NavigationContentFooter
Jump toSuggest an edit

How to resolve IPv6 connection issues on Dedibox servers

Reviewed on 30 July 2024Published on 03 August 2021

Before you start

To complete the actions presented below, you must have:

  • A Dedibox account logged into the console
  • A Dedibox dedicated server
  • An RPN SAN
  • A requested /48 IPv6 prefix
  • Configured the systemd-networkd DHCPv6 client

How to debug IPv6 connection issues from rescue mode

If you experience IPv6 connection issues, you can test the network connectivity from rescue mode.

To test IPv6 connectivity on your server in rescue mode, reboot the server into “Ubuntu rescue” mode. The dhclient is preinstalled in these images.

  1. Get the name of your internet interface using the following command:
    ip address show
  2. Create a file to contain your DUID. The DUID is a unique “key” allowing access to your IPv6 prefix. You can find your DUID in your console.
    sudo nano /etc/dhcp/dhclient6.conf
  3. Paste the following code into the file, editing the interface name (here eno1) and the DUID (here DUID) before saving the file and exiting the editor:
    interface "eno1" {
    send dhcp6.client-id DUID;
    }
  4. Start the DHCPv6 client using the configuration file you created. Replace eno1 with the name of your internet interface:
    dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v eno1
  5. Add an IPv6 address to your network interface. Replace eno1 with the name of your internet interface and IPV6ADDRESS/PREFIXLENGTH with an IPv6 address from your prefix and the length of your prefix:
    /sbin/ifconfig eno1 inet6 add IPV6ADDRESS/PREFIXLENGTH
  6. Use ping6 to validate the IPv6 connectivity of your server:
    ping6 ipv6.google.com

How to debug IPv6 connection issues in normal mode

If you experience IPv6 connection issues, start by verifying the internet interface name in your configuration. You can check the names of your interfaces using the following command:

ip address show

Additionally, your server needs to be configured to accept RA (Router Advertisement). By default, your server will not forward packets from one interface to another if it is automatically configured (through DHCPv6).

If you need to forward IPv6 packets and use an automated configuration, set net.ipv6.conf.all.accept_ra to 2 in /etc/sysctl.conf. This is useful for hypervisor hosts such as Proxmox.

Additional methods to debug IPv6 connection issues

Check IPv6 route table

Ensure that your server has the correct IPv6 routes. Use the following command to check the IPv6 route table:

ip -6 route show

Look for default routes and specific routes to your IPv6 network.

Check the Neighbor Discovery Protocol (NDP)

Check the neighbor cache to ensure proper communication with the router:

ip -6 neigh show

Use traceroute6 for path analysis

Analyze the path to an external IPv6 address to identify where the connection might be failing:

traceroute6 ipv6.google.com

Capture IPv6 traffic with tcpdump

Capture and analyze IPv6 traffic to troubleshoot issues:

tcpdump -i eno1 -nnvvS ip6

Replace eno1 with your network interface name.

How to avoid DHCPv6 floods

In some cases, certain DHCPv6 clients may send several requests per second (especially dhcp6c). This can trigger blocking of your server’s network port by our automatic protection, as it will be seen as a source of a UDP flood.

To avoid this problem, limit the traffic sent from your dhclient6 directly in your firewall configuration. Here is an example for IPTABLES:

ip6tables -A OUTPUT -p udp --dport 547 -m limit --limit 10/min --limit-burst 5 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 547 -j DROP
See also
How to configure IPv6 on Windows
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway