IPv6 Connectivity
This article aims to address the basic needs in education to the Internet described in this other one.
The aim is to allow private clients to an Internet Services Provider to understand how it works, basically, and solve, when possible, their connection troubles.
Internet is currently facing an important change, as a new version of the IP Protocol gets implemented : IPv6, which I am going to describe here.
This article has a twin, about the previous version, IPv4. Some poeple wish to declare this previous version as historic, even though it is still the most used IP version.
IPv6 Internet
The IP Protocol allows millions of computers around the world to work and connect together, and IP address are an important part of it.
IPv6 addresses are composed of 8 groups of 2 bytes (128 bits), so, for example :
2001:0db8:0000:85a3:0000:0000:ac1f:8001
2a00:1450:400f:0804:0000:0000:0000:200e
2001:0470:2099:000e:0000:0000:0000:0002
The complete notation has 39 characters, from 0 to 9 and a to f.
Those new addresses have been designed to allow an address space so large that we could have millions, billions, billions of billions of address per square-millimetre on Earth.
As it sounds pure delirium, I checked and found 0,6 billions of billions of addresses per square-millimetre (!!!).
Simplify them
These addresses are pretty long, aren’t they ? One can reduce them. Groups of characters are to be managed as numbers, thus suppress the 0 leading the group.
For example in this address :
2001:0470:2099:000e:0000:0000:0000:0002
0407, 000e and 0002 can be reduced to 407, e and 2. The groups of 0 can be ignored if they are following each other and their is no more than one complete 0 suite in the whole address. This gives here :
2001:470:2099:e::2
Yes, I know, it makes it harder. Who designed that ?
But those addresses have not been designed to be memorized by humans (and it’s a trouble somewhere). You won’t need to trouble yourself with it. Bare copy and paste them when needed.
Let’s talk about the various sorts of addresses.
Link Local
Link local addresses are up as soon as the machine has an active IPv6 stack. Even offline, in the farwest or at the south pole, this address will be up on the machine.
It is often created with the fe80:: prefix and the interface’s MAC address (sort of a material serial number), placing ff fe in the middle.
This is called stateless address autoconfiguration (SLAAC).
MAC: 00:26:b9:f6:d7:09
ipv6 local: fe80::226:b9ff:fef6:d709
I have never seen any other way to create Link-Local addresses, even though I have read it to be possible.
Link local addresses are, as you understand it, local. That means no one can use them on the internet.
Even if there is no IPv6 connectivity to the outer world, no routable prefix, one can ping and connect (I did ssh with it sometimes) with link local addresses. They need therefor to be protected with firewall.
You can ping those addresses. You normally have to say which interface to use with a % followed by the interface name :
[stephane@Jabberwocky ~]$ ping fe80::20d:b9ff:fe3e:a812%eno1
PING fe80::20d:b9ff:fe3e:a812%eno1(fe80::20d:b9ff:fe3e:a812%eno1) 56 data bytes
64 bytes from fe80::20d:b9ff:fe3e:a812%eno1: icmp_seq=1 ttl=64 time=0.620 ms
64 bytes from fe80::20d:b9ff:fe3e:a812%eno1: icmp_seq=2 ttl=64 time=0.410 ms
^C
--- fe80::20d:b9ff:fe3e:a812%eno1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.410/0.515/0.620/0.105 ms
Global
As you can have an IPv6 address for each grain of sand on Earth, no need to worry. Each computer, phone, toaster, car, bus card (???) has one or several complete IPv6 addresses. That means all these addresses are reachable on the Internet.
Address type is recognizable (out of the prefix itself) by the end of line :
wlp3s0b1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 2001:470:2099:a0:5eac:4cff:fe53:db1c prefixlen 64 scopeid 0x0<global>
inet6 fe80::5eac:4cff:fe53:db1c prefixlen 64 scopeid 0x20<link>
Scope global or scope link. So global or link local address.
prefix and network masks
Like with IPv4, IPv6 networks can be sliced in smaller subnetworks. One does it with mask or network prefix.
Network mask is often advertised at the end of an address with a /X or prefix X. It represent the number of bits at the beginning of the address reserved to the network address. Hence prefix.
So a /48 has 48 bits (the three first groups of characters) assigned to the network prefix. A /64 has the four first groups for the network address.
If you understand it well, a /48 can contain several thousands of /64 networks, whose could, each one, host the entire Internet address map without much trouble.
Usually ISP give a /48, a /56 or a /64. This last one is the minimum size of a local ipv6 network, due to the slaac algorithme requirement. It needs the last 64 bits in the address (half the address itself). A prefix larger than /64 would impinge the local address map.
NB : It is apparently possible to use a larger prefix, but it won’t be your case. It is about specific cases, like datacenters for exemple. In a smaller network, it is not possible anymore to use slaac. One has to manually setup link local addresses.
To setup an address automatically, the interface gather the prefix (which is given by the router), then add the 64 bits from the MAC address.
