New /48 assignments, October 2024: Difference between revisions

In October 2024 BitFolk assigned new IPv6 /48 netblocks to customers. This article describes how existing customers can make use of these.

Work In Progress

Warning:

This article is a work in progress. It's not yet complete. When it is developed enough to be useful it will be moved out to /New /48 assignments, October 2024

TL;DR:

All existing customers have been assigned a new IPv6 /48 per VM. The one you've been assigned can be found at the DNS and IP addresses page of the Panel. You can now start assigning addresses and routes from within it and then they should work. If you don't care about IPv6 or just want to carry on using the addresses you have you can stop reading and do nothing.

History

BitFolk has offered native IPv6 connectivity from the beginning, but has always used IPv6 addresses provided by its colo provider. As that was all out of a single /48 assigned to BitFolk each customer VM got only a /64 and optional /56 netblocks were available on request.

As of October 2024 BitFolk's own IPv6 allocation will be used and new customer VMs (and new installs of existing VMs) will be set up to exclusively use the new IP addresses. Administrators of existing VMs will need to configure the new addresses themselves. There are also some configuration details that may cause problems.

Examples used here

It is normally good practice to use the IPv6 documentation prefix 2001:db8::/32 when giving examples of IPv6 addresses. However, this article is aimed at existing customers of BitFolk and the documentation prefix does not resemble real BitFolk addresses; this could be confusing for those less familiar with IPv6 so we are going to use the following example addresses.

Deprecated IPv6 assignment

2001:ba8:1f1:f004::/64

New IPv6 assignment

2a0a:1100:1018::/48

All BitFolk customer /48 assignments currently start with 2a0a:1100:1xxx and all of the old BitFolk /64 assignments started with 2001:ba8:1f1:fxxx so yours will look the same apart from the last three hexadecimal digits.

Other assumptions

Main network interface name

We'll assume enX0 which is what it is on the latest Linux releases unless you have forced it not to be. On older releases it will be eth0.

IPv6 enabled, with an open firewall

By default BitFolk VMs don't come with a firewall and do have IPv6 enabled. If you've disabled it or firewalled it off then this is not going to work and you'll have to undo that first.

Making it work

Immediate configuration

Just add a single IPv6 address from inside your assignment.

# ip address add 2a0a:1100:1018::/128 dev enX0

Since the :: means "everything from here onwards is 0", 2a0a:1100:1018::/128 is the same as 2a0a:1100:1018:0000:0000:0000:0000:0000/128. It's the all-zeroes address for your assignment; the first usable IP address.

This address should now be reachable from outside BitFolk. If it's not then you need to do some #Troubleshooting and should not continue until you have this working.

Permanent configuration

The above command just adds an address to the running system but does not make that change permanent. To make a permanent change you need to adjust your configuration and that depends upon which network configuration framework is in use.

The basic things you need to do though are:

1. Add one or more new addresses
2. Add a blackhole route for your whole /48
3. Change your default route to be through fe80::1 (optional)
4. Add back the deprecated addresses you were using before, if you need to keep using them (optional)

The purpose of the blackhole route is to stop traffic for the vast number of unassigned addresses in your assignment from going back out of your default gateway and looping around inside BitFolk until their TTL expires. It will not cause a problem for any directly assigned addresses or routes you are using. New BitFolk VMs are installed this way and it's BitFolk policy for you to have a route like this, or some other means of preventing that happening.

The purpose of having your default route be via fe80::1 is that it

1. is neater 😀
2. doesn't use an address from your assignment
3. will allow you to stop using the deprecated IPv6 addresses entirely

Things will continue working if you don't do that though.

It is suggested that you make sure you can connect to your Xen Shell console before modifying your network configuration so that if there are problems you can still administer the VM.

Here's how to accomplish the above in various network configuration frameworks.

ifupdown, as typically found on Debian, and older Ubuntu

ifupdown is configured in the /etc/network/interfaces file. The relevant section of your file probably started off looking like this:

iface enX0 inet6 static
    address 2001:ba8:1f1:f004::2
    netmask 64
    gateway 2001:ba8:1f1:f004::1

The netmask line might be missing, with the /64 seen on the end of the line above it instead.

You would change that to this:

iface enX0 inet6 static
    address  2a0a:1100:1018::/128
    gateway  fe80::1
    post-up  ip route add blackhole 2a0a:1100:1018::/48 || true
    pre-down ip route delete blackhole 2a0a:1100:1018::/48 || true
    post-up  ip address add 2001:ba8:1f1:f004::2/128 dev $IFACE

To test it out, reboot or log in to your Xen Shell console and do:

xen shell>  console
# ifdown enX0
# ifup enX0

Note that the network is going to go down when you type ifdown which is why you need to do that from the console.

netplan, as typically found on Ubuntu systems

netplan is configured through a YAML file in the /etc/netplan/ directory.

Your probably started off looking like this:

ethernets:
    enX0:
        dhcp4: false
        dhcp6: false
        addresses: '85.119.82.121/21', '2001:ba8:1f1:f004::2/64'
        routes:
          - to: default
            via: '85.119.80.1'
          - to: default
            via: '2001:ba8:1f1:f004::1'
        nameservers:
            addresses: '85.119.80.232', '85.119.80.233', '2001:ba8:1f1:f205::53', '2001:ba8:1f1:f206::53'

The new version should look like this:

ethernets:
    enX0:
        dhcp4: false
        dhcp6: false
        addresses: '85.119.82.121/21', '2a0a:1100:1018::/128', '2001:ba8:1f1:f004::2/64'
        routes:
          - to: default
            via: '85.119.80.1'
          - to: default
            via: 'fe80::1'
          - to: '2a0a:1100:1018::/48'
            via: '::'
            type: blackhole
        nameservers:
            addresses: '85.119.80.232', '85.119.80.233', '2001:ba8:1f1:f205::53', '2001:ba8:1f1:f206::53'

After changing the file you can apply those changes with:

$ sudo netplan try

That will apply the changes and ask you to confirm, rolling them back if you don't confirm within a short period of time.

NetworkManager, as found on Red Hat-like systems

NetworkManager can be configured from the command line using nmcli though this may temporarily break IPv6 connectivity (IPv4 should be unaffected).

# nmcli connection modify enX0 \
            ipv6.addr-gen-mode eui64
# nmcli connection modify enX0 \
            ipv6.method manual \
            ipv6.addresses 2a0a:1100:1018::/128
# nmcli connection modify enX0 \
            +ipv6.addresses 2001:ba8:1f1:f004::2/128
# nmcli connection modify enX0 ipv6.gateway fe80::1
# nmcli connection modify enX0 \
            +ipv6.routes 2a0a:1100:1018::/48 type=blackhole

The new thing here is ipv6.addr-gen-mode eui64. BitFolk is routing your netblocks (both your deprecated /64 and the new /48) to you through the link-local address in your VM so it';s necessary for your link-local address to be predictable. NetworkManager appears to take over the generation of these addresses and by default uses a stable-privacy mode.

Unsure if changing the ipv6.addr-gen-mode takes effect immediately or if it needs the interface to be taken down and brought up again. See Troubleshooting for more info.