How To Enable IPv6 for DigitalOcean Droplets
DigitalOcean now offers IPv6 addresses.
IPv6 is the most recent version of the IP protocol that the entire internet relies on to connect to other locations (IP protocol is a bit redundant because IP stands for internet protocol, but we will use it because it is easy). While IPv4 is still in use in many areas of the world, the IPv4 address space is being consumed at a rapid rate and it is not large enough to sustain the rapid deployment of internet-ready devices.
IPv6 looks to solve these problems. As well as making general improvements on the protocol, the most obvious benefit of utilizing IPv6 addresses is that it has a much larger address space. While IPv4 allowed for 2^32 addresses (with some of those reserved for special purposes), the IPv6 address space allows for 2^128 addresses, which is an incredible increase.
In this guide, we will demonstrate how to get started with IPv6 on a new Droplet, and how to enable IPv6 on an existing Droplet.
Creating a Droplet with IPv6 Enabled
The procedure for creating a Droplet with IPv6 enabled is fairly straightforward.
Create the Droplet
To begin, click the "Create" button in the DigitalOcean Control Panel, just like normal:
You will be taken to the Droplet creation screen. Select your Droplet image, choose a size, region and additional options.
In the Select additional options section, you should have a checkbox available to enable IPv6:
Check this box and any other options you would like to enable. When you are finished, continue filling out the form and then click the Create button at the bottom.
Getting the Networking Information
After the process has completed, you can click on the Droplet name in your Droplets list to go to its detail page.
The IPv6 address is displayed near the top of the window, and more complete information about the IPv6 networking can be found by clicking on the Networking item in the left-hand navigation menu:
Within this section, you will see headers that describe each network that you have enabled. You should see a Public IPv6 network section that has the details of your address, gateway, and addressable range:
If you have IPv6 enabled from your home connection, you should be able to use the "Public IPv6 Address" field to connect to your droplet through SSH:
- ssh root@public_ipv6_address
Note: You will only be able to communicate with your Droplet with the IPv6 address if you have IPv6 available on your home connection. Both sides of the connection must have this for the routing to succeed.
Enabling IPv6 on an Existing Droplet
You can also enable IPv6 on an existing Droplet. To complete this procedure, you will first need to power down your Droplet. The safest way to do this is to log into your Droplet and issue the
- sudo poweroff
After the Droplet is stopped, you can begin the procedure. This involves enabling IPv6 in the DigitalOcean Control Panel and a small amount of manual configuration within the Droplet itself.
Enable IPv6 in the Control Panel
Start off by clicking on the Droplet's name in the "Droplets" list in the Control Panel. When you get to the Droplet's detail page, click on the Networking item in the left-hand menu:
There will be a section for Public IPv6 network, but instead of showing you network addresses, it will contain some instructions as well as a single button labeled Enable:
Click on the Enable button. The IPv6 interface will be configured on the DigitalOcean servers.
After a moment, you will see the new IPv6 network information assigned to your Droplet:
Although the IPv6 information is visible in the Control Panel, there are still additional steps that you must take to configure your Droplet. When IPv6 networking is enabled after the Droplet's creation, you will need to manually configure the IPv6 network from within the Droplet itself.
Begin by powering your Droplet back on. Click the Power item in the left-hand navigation menu. On the page that follows, click the Power On button:
After the Droplet boots, continue on to the next section to adjust the Droplet's internal network configuration.
Configure the IPv6 Interface within the Droplet
The next stage of configuration requires you to log into your Droplet. Since the IPv6 interface is not configured yet, you cannot SSH in using the IPv6 address.
Either log in as root using the Control Panel console, or SSH into the Droplet using the standard IPv4 address:
- ssh root@public_ipv4_address
We can check the current state of the IPv6 address configuration by typing:
- ip -6 addr show eth0
Output2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::601:1cff:fe11:5b01/64 scope link valid_lft forever preferred_lft forever
As you can see, we already have one address in the configuration. This is the link-local address and is a mandatory requirement for various routing and protocol functions. This is not our public address; we still need to configure that.
First, you need to set the IPv6 address. This is the address under the label of PUBLIC IPV6 ADDRESS within your Droplet's networking page.
We will configure this using the same
ip command (part of the iproute2 suite) that we used to check the address above.
