Configuring an IPv6 address in Red Hat Enterprise Linux 7 and 8

As I mentioned in What you need to know about IPv6, different methods exist to configure an IPv6 address on a machine. We will mainly focus on configuring an IPv6 address on a Red Hat Enterprise Linux (RHEL) 7 and 8 systems and briefly explain different assignment methods.

[Want to try out Red Hat Enterprise Linux? Download it now for free.]

Configuring IPv6 on RHEL 7 and 8

A Red Hat Enterprise Linux system is configured to obtain an IPv6 address automatically. These are the lines in the configuration file where the magic happens (I am adding some explanation to each line):

[root@rhel8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
………  
………
IPV6INIT="yes"  ←  Enable initialization on the interface
IPV6_AUTOCONF="yes" ← Accept Router Advertisements (RA’s)
IPV6_DEFROUTE="yes" ← The default IPv6 route is assigned to the interface
IPV6_FAILURE_FATAL="no" ← Opposite of ‘may-fail’
IPV6_ADDR_GEN_MODE="stable-privacy" ← IPv6 stable-privacy addressing s(RFC7217)
NAME="enp1s0"
………
………

For more information on what those connection settings do, run:

man nm-settings-ifcfg-rh

Stateless address autoconfiguration (SLAAC)

If the IPV6_AUTOCONF variable is set to yes, then the SLAAC method is used to configure the host’s IPv6 address by using the Neighbor Discovery Protocol (NDP). The technique applied here is the one explained in the previous article’s Multicast section, where there is an exchange of client solicitation and router advertisement ICMPv6 messages.

We use the term stateless because there is no service to keep track of what IPv6 addresses have been assigned to clients. Rather, the IPv6 address is composed with a technique called the Extended Unique Identifier (EUI-64) where 16 bits are added to the Media Access Control (MAC) address (which has 48 bits), thus creating a globally unique IPv6 address.

DHCPv6

To use DHCPv6, the following should appear within the configuration file:

IPV6_AUTOCONF="no"
DHCPV6C=”yes”

If the DHCPv6 variable is set to yes, then a client obtains an IP address from the DHCPv6 pool. The DHCPv6 service then keeps track of what IPv6 addresses are assigned to what clients. Among the IP address, other information like DNS servers, lease time, hostnames, and other attributes are pushed to the client. An administrator must configure the IPv6 address pool to be able to serve clients.

Manual

It is also possible (but not recommended) to configure an IPv6 address manually. Manual configuration requires a lot of effort, is error-prone, and it’s hard to keep track of what IPv6 addresses are assigned to what clients. On a large network, a DHCPv6 server is preferable for performing this task.

To configure IPv6 on Red Hat Enterprise Linux 7 and 8 manually, your version of the following needs to added to the configuration file:

[root@rhel8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
………  
………
IPV6ADDR=2a01:1b0:5389:4::22f2
IPV6_DEFAULTGW=2a01:1b0:5389:4::22f0
………  
………

Or, you can manually configure through NetworkManager:

nmcli con mod enp1s0 ipv6.addresses "2a22:1d0:5222:4::22f2/64" gw6 "2a22:1d0:5222:4::22f0/64"
nmcli con mod enp1s0 ipv6.method manual

Testing IPv6 connectivity

To test IPv6 connectivity, we can run a ping6 on www.redhat.com:

ping6 -c2  www.redhat.com

PING www.redhat.com(g2a02-26f0-b200-018f-0000-0000-0000-0d44.deploy.static.akamaitechnologies.com (2a02:26f0:b200:18f::d44)) 56 data bytes
64 bytes from g2a02-26f0-b200-018f-0000-0000-0000-0d44.deploy.static.akamaitechnologies.com (2a02:26f0:b200:18f::d44): icmp_seq=1 ttl=58 time=8.43 ms

--- www.redhat.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.425/8.425/8.425/0.000 ms

While the ping was running, I ran Wireshark in the background to see what’s happening under the hood. Here is the ICMPv6 request packet (sent by me) and the ICMPv6 reply packet I received back.

ICMPv6 request

No.  Time  Source  Destination  Protocol Length Info
18 3.471783469  2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d 2a02:26f0:7b:28a::d44 ICMPv6  118  Echo (ping) request id=0x68d7, seq=1, hop limit=64 (reply in 24)

Frame 18: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee), Dst: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
   Destination: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      Address: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Source: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      Address: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d, Dst: 2a02:26f0:7b:28a::d44
   0110 .... = Version: 6
   .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
      .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
      .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
   .... .... .... 1010 0010 1001 1110 0100 = Flow Label: 0xa29e4
   Payload Length: 64
   Next Header: ICMPv6 (58)
   Hop Limit: 64
   Source: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
   Destination: 2a02:26f0:7b:28a::d44
   [Source GeoIP: NL]
   [Destination GeoIP: ]
Internet Control Message Protocol v6
   Type: Echo (ping) request (128)
   Code: 0
   Checksum: 0xdff6 [correct]
   [Checksum Status: Good]
   Identifier: 0x68d7
   Sequence: 1
   [Response In: 24]
   Data (56 bytes)

ICMPv6 reply

No.  Time  Source  Destination  Protocol Length Info
24 3.607831042  2a02:26f0:7b:28a::d44 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d ICMPv6  118  Echo (ping) reply id=0x68d7, seq=1, hop limit=59 (request in 18)

Frame 24: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff), Dst: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
   Destination: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      Address: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Source: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      Address: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2a02:26f0:7b:28a::d44, Dst: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
   0110 .... = Version: 6
   .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
      .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
      .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
   .... .... .... 1000 0110 0011 0011 0111 = Flow Label: 0x86337
   Payload Length: 64
   Next Header: ICMPv6 (58)
   Hop Limit: 59
   Source: 2a02:26f0:7b:28a::d44
   Destination: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
   [Source GeoIP: ]
   [Destination GeoIP: NL]
Internet Control Message Protocol v6
   Type: Echo (ping) reply (129)
   Code: 0
   Checksum: 0xdef6 [correct]
   [Checksum Status: Good]
   Identifier: 0x68d7
   Sequence: 1
   [Response To: 18]
   [Response Time: 136.048 ms]
   Data (56 bytes)

Note that many organizations choose to block ping requests for security reasons, so it’s generally a good idea to try pinging several sites when testing your connectivity.