Configure static IPv6 on Ubuntu
https://serverfault.com/questions/283269/configure-static-ipv6-on-ubuntu
I'm trying to configure IPv6 on a dedicated Ubuntu server. My provider gave me a "/64" (whatever that is - I'm still confused) of IPv6 addresses.
However, when I try to use them, I can't ping anything. What do I do? :(
# ping6 ipv6.google.com
PING ipv6.google.com(vx-in-x63.1e100.net) 56 data bytes
From fe80::219:d1ff:fefb:42d8 icmp_seq=1 Destination unreachable: Address unreachable
From fe80::219:d1ff:fefb:42d8 icmp_seq=2 Destination unreachable: Address unreachable
From fe80::219:d1ff:fefb:42d8 icmp_seq=3 Destination unreachable: Address unreachable
--- ipv6.google.com ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2014ms
# tracepath6 ipv6.google.com
1?: [LOCALHOST] 0.025ms pmtu 1500
1: fe80::219:d1ff:fefb:42d8%eth0 2000.022ms !H
Resume: pmtu 1500
# cat /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 64.***.***.***
netmask 255.255.255.248
gateway 64.***.***.***
iface eth0 inet6 static
pre-up modprobe ipv6
address 2607:F878:1:***::1
netmask 64
gateway 2607:F878:1:***(same as address)::1
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:d1:fb:42:d8
inet addr:64.***.***.*** Bcast:64.***.***.*** Mask:255.255.255.248
inet6 addr: fe80::219:d1ff:fefb:42d8/64 Scope:Link
inet6 addr: 2607:f878:1:***::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:52451 errors:0 dropped:0 overruns:0 frame:0
TX packets:39729 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6817761 (6.8 MB) TX bytes:6153835 (6.1 MB)
Interrupt:41 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:166 errors:0 dropped:0 overruns:0 frame:0
TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31714 (31.7 KB) TX bytes:31714 (31.7 KB)
4 Answers
Don't set the gateway on the host acting as the router to itself. If your ISP provided a gateway address, use that as the gateway on the host, or let the host use router announcements to configure itself. The gateway address should never be the same as the server's own address. The address being used to route for other hosts should not have a gateway assigned.
Your ISP may have provided you with an address for your external (Internet) interface. Configure your eth0 interface using that with the corresponding gateway address if it is provided. Use the /64 address on your internal interface (eth1) if you have one. You will also want to setup radvd to run on that interface.
If you don't have an internal interface you can add a static address in your /64 range by adding a line to your inet6 configuration like.
up ip -6 addr add 2607:F878:***::2 dev eth0
Get to know the ip commands such as ip -6 addr, ip -6 route, and ip -6 neigh. It is common to have multiple addresses and routes.
Default Gateways work a bit differently on IPv6.
What I suggest you do is fire up tcpdump and watch it for Router Advertisements (you might want to analyse the capture in WireShark - much easier). This is how your IPv6 host knows how to get out to the internet. Also watch for Neighbor Solicitation as this is the replacement for ARP.
If you see these requests coming in, but not going back out, then your internal firewall is blocking IPv6 traffic. If you see them going out (requests), but not back in, then you need to make sure that your prefix length is correct (that's the /64 part. Although I've seen a lot of /64s being passed out that are actually a /48).
Big Important Bold Bit
ICMP is absolutally critical for IPv6 functionality. In IPv4 it can be blocked without huge impact, but in IPv6, the whole network relies on ICMP for all its functionality. Don't block it.
In reference to
My provider gave me a "/64" (whatever that is - I'm still confused) of IPv6 addresses
That's your Prefix Length, previously known as your Subnet Mask that's used for CIDR. The lower the number, the more IP addresses you have. For IPv6, /64 and /48 are very common and should give you more IP addresses than you will ever need in your entire life.
It's impossible to provide a complete answer without knowing the full data your ISP provided you for your configuration.
There are two ways your provider could route your /64 to you.