The command to set the IPv6 address is:
- sudo ip -6 addr add public_ipv6_address/64 dev eth0
Next, we need to set the route that the Droplet will use to send and receive IPv6 traffic. This is done by setting the gateway. Use the value you find labeled PUBLIC IPV6 GATEWAY in the command below:
- sudo ip -6 route add default via public_ipv6_gateway dev eth0
Your IPv6 connection should now be configured in your Droplet. This will be configured until the next boot. Continue on if you want to make these changes persistent.
Making the IPv6 Configuration Persistent
We have now configured our Droplet with our IPv6 connection, but our changes will be lost when our server reboots. To make these changes last beyond this session, you will have to edit some configuration files.
If you are on Ubuntu or Debian, you will need to edit the
/etc/network/interfaces file. Open this with sudo privileges in your text editor:
- sudo nano /etc/network/interfaces
Inside, you will see a section for each of the networks that you are already configured to use. First, look for the
dns-nameservers parameter and remove this line from the IPv4 section. We will add it to the IPv6 section instead.
We must add a new section for our IPv6 address. It should look like this:
. . . iface eth0 inet6 static address primary_ipv6_address netmask 64 gateway ipv6_gateway autoconf 0 dns-nameservers 2001:4860:4860::8844 2001:4860:4860::8888 22.214.171.124 . . .
When you are finished, save and close the file. Your IPv6 connection should be brought up at boot now.
If you are using CentOS or Fedora, you will instead need to edit the
/etc/sysconfig/network-scripts/ifcfg-eth0 file. Open this with sudo privileges in your text editor:
- sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
You will need to add the following parameters and values:
. . . IPV6INIT=yes IPV6ADDR=primary_ipv6_address/64 IPV6_DEFAULTGW=ipv6_gateway IPV6_AUTOCONF=no . . .
You can change the DNS settings to use some IPv6 name servers as well:
... DNS1=2001:4860:4860::8844 DNS2=2001:4860:4860::8888 DNS3=126.96.36.199
Save and close the file when you are finished.
Next, open the
/etc/sysconfig/network file as well:
- sudo nano /etc/sysconfig/network
Add the following line to the file to get IPv6 to start at boot:
NETWORKING=yes HOSTNAME=centafter NETWORKING_IPV6=yes
Save and close the file when you are finished. When your server is rebooted, it should bring up your IPv6 address properly.
Testing the Connection
Whether you enabled IPv6 when the Droplet was created or enabled it after the fact, you can test the IPv6 connection in a few ways.
IPv6 communication requires that you have IPv6 enabled and configured at both ends of the connection. Many ISPs do not yet offer IPv6 addresses for customers.
You can test whether your home connection supports IPv6 by visiting an IPv6 testing site. Another option is to use the
ping6 utility to try to reach Google's IPv6 name servers:
- ping6 2001:4860:4860::8888
If either of these tests work, you can try to connect to your Droplet from home using IPv6.
Testing with an IPv6 Connection at Both Ends
If your home connection pings correctly or if the test page confirmed an IPv6 connection, then you have IPv6 available through your local provider. In that case, you can test that your Droplet's IPv6 connection is configured correctly by using
ping6 to ping the interface:
- ping6 public_ipv6_address
You can also SSH directly into the Droplet using that address:
- ssh root@public_ipv6_address
You can now reach your Droplet using either IPv4 or IPv6.
Testing without an IPv6 Connection on the Local Side
If the test site above told you that you do not have IPv6 available, or if when pinging Google's IPv6 name server you get a message that says:
Outputconnect: Network is unreachable
This means that you do not have IPv6 available on your home connection. You can still test the connection from within Droplet itself.
Log into the Droplet using the Control Panel console or by using SSH with the IPv4 address:
- ssh root@public_ipv4_address
From within the Droplet, you can test that it can reach the Google IPv6 name server:
- ping6 2001:4860:4860::8888
If this is successful, it means that your IPv6 is configured correctly. It will be able to communicate with other sites and servers that have IPv6 enabled throughout the internet.
IPv6 should now be up and running on your Droplet. This will allow you to communicate using this version of the protocol while maintaining your IPv4 connectivity. Even if you do not have an IPv6 connection on your local computer, configuring IPv6 can allow you to more broadly communicate.
To learn more about how to configure common tools and applications to work with IPv6 here. Check out this article to learn about how to add additional IPv6 addresses to your Droplet. If you want to learn how to disable IPv4 completely and only rely on IPv6, take a look at this article.