Red Hat Enterprise Linux Implementation

IPv6 Networking Management

Module Topics

IPv4 Networking Review
IPv4 Networking Command Summary
IPv6 Networking Concepts
IPv6 Networking Configuration

IPv4 Networking Review

Assumptions

This section assumes that you have a basic understanding of IPv4 networking concepts, including:

IPv4 addresses
Network prefixes (and netmasks)
Default gateways and basic routing
Network interfaces
/etc/hosts
Name resolution

IPv4 Networking Review

NetworkManager Overview

NetworkManager: System daemon that manages configuration of network interfaces
Device: Network interface
Connection: Collection of settings that can be configured for a device
- Only one connection is active at a time
- Multiple connections may exist
  - Use for different devices
  - Allows device configuration to be altered
- Each connection is identified by name or ID
- Persistent configuration is stored in /etc/sysconfig/network-scripts/ifcfg-name
- To create or edit connection files from shell prompt, use nmcli

Transcript:

In Red Hat Enterprise Linux 7, the configuration of network interfaces is managed by a system daemon called NetworkManager. For NetworkManager:

A device is a network interface.
A connection is a collection of settings that can be configured for a device.
Only one connection is active for any one device at a time. Multiple connections may exist, for use by different devices or to allow a configuration to be altered for the same device.
Each connection has a name or ID that identifies it.
The persistent configuration for a connection is stored in /etc/sysconfig/network-scripts/ifcfg-name, where name is the name of the connection (although spaces are normally replaced with underscores in the file name). This file can be edited by hand if desired.
The nmcli utility can be used to create and edit connection files from the shell prompt.

IPv4 Networking Review

Viewing Networking Information

To show status of all network devices, use nmcli dev status

[student@demo ~]$ nmcli dev status
DEVICE  TYPE      STATE         CONNECTION
eno1    ethernet  connected     eno1
eth0    ethernet  connected     static-eth0
eno2    ethernet  disconnected  --
lo      loopback  unmanaged     --

To show all connections, use nmcli con show

To show only active connections, add --active

[student@demo ~]$ nmcli con show
NAME         UUID                                  TYPE            DEVICE
eno2         ff9f7d69-db83-4fed-9f32-939f8b5f81cd  802-3-ethernet  --
static-eth0  72ca57a2-f780-40da-b146-99f71c431e2b  802-3-ethernet  eth0
eno1         87b53c56-1f5d-4a29-a869-8a7bdaf56dfa  802-3-ethernet  eno1
[root@demo ~]# nmcli con show --active
NAME         UUID                                  TYPE            DEVICE
static-eth0  72ca57a2-f780-40da-b146-99f71c431e2b  802-3-ethernet  eth0
eno1         87b53c56-1f5d-4a29-a869-8a7bdaf56dfa  802-3-ethernet  eno1

IPv4 Networking Review

To see configuration of network interfaces, use ip addr show

To show single interface, use interface name as last argument:

[student@demo ~]$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST, UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 (1)
    link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff (2)
    inet 192.168.0.101/16 brd 192.168.0.255 scope global eth0 (3)
    valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe00:b/64 scope link (4)
    valid_lft forever preferred_lft forever

IPv4 Networking Review

Adding Network Connections

To add new network connections, use nmcli con add and unique name
- Example: Add new connection for eno2, get IPv4 networking information using DHCP, and autoconnect on startup
  [root@demo ~]# nmcli con add con-name eno2 type ethernet ifname eno2
- Example: Configure eno2 interface statically, use IPv4 address and network prefix 192.168.0.5/24, use default gateway 192.168.0.254, and autoconnect at startup
  [root@demo ~]# nmcli con add con-name eno2 type ethernet ifname eno2 \ > ip4 192.168.0.5/24 gw4 192.168.0.254

IPv4 Networking Review

Controlling Network Connections

To activate connection name on network interface it is bound to, use nmcli con up name
- Command takes connection name, not network interface name
  [root@demo ~]# nmcli con up static-eth0
To disconnect network interface device and bring it down, use nmcli dev disconnect device
- Can abbreviate command as nmcli dev dis device
  [root@demo ~]# nmcli dev dis eth0

IPv4 Networking Review

To deactivate a network interface, use nmcli dev dis device
Avoid nmcli con down name to deactivate network interface
- Brings down connection temporarily
- Most wired connections use autoconnect
- Because network interface is available, NetworkManager brings connection up immediately
  - Unless connection is entirely disconnected from interface

