Configuring IPv6 in your server

By Rayed

Getting IPv6 connectivity to your server isn’t very hard in fact if you have a decent provier you might already have it configured.

Do you have IPv6 already configured?

First try this command

$ ifconfig -a

You will have result like this:

eth0      Link encap:Ethernet  HWaddr 00:1e:0b:d6:7b:b8  
          inet addr:88.85.245.43  Bcast:88.85.245.47  Mask:255.255.255.248
          inet6 addr: fe80::21e:bff:fed6:7bb8/64 Scope:Link
          :

he-ipv6   Link encap:IPv6-in-IPv4

inet6 addr: 2001:470:1f08:1160::2/64 Scope:Global
inet6 addr: fe80::5855:f52b/64 Scope:Link
:


lo        Link encap:Local Loopback

inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
:

Look for lines starting with “inet6”, they indicate IPv6 address, but they have different meaning depend on the scoop.

Scope:Host

Scope host means IPv6 is configured in your OS and you can connect to your own machine using IPv6, the address would be “::1” which is the equivalent to “127.0.0.1” in IPv4 world, try ping to your own machine:

$ ping6 ::1

Scope:Link

Scope Link means IPv6 is configured on the given interface with auto configured “Link-local addresses”, in our example “fe80::21e:bff:fed6:7bb8” is configured on the interface “eth0”.

Have a look at the MAC (HWaddr) address for interface “eth0”, and compare it to the IPv6 Link-Local address:

00:1e:0b:d6:7b:b8
fe80::21e:bff:fed6:7bb8

This is how IPv6 auto configuration works, it generate a unique IPv6 address from you MAC address (insert ff fe in the middle of the mac address).

Link local address are used only inside a LAN, i.e. can’t be routed from segment to segment, this enable IPv6 machines to communicate without the need for any configuration (you need away to discover IP address for other machines in the LAN of course).

Pinging another machine in LAN using IPv6 would work like this:

$ ping6 fe80::21e:bff:fed6:7bb8
connect: Invalid argument

It didn’t work, IPv6 sucks, not really, remember Link Local address can’t be routed and your OS can’t use the default gateway to send packets to, this why you have to specify the exact interface you want to use with “-I” option, try this:

$ ping6 -I eth0 fe80::21e:bff:fed6:7bb8
PING fe80::21e:bff:fed6:7bb8(fe80::21e:bff:fed6:7bb8) from fe80::21e:bff:fed6:7bb8 eth0: 56 data bytes
64 bytes from fe80::21e:bff:fed6:7bb8: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from fe80::21e:bff:fed6:7bb8: icmp_seq=2 ttl=64 time=0.008 ms

That worked fine!

Scope:Global

Here’s where it gets interesting, global address is used to reach other IPv6 network and hosts and they use back to reach you, it can be configured in many ways:

  • Stateless autoconfiguration: the Os will use router discovery packet to build its own IP, using its MAC address again.
  • DHCPv6 (aka statefull autoconfiguration): same old DHCP update for IPv6.
  • Manual (aka static configuration)

In my server I didn’t have an IPv6 address, and my provider didn’t plan to provide it in the near future, so what to do …. use a tunnel broker to tunnel your IPv6 traffic over IPv4, of course this a temporary solution until my provider arrange for IPv6 upstream connection.

No IPv6, provider don’t have IPv6 upstream connection … tunnel it

Fortunately the Internet full of free IPv6 tunnel broker providers, I signed up with Hurricane Electric Free IPv6 Tunnel Broker, after signing up click on “Create Regular Tunnel”, it will ask you about your IPv4 address to create the tunnel, and that is it, it will create your tunnel for you, it will even give you steps on how configure it on different OSs.

In my ubuntu server I added the following line to my network configuration file:

$ sudo vi /etc/network/interfaces
:
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
     endpoint 216.66.80.26
     address  2001:470:1f08:1160::2
     netmask  64
     up ip -6 route add default dev he-ipv6
     down ip -6 route del default dev he-ipv6

and to activate it I ran: 

sudo ifup he-ipv6

and to try it:

$ ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8006::93) 56 data bytes
64 bytes from 2a00:1450:8006::93: icmp_seq=1 ttl=57 time=97.1 ms
64 bytes from 2a00:1450:8006::93: icmp_seq=2 ttl=57 time=97.2 ms
64 bytes from 2a00:1450:8006::93: icmp_seq=3 ttl=57 time=97.2 ms
64 bytes from 2a00:1450:8006::93: icmp_seq=4 ttl=57 time=97.2 ms

IPv6 is configured and working 🙂

Fun Fact

HE tunnel broker not only tunnel one IPv6 address they tunnel /64 network to your address, this means you can have 2^64 addresses on this tunnel, in contrast all IPv4 address space is only 2^32 of addresses for the whole world!!!

comments powered by Disqus