Post Reply
User avatar
Posts: 12959
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle


Post by Edge100x »

Can I use IPv6?

If you have an unmanaged VDS with us, you may use IPv6. IPv6 is not currently available for full dedicated machines due to the way that we currently advertise prefixes internally.

How do I enable and use IPv6?

You will need to request that IPv6 support be enabled for your VDS. Then, you can allow it through the firewall on the "Firewall" page for your VDS.

After it is fully enabled, the OS inside your VDS should automatically obtain and use an IP address through IPv6 autoconfiguration (SLAAC). This mechanism is supported and turned on by default for all modern OSes.

(More specifically, we provide and advertise an overall large block (a /48) and then also advertise a smaller portion of that block -- a /64 -- to your OS, which the OS picks up and uses for its autoconfiguration. This is just how IPv6 was designed to handle autoconfiguration.)

How does the OS of the VDS choose which IPv6 address to use?

Each OS chooses an algorithm for deciding which address to automatically use. Some use an industry standard called EUI64, which takes the MAC address of the (emulated) hardware device and combines it with the advertised prefix. Others use some other relatively unique data from the OS install, such as a GUID, and combine it with the MAC address or other data in a proprietary way.

Whatever IP address it chooses should remain the same across OS reboots, and it should be visible by looking at the configuration information of the virtual network adapter. For instance, in Linux, the ip address command will show all assigned IPv6 and IPv4 addresses.

We show the EUI64 IP address on the "IP list" page of the control panel, for reference. It is listed first there.

How many IP addresses are provided by NFO?

Each VDS receives a /48, which contains more than a septillion IP address possibilities.

How are IPv6 addresses written?

IPv6 addresses are written as eight sets of four hexadecimal digits, separated by colons (for a total of 128 bits of information). A hexadecimal digit ranges from zero (written as 0) through 16 (written as F).

In IPv6, there are other quirky rules about naming, such as that leading zeros within a colon-delineated segment can be dropped, that four zeros together can be written as just "0", and that the longest set of four-digit zero groups can be switched to just side-by-side colons ("::").

These are examples of valid IPv6 addresses:

2001::0001 (which is the same thing, in a shorter form)
2001::1 (which is the same thing, in its shortest form)
2001:0:0:f::1 (which is the same thing, in its shortest form)

An IP address can have a CIDR prefix length attached to it. This tells you that it represents a larger block of addresses, and how large that block is. For instance,


.. would represent the range of IP addresses from 2001:ffff:ffff:ffff:ffff:ffff:ffff:0000 through 2001:ffff:ffff:ffff:ffff:ffff:ffff:ffff. The prefix length of 112 means that the last (128-112)=16 bits at the end of the IP address are included in the range.

Sometimes, a single IP address is represented with a /128 at the end. And, sometimes, when an IP address is assigned to a network interface, it will have a larger prefix length at the end, indicating that it is part of that block. For instance,


... would represent a single IP address that is part of a /64. That /64 would cover 2001:ffff:ffff:ffff:0000:0000:0000:0000 through 2001:ffff:ffff:ffff:ffff:ffff:ffff:ffff.

https://en.wikipedia.org/wiki/IPv6_address has more information on how IPv6 addresses work; there are many more details, though most aren't important to know.

How do I manually add an IPv6 address to the network adapter?

It is not necessary to manually assign an IP address, but it is easy to do this if you wish. You can configure the virtual network adapter inside your OS and select any IP address with the /48 that has been assigned. For instance, if the assignment is for 2605:6ac1:f004::/48, you could use anything from 2605:6ac1:f004:0000:0000:0000:0000:0000 through 2605:6ac1:f004:ffff:ffff:ffff:ffff:ffff.

Can I assign /64s to VPN/tunnel clients?

At least on Linux, this is doable. You should be able to:

1. Turn on IPv6 forwarding.
2. Set accept_ra to 2 so that you still get the gateway IP
3. Install the "radvd" utility.
4. Set up radvd to issue /64s to clients with a configuration like this, substituting your tunnel interface name and your prefix information:

Code: Select all

interface ClientTunnel1
        AdvSendAdvert on;
        IgnoreIfMissing on;
        MaxRtrAdvInterval 300;
        AdvDefaultPreference high;
        prefix 2605:6ac0:x:y::/64
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
                AdvValidLifetime infinity;
        RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
                AdvRDNSSLifetime 3600;
You would need to use a different /64 for each interface in radv, and make sure not to re-advertise the /64 that is automatically being advertised to your OS.

5. Start up radvd.

Clients using that tunnel should then automatically choose IP addresses using SLAAC from the specified /64.

How are reverse DNS entries set up?

Reverse DNS (PTR) entries can be configured through the "IP list" page in the control panel, for specific IP addresses. We do not currently limit the number of entries that can be created; just add one at a time.

Why does the IPs page not show gateway or mask fields for IPv6 addresses, as it does with IPv4?

The mask is another way of writing the prefix information with IPv4; IPv6 only uses the prefix version (the "/x" at the end of the line).

The gateway is advertised to each VDS through Router Advertisements (RA) and is a local IP address on the machine hosting the VDS, so it does not need to be configured manually. But, if you really want to configure one manually in your OS, you can also use the very first address of your prefix -- matching the /48 itself, ending in ::.

Can IPv6 be disabled?

Yes. IPv6 is not enabled by default. If you set it up but change your mind, simply disable it through the "Firewall" page, then reboot the VDS.

It can also be disabled from inside the OS. In Linux, for instance, "ipv6.disable=1" on the kernel command line will completely disable it. For a less-complete disable, running the command echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6 should do it.
Post Reply