IPv4 Networking Review

Modifying Network Connection Settings

Two kinds of NetworkManager connections:
- Static: Properties configured by administrator and stored in /etc/sysconfig/network-scripts/ifcfg-*
- Active: Properties obtained from DHCP server and are not stored persistently
To list current settings for a connection, use nmcli con show name
- Static properties that can be changed appear in lowercase
- Active settings in use by current connection instance appear in uppercase

IPv4 Networking Review

Sample nmcli con show name Output

[root@demo ~]# nmcli con show static-eth0
connection.id:                          static-eth0
connection.uuid:                        87b53c56-1f5d-4a29-a869-8a7bdaf56dfa
connection.interface-name:              --
connection.type:                        802-3-ethernet
connection.autoconnect:                 yes
connection.timestamp:                   1401803453
connection.read-only:                   no
connection.permissions:
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.secondaries:
connection.gateway-ping-timeout:        0
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          yes
802-3-ethernet.mac-address:             CA:9D:E9:2A:CE:F0
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:
ipv4.method:                            manual
ipv4.dns:                               192.168.0.254
ipv4.dns-search:                        example.com
ipv4.addresses:                         { ip = 192.168.0.2/24, gw = 192.168.0.254 }
ipv4.routes:
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
...

IPv4 Networking Review

To change connection settings, use nmcli con mod name
- Changes saved in /etc/sysconfig/network-scripts/ifcfg-name
- Example: Set IPv4 address to 192.0.2.2/24 and default gateway to 192.0.2.254 for connection static-eth0
  [root@demo ~]# nmcli con mod static-eth0 ipv4.addresses "192.0.2.2/24 192.0.2.254"
When changing connection type from active to static, set ipv4.method to manual

Reference

nm-settings(5) man page

IPv4 Networking Review

Some settings can have multiple values
- To add or delete specific setting values, add + or - to setting name
- Example: Add DNS server 192.0.2.1 to nameserver list for static-eth0 connection
  [root@demo ~]# nmcli con mod static-eth0 +ipv4.dns 192.0.2.1
Changes made with nmcli con mod name are saved to /etc/sysconfig/network-scripts/ifcfg-name
- Can also manually edit this file
- To make NetworkManager read manual changes, run nmcli con reload
For backward-compatibility, directives saved in that file have different names and syntax from nm-settings(5) names

IPv4 Networking Review

nmcli con mod

ifcfg-* File

Purpose

ipv4.method manual

BOOTPROTO=none

Configures static IPv4 addresses.

ipv4.method auto

BOOTPROTO=dhcp

Looks for configuration settings from DHCPv4 server. If static addresses are also set, does not bring them up until has information from DHCPv4.

ipv4.addresses "192.0.2.1/24 192.0.2.254"

IPADDR0=192.0.2.1 PREFIX0=24 GATEWAY0=192.0.2.254

Sets static IPv4 address, network prefix, and default gateway. If more than one is set for connection, then instead of 0, the ifcfg-* directives end with 1, 2, 3, and so on.

ipv4.dns 8.8.8.8

DNS0=8.8.8.8

Modifies /etc/resolv.conf to use this nameserver.

ipv4.dns-search example.com

DOMAIN=example.com

Modifies /etc/resolv.conf to use this domain in search directive.

ipv4.ignore-auto-dns true

PEERDNS=no

Ignores DNS server information from DHCP server.

connection.autoconnect yes

ONBOOT=yes

Automatically activates this connection at boot.

connection.id eth0

NAME=eth0

Name of connection.

connection.interface-name eth0

DEVICE=eth0

Binds connection eth0 to network interface.

802-3-ethernet.mac-address . . .

HWADDR= . . .

Binds connection with this MAC address to network interface.

