
ip -6 route add default via 2620:1e6:101::8888:1 dev venet0
Default IPv6 Route
Normally on Linux to determine the default route you may use ip route or netstat -rn
The equivalent for IPv6 is ip -6 route
Alternatives to see default IPv6 route
ip -6 route show route -A inet6
In the above output, lookfor [::]/0
Testing IPv6 from localhost
Here is a cool test, you can ping the 8.8.8.8 and 8.8.4.4 name servers that belong to Google 🙂
ping6 2001:4860:4860::8888 ping6 2001:4860:4860::8844
Add IPv6 to Netplan on Ubuntu
An example is below. The two additional section for the IPv6 address and IPv6 gateway are in bold. It also has IPv4 settings. The default 50-cloud-init.yaml file lives in /etc/netplan:
What I’ve found in practice is that if your core router is properly set up IPv6 gateways (and IP addresses) will automatically be handed out! This doesn’t happen with DHCP at per traditional networking but rather something called SLAAC which uses NDP. See section about PTRs later. I’ve also found that on most of my Linux boxes you don’t need to specify the gateway because IPv6 seems to have a way of finding itself. In fact, I’ve seen where adding the gateway just adds more complexity and interferes. But anyhow, here is the manual way:
# cat 50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
 version: 2
 ethernets:
   eth0:
     addresses:
     - 192.168.0.2/24
     - 2001:db8:1234:5678::2/64
     gateway4: 192.168.0.1
     gateway6: 2001:db8:1234:5678::1
     match:
       macaddress: aa:bb:cc:dd:ee:ff
     nameservers:
       addresses:
       - 1.1.1.1
       - 8.8.4.4
       search:
       - vander.host
     set-name: eth0
Remember in Netplan you can’t use tabs, and when you’re done, do this:
sudo netplan apply
What about my PTR and automatic assignments?
I couldn’t figure out since I’m getting dynamic IPv6 addresses from a MikroTik core router if my PTRs would stick. The solve this problem, I’m just showing verbatim how I asked ChatGPT 4o about it and what she replied:
On an IPv6 network my server was automatically given this IPv6 IP address, and it works:
2c0f:ef18:9fff:1:be24:11ff:fe91:1f33
I know for a fact the IP address was not given out using DHCP but rather something like ND. I’m not sure, but I have access to the MikroTik router and it’s not DHCP.
What I want to understand, is that IP address “permanent”? The reason why is I need to set up a PTR record, and I don’t want to have to change that when I reboot the router or server.
Answer
In IPv6 networks, an address like the one you’ve provided is likely configured through Stateless Address Autoconfiguration (SLAAC). This method uses Neighbor Discovery Protocol (NDP), which is different from DHCPv6 and is commonly used in IPv6 deployments.
Understanding the IPv6 Address
The address you provided:
2c0f:ef18:9fff:1:be24:11ff:fe91:1f33
Here’s a breakdown:
1. Global Unicast Address: It seems to be a globally unique address, meaning it’s routable on the public internet.
2. EUI-64 Interface Identifier: The segment be24:11ff:fe91:1f33 suggests it’s derived from the MAC address of your network interface using the EUI-64 format. This is common in SLAAC.
Is the IPv6 Address Permanent?
In SLAAC, the IPv6 address is typically generated based on the network prefix (advertised by the router) and the MAC address of the network interface. This means:
•As long as the MAC address of the network interface doesn’t change, and the network prefix advertised by the router remains the same, the IPv6 address will remain consistent across reboots.
•If the router’s configuration (network prefix) or the server’s MAC address changes, the IPv6 address may change.
Ensuring IPv6 Address Stability
1. Static IPv6 Address Assignment: The most reliable way to ensure a stable IPv6 address is to manually configure a static IPv6 address on your server, rather than relying on SLAAC. You can choose an address within the subnet provided by your router.
2. Static SLAAC: If you want to continue using SLAAC but ensure the stability, ensure that:
•The network prefix advertised by the router doesn’t change.
•The server’s MAC address remains the same.
Setting Up PTR Records
If you decide the address is stable enough or configure a static IPv6 address, you can proceed to set up the PTR record. If you want to use the current SLAAC address:
1. Confirm Router Advertisement Configuration: Ensure the router’s RA (Router Advertisement) settings are stable.
2. Check MAC Address: Make sure the server’s network interface MAC address is not likely to change.
Conclusion
If you need absolute stability and control over the IP address for PTR records and other configurations, manually assigning a static IPv6 address is the best practice. For most cases where hardware and network configurations are stable, the SLAAC-generated address can be considered relatively permanent, but it’s not as guaranteed as a static address.
What is a /64, /128, /127?
A
/64is soft of special in the IPv6 world, it’s the Swiss Army Knife. Everything always gets a/64unless it needs to be bigger. A connectivity/transit provider may provide you with a/48, but to set up your server network you would only use a/64.
A point to point would use 2 x /127s.
One way of thinking of a /128 is that it’s similar to an IPv4 /32.
How many IP addresses are there in a /64?
“There are 2^128 or 340 trillion, trillion, trillion IPv6 addresses, which is more than 100 times the number of atoms on the surface of the Earth. This will be more than sufficient to support trillions of Internet devices for the forseeable future. So in answer to your question, we don’t need to subnet like we did for IPv4. We subnetted and used NAT as a workaround because we didn’t have enough addresses before. Using /64 should always be fine. We will destroy the earth or kill ourselves before we run out.”
See https://stackoverflow.com/questions/15265893/what-does-it-mean-64-in-ipv6 and  http://www.steves-internet-guide.com/ipv6-guide/
Caveats
Shared Hosting Control Panels
A notable caveat on some Linux control panels, e.g. Virtualmin, is that there is a separate firewall for IPv6. In fact, that is also the case when you are using cloud providers such as AWS. So be careful! Your server might be Fort Knox for IPv4, but an intruder could come in via IPv6.
References
- Test IPv6 using an online website: http://www.ipv6now.com.au/pingme.php
- https://www.ibm.com/docs/en/ts3500-tape-library?topic=formats-subnet-masks-ipv4-prefixes-ipv6
- https://unix.stackexchange.com/questions/311595/ipv6-route-configuration-on-ubuntu-14-04
- https://linuxconfig.org/how-to-ping-ipv6-address-on-linux