A link local address is the same : the prefix is fixed in the software code, and the last bits come from the MAC address.
You understand now why slaac and link local addresses share the same end.
All machines I worked on could use slaac. It is therefor a useful method. There is also a DHCP protocol for IPv6, but not all computers have a DHCPv6 client, nor all networks have a DHCPv6 server.
Finally you can still setup your address manually - link about Windows and ipv4, procedure is the same with ipv6.
Debug
Let’s debug the stuff.
Do I have a global ipv6 address ?
Unless your computer is actually a dinosaur which successfully avoided updates during the last decade, your software supports IPv6.
But do you have a global address ? You can check it easily under any Unix-like with the ifconfig command and filtering with global :
[stephane@Jabberwocky ~]$ ifconfig|grep global
inet6 2001:470:2099:e:226:b9ff:fef6:d709 prefixlen 64 scopeid 0x0<global>
inet6 2001:470:2099:a0:5eac:4cff:fe53:db1c prefixlen 64 scopeid 0x0<global>
Here, I got two addresses, one for each interface.
On Windows, using the ipconfig command should be enough.
If you have only link local addresses and no global address, it’s likely that your router does not spread an IPv6 prefix, which means your ISP does not provide it.
What is my gateway
The gateway is your door to the outer world. It is your box, or router as it should be named correctly.
Usually, the gateway’s address is the same as the network :
[stephane@Jabberwocky ~]$ ping 2001:470:2099:e::
PING 2001:470:2099:e::(2001:470:2099:e::) 56 data bytes
64 bytes from 2001:470:2099:e::: icmp_seq=1 ttl=64 time=0.545 ms
64 bytes from 2001:470:2099:e::: icmp_seq=2 ttl=64 time=0.541 ms
^C
--- 2001:470:2099:e:: ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.541/0.543/0.545/0.002 ms
Using the route command, available on any operating system, will be usefull with the -6 option.
[stephane@Jabberwocky ~]$ route -6|grep eno1
2001:470:2099:e::/64 :: U 100 4 77 eno1
fe80::/64 :: U 256 0 0 eno1
::/0 fe80::20d:b9ff:fe3e:a812 UG 100 4 112 eno1
ff00::/8 :: U 256 4 14 eno1
Here it’s this ligne : ::/0 which is Internet. It actually means :
If you want to connect somewhere in the network ::/0 (Internet), go through fe80::20d:b9ff:fe3e:a812.
If you have a global IPv6 address, you have a gateway and a default route. It is mandatory. Any problem now means your router or your computer is in trouble (updating ?).
Best solution is to reboot. Both machines.
DNS ?
DNS is the same in IPv6 and IPv4. It is just more critical now. So it is almost the same text as in IPv4.
The DNS is the system that links web address and ip address. You have to be able to use a DNS which answer IPv6 queries. Yet, it is not necessary a DNS using an IPv6 address itself. You certainly have both IPv4 and IPv6 addresses.
On Unix-like (Linux and BSD), you have to look in the /etc/resolv.conf file.
[stephane@Jabberwocky ~]$ cat /etc/resolv.conf
# Generated by resolvconf
search 22decembre.eu
nameserver 10.0.0.2
nameserver 10.0.0.1
nameserver 2001:470:2099:e::2
nameserver 2001:470:2099:e::
[stephane@Jabberwocky ~]$
On Windows, they are available through the ipconfig command or the graphical interface, in the dialog box «network connections» or at the bottom right of your computer screen.
As you might have a dual-stack like I said earlier, you probably fetch DNS with the DHCPv4.
But there are solutions for this in IPv6 : DNS can be announced with DHCPv6 or router messages. Problem is that both client and router should work the same way.
If you don’t have DNS, you can still set them up yourself.
On Unix, you just have to edit the /etc/resolv.conf file as Root. Take care, this file might be overwritten at the next reboot.
Google DNS
Google has two public open DNS resolvers : 2001:4860:4860::8888 and 2001:4860:4860::8844.
OpenDNS
OpenDNS allows to modify DNS answers. You can filter porno for example.
anti-censure DNS
You can use FDN - French not-for-profit ISP resolvers, 2001:910:800::12 and 2001:910:800::40.
Censurfridns - danish : 2001:67c:28a4:: and 2002:d596:2a92:1:71:53::.
Test connection to DNS
Just ping your DNS. If your ping fails but you can still ping another server, then your ISP network is having trouble. It is easier to change the resolvers like said earlier.
Tester sa résolution de noms
Use the nslookup command (on Windows) followed by a website name, host, dig or drill on Unix:
[stephane@Jabberwocky ~]$ host www.fdn.fr
www.fdn.fr has address 80.67.169.52
www.fdn.fr has IPv6 address 2001:910:800::52
If you can ping your resolver (the one given you by your ISP or a one of your own choice) but it cannot give you answer you, then you better change the resolver again.
That’s it.
If you have trouble, need some help, want to comment or make a remark, you can contact me : stephane AROBASE 22decembre.eu.