IPv4 Networking Review

Editing Network Settings

NetworkManager directly modifies /etc/resolv.conf, so edits to that file may be overwritten
To change settings in /etc/resolv.conf, set DNSn and DOMAIN directives in /etc/sysconfig/network-scripts/ifcfg-* files instead

Deleting a Network Connection

Use nmcli con del name to:
- Delete name connection
- Disconnect name from device
- Remove /etc/sysconfig/network-scripts/ifcfg-name file

Modifying the System Hostname

To display or temporarily modify fully qualified hostname, use hostname
```
[root@demo ~]# hostname
demo.example.com
```

IPv4 Networking Review

Setting Static Hostname

To specify a static hostname in /etc/hostname, use hostnamectl
- Also use hostnamectl to modify /etc/hostname and view status of fully qualified hostname

If file does not exist, hostname is set by reverse DNS query after interface has IP address

[root@demo ~]# hostnamectl set-hostname demo.example.com
[root@demo ~]# hostnamectl status
   Static hostname: demo.example.com
         Icon name: computer
           Chassis: n/a
        Machine ID: 9f6fb63045a845d79e5e870b914c61c9
           Boot ID: aa6c3259825e4b8c92bd0f601089ddf7
    Virtualization: kvm
  Operating System: Red Hat Enterprise Linux Server 7.0 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.0:GA:server
            Kernel: Linux 3.10.0-121.el7.x86_64
      Architecture: x86_64
[root@demo ~]# cat /etc/hostname
demo.example.com

Previous versions of Red Hat Enterprise Linux stored the hostname as a variable in /etc/sysconfig/network.

IPv4 Networking Command Summary

Command

Purpose

nmcli dev status

Shows NetworkManager status of all network interfaces

nmcli con show

Lists all connections

nmcli con show name

Lists current settings for name connection

nmcli con add con-name name ...

Adds name connection

nmcli con mod name ...

Modifies name connection

nmcli con reload

Rereads configuration files (useful after editing)

nmcli con up name

Activates name connection

nmcli dev dis dev

Deactivates and disconnect current connection on dev network interface

nmcli con del name

Deletes name connection and its configuration file

ip addr show

Shows current network interface address configuration

hostnamectl set-hostname ...

Persistently sets hostname

References

Man pages: NetworkManager(8), nmcli(1), nmcli-examples(5), nm-settings(5), hostnamectl(1), resolv.conf(5), hostname(5), ip(8), and ip-address(8)

IPv6 Networking Concepts

IPv6 Overview

IPv6 is intended to replace IPv4 network protocol
- Uses larger network address space to resolve exhaustion of IPv4 addresses
- Provides enhancements and new features for network configuration management
- Supports future protocol changes
IPv6 is not in wide deployment
- Not simple for IPv6 systems to communicate with IPv4 systems
Best transition plan is to provide all hosts with both IPv4 and IPv6 addresses
- Internet resources using only one protocol can be reached from host
- Called dual-stack configuration

Transcript:

IPv6 is intended as the replacement for the IPv4 network protocol. The major problem it solves is the exhaustion of IPv4 addresses by using a much larger network address space. It also provides a number of enhancements and new features for network configuration management and support for future protocol changes.

The key reason IPv6 is not yet in wide deployment is that the core protocol does not have a simple way for systems that only have IPv6 addresses to communicate with systems that only have IPv4 addresses.

The best transition plan at present is to provide all hosts with both IPv4 and IPv6 addresses, so that Internet resources only using one of the protocols can be reached from the host. This is called a dual-stack configuration, and is the approach on which this course will focus.

IPv6 Networking Concepts

Transition Methods in Development

Other transition methods in development:
- Allow IPv6-only hosts to use IPv4 Internet
- Support other forms of IPv4/IPv6 translation
  - NAT64 (RFC 6145)
  - 464XLAT (RFC 6877)
Position of Internet Engineering Task Force (IETF):
- Operators using IPv4 should obtain IPv6 prefix
- Turn on IPv6 routing in network and between themselves and upstream/downstream neighbors
- Enable it and use it in normal processing while
- Leave IPv4 stable until either protocol can be used
  - Then turn off IPv4 off (RFC 6144, Introduction)

Transcript:

There are a number of promising transition methods in development to allow IPv6-only hosts to use the IPv4 Internet or support other forms of IPv4/IPv6 translation, such as NAT64 (RFC 6145) and 464XLAT (RFC 6877), but they are beyond the scope of this course.

