Enable IPv6

This document describes how to enable IPv6 on an instance in the IaaS platform.

Background

There are mainly three ways to get an IPv6 address:

  • Static configuration. This means that you get and IPv6 address that you configure on your instance. Since this involves manual work keeping track of which addresses that are free or not it is not the preferred solution in the IaaS platform.
  • Stateless Address Auto Configuration (SLAAC). This is a new option in IPv6 compared to IPv4 where the instance gets a prefix (with the netmask /64) in a Router Advertisement from the default router in the network. The last 64 bits of the address is generated by the instance itself, either from MAC-address on the interface (Modified EUI-64) or randomly (Privacy Extensions). The default router for the instance is set to the sender of the Router Advertisement. Since the Router Advertisements are sent in the link local scope (addresses that can never be routed to another segment) the default router in the routing table will also be the routers link local address instead of the first address in the network prefix from the Router Advertisement.
  • DHCPv6. This options works in many ways like the old DHCP-protocol for IPv4 but with some notable differences:
    • The default router is still configured with Router Advertisement – and not with DHCPv6.
    • Due to the abundance of addresses in IPv6 the leases from a DHCPv6 server are much more generous when it comes to the lease time resulting in that once you get an IPv6 address from the DHCPv6 server you can keep it virtually forever if the DHCPv6-server is set up with a big enough scope. This removes the need of static IPv6 addresses on servers serving IPv6 content.

Configuration

In this guide, we will use a combination of the first and third options: static assigment and DHCPv6. The reason we need to do that is a known issue right now that makes DHCPv6 unstable over time.

  • Set up an instance in the Horizon dashboard. In this example, we will use an Ubuntu 16.04 image. We also set it up with a keypair so that we can SSH to the host later. In this demonstration, the b.tiny flavor will do. We also connect it to an IPv4 network and the public-ipv6 network. We will use the IPv4 network for IPv4 traffic and management. Network list
  • We can see that we have gotten two IP-addresses, one IPv4 and one IPv6 in two different networks. We also assign a floating IP-address to the v4 interface on the instance to be able to SSH to it as described here.
  • Before we can SSH to our new floating IP we will need to update our security groups to open port 22. This is done from “Edit Security Groups” in the “Create Snapshot” drop-down if you did not do it at instance creation. Security groups are described here.
  • Now you can log into you instance with SSH. If you are using the vanilla Ubuntu 16.04 image with no extra configuration you log in with the user “ubuntu” and provide the password, you have set on your key (which you also must provide in able to log in).
  • Run “sudo -s” to gain root rights and then “ip address show” to find the interface apart from your IPv4 interface. This other interface should be down:
    Interface list In this case we see that the interface that is down is named ens4.
  • For CentOS 7, the default cloud image user is centos, and the interface configuration file is /etc/sysconfig/network-scripts/ifcfg-eth0 (if the interface with the IPv6 network on is eth0).
  • Go to the folder “/etc/network/interfaces.d” and create a file called “ens4.cfg” and fill it with the following contents:
    auto ens4  

    iface ens4 inet6 dhcp  
        accept_ra 1  

Save and close the file.

  • Run the command “/etc/init.d/networking restart” to bring up your IPv6 interface. Run “ip address show” to ensure that your instance has gotten the same IPv6-address as stated in the IaaS Dashboard. Copy the address on the interface from the "ip address show" command to notepad or some other text editor. Also run "ip -6 route show" to find out your IPv6 default router. Copy the IPv6 address from the row that starts with "default".

Now it is time to time to set the address and default router given from DHCPv6 statically on the interface. Open up the /etc/network.d/ens4.cfg in your editor again. Edit the file so that it looks like the following:

### Start IPV6 static configuration
iface ens4 inet6 static
address <IPv6 address from the ip address show command>
netmask 64
gateway <IPv6 address from the ip -6 route show command> 
### END IPV6 configuration
Save the file and then run “/etc/init.d/networking restart” again.

  • For CentOS 7, these two lines need to be added to the ifcfg-ethX file:

    IPV6ADDR=2001:xxx:x:xxxx::yyy/64
    IPV6_DEFAULTGW=2001:xxx:x:xxxx::1/64
    
    then restart the VM or restart network with "systemctl restart network.service" and it should now be usable over IPv6 also.

  • Try and ping with the command “ping6 -n ping.sunet.se” to see that it works. If the host is V6-only, make sure you add v6 resolvers to the /etc/resolv.conf file.