IPv6 Cheat Sheet

IPv6 is a lot less complicated that you think.

Once you get past the hex codes and once you see that basic concepts and tools are similar, you’re in good shape to start using it.

Ping IPv6

One of the most complicated things if you’ve never worked with IPv6 is to use the PING command. To use the ping command under most circumstances, you may need:

  • To use the ping6 command instead of ping, e.g. ping6 google.com
  • An IPv6 enabled workstation or an IPv6 website to ping from
  • Specify the interface from which to ping

The second point is important, because under some circumstances if you ping and IPv6 address you might get Invalid Argument like below:

ping6 fe80::88e9:97ff:fec3:aae0
PING fe80::88e9:97ff:fec3:aae0(fe80::88e9:97ff:fec3:aae0) 56 data bytes
ping6: sendmsg: Invalid argument

The solution is to specify a % and the interface name, for example:

ping6 fe80::88e9:97ff:fec3:aae0%ens18

Add a default IPv6 Route

Example:

ip -6 route add default via 2620:1e6:101::8888:1 dev venet0

Default IPv6 Route

Normally on Linux to determine the default route you may use ip route or netstat -rn

The equivalent for IPv6 is ip -6 route

Alternatives to see default IPv6 route

ip -6 route show

route -A inet6

In the above output, lookfor [::]/0

Testing IPv6 from localhost

Here is a cool test, you can ping the 8.8.8.8 and 8.8.4.4 name servers that belong to Google 🙂

ping6 2001:4860:4860::8888
ping6 2001:4860:4860::8844

Add IPv6 to Netplan on Ubuntu

An example is below. The two additional section for the IPv6 address and IPv6 gateway are in bold. It also has IPv4 settings. The default 50-cloud-init.yaml file lives in /etc/netplan:

What I’ve found in practice is that if your core router is properly set up IPv6 gateways (and IP addresses) will automatically be handed out! This doesn’t happen with DHCP at per traditional networking but rather something called SLAAC which uses NDP. See section about PTRs later. I’ve also found that on most of my Linux boxes you don’t need to specify the gateway because IPv6 seems to have a way of finding itself. In fact, I’ve seen where adding the gateway just adds more complexity and interferes. But anyhow, here is the manual way:

# cat 50-cloud-init.yaml 
# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 192.168.0.2/24
            - 2001:db8:1234:5678::2/64
            gateway4: 192.168.0.1
            gateway6: 2001:db8:1234:5678::1
            match:
                macaddress: aa:bb:cc:dd:ee:ff
            nameservers:
                addresses:
                - 1.1.1.1
                - 8.8.4.4
                search:
                - vander.host
            set-name: eth0

Remember in Netplan you can’t use tabs, and when you’re done, do this:

sudo netplan apply

What about my PTR and automatic assignments?

I couldn’t figure out since I’m getting dynamic IPv6 addresses from a MikroTik core router if my PTRs would stick. The solve this problem, I’m just showing verbatim how I asked ChatGPT 4o about it and what she replied:

On an IPv6 network my server was automatically given this IPv6 IP address, and it works:

2c0f:ef18:9fff:1:be24:11ff:fe91:1f33

I know for a fact the IP address was not given out using DHCP but rather something like ND. I’m not sure, but  I have access to the MikroTik router and it’s not DHCP.

What I want to understand, is that IP address “permanent”? The reason why is I need to set up a PTR record, and I don’t want to have to change that when I reboot the router or server.

Answer

In IPv6 networks, an address like the one you’ve provided is likely configured through Stateless Address Autoconfiguration (SLAAC). This method uses Neighbor Discovery Protocol (NDP), which is different from DHCPv6 and is commonly used in IPv6 deployments.

Understanding the IPv6 Address

The address you provided:

2c0f:ef18:9fff:1:be24:11ff:fe91:1f33

Here’s a breakdown:

1. Global Unicast Address: It seems to be a globally unique address, meaning it’s routable on the public internet.

2. EUI-64 Interface Identifier: The segment be24:11ff:fe91:1f33 suggests it’s derived from the MAC address of your network interface using the EUI-64 format. This is common in SLAAC.

Is the IPv6 Address Permanent?

In SLAAC, the IPv6 address is typically generated based on the network prefix (advertised by the router) and the MAC address of the network interface. This means:

•As long as the MAC address of the network interface doesn’t change, and the network prefix advertised by the router remains the same, the IPv6 address will remain consistent across reboots.

•If the router’s configuration (network prefix) or the server’s MAC address changes, the IPv6 address may change.

Ensuring IPv6 Address Stability

1. Static IPv6 Address Assignment: The most reliable way to ensure a stable IPv6 address is to manually configure a static IPv6 address on your server, rather than relying on SLAAC. You can choose an address within the subnet provided by your router.

2. Static SLAAC: If you want to continue using SLAAC but ensure the stability, ensure that:

•The network prefix advertised by the router doesn’t change.

•The server’s MAC address remains the same.

Setting Up PTR Records

If you decide the address is stable enough or configure a static IPv6 address, you can proceed to set up the PTR record. If you want to use the current SLAAC address:

1. Confirm Router Advertisement Configuration: Ensure the router’s RA (Router Advertisement) settings are stable.

2. Check MAC Address: Make sure the server’s network interface MAC address is not likely to change.

Conclusion

If you need absolute stability and control over the IP address for PTR records and other configurations, manually assigning a static IPv6 address is the best practice. For most cases where hardware and network configurations are stable, the SLAAC-generated address can be considered relatively permanent, but it’s not as guaranteed as a static address.

What is a /64, /128, /127?

A /64 is sort of special in the IPv6 world, it’s the Swiss Army Knife. Everything always gets a /64 unless it needs to be bigger. A connectivity/transit provider may provide you with a /48, but to set up your server network you would only use a /64.

Joe BothaAtomic Access

A point to point would use 2 x /127s.

One way of thinking of a /128 is that it’s similar to an IPv4 /32.

How many IP addresses are there in a /64?

“There are 2^128 or 340 trillion, trillion, trillion IPv6 addresses, which is more than 100 times the number of atoms on the surface of the Earth. This will be more than sufficient to support trillions of Internet devices for the forseeable future. So in answer to your question, we don’t need to subnet like we did for IPv4. We subnetted and used NAT as a workaround because we didn’t have enough addresses before. Using /64 should always be fine. We will destroy the earth or kill ourselves before we run out.”

See https://stackoverflow.com/questions/15265893/what-does-it-mean-64-in-ipv6 and  http://www.steves-internet-guide.com/ipv6-guide/

Caveats

Shared Hosting Control Panels

A notable caveat on some Linux control panels, e.g. Virtualmin, is that there is a separate firewall for IPv6. In fact, that is also the case when you are using cloud providers such as AWS. So be careful! Your server might be Fort Knox for IPv4, but an intruder could come in via IPv6.

References

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top