The basic position of the Internet Engineering Task Force (IETF) is that network operators using IPv4 should “obtain an IPv6 prefix, turn on IPv6 routing within their networks and between themselves and any peer, upstream, or downstream neighbors, enable it on their computers, and use it in normal processing. This should be done while leaving IPv4 stable, until a point is reached that any communication that can be carried out could use either protocol equally well. At that point, the economic justification for running both becomes debatable, and network operators can justifiably turn IPv4 off.” (RFC 6144, Introduction)

IPv6 Networking Concepts

IPv6 Addresses

IPv6 address is 128-bit number
- Expressed as 8 colon-separated groups
- Each group is 4 hexadecimal nibbles (half-bytes)
- Each nibble is 4 bits of IPv6 address
- Each group represents 16 bits of address
  2001:0db8:0000:0010:0000:0000:0000:0001

IPv6 Networking Concepts

No need to write leading zeros in group
- Must write at least one nibble in each field
- Must write zeros that follow nonzero nibble in group
  2001:db8:0:10:0:0:0:1
Long strings of zeros are common
- To combine groups of consecutive zeros, use exactly one :: block
  2001:db8:0:10::1
Alternate way to write example address
- Equally valid but less convenient method
  2001:db8::0010:0:0:0:1

IPv6 Networking Concepts

Tips for Writing IPv6 Addresses

Always suppress leading zeros in group
Use :: to shorten
- If two runs of zeros are equal length, shorten one on left
Although allowed, do not use :: to shorten one group of zeros
- Use :0: instead, and save :: for runs of zeros longer than single group
Always use lowercase letters for hexadecimal numbers a through f

When including a TCP or UDP network port after an IPv6 address, always enclose the IPv6 address in square brackets so the port does not look like part of the address.

[2001:db8:0:10::1]:80

IPv6 Networking Concepts

IPv6 Subnets

Normal unicast address has 2 parts: network prefix and interface ID
Network prefix identifies subnet
On subnet, no 2 network interfaces can have same interface ID
Interface ID identifies particular interface on subnet
IPv6 has standard subnet mask, usually /64
- Half of address is network prefix and half is interface ID
- Means single subnet can hold as many hosts as necessary

IPv6 Networking Concepts

Typically, network provider allocates shorter prefix to organization, such as /48
Leaves rest of network part for assigning subnets from that allocated prefix
- A /48 allocation leaves 16 bits for subnets (up to 65536 subnets)

ipv6-subnets-plain-fit

IPv6 Networking Concepts

IPv6 Address or Network

Purpose

Description

::1/128

localhost

IPv6 equivalent to 127.0.0.1/8, set on loopback interface.

::

Unspecified address

IPv6 equivalent to 0.0.0.0. For network service, could indicate service listening on all configured IP addresses.

::/0

Default route (the IPv6 Internet)

IPv6 equivalent to 0.0.0.0/0. Default route in routing table matches this network. Router for this network receives all traffic for which there is no better route.

2000::/3

Global unicast addresses

"Normal" IPv6 addresses are currently allocated from this space by IANA. Equivalent to all networks ranging from 2000::/16 to 3fff::/16.

fd00::/8

Unique local addresses (RFC 4193)

IPv6 has no direct equivalent of RFC 1918 private address space, although this is close. Site can use these to self-allocate private routable IP address space inside the organization, but these networks cannot be used on global Internet. Site must randomly select a /48 from this space, but it can subnet allocation into /64 networks normally.

fe80::/64

Link-local addresses

Every IPv6 interface automatically configures link-local address that works only on local link on this network. Discussed in more detail later.

ff00::/8

Multicast

IPv6 equivalent to 224.0.0.0/4. Multicast is used to transmit to multiple hosts at same time, and is particularly important in IPv6 because it has no broadcast addresses.

IPv6 Networking Concepts

Link-Local Addresses

Unroutable address used only to talk to hosts on specific network link
Every network interface is automatically configured with link-local address on fe80:: network
To ensure link-local address is unique, interface ID is constructed from interface’s Ethernet hardware address
Procedure to convert 48-bit MAC address to 64-bit interface ID is to set bit 7 of MAC address and insert ff:fe between two middle bytes
- Network prefix: fe80::/64
- MAC address: 00:11:22:aa:bb:cc
- Link-local address: fe80::211:22ff:feaa:bbcc/64

