# IPV6 for dummies tutorial 101.



## drmike (Jun 14, 2013)

I am about to embark on some testing of a VPS.  That VPS has IPV6 enabled (tunneled IPV6).

This is my first time paying attention to IPV6 (yeah, long overdue).

For those here that are IPV6 experienced, could you share some information on common tools for IPV6 (ping6, traceroute for IPV6, etc.)?

Anyone care to explain the new IPs and how the exactly work with some basic examples?

Whatever is shared here, I'll compile and plug into the *Tutorials *for long term reference.

As always, thank you!


----------



## Zach (Jun 14, 2013)

ping6, traceroute6 will be pretty much it


----------



## MannDude (Jun 14, 2013)

Would be neat. I've not messed around with IPv6 much other than confirming it worked by using 'ping6' or something. I guess having two VPSes with IPv6 _only _and then doing something between the two would be a beneficial learning experience.


----------



## drmike (Jun 14, 2013)

MannDude said:


> doing something between the two would be a beneficial learning experience


 

I'd consider tinkering with  IPV6-only services like @AnthonySmith is offering or @Prometeus was/is.     Just a matter of a learning curve we all need to get up to speed on.   IPV6 will eventually happen and better to migrate and know now then hit a wall then.


----------



## NodeBytes (Jun 14, 2013)

I'm routing a lot with IPv6 between VMs where they only need to talk to each other. I'd like to not pay for IPv4 address when I don't need to.


----------



## drmike (Jun 14, 2013)

bcarlsonmedia said:


> I'm routing a lot with IPv6 between VMs where they only need to talk to each other. I'd like to not pay for IPv4 address when I don't need to.


Totally agree on this point, especially in non US markets where IPV4 prices are getting crazier monthly.


----------



## D. Strout (Jun 14, 2013)

Not much advice to give, really. Just use them like regular IPv4s, except you never have to worry about running out  If you're unfamiliar with the format of the addresses, there are plenty of tutorials/articles on the Internet covering how they're laid out. I would advise you to check with your domain registrar and/or DNS provider and make sure they support AAAA records. If not, switch. AAAA GLUE records are a nice bonus, but not necessary. Namecheap supports both (AAAA GLUE via support ticket), so most of us are all set with that.


----------



## drmike (Jun 14, 2013)

Yeah the address format is long and different @D. Strout   Care to take a rudimentary stab at describing such or post useful links that do good describing such?

AAAA records = equivalent of A record for IPV4? 

Sorry, awkward being a newb for a change.


----------



## D. Strout (Jun 14, 2013)

buffalooed said:


> Yeah the address format is long and different @D. Strout   Care to take a rudimentary stab at describing such or post useful links that do good describing such?
> 
> AAAA records = equivalent of A record for IPV4?
> 
> Sorry, awkward being a newb for a change.


First, the easy part: Yes, AAAA in IPv6 = A in IPv4.

For the address format, it works something like this. You have a total of 8 "segments", separated by colons, just like IPv4 had four segments separated with periods. Each segment has four hex digits (0-f), for a total of 65536 total possibilities per segment. So, for example, here is a valid IPv6 address:


2001:0db8:23c5:89be:0045:67aa:0aba:301d
...Which is rather long and convoluted. The nice thing is, IPv6 addresses can be abbreviated under certain circumstances. First of all, leading zeroes in any segment can be dropped. So the address above could be rewritten as:


2001:db8:23c5:89be:45:67aa:aba:301d
...Better, but still kinda long. However, since there are so many addresses (2^128), you won't usually see all those segments filled up. Often you'll have a large block in the middle of all zeroes. These can be collapsed in to a double colon. So this address:


2001:db8:0:0:0:0:aba:301d
Can be rewritten as:


2001:db8::aba:301d
Which is actually pretty manageable. The two are equally valid. Note that you can't do this twice, otherwise when looking up the address a computer couldn't "tell" how many blocks of all-zero each double colon would represent. Likewise for removing leading zeroes - don't remove trailing ones. If you should have a case where you have two sets of bunches-of-zeroes you could truncate, truncate the longer one. If they're the same length, truncate the leftmost one.

These are edge cases, and a good parser (for instance, Google Chrome's address bar) will handle all these for you. Plug an extended IPv6 address in to Google Chrome and it will navigate to it, but also shorten it in the address bar. Firefox, unfortunately, doesn't. Which brings me to how to navigate to IPv6 addresses. When you type an IPv6 address in your browser's address bar, for instance, you need to surround it with square brackets. This is to differentiate IPv6 address colons from port colons.

