IPv6 Dual-Stack Setup

pixel · February 28, 2024, 8:04am

Hi@all,

I have a UCS environment (5.0-6) with different roles (Primary, Replica and Managed). The connection to the Internet works via a Vodafone cable connection (IPv6 only).

A FritzBox Cable (6690) is connected directly to the connection and behind it a pfSense which serves the hosts in the LAN behind it.

Using Router Advertisement, the prefix delegated by the Profider is forwarded to the pfSense on the FB, which then distributes it.

I have activated “SLAAC” for IPv6 on the UCS systems. The UCS hosts then received valid IPv6 addresses from the range delegated by the provider. I used the firewall rules on the pfSense to make the system accessible from outside.

I would also like to use IPv6 in the internal LAN. The IPv6 addresses are not useful for this as they can change. I have had a corresponding IPv6 range generated and registered with ip-six.

How can I set both the public IP on the UCS systems using SLAAC and a static ULA address at the same time?

with best
sven

pixel · February 28, 2024, 1:39pm

On the Ubuntu server VM’s I was able to solve this easily.

/etc/network/interfaces

# Loopback interface
auto lo
iface lo inet loopback
allow - hotplug ens18
iface ens18 inet dhcp

# Interface on link " internal "
auto ens18
iface ens18 inet6 auto

/etc/network/if-up.d/ipv6-config.sh

/bin/bash
# Configuration for interface ens18
add ip -6 address fdd0:xxxx:f4c::a/64 dev ens18

chmod +x /etc/network/if-up.d/ipv6-config.sh

/etc/systemd/system/ipv6-config.service

[Unit]
Description=IPv6 configuration script
Wants=network-online.target
To=network-online.target

[Service]
Type=oneshot
RunStart=/etc/network/if-up.d/ipv6-config.sh

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable ipv6-config.service
systemctl start ipv6-config.service

I then have both the publicly valid address via SLAAC and the statically defined ULA address:

2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    altname enp6s18
    inet 192.168.xx.10/24 brd 192.168.xx.255 scope global dynamic ens18
       valid_lft 42827sec preferred_lft 42827sec
    inet6 2a02:xxxx:xxxx:8e1c:5c20:3aff:fef7:e3ee/64 scope global dynamic mngtmpaddr 
       valid_lft 86303sec preferred_lft 14303sec
    inet6 fdd0:xxxx:f4c::a/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::5c20:3aff:fef7:e3ee/64 scope link 
       valid_lft forever preferred_lft forever

How can I configure the same on the UCS systems?

pixel · March 1, 2024, 9:37am

I have set up the public ones on the UCS servers via SLAAC and added the ULA address via service unit.

It works. I cannot judge whether this is the optimal way.