IPv6 Networking Concepts

Link-local addresses of other machines can be used like normal addresses by other hosts on same link
Because every link has fe80::/64 network on it, routing table cannot be used to select outbound interface correctly
When talking to link-local address, specify scope identifier at end of address
- Scope identifier has % followed by network interface name
- Example: Use ping6 to ping link-local address fe80::211:22ff:feaa:bbcc via link connected to eth0 network interface:
  [student@demo ~]$ ping6 fe80::211:22ff:feaa:bbcc%eth0
Use scope identifiers only when contacting addresses that have "link" scope
Use normal global addresses same as IPv4
- Select outbound interfaces from routing table

Transcript:

The link-local addresses of other machines can be used like normal addresses by other hosts on the same link. Since every link has a fe80::/64 network on it, the routing table cannot be used to select the outbound interface correctly. The link to use when talking to a link-local address must be specified with a scope identifier at the end of the address. The scope identifier consists of % followed by the name of the network interface.

For example, to use ping6 to ping the link-local address fe80::211:22ff:feaa:bbcc using the link connected to the eth0 network interface, the correct command would be ping6 fe80::211:22ff:feaa:bbcc%eth0

Scope identifiers are only needed when contacting addresses that have "link" scope. Normal global addresses are used just like they are in IPv4, and select their outbound interfaces from the routing table.

IPv6 Networking Concepts

Multicast

Multicast has larger role in IPv6 than IPv4
- IPv6 has no broadcast address
Key IPv6 multicast address is all-nodes link-local address: ff02::1
Ping ff02::1 to send traffic to all nodes on link

Link-scope multicast addresses (starting ff02::/8) need scope identifier

IPv6 Networking Concepts

IPv6 Address Configuration

IPv4 addresses are configured manually by administrator and dynamically by DHCP
IPv6 supports manual configuration and 2 dynamic configuration methods, including DHCPv6

Static Addressing

Can select Interface IDs for static IPv6 addresses same as IPv4
In IPv4, lowest and highest subnet addresses are reserved
In IPv6, these interface IDs are reserved and cannot be used for normal network host address:
- All-zeros identifier 0000:0000:0000:0000
  - "Subnet router anycast" used by all routers on link
  - For 2001:db8::/64 network, address is 2001:db8::
- Identifiers fdff:ffff:ffff:ff80 through fdff:ffff:ffff:ffff

Transcript:

IPv4 has two ways in which addresses get configured on network interfaces. Network addresses may be configured on interfaces manually by the administrator, or dynamically from the network using DHCP. IPv6 also supports manual configuration, and two methods of dynamic configuration, one of which is DHCPv6.

Static addressing.

Interface IDs for static IPv6 addresses can be selected at will, just like IPv4. In IPv4, there were two addresses on a network that could not be used, the lowest address in the subnet and the highest address in the subnet.

In IPv6, the following interface IDs are reserved and cannot be used for a normal network address on a host.

The all-zeros identifier 0000:0000:0000:0000 ("subnet router anycast") used by all routers on the link. (For the 2001:db8::/64 network, this would be the address 2001:db8::.)
The identifiers fdff:ffff:ffff:ff80 through fdff:ffff:ffff:ffff.

IPv6 Networking Concepts

DHCPv6 Configuration

DHCPv6 works differently from DHCP for IPv4
- No broadcast address
Host sends DHCPv6 request from its link-local address to port 547/UDP on ff02::1:2 (all-dhcp-servers link-local multicast group)
DHCPv6 server sends appropriate reply to port 546/UDP on client’s link-local address
Red Hat Enterprise Linux 7 supports DHCPv6 server via dhcp package

IPv6 Networking Concepts

SLAAC Configuration

IPv6 supports SLAAC as second dynamic configuration method
Host brings up its interface with link-local fe80::/64 address
Sends "router solicitation" to ff02::2 (all-routers link-local multicast group)
IPv6 router on local link responds to host’s link-local address with network prefix
Host uses network prefix with interface ID
- Constructed same way as link-local addresses
Router periodically sends multicast updates ("router advertisements") to confirm or update information
radvd package in Red Hat Enterprise Linux 7 allows IPv6 router to provide SLAAC through router advertisements

Transcript:

In addition to DHCPv6, IPv6 also supports a second dynamic configuration method, called Stateless Address Autoconfiguration (SLAAC). Using SLAAC, the host brings up its interface with a link-local fe80::/64 address normally. It then sends a "router solicitation" to ff02::2, the all-routers link-local multicast group. An IPv6 router on the local link responds to the host’s link-local address with a network prefix and possibly other information. The host then uses that network prefix with an interface ID that it normally constructs in the same way that link-local addresses are constructed. The router periodically sends multicast updates ("router advertisements") to confirm or update the information it provided.

