IPv6 Cheat Sheet

IPv6 is a lot less complicated that you think.

Once you get past the hex codes and once you see that basic concepts and tools are similar, you’re in good shape to start using it.

How to Ping

One of the most complicated things if you’ve never worked with IPv6 is to use the PING command. To use the ping command under most circumstances, you may need:

  • To use the ping6 command instead of ping
  • An IPv6 enabled workstation or an IPv6 website to ping from
  • Specify the interface from which to ping

The second point is important, because under some circumstances if you ping and IPv6 address you might get Invalid Argument like below:

ping6 fe80::88e9:97ff:fec3:aae0
PING fe80::88e9:97ff:fec3:aae0(fe80::88e9:97ff:fec3:aae0) 56 data bytes
ping6: sendmsg: Invalid argument

The solution is to specify a % and the interface name, for example:

ping6 fe80::88e9:97ff:fec3:aae0%ens18

How to add a default IPv6 Route

Example:

ip -6 route add default via 2620:1e6:101::8888:1 dev venet0

How to Determine the Default IPv6 Route

Normally on Linux to determine the default route you may use ip route or netstat -rn

The equivalent for IPv6 is ip -6 route

What is a /64?

“There are 2^128 or 340 trillion, trillion, trillion IPv6 addresses, which is more than 100 times the number of atoms on the surface of the Earth. This will be more than sufficient to support trillions of Internet devices for the forseeable future. So in answer to your question, we don’t need to subnet like we did for IPv4. We subnetted and used NAT as a workaround because we didn’t have enough addresses before. Using /64 should always be fine. We will destroy the earth or kill ourselves before we run out.”

See https://stackoverflow.com/questions/15265893/what-does-it-mean-64-in-ipv6 and  http://www.steves-internet-guide.com/ipv6-guide/

Caveats

Shared Hosting Control Panels

A notable caveat on some Linux control panels, e.g. Virtualmin, is that there is a separate firewall for IPv6. In fact, that is also the case when you are using cloud providers such as AWS. So be careful! Your server might be Fort Knox for IPv4, but an intruder could come in via IPv6.

References

Share this article

Leave a Reply

Your email address will not be published.

Scroll to Top