IPv6 for Beginners

By David A. Bandel (david at gmail dot com)

Revised: Oct 2006

Some of you are probably wondering what this IPv6 stuff is all about, and whether or not you should be learning about and/or deploying it. The answer of course is, it depends.

If you are well grounded in IPv4, and more importantly, CIDR, or at least its subset known as VLSM, then you'll have no problem with IPv6. On the other hand, if the previous statement made no sense to you, you probably will want to stop here and review IPv4 in more depth.

The basics

IPv6 works the same as IPv4 for purposes of IP assignment, routing, and more. But rather than use dotted decimal notation as we do with IPv4, this has been changed to a slightly different notation to prevent confusion. This notation swaps colons (:) for dots. It also changes from decimal to hexadecimal notation (to keep the numbers manageable), and just plain has more of them, specifically, it has 8 groups of them.

An IPv6 address has 8 "hextets" rather than 4 octets. This means our colon separated numbers, instead of running from 0-255 (00-FF in hex), now run from 0000-FFFF (0-65535 in decimal). So an IPv6 address looks something like this: 2001:05c0:9168:0000:0000:0000:0000:0001/128.

Now a couple of rules:
1. leading zeros may be dropped, so 05c0 becomes 5c0, and 0001 becomes 1
2. one time, and one time only, you may drop contiguous zeros completely and just use ::
Using the rules above, the IP 2001:05c0:9168:0000:0000:0000:0000:0001 becomes 2001:05c0:9168::1

Now we can read and write IPv6 IPs. But what is that /128 on the end above? Well, when we describe an IPv4 IP and network, we use a netmask to define the network. IPv6 has decided, rather than use the old notation, that it's better just to use /# notation. So our netmask would be 128 to describe something similar to /32 ( or one host. Note that `expr 16 \* 8` gives us 128.

Getting routable addresses assigned

Unlesss you are lucky enough to have an ISP that will assign you an IPv6 block, you will need to find a tunnel broker. A number of them can be found in Google. I'm currently using Freenet6 and have a block assigned. Specifically, I have 2001:5c0:9168::/48. But /48 just provides me with routable networks. IPv6 assignments for global routing use /64. So I have 65k globally routable networks assigned. The various authorities are assigning /32 blocks, so tunnel brokers are currently generous with their offerings. However, this may not last.

Just to give you an idea of what we're talking about here, a /64 network has 18,446,744,073,709,551,616 (18 quintillion) unique IPs. Of course, the first and last are not used, so you lose 2. A /48 network has 65,536 times as many. For those obsessed with how large this number is, work it out and be amazed (it's on the order of 1.2*10^24).

Assigning your IPs

Once you have your block assigned, you'll need to start deploying those IPs. Routing in your router should be handled by your tunnel. Beyond that, you're on your own. So let's see how to do it.

I decided to start deploying my first IPv6 block locally. When you do this you have two options:

If you want to control IPv6 assignments, such as with servers where you want specific IPs (makes DNS easier to handle), then you'll be using manual assignment. All the major distributions have instructions for how to handle setting up IPv6 IPs. In Debian, /etc/network/interfaces uses stanzas similar to those for inet (IPv4), but call the inet6 family instead. Later in this document, I will show an example, but first, I want to ensure you know how to do it from a command line to understand what is going on.

To assign IPv6 IPs, make sure you have the iproute2 (apt-get install iproute) tools installed. Using them, let's start assigning our IPs. I decided to assign each of my servers an IP within the first block. So in the first server I ensured I had the ipv6 module installed, then:
ip -f inet6 addr add 2001:5c0:9168::2/64 dev eth0
This assigned the IP within the globally routed IPv6 /64 range. Then, to ensure I could talk to the rest of the world:
ip -f inet6 ro add default via 2001:5c0:9168::1 dev eth0
That's all there is to it. Now just reconfigure/restart your IPv6 enabled services, like Apache, SSH, others, and you're on your way.

Testing connectivity

To make sure all is working, you'll need a few tools. Under Debian, ping6 is installed along with ping as part of the iputils-ping package. This is considered an important package, so should be installed by default. What is not installed by default is iputils-tracepath which includes traceroute6 among others. So you'll need to load it using apt-get install iputils-tracepath. Other distros may have this as part of a different package.

First, let's make sure we can ping our gateway: ping6 2001:5c0:9168::1. If all is working, you should see pong packets. If that works, then ping an ipv6 site, like ipv6.ipv6tools.com. If you get an IPv6 IP, but can't ping it, use traceroute6 to see where your route fails.

Assigning DNS

Once you have all the above working, you're on the way. Now you're ready to start configuring DNS. I won't go into the details, but basically, you create entries for your ipv6 hosts. The ipv6 names should be different from your ipv4 names. Some folks will advise you to create a subdomain. But for a few entries, you might just want to add them to your present domain. All other DNS RR entry rules apply. Just substitute AAAA in place of A. And to listen on an ipv6 address for DNS queries, you'll want to use this line in your named.conf file under options: listen-on-ipv6 { any; };.

Reverse DNS becomes a little more tricky. You'll want to create a reverse zone in the ip6.arpa domain, not the deprecated ip6.int domain. These entries are the _entire_ IPv6 address, backwards, but with each digit separated by a dot and terminated with .ip6.arpa. So my IPv6 reverse entry would look like: IN PTR ns2ip6.pananix.com.
Although usually we'd just reverse the /48 and be done with it. Even automated tools would take a while to reverse the entire network.

Automating things

To make things a bit easier, the following stanza in any Debian-derived system should get you up and running on a reboot:

auto eth0
iface eth0 inet6 static
		pre-up modprobe ipv6 #just to make sure the ipv6 module is loaded
		address 2001:5c0:9168::2
		# the next line turns off ipv6 autoconfig (more on that later)
		up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
		netmask 64
		gateway 2001:5c0:9168::1

If your systems don't require specific IPv6 IP addresses, you may just want to go with the IPv6 autoconfig you've probably heard about. To use autoconfig on any system, do nothing special. If any interface is connected to a router running radvd, autoconfiguration will happen.

To get autoconfiguration to work, you'll need to create an /etc/radvd.conf file on your router that looks like this:

interface eth1
 AdvSendAdvert on;
 prefix 2001:05c0:9168::/64
 AdvOnLink on;
 AdvAutonomous on;

Now while it might look like you're getting random IP addresses, this really isn't true. Let's take a look at an extract of the output from ifconfig:

		inet6 addr: 2001:5c0:9168:0:216:76ff:fe39:64f4/64 Scope:Global
		inet6 addr: fe80::216:76ff:fe39:64f4/64 Scope:Link

Note that my MAC address (HWaddr) is: 00:16:76:39:64:F4

Using the MAC address to create the IPv6 address ensures that it is unique. Another method employed by the 2002 network uses the IPv4 address. This gives the advantage of having an ipv4 address you can look up to help find the bad guys.

The last piece of information I will leave you with is that all your interfaces will pick up an IPv6 IP starting fe80::. Think of this like the zeroconf IPv4 IP addresses (if you've dealt with MicroSoft, you've seen these IPs when Windows gets confused and can't find itself).

That's all for now. Let us know on the list when you have an IPv6-only accessible service for us. This SxS will likely be posted to: http://ipv6.pananix.com/ipv6.html for your browsing pleasure.

When you get there, you can tell me how badly I've mangled these instructions for IPv6 beginners.