The radvd package in Red Hat Enterprise Linux 7 allows an IPv6 router based on Red Hat Enterprise Linux to provide SLAAC through router advertisements.

IPv6 Networking Concepts

Typical machine configured to get IPv4 addresses through DHCP is usually configured to use SLAAC to get IPv6 addresses
Can result in machine’s unexpectedly obtaining IPv6 addresses when IPv6 router is added to network
Some IPv6 deployments combine SLAAC and DHCPv6
- Use SLAAC to provide only network address information
- Use DHCPv6 to provide other information, such as which DNS servers and search domains to configure

References

Man pages: ping(8), radvd(8), and dhcpd(8)
IETF RFC references:

IPv6 Networking Configuration

NetworkManager and IPv6

All IPv4 commands work with IPv6
- Some connection settings are different
- Most configuration commands are similar

Adding an IPv6 Network Connection

To add new network connections, use nmcli con add
- Example: Add new connection for eno2 interface
  - Autoconnect at startup
  - Get IPv4 networking information using DHCPv4
  - Listen for router advertisements on local link
    [root@demo ~]# nmcli con add con-name eno2 type ethernet ifname eno2

IPv6 Networking Configuration

To configure eno2 interface statically:

[root@demo ~]# nmcli con add con-name eno2 type ethernet ifname eno2 \
> ip6 2001:db8:0:1::c000:207/64 gw6 2001:db8:0:1::1 ip4 192.0.2.7/24 gw4 192.0.2.1

IPv6 Networking Configuration

Modifying Network Connection Settings for IPv6

To view IPv6-related settings, use nmcli con show name

[root@demo ~]# nmcli con show static-eth0 | grep ipv6
ipv6.method:                  manual
ipv6.dns:                     2001:4860:4860::8888
ipv6.dns-search:              example.com
ipv6.addresses:               { ip = 2001:db8:0:1::7/64, gw = 2001:db8:0:1::1 }
ipv6.routes:
ipv6.ignore-auto-routes:      no
ipv6.ignore-auto-dns:         no
ipv6.never-default:           no
ipv6.may-fail:                yes
ipv6.ip6-privacy:             -1 (unknown)
ipv6.dhcp-hostname:           --
[root@demo ~]#

IPv6 Networking Configuration

To adjust how connections set IPv6 addresses, also use nmcli con mod name
- Example: To set IPv6 address to 2001:db8:0:1::a00:1/64 and default gateway to 2001:db8:0:1::1 for connection static-eth0:
  [root@demo ~]# nmcli con mod static-eth0 ipv6.address "2001:db8:0:1::a00:1/64 2001:db8:0:1::1"
When changing connection type from SLAAC or DHCPv6 to static, set ipv6.method to manual

IPv6 Networking Configuration

Some settings can have multiple values
- To add or delete specific setting values, add + or - to setting name
Example: Add DNS server 12001:4860:4860::8888 to nameserver list for static-eth0 connection
```
[root@demo ~]# nmcli con mod static-eth0 +ipv6.dns 2001:4860:4860::8888
```
Static IPv4 and IPv6 DNS settings all end up as nameserver directives in /etc/resolv.conf
- Recommended minimum configuration:
  - IPv4-reachable nameserver (assuming a dual-stack system)
  - At least one nameserver using each protocol
Can manually edit /etc/sysconfig/network-scripts/ifcfg-name
- To make NetworkManager read manual changes, run nmcli con reload

Transcript:

A number of settings may have multiple values. A specific value can be added to the list or deleted from the list for a setting by adding a + or - symbol to the start of the setting name.

To add the DNS server 2001:4860:4860::8888 to the list of nameservers to use with the connection static-eth0:

Static IPv4 and IPv6 DNS settings all end up as nameserver directives in /etc/resolv.conf. It may be a good idea to ensure that there is, at minimum, an IPv4-reachable nameserver (assuming a dual-stack system) and preferably at least one nameserver using each protocol in case of connectivity issues with either IPv4 or IPv6 networking.

Remember that the file /etc/sysconfig/network-scripts/ifcfg-name can be directly edited, and that nmcli con reload must be run after saving so that NetworkManager reads the configuration changes.

