Updated 28 July 2021
This page documents the changes to the base Ubuntu server edition configuration to add IPv6 addressing and capabilities. Part of the fun was determining how to get the IPv6 addressing information, as AT&T doesn't have anything about this on its web site, and the Ubuntu sites suggest configurations that do not work. So my research proved to be a deep dive into the nitty-gritty of collecting, and applying, connection information.
What You Need Before Starting: To be prepared, you should have a desktop ISO you can use as the ultimate rescue vehicle, in case your server will not boot at all.
If you don't already have both of these ISOs on DVD-ROM or USB thumb drive, get them. You should have the first, which was used to install the server OS. These links were valid as of the writing of this page, 16 July 2021:
Background: My AT&T UVerse service is a business fiber service, using an Arris BGW210 as the interface to the GPON (Gigabit Passive Optical Network) fiber attachment. The service includes a /29 of IPv4 addresses. The servers I build for connection directly to the Internet are configured in dual-stack mode by following this procedure. "dual-stack" means that people on the Internet can use either IPv4 or IPv6 to gain access to them, and the servers can initiate outgoing traffic using IPv4 and IPv6. I've added DNS AAAA records as appropriate.
NOTE: This is a step-by-step procedure that is specific to AT&T's service. These procedures may apply, with modification, to other services. Let's begin:
Gather the IP address information:
(The ↵ symbol as used below is the "Enter" key.)
sudo /bin/bash
↵ to get a root shell.apt-get -y install net-tools
↵route -6n ↵; you should see
something like this:
/home/satch# route -6n Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If ::1/128 :: U 256 2 0 lo 2600:1700:79b0:ddc0::48/128 :: U 101 1 0 enp1s0 2600:1700:79b0:ddc0::/64 :: U 101 3 0 enp1s0 2600:1700:79b0:ddc0::/60 fe80::b293:5bff:fed1:de50 UG 101 1 0 enp1s0 fe80::/64 :: U 101 1 0 enp1s0 fe80::/64 :: U 102 1 0 enp2s0 ::/0 fe80::b293:5bff:fed1:de50 UG 20101 3 0 enp1s0 ::1/128 :: Un 0 5 0 lo 2600:1700:79b0:ddc0::48/128 :: Un 0 2 0 enp1s0 2600:1700:79b0:ddc0:2bd5:1008:a93f:cbe7/128 :: Un 0 5 0 enp1s0 2600:1700:79b0:ddc0:e929:e30d:346d:3e40/128 :: Un 0 4 0 enp1s0 fe80::137f:4fc7:e63a:f2c4/128 :: Un 0 6 0 enp1s0 fe80::f647:d0b6:8c6d:32f1/128 :: Un 0 2 0 enp2s0 ff00::/8 :: U 256 3 0 enp1s0 ff00::/8 :: U 256 3 0 enp2s0 ::/0 :: !n -1 1 0 lo
Buried in this large block of information is exactly what we
need to configure IPv6 later. The IPv6 address in this example is
2600:1700:79b0:ddc0::48/128. The gateway
address is in the "Next Hop column", which in this example is
fe80::b293:5bff:fed1:de50.
HINT: The IPv6 address is a 128-bit value, broken up into eight
strings of hexadecimal digits, each string separated by a colon
(:) character. The double-colon (::) represents one or more
hexidecimal strings of 0000.
2600:1700:79b0)ddc0).::48) is the interface ID — here the
first three strings are implied to be 0000. The interface ID assigned by the fiber box
is not what we want; we will define our own, 35 in this example.::/0 and had
an address in the "Next Hop" column. In this example, the
gateway address is fe80::b293:5bff:fed1:de50.Let's summarize what we have found, and associate them with the variables we will see in our netplan YAML template:
| Item | Variable | Value |
|---|---|---|
| IPv4 last octet | $id4 | 163 |
| IPv6 prefix | $prefix6 | 2600:1700:79b0 |
| IPv6 subnet | $subnet6 | ddc0 |
| IPv6 interface ID | $id6 | 35 |
| Gateway address | $gateway6 | fe80::b293:5bff:fed1:de50 |
We then apply substitution to the variables in this netplan(5,8) template to arrive at our final YAML configuration file for the public interface's IPv6 addressing:
network:
version: 2
ethernets:
enp1s0:
dhcp4: false
dhcp6: false
addresses:
- 76.209.1.$id4/29
- $prefix6:$subnet6::$id6/128
gateway4: 76.209.1.166
gateway6: "$gateway6"
nameservers:
addresses: []
search: []
enp2s0:
dhcp4: false
dhcp6: false
accept-ra: false
addresses:
- 10.1.1.$id6/24
- 10.1.3.$id6/24
link-local: []]
gateway4: 10.1.1.31
nameservers:
addresses:
- 10.1.1.29
search:
- satchell.net
So, for this example, here is the final netplan YAML file
content. Replace the contents of /etc/netplan/00-installer-config.yaml with this
data:
network:
version: 2
ethernets:
enp1s0:
dhcp4: no
dhcp6: no
addresses:
- 76.209.1.163/29
- 2600:1700:79b0:ddc0::35/128
gateway4: 76.209.1.166
routes:
- to: "fe80::b293:5bff:fed1:de50"
scope: link
- to: "::/0"
via: "fe80::b293:5bff:fed1:de50"
on-link: true
nameservers:
addresses: []
search: []
enp2s0:
addresses:
- 10.1.1.35/24
gateway4: 10.1.1.31
nameservers:
addresses:
- 10.1.1.29
search:
- satchell.net
Type the command netplan try ↵
Set sysctl.conf: one final thing to do is to update
/etc/syscfg.conf with this content:
net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.rmem_default = 204800 net.core.wmem_default = 204800 net.core.optmem_max = 40960 net.core.default_qdisc = fq net.core.netdev_max_backlog = 50000 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.enp1s0.rp_filter = 2 net.ipv4.conf.all.rp_filter = 0 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.enp1s0.disable_ipv6 = 0 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.ip_forward = 0 net.ipv4.tcp_congestion_control = htcp net.ipv4.tcp_syncookies = 1 vm.swappiness = 10
Type the command sysctl -p ↵
Comments, suggestions, and error reports are welcome.
Send them to: spamfilter (at) satchell (dot)
net)
© 2021 Stephen Satchell, Reno NV