Internet Protocol version 6

July 20, 2015 by Noah

Last weekend I was pleasantly surprised to discover that Time Warner Cable already supports IPv6 at my apartment.

They shipped me a newer cable modem/WiFi router combo device earlier this year as part of their plan to upgrade everyone's Internet speeds in Los Angeles. I didn't realize that this modem also supported IPv6, and it wasn't enabled by default.

I was playing Splatoon on my WiiU and it was having Internet connectivity problems, making multiplayer impossible. I had this issue before with Smash Bros. 4, and I couldn't figure out a work-around short of putting my WiiU into the DMZ of my router (which I generally didn't like the idea of). This meant ALL inbound connections from the Internet would bypass the router and go straight to the WiiU. It did solve the multiplayer problem, but I didn't like it and it also meant I couldn't port-forward anything to my desktop PC.

Since Splatoon basically requires online access (the single player mode is pretty limited, and you can't access any of the shops without leveling up, and you can only level up by playing online...) I was more motivated to figure it out. (Long story short, I had to disable UPnP support -- the opposite of what you'd expect; normally enabling UPnP is the fix. Weird)

I stumbled upon some IPv6 related options though, like to enable the DHCP server for IPv6. It was disabled by default so I turned it on to see what would happen. My PC was then given a publicly routable IPv6 address from my router. :) I went to a Test your IPv6 site and confirmed that all of a sudden, my Internet is IPv6 ready!

Also, I went to the What Is My IP site and instead of saying my usual IPv4 address it told me my IP was a big long string of numbers.

I was then curious about inbound routing to my IP, because one of the big features of IPv6 is that NAT is no longer required, and that every device is able to have its own publicly routeable address. I didn't have immediate access to any off-site IPv6 devices though to test it which made things more difficult.

But then I found out I could enable IPv6 on my DigitalOcean VPS. I'd heard of them rolling out IPv6 support a while back, but I thought it was limited to certain data centers or available only to newly created VPS's. It turns out I just had to click a big "Enable" button and then configure the addresses on my server (to set them to the addresses that DigitalOcean says belong to me).

So... now has a DNS AAAA record pointing to my IPv6 address on my VPS.    819    IN    A    1799   IN    AAAA    2604:a880:1:20::46:5001

Inbound Routing

Inbound routing for my personal PC still wasn't working, though. I set up a basic nginx server and tried hitting it from my web server but it didn't work. I could ping my home IPv6 address, but couldn't do much else.

I booted up my laptop and confirmed that it got its own IPv6 address distinct from my desktop PC, and that my laptop could connect to my desktop over its IPv6 address, so that ruled out a software firewall as being the problem.

I logged into my router again to poke around (the router is an ARRIS DOCSIS 3.0 Touchstone Residential Gateway, model DG1670A). I tried turning off its firewall. This worked sort of -- IPv6 addresses were now inbound routable, but IPv4 port forwarding no longer worked. Not an option for me. I turned the firewall back on and poked around some more.

There was a section called "Client IPv6 Filters" and the description on its page said "The Router can be configured to restrict access to the Internet, e-mail or other network services."

This sounded like it was designed for blocking outbound connections, like if I wanted to blacklist a website or something from being connected to from my network. But I clicked the Add button and saw this modal:

Add Client IP Filter screenshot

The Action/Direction options were "Allow+Incoming" or "Deny+Outgoing". I left it on the Allow option, copy/pasted my desktop's IPv6 address into both address boxes and clicked the confirm button. Now my web server was able to curl my desktop PC and get the nginx default web page. Success!

nginx on IPv6

When getting the IPv6 support set up in nginx on my web server I ran into some interesting problems.

My server hosts a ton of different sites, and normally every single server directive would have its own listen 80; indicating that the server is a candidate for handling requests to IPv4 port 80 on the server.

This doesn't work the same on IPv6.

If I had more than one server set to listen [::]:80 ipv6only=true (not sure if that last part was necessary), nginx would complain about it and fail to start.

I think what needs to happen is that if I want IPv6 support enabled for multiple domains at the same time, I have to individually assign an IPv6 address to each one. With IPv6, you basically have free reign over 64 bits of your address space to assign however you want. For example, DigitalOcean says my IPv6 prefix is 2604:a880:1:20 and the next 64 bits after that are all mine. On my home network with Time Warner Cable, I'm similarly given a fixed 64-bit prefix and the rest can be assigned by me (either via DHCP or statically).

So it's probably possible to tack on a whole bunch of static IPs of my choosing onto the ethernet device of my server, and then bind to those specific addresses in nginx, one for each site. I'll cross that bridge when I get to it.



There are 0 comments on this page. Add yours.

Add a Comment

Used for your Gravatar and optional thread subscription. Privacy policy.
You may format your message using GitHub Flavored Markdown syntax.