IPv6 Networking Configuration

nmcli con mod

ifcfg-* File

Effect

ipv6.method manual

IPV6_AUTOCONF=no

Configures static IPv6 addresses.

ipv6.method auto

IPV6_AUTOCONF=yes

Configures network settings using SLAAC from router advertisements.

ipv6.method dhcp

IPV6_AUTOCONF=no DHCPV6C=yes

Configures network settings by using DHCPv6, but not SLAAC.

ipv6.addresses "2001:db8::a/64 2001:db8::1"

IPV6ADDR=2001:db8::a/64 IPV6_DEFAULTGW=2001:db8::1

Sets static IPv4 address, network prefix, and default gateway. If more than one address is set for connection, IPV6_SECONDARIES takes a double-quoted list of space-delimited address/prefix definitions.

ipv6.dns . . .

DNS0= . . .

Modifies /etc/resolv.conf to use this nameserver. Same as IPv4.

ipv6.dns-search example.com

DOMAIN=example.com

Modifies /etc/resolv.conf to use this domain in search directive. Same as IPv4.

ipv6.ignore-auto-dns true

IPV6_PEERDNS=no

Ignores DNS server information from DHCP server.

connection.autoconnect yes

ONBOOT=yes

Automatically activates this connection at boot.

connection.id eth0

NAME=eth0

Name of connection.

connection.interface-name eth0

DEVICE=eth0

Binds connection to network interface with this name.

802-3-ethernet.mac-address . . .

HWADDR= . . .

Binds connection to network interface with this MAC address.

IPv6 Networking Configuration

Viewing IPv6 Networking Information

These commands work same as IPv4:
- nmcli dev status shows status of all devices
- nmcli con show lists available connections
- ip addr show displays current configuration of network interfaces

Example: Items relevant to IPv6

[student@demo ~]$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 (1)
    link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff (2)
    inet 192.0.2.2/24 brd 192.0.2.255 scope global eth0 (3)
       valid_lft forever preferred_lft forever
    inet6 2001:db8:0:1:5054:ff:fe00:b/64 scope global (4)
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe00:b/64 scope link  (5)
       valid_lft forever preferred_lft forever

Transcript:

Both nmcli dev status (to show the NetworkManager status of all network devices) and nmcli con show (to show the list of available connections) work exactly as they do for IPv4.

The ip addr show command still displays the current configuration of network interfaces on the system. The example that follows calls out some items relevant to IPv6.

In this example, number 1 indicates that an active interface is UP.
Number 2 is the link/ether line, which specifies the hardware (MAC) address of the device.
Number 3 is the inet line, which shows an IPv4 address, its network prefix length, and scope.
Number 4 is the inet6 line, which shows an IPv6 address, its network prefix length, and scope. This address is of global scope and is normally used.
And number 5, a second inet6 line, is for an address of link scope and can only be used for communication on the local Ethernet link.

IPv6 Networking Configuration

To show IPv6 routing table, use ip -6 route show

[root@demo ~]# ip -6 route show
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:0:1::/64 dev eth0  proto kernel  metric 256
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev eth0  proto kernel  metric 256
default via 2001:db8:0:1::ffff dev eth0  proto static  metric 1024

Ignoring unreachable routes that point at never-used networks leaves three routes:
- To 2001:db8:0:1::/64 network, using eth0 interface (presumed to have network address)
- To fe80::/64 network, using eth0 interface for link-local address
  - On system with multiple interfaces, will be route to fe80::/64 out of each interface for each link-local address
- Default route to all networks on IPv6 Internet (::/0 network) without specific route on system
  - Through router at 2001:db8:0:1::ffff
  - Reachable with eth0 device

IPv6 Networking Configuration

Troubleshooting Connectivity

ping6 is IPv6 version of ping

Communicates over IPv6 and can take IPv6 addresses

[root@demo ~]# ping6 2001:db8:0:1::1
PING 2001:db8:0:1::1(2001:db8:0:1::1) 56 data bytes
64 bytes from 2001:db8:0:1::1: icmp_seq=1 ttl=64 time=18.4 ms
64 bytes from 2001:db8:0:1::1: icmp_seq=2 ttl=64 time=0.178 ms
64 bytes from 2001:db8:0:1::1: icmp_seq=3 ttl=64 time=0.180 ms
^C
--- 2001:db8:0:1::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.178/6.272/18.458/8.616 ms
[root@demo ~]#

