Ubuntu 20.04 LTS Server Edition
Configuring IPv6 (on AT&T UVerse)

Updated 07 February 2024

This page documents the changes to the base Ubuntu server edition configuration to add IPv6 addressing and capabilities. Part of the fun was determining how to get the IPv6 addressing information, as AT&T doesn't have anything about this on its web site, and the Ubuntu sites suggest configurations that do not work. So my research proved to be a deep dive into the nitty-gritty of collecting, and applying, connection information.

What You Need Before Starting: To be prepared, you should have a desktop ISO you can use as the ultimate rescue vehicle, in case your server will not boot at all.

If you don't already have both of these ISOs on DVD-ROM or USB thumb drive, get them. These links were valid as of the writing of this page, 07 February 2024:

• Ubuntu 20.04 LTS Server Edition ISO
  ( https://releases.ubuntu.com/focal/ubuntu-20.04.6-live-server-amd64.iso)
• Ubuntu 20.04 LTS Desktop ISO (for initial IPv6 information capture)
  ( https://releases.ubuntu.com/focal/ubuntu-20.04.6-desktop-amd64.iso )

NOTE: At the time of this writing, Ubuntu had released versions 22.04 LTS of this software.

Background: My AT&T UVerse service is a business fiber service, using an Arris BGW210 as the interface to the GPON (Gigabit Passive Optical Network) fiber attachment. The service includes a /29 of IPv4 addresses. The servers I build for connection directly to the Internet are configured in dual-stack mode by following this procedure. "dual-stack" means that people on the Internet can use either IPv4 or IPv6 to gain access to them, and the servers can initiate outgoing traffic using IPv4 and IPv6. I've added DNS AAAA records as appropriate.

NOTE: This is a step-by-step procedure that is specific to AT&T's service. These procedures may apply, with modification, to other services. Let's begin:

Gather the IP address information:
(The ↵ symbol as used below is the "Enter" key.)

• On your server hardware, insert the device with the Desktop ISP into a USB port.
• Boot the server. When you get a desktop, select "Try Ubuntu".
• In the Network Settings panel, configure the IPv6 interface of the Ethernet port connected to your fiber box as "automatic".
• Open a terminal, and type sudo /bin/bash ↵ to get a root shell.
• Type apt-get -y install net-tools ↵
• Type route -6n ↵; you should see something like this:

  /home/satch# route -6n
  Kernel IPv6 routing table
  Destination                    Next Hop                   Flag Met Ref Use If
  ::1/128                        ::                         U    256 2     0 lo
  2600:1700:79b0:ddc0::48/128    ::                         U    101 1     0 enp1s0
  2600:1700:79b0:ddc0::/64       ::                         U    101 3     0 enp1s0
  2600:1700:79b0:ddc0::/60       fe80::b293:5bff:fed1:de50  UG   101 1     0 enp1s0
  fe80::/64                      ::                         U    101 1     0 enp1s0
  fe80::/64                      ::                         U    102 1     0 enp2s0
  ::/0                           fe80::b293:5bff:fed1:de50  UG   20101 3   0 enp1s0
  ::1/128                        ::                         Un   0   5     0 lo
  2600:1700:79b0:ddc0::48/128    ::                         Un   0   2     0 enp1s0
  2600:1700:79b0:ddc0:2bd5:1008:a93f:cbe7/128 ::            Un   0   5     0 enp1s0
  2600:1700:79b0:ddc0:e929:e30d:346d:3e40/128 ::            Un   0   4     0 enp1s0
  fe80::137f:4fc7:e63a:f2c4/128  ::                         Un   0   6     0 enp1s0
  fe80::f647:d0b6:8c6d:32f1/128  ::                         Un   0   2     0 enp2s0
  ff00::/8                       ::                         U    256 3     0 enp1s0
  ff00::/8                       ::                         U    256 3     0 enp2s0
  ::/0                           ::                         !n   -1  1     0 lo
    

Buried in this large block of information is exactly what we need to configure IPv6 later. The IPv6 address in this example is 2600:1700:79b0:ddc0::48/128. The gateway address is in the "Next Hop column", which in this example is fe80::b293:5bff:fed1:de50.