Ideally: Provider provides two network addresses. One for your link to the provider (e.g. 2001:db8:1001:abcd::/64), in which case likely they'd give you a gateway address on that network (e.g. 2001:db8:1001:abcd::1) as well as telling you to use a particular address for your host (e.g. 2001:db8:1001:abcd::1001:feaf). The second network address would be your /64 for your internal network (e.g. 2001:db8:1001:feaf::/64). Your host would configured with the above interface address would act as gateway for this network. Assuming you had ethernet interfaces eth0 facing the provider and eth1 facing your internal network, you'd configure your interfaces file (IPv6 portions) as follows:
auto eth0
iface eth0 inet6 static
pre-up mod probe ipv6 # This shouldn't be necessary, make IPv6 a default mod
address 2001:db8:1001:abcd::1201:feaf
netmask 64
gateway 2001:db8:1001:abcd::1
auto eth1
face eth1 inet6 static
address 2001:db8:1001:abcd:feaf::1
netmask 64
This should get you to the point of being able to ping various places on the internet via your provider from the gateway host.
To get your internal hosts working, you might need to take some extra steps such as turning on forwarding for IPv6 packets, making sure that ip6tables is configured to allow forwarding of the packets you want to forward, etc.
As mentioned earlier, blocking ICMP6 will mess up your IPv6 connectivity.
If your provider expects you to use SLAAC on the link, then you'll need a different (dynamic) configuration which is a bit counterintuitive, but that's unlikely because your provider would need to know how to route your internal /64 to your dynamic address.
The second possible way this can be done is essentially bridged networking where your host acts as a bridge rather than a router. In this case you wouldn't have the eth1 connection and all your hosts would be on the same LAN segment as your provider and eth0 (either physically or via bridging interfaces).
TLDR; In IPv6 let the host use your network gateway advertised address; only configure the host IP address/mask (and optionally DNS).
In IPv6 you can configure the host IPv6 address statically, obtain one via a DHCPv6 server on your net or simply autoconfigure it (the recommended way). In fact, all IPv6 enabled hosts have several IPv6 addresses for distinct uses. The address using your IPv6 prefix is meant for public internet traffic.
In general, all entities are given an /64 range, meaning that the first 64 bits of all addresses in the range are fixed and pertain to the entity; the remaining 64 bits are for use of its own hosts. This private part could be subdivided for use in each facility of the entity (campuses, branch offices, etc.) but, of course, some addresses should be used by routers as gateway addresses for routing purposes and they could not be used for other hosts.
In fact, the specific routing information of the hosts come from the IPv6 gateway router in your net which advertises its own address periodically or on petition using packets called "Router advertisements" o RAs.
Your server, upon IPv6 module activation, generates some own "Link local" address automatically and asks the net for available routes to the IPv6 multicast address ff02::2: (meaning "all IPv6 routers"). Your IPv6 router responds to your host with info about gateway address and DNS information. Then, using this data, the host generates another additional address in the range provided by the router to be used as its public IPv6 address (There exist several ways to generate this address, some of them trying to make it random to avoid personal identification issues).
So the gateway IPv6 info should not provided statically; it's responsibility of the router operating as gateway to provide it, and it should be configured with the proper address range by your ISP or your network admin.
That said, if you still want an specific address asigned to your host, you make it up using the first defined 64 bits (like the "2607:F878" part you shown) and selecting the rest so it does not conflicts with other IPv6 hosts in your net. So, you can build IPv6 addresses in a /64 prefix changing only the xxxx data in the address:
2001:0db8:0000:0000:xxxx:xxxx:xxxx:xxxx
Of course, selecting a random value, say, 2607:F878::be15, could have a low probability of being used, but that is the purpose of the protocol shown above: the host determines automatically if the generated address is available; if not, generates another one.
Ubuntu specific IPv6 configuration.
To configure this static IPv6 address in Ubuntu you have two main options (using 2001:db8::/64 as example prefix)
- Using Network Manager
The address is configured in the file /etc/network/interfaces (as your config shows), indicating the name of the network interface in place of IFACE:
auto IFACE
iface IFACE static
address 2001:db8::be15
netmask 64
To apply, emit the command service networking restart if your system does not have systemd, or systemctl restart network-manager if it does.
- Using netplan:
The configuration is in *.yaml files in the `/etc/netplan´ directory, and they have this structure (the spacing and indentations are important):
network:
version: 2
renderer: networkd
ethernets:
IFACE:
accept-ra: yes
addresses:
- 20001:db8::be15
Test the config with the command netplan generate. If there are no errors, apply it with netplan apply.
