Translated using DeepL

Machine-translated page for increased accessibility for English questioners.

Page in original, Czech language.

IPv6 on FI

The Faculty of Informatics has been assigned the network prefix 2001:0718:0801:0200::/56 by the connection provider CESNET.

If you wish to set up IPv6 on your machine, please contact the administrator at unix@fi.muni.cz. The preferred option is to send us the DUID, or you can set the address statically. More on both options below. If you configure an IPv6 address on your managed machine, we will also introduce that address into DNS (AAAA record).

Status configuration

As a point of interest, we will describe the convention we follow when assigning addresses. Understanding it is not necessary, if you wish to set up an IPv6 address, contact us and we will provide you with the address.

We assign machines with a public IPv4 address a public IPv6 address that logically corresponds to an IPv4 address as follows:

  • For example, consider a machine with the address 147.251.42.106 on the 147.251.42.0/24 network.
  • The first 16 bits ( 147.251) belong to the MU network, adding the next 8 bits ( 42) gives the (sub)network address, i.e. 147.251.42.0/24. The remaining 8 bits ( 106) identify the machine within the network.
  • 42 is hexadecimal 2a, 106 is 6a.
  • So we take our 56 bits ( 2001:0718:0801:02) and add 2a to them to form the (sub)network 2001:718:801:22a::/64, which corresponds to the (sub)network 147.251.42.0/24.
  • Add 6a and we get the address 2001:718:801:22a::6a

The gateway is usually at 1 (except for the network 147.251.48.0/24, or 2001:718:801:230::1/64, where 1 is Aisa for historical reasons; the gateway is at 147.251.48.14, or 2001:718:801:230::e).

DHCPv6

The preferred method is stateful autoconfiguration (DHCPv6). All you need to know is the DUID (DHCP Unique Identifier) of the device. However, discovering/setting the DUID on the client is often a problem in practice. It depends on the DHCP client and is not always easy. We usually discover it by scanning network traffic using tcpdump, a procedure that works independently of the DHCP client on the machine. For example, it can be captured like this (from the command delete those -e option_name, which your TShark does not know):

tshark -i $IFACE -Y 'udp port 547' -T fields -E header=y \
    -E separator=/t -e eth.src -e dhcpv6.partial_name_preceded_by_fqdn \
    -e dhcpv6.client_fqdn -e ipv6.src -e dhcpv6.duid.bytes

In addition, it is necessary (for router advertisements to work) that the machine uses a MAC-based LLA and not a randomly generated one (privacy extensions). E.g. for NetworkManager these are options:

In the user interface
  • Method: Automatically
  • IPv6 Privacy Extensions: Disabled
  • IPv6 address creation method: EUI64
In the configuration file
[ipv6]
method=auto
ip6-privacy=0
addr-gen-mode=eui64

The DHCP client must also not ask for so-called prefix delegation; this behavior is known to systemd-networkd, which must be added to the configuration ( /etc/systemd/network/*.network):

[DHCPv6]
UseDelegatedPrefix=no

Static configuration

We often use manual (static) configuration on servers. If we want to configure IPv6 to a machine with IPv4 address 147.251.42.106, for example, we set its logical corresponding IPv6 address and the configuration will look like this:

Adress: 2001:718:801:22a::6a/64
Gateway: 2001:718:801:22a::1

Stateless configuration

SLAAC

In the case of stateless autoconfiguration (SLAAC), the client chooses the address itself. This method is used in the Eduroam and wlan_fi wireless networks and also for some virtual machines in the Stratus.FI faculty cloud infrastructure (we usually assign a NATted private IPv4 address and a public IPv6 address to the virtual machines).