There is a problem, however, with this observation, which is one reason it took me forever to get my Web server working on IPv6: the actual gateway address that I needed to use was 2600:1700:79b0:ddc0::1.

HINT: The IPv6 address is a 128-bit value, broken up into eight strings of hexadecimal digits, each string separated by a colon (:) character. The double-colon (::) represents one or more hexidecimal strings of 0000.

• The first three hexidecimal strings represent the prefix (2600:1700:79b0)
• The next hexidecimal string is the subnet (ddc0).
• The last four hexidecimal strings (::48) is the interface ID — here the first three strings are implied to be 0000. The interface ID assigned by the fiber box is not what we want; we will define our own, 35 in this example.
• The gateway address is not in the above-shown table, but is the prefix, subnet, and the device address of "1".

Let's summarize what we have found, and associate them with the variables we will see in our netplan YAML template:

We then apply substitution to the variables in this netplan(5,8) template to arrive at our final YAML configuration file for the public interface's IPv4 and IPv6 addressing, and the IPv4 LAN address:

---
network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp6: false
      addresses: [ 76.209.1.$id4/29, $prefix6:$subnet6::$id6/64 ]
      link-local: []
      routes:
        - to: ::/0
          via: $gateway6
          metric: 1000
          on-link: true
        - to: 0.0.0.0/0
          via: 76.209.1.166
          metric: 1000
    enp2s0:
      dhcp6: false
      addresses: [ 10.1.1.$id6/24, 10.1.3.$id6/24 ]
      link-local: []
      nameservers:
        addresses: [ 10.1.1.29 ]
        search: []
  

So, for this example, here is the final netplan YAML file content. Replace the contents of /etc/netplan/00-installer-config.yaml with this data:

---
network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp6: false
      addresses: [ 76.209.1.163/29, 2600:1700:79b0:ddc0::35/64 ]
      link-local: []
      routes:
        - to: ::/0
          via: 2600:1700:79b0:ddc0::1
          metric: 1000
          on-link: true
        - to: 0.0.0.0/0
          via: 76.209.1.166
          metric: 1000
    enp2s0:
      dhcp6: false
      addresses: [ 10.1.1.35/24, 10.1.3.35/24 ]
      link-local: []
      nameservers:
        addresses: [ 10.1.1.29 ]
        search: []
  

Type the command netplan try ↵

Set sysctl.conf: one final thing to do is to update /etc/syscfg.conf with this content:

net.core.rmem_max                   = 16777216
net.core.wmem_max                   = 16777216
net.core.rmem_default               = 204800
net.core.wmem_default               = 204800
net.core.optmem_max                 = 40960
net.core.default_qdisc              = fq
net.core.netdev_max_backlog         = 50000

net.ipv4.tcp_rmem                   = 4096 87380 16777216
net.ipv4.tcp_wmem                   = 4096 65536 16777216
net.ipv4.tcp_no_metrics_save        = 1

net.ipv4.conf.enp1s0.rp_filter      = 2
net.ipv4.conf.enp2s0.rp_filter      = 2
net.ipv4.conf.lo.rp_filter          = 0

net.ipv6.conf.enp1s0.disable_ipv6   = 0
net.ipv6.conf.enp2s0.disable_ipv6   = 1
net.ipv6.conf.lo.disable_ipv6       = 1

net.ipv6.conf.all.forwarding        = 0

net.ipv4.conf.all.accept_redirects  = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians      = 1
net.ipv4.conf.all.send_redirects    = 0
net.ipv4.conf.all.send_redirects    = 0

net.ipv4.neigh.enp1s0.gc_stale_time = 600

net.ipv4.ip_forward                 = 0
net.ipv4.tcp_congestion_control     = htcp
net.ipv4.tcp_syncookies             = 1

vm.swappiness                       = 10
  

Type the command sysctl -p ↵

Comments, suggestions, and error reports are welcome.
Send them to: spamfilter (at) satchell (dot) net)
© 2021 Stephen Satchell, Reno NV