Web and Mail Servers with IPv6

Configuring an IPv6 Address

Once the firewall is in place, you can configure the IPv6 addresses on your Linux server. Although you could ask your provider to assign the IPv6 address using DHCPv6, this approach is not typical. You will probably need to configure the address yourself. However, this means that choosing an address is a conscious decision on your part. You can configure the address in the normal way using your distribution’s setup tool (which may even be GUI-based), or by modifying the configuration files in /etc .

The IPv6 default gateway is often an issue. Many networks use router advertisements that automatically assign the default gateway. Other providers require you to configure the gateway manually.

This setup is typically preferable on network segments where the network operator does not know whether all servers on the network segment will run without issues if router advertisements are distributed on the network segment once you add a gateway to the routing table. You can now try to ping the server to which you assigned an IPv6 address. Start with ping6 Defaultgateway ; you can find the address by typing ip  6 route show if you are unsure (Figure 2).

Figure 2: ip -6 addr show and ip -6 route show parse the IPv6 configuration. To ping a local address in the fe80::/​64 range, specify the network interface because the network is available on all interfaces.

Then try a hostname with an AAAA (IPv6) record, such as ipv6.google.com . If one of these pings doesn’t work, check the server setup, including the default gateway and firewall configuration.

If you are unable to troubleshoot your network problems quickly, you can temporarily disable the IPv6 address. The Linux system will prefer IPv6 as soon as it has an IPv6 address and a gateway. If the stack isn’t working properly, the programs need to time out before they fall back and try IPv4, which can severely impair the usability of production systems.

The European IP coordination center, RIPE , offers a test page where you can test your dual-stack connectivity (Figure 3).

Figure 3: The Dual Stack Connectivity Chart offered by RIPE NCC [1] tells you if your IP configuration is okay and lists which major servers you can access.

The test shows you clearly, and in real time, whether you can access a number of dual-stack test servers. If all of this works, you can start to concentrate on the applications themselves.

First Connections

From now on, the released services on your server will be accessible externally via IPv6. The first application – if the firewall doesn’t object – is the typically correctly preconfigured SSH daemon. If your admin PC has native IPv6 access or you turn to a tunnel broker as a workaround, you can get started right away. If you run your own tunnel, you need to configure IPv6 forwarding and the firewall on the server to match. On the client PC, set the IPv6 default route to point to the IPv6 address of the server’s tunnel interface.

Related content

comments powered by Disqus