Some other details. Prefix sizes are calculated thusly (where _p=_prefix size, e.g. /64): 2^(128-_p_). So a /64 block has 1,844,674,407,370,955,116 addresses. If you have a block allocated to a box of yours, you can add addresses from it with the `ip` command:


ip -6 addr add [address]/[block-size] dev [dev(usually eth0 or he-ipv6 if tunneled)]
For instance: 


ip -6 addr add 2001:db8:63f::3209:8788 dev eth0
Incidentally, I've been using addresses starting with 2001:dba because that is the IPv6 documentation prefix.


----------



## earl (Jun 15, 2013)

Also it's best to use IE if you are initially testing for ipv6 as some browser like firefox and chrome defaults to ipv6 being disabled and you need to manually configure your browser to enable ipv6 support..

First search results from Google

enable ipv6 in firefox:

http://www.techtin.com/browser/how-to-enable-ipv6-in-firefox/

enable ipv6 in chrome:

http://www.chromestory.com/2011/02/how-to-enable-ipv6-using-google-chrome/


----------



## drmike (Jun 15, 2013)

^ this is awesome! @D. Strout's examples and explanation.

Never realized the addresses were collapsible like that with dropping 0 values.  Much easier when doing such.


----------



## D. Strout (Jun 15, 2013)

earl said:


> Also it's best to use IE if you are initially testing for ipv6 as some browser like firefox and chrome defaults to ipv6 being disabled and you need to manually configure your browser to enable ipv6 support..


I have never had that problem. If you have, I'd advise you to update your browser(s).


----------



## SeriesN (Jun 15, 2013)

Just to add, if you are using Android phones, make sure you edit your APN (Access point network) settings so it can support both v6 and v4 without any issue (As long your carrier/Isp supports v6 ),


----------



## D. Strout (Jun 15, 2013)

I've heard that mobile carriers tend to support IPv6, at least a lot more than home ISPs. Is this true? It seems plausible due to the millions of smartphones out there, but in my experience end-user native IPv6 deployment is generally deplorable.


----------



## earl (Jun 15, 2013)

D. Strout said:


> I have never had that problem. If you have, I'd advise you to update your browser(s).


All my browsers are current.. maybe cause win7 and linux os has different defaults for it's web browser settings?


----------



## Kris (Jun 15, 2013)

My provider luckily assigns IPv6 addresses starting at their block, so with the shortening of 0000:0000:0000 in between, it's actually 4 places.

Not a fan of Solus generated IPv6 addresses that use the full monty.

Beyond traceroute6 and ping6, don't forget *ip6tables*


----------



## D. Strout (Jun 15, 2013)

Kris said:


> Not a fan of Solus generated IPv6 addresses that use the full monty.


Ramnode Atlanta is four places since Nick has a /32. If you get a routed /48 on a HE.net tunnel, the network address section is three places, so you can allocate yourself a host identifier with one section and get four sections.

As for ip6tables, that's more than I care to write.


----------



## NodeBytes (Jun 15, 2013)

ip6tables is so useful though. I <3 control.


----------



## bbb (Jun 15, 2013)

A simple guide to subnets would save a lot of headaches.


----------



## D. Strout (Jun 15, 2013)

A few notes in regard to configuring IPv6 in Apache:

In allowing/blocking IPv6 addresses, you just use the addresses:


Allow from 2001:db8:52::320c:ade5
Deny from 2001:db8::dead:beef
But when configuring listening addresses and ports, or in vhost configuration, you need to surround the addresses with square brackets:


Listen [2001:db8:89:1000::53]
This is because in those cases, you can also add a port number, and as mentioned before, the address parser needs to know what is address and what is port.


Listen [2001:db8::89:1000:53]:8080
Basically, if the place you're putting the address could also accept a port (vhost, listen directives, etc.) you need to use square brackets. Otherwise, you omit them. Usually you will need them, though. The examples above are for Apache, but I'm sure it works similarly with other servers and with services like SSH. FWIW, since you'll probably have a _lot_ of IPv6 addresses, you should limit the ones SSH listens on. Preferably just have it listen on one. Something like this is good in your SSH conf:


ListenAddress [2001:db8:32::5705]:57389
ListenAddress 203.0.113.87:57389
...In other words, listen only on one IPv6 and one IPv4 address on a high port. Reduce your "surface area" so to speak. Not a big deal, bots still aren't sweeping IPv6 for open port 22 much (probably never will, just too much), but why not?


----------



## CoolMoon (Jun 15, 2013)

I googled a lot of tutorials online, trying to enable my windows 7 laptop for tunneled IPv6, yet none of them works.  Should I start from my computer or my home router first?


----------



## splitice (Jun 16, 2013)

One of the best resources I have ever found on IPv6 on linux (back before I did networking at university) a blog. http://www.ipsidixit.net/

Found them very informative in a technical way.


----------

