IPv6
Some notes about configuring IPv6 at BitFolk.
Your IPv6 assignment
By default customers are assigned a /64 of IPv6 space that starts with 2001:ba8:1f1:. The next four hexadecimal digits will identify your /64. For example:
$ ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:ba8:1f1:f004:a800:ff:fe6a:380c/64 scope global
valid_lft forever preferred_lft foreverThis would indicate that 2001:ba8:1f1:f004::/64 is this customer's assignment.
In this case the address 2001:ba8:1f1:f004:a800:ff:fe6a:380c has been dynamically assigned, but all addresses between 2001:ba8:1f1:f004::2 and 2001:ba8:1f1:f004:ffff:ffff:ffff:ffff are available to the customer for assignment (264-2 addresses). 2001:ba8:1f1:f004::1 is used for the IPv6 default gateway.
Static IPv6 configuration
You might wish to disable autoconfiguration and statically assign your IPv6 addresses. The typical way to do this is with the files in /proc/sys/ (or equivalent settings using sysctl). The following files in /proc/sys/ are relevant:
/proc/sys/net/ipv6/conf/default/accept_ra
/proc/sys/net/ipv6/conf/all/accept_ra
/proc/sys/net/ipv6/conf/eth0/accept_ra
/proc/sys/net/ipv6/conf/default/autoconf
/proc/sys/net/ipv6/conf/all/autoconf
/proc/sys/net/ipv6/conf/eth0/autoconfIf you echo "0" to all of the above files then IPv6 autoconfiguration will be disabled.
The best way to do this will vary by distribution.
CentOS
Enable IPv6 in /etc/sysconfig/network:
NETWORKING_IPV6=yesConfigure IPv6 on the interface config file, e.g. /etc/sysconfig/network-scripts/ifcfg-eth0:
IPV6INIT=yes
IPV6ADDR=2001:ba8:1f1:f004::2/64
IPV6_DEFAULTGW=2001:ba8:1f1:f004::1Both of the above are in addition to what's already in those files. They're also case-sensitive, i.e. "yes" works but "YES" doesn't.
After doing this you would then need to reboot or issue service network restart. I'd recommend doing that from the xen shell console though!
Debian/Ubuntu
You could put something like this in /etc/network/interfaces:
iface eth0 inet6 static
address 2001:ba8:1f1:f004::2
netmask 64
gateway 2001:ba8:1f1:f004::1
post-up echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/default/autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf$IFACE is replaced by the name of the interface by the network configuration scripts.
Configuring additional IPv6 addresses
Debian/Ubuntu
There isn't a nice way to do this yet like there is for IPv4 addresses, so you're forced to call the ip command from the post-up option. Example:
iface eth0 inet6 static
address 2001:ba8:1f1:f004::2
netmask 64
gateway 2001:ba8:1f1:f004::1
# Disable autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/default/autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
# Add another IPv6 address
post-up ip -6 address add 2001:ba8:1f1:f004::1337/64 dev $IFACEThe default IPv6 source address
The source address chosen for IPv6 packets is typically the last one added to the system. This may be undesirable if you are adding addresses that you wish to dedicate to certain services. You can force selection of a given IPv6 source address by giving it a longer prefix than anything else on the system; /128 for example.
Debian/Ubuntu
iface eth0 inet6 static
# Perhaps you will only use this one for web serving
address 2001:ba8:1f1:f004::80
netmask 64
gateway 2001:ba8:1f1:f004::1
# Disable autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
post-up echo 0 > /proc/sys/net/ipv6/conf/default/autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
post-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
# This one is to be the one that is used for outbound traffic by default
post-up ip -6 address add 2001:ba8:1f1:f004::dead:beef:cafe/128 dev $IFACE
# Add another IPv6 address. If it wasn't for the above one using /128 then this would be the default source IPv6 instead
post-up ip -6 address add 2001:ba8:1f1:f004::1337/64 dev $IFACEFirewalling
Don't forget that you'll need to firewall your IPv6 just like you firewall your IPv4. The tool to do so is ip6tables.
Router Advertisements
If you wish to allow stateless address autoconfiguration from BitFolk to work then you need to allow the following in your IPv6 firewall:
ip6tables --append INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
ip6tables --append OUTPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPTPreferring IPv4 over IPv6
Sometimes a host has both IPv4 and IPv6 addresses. By default, Linux tends to prefer IPv6. If for some reason you wish to prefer IPv4 addresses then you can do so by adding:
precedence ::ffff:0:0/96 100at the end of /etc/gai.conf .
Disabling IPv6
If you don't use IPv6 yet then it might be best to explicitly disable it.
Debian
lenny
IPv6 is a module on lenny and earlier but you can't just unload it once it's been loaded. You need to blacklist it from being loaded:
# echo 'blacklist ipv6' >> /etc/modprobe.d/blacklistNote the append (>>) — this file has useful things in it already.
You will need to reboot for this to take effect.
squeeze or beyond
IPv6 support is built into the kernel on squeeze and beyond. You can disable it with a sysctl, for example:
# echo 'net.ipv6.conf.all.disable_ipv6=1' > /etc/sysctl.d/disableipv6.confwill disable IPv6 from the next reboot.
Ubuntu
Lucid (10.04 LTS) and onwards are the same as Debian squeeze.
Reverse DNS
By default you have no reverse DNS for IPv6. BitFolk will delegate the reverse DNS for your zone to nameservers you specify. These can all be nameservers you control, or BitFolk can provide up to three of them (you just provide the master).
The reverse zone for 2001:ba8:1f1:f004::/64 would be called 4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa. You can work this out using dig. For example:
$ dig +noall +question -x 2001:ba8:1f1:f004::1
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa. 86371 IN PTRThe 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 part is the record you put in your zone and the 4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa is the name of the zone itself. Here is what a typical BIND-format zone file might look like:
$ORIGIN 4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa.
$TTL 10800 ; 3 hours
@ IN SOA a.ns.example.com. hostmaster@example.com. (
2010122701 ; serial
1800 ; refresh (30 mins)
900 ; retry (15 mins)
1209600 ; expire (1 week)
3600 ) ; minimum (20 mins)
NS a.ns.example.com.
NS b.ns.example.com.
NS c.ns.example.com.
; Example reverse DNS for 2001:ba8:1f1:f004::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR ruminant.ipv6.bitfolk.com.
; Example reverse DNS for 2001:ba8:1f1:f004::1337
7.3.3.1.0.0.0.0.0.0.0.0.0.0.0.0 PTR leetv6.example.com
; Example reverse DNS for 2001:ba8:1f1:f004::dead:beef:cafe
e.f.a.c.f.e.e.b.d.a.e.d.0.0.0.0 PTR nomnom.example.com.You would then need to contact BitFolk support and ask for 4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa to be delegated to your three nameservers {a,b,c}.ns.example.com.
You would be advised to use at least two different nameservers in a reverse DNS delegation. If you don't have enough then BitFolk can provide up to three of them, just ask. BitFolk can also provide the only three visible nameservers while taking the zone from your hidden master if you wish.
Routing IPv6
The standard BitFolk customer assignment of IPv6 is a /64. This will give you plenty of addresses for your VPS, but isn't enough to route IPv6 further. For example, those using their VPS as a VPN server may wish to route an IPv6 network to each of their clients.
It is recommended to use a /64 for each IPv6 network—autoconfiguration won't work if you don't—so if you intend to further route IPv6 then you should contact support to ask for a /56. That will allow up to 256 /64 networks to be routed.