AAAA! Are you ready for IPv6?
ARIN announced July 1 that they had approved an “address request that was larger than the available inventory” of IPv4 addresses. ARIN’s service area comprises the US and Canada, plus some Atlantic and Caribbean islands.
Because IPv4 and IPv6 don’t directly interoporate, some internet users will eventually not have access to the old IPv4 network. Setting up your web site to accept IPv6 as well as IPv4 connections will future-proof it and allow for universal access.
To do that, you should look into getting your server an IPv6 address (it may even already have one). You’ll also need to tell the DNS about the IPv6 address, so that users and devices using IPv6 can find your site on the IPv6 network.
Setting up a server for IPv6
The details of setting up a web server for IPv6 depend on your hosting provider and server operating system. At Quinn Labs, we’re using FreeBSD hosted at RootBSD. The server housing this site automatically has access to IPv6, with 18,446,744,073,709,551,999 addresses available to this server.
That unimaginably huge number (over 18 quintillion addresses, 1.8 × 1019, or 264), is a tiny fraction of the total IPv6 address space, which consists of 2128 or 3.4 × 1038 addresses.
In our case, RootBSD has assigned us the address prefix
2607:FC50:1:f600::/64. The “/64” is the prefix length in bits. With 64 bits, we have access to 264 addresses. However, we need only one of them. We chose 2607:FC50:1:f600::2, because 2607:FC50:1:f600::1 is reserved for the router, which links our web server to the rest of the internet. We added 2 lines to a FreeBSD configuration file, and rebooted the server:
ifconfig_xn0_ipv6="inet6 2607:fc50:1:f600::2" ipv6_defaultrouter="2607:fc50:1:f600::1"
Adding an AAAA record to your DNS
For other IPv6 users to find quinnlabs.com, we had to update our DNS with an AAAA record. AAAA is the DNS record type for IPv6 addresses (A is the record type for IPv4) addresses. So we updated our DNS configuration using our DNS provider’s web site:
The name of the record is
@, which is DNS shorthand for “this domain”; so in our case it stands for “quinnlabs.com”.
Trying out IPv6 on your computer
The “computer” most likely to already have an IPv6 address is your smartphone. Here’s an iPhone screenshot of whatismyip.com, a service that tells you what your public IP address is.
To try this on your phone, make sure it is not on a WiFi network, but is using the cellular network.
Many ISPs do not have IPv6 service yet, but that doesn’t mean you can’t try out IPv6 on your computer.
To check out IPv6 on your conventional PC or laptop, the first thing to do is see whether you have IPv6 already. You can do that by visiting Test IPv6. You’ll get a quick report about your IPv6 connectivity.
If you don’t have IPv6, you can create a “tunnel” from your IPv4 network on Hurricane Electric’s free tunnel broker. You’ll need to register, then use the link to Create Regular Tunnel. This is a one-time setup. On future visits, you can just re-use the tunnel you create initially.
Once you’ve created your tunnel, visit its detail page. On the “Example Configurations Tab,” choose your operating system.
For example, for Mac OS X, you’ll see commands like these:
ifconfig gif0 create ifconfig gif0 tunnel YOUR.PUBLIC.IP.168 184.108.40.206 ifconfig gif0 inet6 ZZZZ:WWWW:WWWW:781::2 ZZZZ:WWWW:WWWW:781::1 prefixlen 128 route -n add -inet6 default ZZZZ:WWWW:WWWW:66:781::1
On recent versions of OS X, you don’t need the first command. In the second command, replace the address where we’ve put “YOUR.PUBLIC.IP.168” with the address shown in the network preferences advanced TCP/IP panel, as shown below.
When you actually execute these commands, you’ll need to do them as root, so prefix them with
Once you do the commands, your system will have IPv6 access through the tunnel. Revisit Test IPv6 to see the changes.
The tunnel will work until you reboot or change networks. The changes aren’t sticky, so, if you should run into problems, rebooting will clear them up. Whenever you reboot or change networks, re-do the commands with your new network’s information.
If you have a server that you can
ssh to it with the
-6 option. With
lsof -i :ssh, you can see your IPv6 connection, as in the example below, which shows both an IPv4 and an IPv6 connection. If you don’t have
lsof, you can use
netstat, and look for lines starting with “tcp6”.
scalzi.quinn.com:ssh->c-XXX-XX-XXX-168.hsd1.ca.comcast.net:55427 (ESTABLISHED) scalzi.quinn.com:ssh->XXX-1-pt.tunnel.tserv29.fmt1.ipv6.he.net:55455 (ESTABLISHED)
Note: addresses above have been obfuscated.