Static addresses for servers
-
Hello,
My ISP gives me a /30 for IPv4 and a /64 for IPv6. I make a few different websites available using a reverse proxy server on the one usable IPv4 address. I want to make the same websites accessible directly via IPv6.
I've had IPv6 clients working for several months. The configuration was nearly automatic with the LAN interface set to track the WAN interface for a single /64 prefix delegation.
I don't know the best practice for servers on the LAN. Should I configure the IPv6 addresses for each server using DHCPv6 and static mappings, or should I configure them statically on each server? If I configure them statically, do I need to reserve a range of addresses for the static assignments, so they won't be used for SLAAC? I'm trying to understand how dynamic and static assignments work together on the same IPv6 subnet.
I'm also using the Unbound DNS resolver. It looks like I can add host overrides for the IPv6 addresses of each host name. The resolver will return both the IPv4 address from the DHCP static mapping, and the IPv6 address from the host override. Is that the right way to do this, or should the host names be entered somewhere else?
Thanks,
Alan -
They should also be delegating/routing a /56 or /48 to you.
From that you would put a /64 on the interface with the servers on it.
-
@derelict said in Static addresses for servers:
They should also be delegating/routing a /56 or /48 to you.
From that you would put a /64 on the interface with the servers on it.
The LAN interface already has a /64 on it. As far as I can tell it's working, and that's where the servers are.
I'm asking about assigning addresses within the /64 that shouldn't change. I want to add rules to allow HTTP and HTTPS to fixed IPv6 addresses on servers. I also want to add AAAA records to DNS. I'm concerned that if I just assign random addresses within the subnet to the servers, I'll end up with conflicts with addresses that are assigned dynamically.
Are there specific addresses within the /64 I should or should not use for static assignments? Are static mappings in DHCPv6 appropriate for servers?
-
You can certainly assign constant addresses for servers using DHCPv6. It is really no different than IPv4 except instead of DHCP or static you have SLAAC, DHCP, or static. Which works best for you and your purposes is up to you.
-
If you'r using SLAAC, there should be one address that doesn't change and several privacy addresses that do change. Use the one that doesn't change for the DNS AAAA records
-
Unless you change the NIC.
But in that case you would have work to do with a DHCPv6 entry as well.
I have never grown out of using static entries for servers. Many of them end up with IP aliases and things that have to be configured on the hosts themselves anyway.
vi /etc/network/interfaces
orvi /etc/rc.conf
-
@derelict said in Static addresses for servers:
You can certainly assign constant addresses for servers using DHCPv6. It is really no different than IPv4 except instead of DHCP or static you have SLAAC, DHCP, or static. Which works best for you and your purposes is up to you.
I don't think I need to send any additional settings, so there doesn't seem to be any advantage to DHCPv6 for me. The DUID isn't as straightforward to collect as the MAC address either.
@jknott said in Static addresses for servers:
If you'r using SLAAC, there should be one address that doesn't change and several privacy addresses that do change. Use the one that doesn't change for the DNS AAAA records
Thanks for confirming this. I started with how-to guides that kept referring to EUI-64 addresses based on the MAC with "ff:fe" in the middle. I couldn't find any of these, since it doesn't seem like they're really used very much any more.
I kept digging and learned about CGAs from RFC 3972. It's the one address on each interface that's not link local, not from the DHCPv6 pool, and not temporary. Based on that criteria, I was able to identify the address you were referring to.
@derelict said in Static addresses for servers:
Unless you change the NIC.
But in that case you would have work to do with a DHCPv6 entry as well.
I have never grown out of using static entries for servers. Many of them end up with IP aliases and things that have to be configured on the hosts themselves anyway.
vi /etc/network/interfaces
orvi /etc/rc.conf
My servers are mostly virtual machines, so the NIC could change with a simple software reconfig. I've decided to go with static addresses for now. I'll use lots of zeros to keep the addresses short and just hope they don't conflict with any of the dynamic addresses.
It looks like the easiest way to get the IPv6 addresses into DNS is to add them to the DNS Resolver > Host Overrides.
-
@alankeny Note that prefix::192.168.1.1 is a valid way to specify an IPv6 address. That will get converted to the proper hex digits but it can be a way to introduce a little sanity in the transition.
-
@alankeny said in Static addresses for servers:
Thanks for confirming this. I started with how-to guides that kept referring to EUI-64 addresses based on the MAC with “ff:fe” in the middle. I couldn’t find any of these, since it doesn’t seem like they’re really used very much any more.
I kThey are. They're default on Linux, but Windows defaults to a random number. However, it can be configured to use the MAC address instead.