Can ping link-local addresses and link-local all-nodes multicast group (ff02::1)
- Must specify network interface explicitly with scope zone identifier
  - Example: ff02::1%eth0
- If left out, error connect: Invalid argument displays

IPv6 Networking Configuration

To find other IPv6 nodes on local network, ping ff02::1

[root@rhel7 ~]# ping6 ff02::1%eth1
PING ff02::1%eth1(ff02::1) 56 data bytes
64 bytes from fe80::78cf:7fff:fed2:f97b: icmp_seq=1 ttl=64 time=22.7 ms
64 bytes from fe80::f482:dbff:fe25:6a9f: icmp_seq=1 ttl=64 time=30.1 ms (DUP!)
64 bytes from fe80::78cf:7fff:fed2:f97b: icmp_seq=2 ttl=64 time=0.183 ms
64 bytes from fe80::f482:dbff:fe25:6a9f: icmp_seq=2 ttl=64 time=0.231 ms (DUP!)
^C
--- ff02::1%eth1 ping statistics ---
2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.183/13.320/30.158/13.374 ms
[root@rhel7 ~]# ping6 -c 1 fe80::f482:dbff:fe25:6a9f%eth1
PING fe80::f482:dbff:fe25:6a9f%eth1(fe80::f482:dbff:fe25:6a9f) 56 data bytes
64 bytes from fe80::f482:dbff:fe25:6a9f: icmp_seq=1 ttl=64 time=22.9 ms

--- fe80::f482:dbff:fe25:6a9f%eth1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 22.903/22.903/22.903/0.000 ms

Other hosts on same link can use IPv6 link-local addresses, just like normal addresses

[student@demo ~]$ ssh fe80::f482:dbff:fe25:6a9f%eth1
student@fe80::f482:dbff:fe25:6a9f%eth1's password:
Last login: Thu Jun  5 15:20:10 2014 from demo.example.com
[student@server ~]$

IPv6 Networking Configuration

Troubleshooting Routing

For IPv6, tracepath6 and traceroute -6 commands are equivalent to tracepath and traceroute

[root@demo ~]# tracepath6 2001:db8:0:2::451
 1?: [LOCALHOST]                        0.091ms pmtu 1500
 1:  2001:db8:0:1::ba                   0.214ms
 2:  2001:db8:0:1::1                    0.512ms
 3:  2001:db8:0:2::451          0.559ms reached
     Resume: pmtu 1500 hops 3 back 3

Troubleshooting Ports and Services

To display information about network sockets, use ss or netstat

[root@demo ~]# ss -A inet -n
Netid State      Recv-Q Send-Q       Local Address:Port          Peer Address:Port
tcp   ESTAB      0      0           192.168.122.98:22           192.168.122.1:35279
tcp   ESTAB      0      0         2001:db8:0:1::ba:22         2001:db8:0:1::1:40810
[root@demo ~]# netstat -46n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address        Foreign Address        State
tcp        0      0 192.168.122.98:22    192.168.122.1:35279    ESTABLISHED
tcp6       0      0 2001:db8:0:1::ba:22  2001:db8:0:1::1:40810  ESTABLISHED

IPv6 Networking Configuration

Option

Description

-n

Shows numbers instead of names for interfaces and ports.

-t

Shows TCP sockets.

-u

Shows UDP sockets.

-l

Shows only listening sockets.

-a

Shows all (listening and established) sockets.

-p

Shows the process using the sockets.

-A inet

Displays active connections (but not listening sockets) for inet address family; ignores local UNIX domain sockets.

For ss, both IPv4 and IPv6 connections are shown. For netstat, only IPv4 connections are shown. netstat -A inet6 displays IPv6 connections, and netstat -46 displays IPv4 and IPv6 at same time.

References

Man pages: NetworkManager(8), nmcli(1), nmcli-examples(5), nm-settings(5), ip(8), ip-address(8), ip-route(8), ping6(8), tracepath6(8), traceroute(8), ss(8), and netstat(8)

Summary

IPv4 Networking Review
IPv4 Networking Command Summary
IPv6 Networking Concepts
IPv6 Networking Configuration

Module Completion

Nice job!

Click the button below to complete this module of the course: