How To Enable IPv6 for DigitalOcean Droplets
DigitalOcean now offers IPv6 addresses.
IPv6 is the most recent version of the IP protocol that the entire internet relies on to connect to other locations (IP protocol is a bit redundant because IP stands for internet protocol, but we will use it because it is easy). While IPv4 is still in use in many areas of the world, the IPv4 address space is being consumed at a rapid rate and it is not large enough to sustain the rapid deployment of internet-ready devices.
IPv6 looks to solve these problems. As well as making general improvements on the protocol, the most obvious benefit of utilizing IPv6 addresses is that it has a much larger address space. While IPv4 allowed for 2^32 addresses (with some of those reserved for special purposes), the IPv6 address space allows for 2^128 addresses, which is an incredible increase.
In this guide, we will demonstrate how to get started with IPv6 on a new Droplet, and how to enable IPv6 on an existing Droplet.
Creating a Droplet with IPv6 Enabled
The procedure for creating a Droplet with IPv6 enabled is fairly straight-forward.
Create the Droplet
To begin, click the "Create" button in the DigitalOcean control panel, just like normal:
You will be taken to the Droplet creation screen. Fill out the hostname and select your desired Droplet size as you normally would, then select a region.
Select the Linux distribution or image of your choice and then add any SSH keys that you would like to embed in the Droplet.
In the "Settings" section, you should have a checkbox available to enable IPv6:
Check this box and any other options you would like to enable. When you are finished, click on the "Create Droplet" button at the bottom.
Getting the Networking Information
After the process has completed, you can click on the Droplet name in your Droplets list to go to its configuration page.
The information about the IPv6 networking is available by clicking on the "Settings" tab, and then selecting the "Networking" sub-navigation item:
Within this section, you will see headers that describe each network that you have enabled. You should see a Public IPv6 Network section that has the details of your address, gateway, and addressable range:
If you have IPv6 enabled from your home connection, you should be able to use the "Public IPv6 Address" field to connect to your droplet through SSH:
Note: You will only be able to communicate with your Droplet with the IPv6 address if you have IPv6 available on your home connection. Both sides of the connection must have this for the routing to succeed.
Enabling IPv6 on an Existing Droplet
You can easily enable IPv6 on an existing Droplet. This can be done without restarting the Droplet, but it does require a small amount of manual configuration.
Enable IPv6 in the Control Panel
Start off by clicking on the Droplet's name in the "Droplets" list in the control panel. When you get to the Droplet's configuration page, click on the "Settings" tab, and then select the "Networking" sub-navigation item:
There will be a section for Public IPv6 Network, but instead of showing you network addresses, it will contain a single button labeled "Enable":
Click on this button.
The IPv6 interface will be configured on the DigitalOcean servers. You will not have to restart your Droplet in order for the change to happen.
If you refresh the page, you will see a new line in the "Droplet History" section of the config page that confirms that IPv6 has been enabled:
This means that IPv6 has been configured on the DigitalOcean servers. If you check the networking section again, you will see the address, range, and gateway for your Droplet:
However, there are still additional steps that you must take. When IPv6 networking is enabled after the Droplet's creation, you will need to manually configure the IPv6 network from within the Droplet itself.
Configure the IPv6 Interface within the Droplet
The next stage of configuration requires that you log into your Droplet. Since the IPv6 interface is not configured yet, you cannot SSH in using the IPv6 address.
Either log in as root using the control panel console, or SSH into the Droplet using the standard IPv4 address:
We can check the current state of the IPv6 address configuration by typing:
ip -6 addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::601:1cff:fe11:5b01/64 scope link valid_lft forever preferred_lft forever
As you can see, we already have one address in the configuration. This is the link-local address and is a mandatory requirement for various routing and protocol functions. This is not our public address; we still need to configure that.
First, you need to set the IPv6 address. This is the address under the label of "Public IPv6 Address" within your Droplet's networking page.
We will configure this using the same
ip command (part of the iproute2 suite) that we used to check the address above.
The command to set the IPv6 address is:
ip -6 addr add public_ipv6_address/64 dev eth0
Next, we need to set the route that the Droplet will use to send and receive IPv6 traffic. This is done by setting the gateway. Use the value you find labeled "Public IPv6 Gateway" in the command below:
ip -6 route add default via public_ipv6_gateway dev eth0
Your IPv6 connection should now be configured in your Droplet. This will be configured until the next boot. Continue on if you want to make these changes persistent.
Making the IPv6 Configuration Persistent
We have now configured our Droplet with our IPv6 connection, but our changes will be lost when our server reboots. To make these changes last beyond this session, you will have to edit some configuration files.
If you are on Ubuntu or Debian, you will need to edit the
/etc/network/interfaces file. Open this with sudo privileges in your text editor:
sudo nano /etc/network/interfaces
Inside, you will see a section for each of the networks that you are already configured to use. First, look for the
dns-nameservers parameter and remove this line from the IPv4 section. We will add it to the IPv6 section instead.
We must add a new section for our IPv6 address. It should look like this:
. . . iface eth0 inet6 static address primary_ipv6_address netmask 64 gateway ipv6_gateway autoconf 0 dns-nameservers 2001:4860:4860::8844 2001:4860:4860::8888 126.96.36.199 . . .
When you are finished, save and close the file. Your IPv6 connection should be brought up at boot now.
If you are using CentOS or Fedora, you will instead need to edit the
/etc/sysconfig/network-scripts/ifcfg-eth0 file. Open this with sudo privileges in your text editor:
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
You will need to add the following parameters and values:
. . . IPV6INIT=yes IPV6ADDR=primary_ipv6_address/64 IPV6_DEFAULTGW=ipv6_gateway IPV6_AUTOCONF=no . . .
You can change the DNS settings to use some IPv6 name servers as well:
... DNS1=2001:4860:4860::8844 DNS2=2001:4860:4860::8888 DNS3=188.8.131.52
Save and close the file when you are finished.
Next, open the
/etc/sysconfig/network file as well:
sudo nano /etc/sysconfig/network
Add the following line to the file to get IPv6 to start at boot:
NETWORKING=yes HOSTNAME=centafter NETWORKING_IPV6=yes
Save and close the file when you are finished. When your server is rebooted, it should bring up your IPv6 address properly.
Testing the Connection
Whether you enabled IPv6 when the Droplet was created or enabled it after the fact, you can test the IPv6 connection in a few ways.
IPv6 communication requires that you have IPv6 enabled and configured at both ends of the connection. Many ISPs do not yet offer IPv6 addresses yet for customers.
You can test whether your home connection supports IPv6 by visiting an IPv6 testing site. Another option is to use the
ping6 utility to try to reach Google's IPv6 name servers:
Testing with an IPv6 Connection at Both Ends
If your home connection pings correctly or if the test page confirmed an IPv6 connection, then you have IPv6 available through your local provider. In that case, you can test that your Droplet's IPv6 connection is configured correctly by using
ping6 to ping the interface:
You can also SSH directly into the Droplet using that address:
Testing without an IPv6 Connection on the Local Side
If the test site above told you that you do not have IPv6 available, or if when pinging Google's IPv6 name server you get a message that says:
connect: Network is unreachable
This means that you do not have IPv6 available on your home connection. You can still test the connection from within Droplet itself.
Log into the Droplet using the control panel console or by using SSH with the IPv4 address:
From within the Droplet, you can test that it can reach the Google IPv6 name server:
If this is successful, it means that your IPv6 is configured correctly. It will be able to communicate with other sites and servers that have IPv6 enabled throughout the internet.
IPv6 should now be up and running on your Droplet. This will allow you to communicate using this version of the protocol while maintaining your IPv4 connectivity. Even if you do not have an IPv6 connection on your local computer, configuring IPv6 can allow you to more broadly communicate.
To learn more about how to configure common tools and applications to work with IPv6 here. Check out this article to learn about how to add additional IPv6 addresses to your Droplet. If you want to learn how to disable IPv4 completely and only rely on IPv6, take a look at this article.
By Justin Ellingwood