IPv6

From VyOS Wiki
Jump to: navigation, search

For IPv6 address setup see Network address setup#DHCPv6

For IPv6 DNS services see System Management#Configuring DNS

For SLAAC router advertisements see IPv6 Router Advertisements

For DHCPv6 server configuration see DHCP server

For DHCPv6 relay configuration see DHCP relay


IPv6 specific system commands

Several IPv6 specific configuration commands are available:

  • Disable IPv6 globally
  • Disable IPv6 address assignment
  • Disable IPv6 packet forwarding
  • Disable IPv6 on an interface when DAD fails

Additional operational commands:

  • Reset a IPv6 address from the ND cache
  • Reset ND cache for specific interface
  • Display IPv6 ND cache

Disable IPv6 globally

Disable IPv6 functionality on the system:

# set system ipv6 blacklist

Reenable IPv6 functionality:

# delete system ipv6 blacklist

Show IPv6 functionality status:

# show system ipv6

Disable IPv6 address assignment

Disable IPv6 address assignment on all interfaces:

# set system ipv6 disable

Reenable IPv6 address assignment on all interfaces:

# delete system ipv6 disable

Show IPv6 disabling configuration:

# show system ipv6 disable

Disable IPv6 packet forwarding

Disable IPv6 forwarding on all interfaces: (Note: IPv6 forwarding can also be disabled on a per-interface basis by using the interfaces <interface> ipv6 disable-forwarding command)

# set system ipv6 disable-forwarding

Reenable IPv6 forwarding:

# delete system ipv6 disable-forwarding

Show the current IPv6 forwarding configuration:

# show system ipv6 disable-forwarding

Disable IPv6 on an interface when DAD fails

Disable IPv6 operation on an interface when Duplicate Addess Detection (DAD) fails for a link-local address. By default, after a DAD fails, the duplicate address is not assigned to the interface but IPv6 continues to operate. To change this default behaviour:

# set system ipv6 strict-dad

Leave IPv6 operational when DAD fails:

# delete system ipv6 strict-dad

Show DAD failure configuration:

# show system ipv6 strict-dad

Reset a IPv6 address from the ND cache

Removes/resets a specific IPv6 address from the IPv6 neighbour discovery (ND) cache:

$ reset ipv6 neighbors address <IPv6 address>

Reset ND cache for specific interface

Reset the IPv6 ND cache for a specific interface:

$ reset ipv6 neighbors interface <interface>

Display IPv6 ND cache

Show the system's IPv6 ND cache:

$ show ipv6 neigbors

Possible states are:

  • incomplete
- Address resolution is currently being performed on this entry, a neighbour solicitation message has been sent but no reply has been received yet.
  • reachable
- The neighbour is reachable and path is operational.
  • stale
- Timeout on reachability confirmation from the neighbour.
  • delay
- Timeout on reachability confirmation from the neighbour, TCP is allowed to confirm the neighbour.
  • probe
- A solicitation was sent and the system is waiting for a response.
  • failed
- Reachability state detection failed.
  • noarp
- Neighbour entry is valid, no validation attempts will be carried out. Can be removed from the cache after lifetime expiration.
  • permanent
- Neighbour entry is valid indefinitely and should remain in cache.
  • none
- No state defined.

IPv6 default route

$ set protocols static route6 ::/0 next-hop <gateway link-local address>

Or if you are using PPPoE, you can use interface based routing:

$ set protocols static interface-route6 ::/0 next-hop-interface ppp0