IPv6 Infos:#

see also AVM Help

2a03:4000:0006:1034:0000:0000:0000:0002/64

• whole IP is 128 bit in hex notation
• one block is 16 bit
• /64 specifies the (ending) bits, which make the subnetz, also called interface identifier
• everything that is not the interface identifier is called prefix (remaining starting bits)
• one (and only one) "::" abbreviation is possible, which fills as many 0 block to enlarge the IP to 8 blocks, eg. 2a03:4000:6:1034:0:0:0:2 = 2a03:4000:6:1034::2
• Firefox connects to IP this way

http://[2a03:4000:6:1034::2]
http://[2a03:4000:17:f9::2]

You may add a port and folder

http://[2a03:4000:6:1034::2]:8080/opencms/opencms/

Sepcial IPv6 addresses

2001:...	global IPv6 adress provided by ISP
2002:...	global IPv6 adress via 6to4 tunnel
fd00:...	Unique Local Address - ULA
fe80:...	Link Local Addresses (also fe9, fea, ?)
fec0:...	Site-local addresses

DNS Record Types#

Netcup:	A	AAAA	MX	CNAME	TXT	SRV
Strato:	A	AAAA	MX		TXT	SRV	SPF

Note: Forwarding at Strato is a simple frame embedding over the full screen. Use A (and AAAA) record for a real IP <> Domain alias!

Check on my Linux vServer #

Bad:

> ifconfig
eth0      Link encap:Ethernet  HWaddr 52:54:94:c2:02:9f
          inet addr:5.45.105.135  Bcast:5.45.107.255  Mask:255.255.252.0
          inet6 addr: fe80::5054:94ff:fec2:29f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3348380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:118969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:215618085 (215.6 MB)  TX bytes:32442461 (32.4 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:40925 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40925 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:64815633 (64.8 MB)  TX bytes:64815633 (64.8 MB)

Important is that you have not only a "Scope:Link", but a "Scope:Host" IPv6 entry at your network card (eth0 here).

Good:

eth0      Link encap:Ethernet  HWaddr 52:54:94:c2:02:9f
          inet addr:5.45.105.135  Bcast:5.45.107.255  Mask:255.255.252.0
          inet6 addr: fe80::5054:94ff:fec2:29f/64 Scope:Link
          inet6 addr: 2a03:4000:6:1034::2/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:673309 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37852 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:46646319 (46.6 MB)  TX bytes:6810126 (6.8 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3214 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3214 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5223703 (5.2 MB)  TX bytes:5223703 (5.2 MB)

Good:

>  ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:94:c2:02:9f brd ff:ff:ff:ff:ff:ff
    inet 5.45.105.135/22 brd 5.45.107.255 scope global eth0
    inet6 fe80::5054:94ff:fec2:29f/64 scope link
       valid_lft forever preferred_lft forever

> netstat -pan --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      634/sshd
tcp6       0      0 :::80                   :::*                    LISTEN      16730/java

Test

> ping -6 google.de
> nslookup -query=AAAA google.de
> traceroute6 ipv6.google.com 
> ip -6 route
(?) host -t AAAA www.google.de
(?) dig www.google.com AAAA

Configure netcup vServer for IPv6 (11.01.2014)#

Before you try to connect from somewhere else you should check a IPv6 ping at the IPv6 google server at http://IPv6.google.com on the server directly (SSH).

Bad:

> ping6 ipv6.google.com
PING ipv6.google.com(ham02s12-in-x13.1e100.net) 56 data bytes
From 2a03:4000:6:1034::2 icmp_seq=1 Destination unreachable: Address unreachable

Good:

> ping6 ipv6.google.com
PING ipv6.google.com(muc03s02-in-x10.1e100.net) 56 data bytes
64 bytes from muc03s02-in-x10.1e100.net: icmp_seq=1 ttl=53 time=14.9 ms

NOTE: At netcup you need to "poweroff" the server and start it again to enable new network settings. A reboot is not sufficient !!!

You can read this extensive setup guide.

• Guide for IPv6 in Arch Linux
• Linux IPv6 HowTo
• Netcup IP Config

This is the shortcut for my configuration:

• Edit /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
       address 5.45.105.135
       netmask 255.255.252.0
       broadcast 5.45.107.255
       gateway 5.45.104.1
       dns-nameservers 46.38.225.230 46.38.252.230

iface eth0 inet6 static
       address 2a03:4000:6:1034::2
       netmask 64
       #gateway wird hier keines benötigt, da dieses automatisch definiert wird
       gateway fe80::1
       dns-nameservers 2a03:4000:0:1::e1e6 2a03:4000:8000::fce6

• Add your ISP's nameservers to /etc/network/interfaces

dns-nameservers 46.38.225.230 46.38.252.230
dns-nameservers 2a03:4000:0:1::e1e6 2a03:4000:8000::fce6

• Edit /etc/hosts

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
5.45.105.135    yourserver.domain.com yourserver

• file /proc/net/if_inet6 exists?
• file /etc/sysctl.conf exists ?
• file /etc/resolv.conf exists ?

There are some other commands to check IPv6

> netstat -pan --tcp
> ifconfig -a
> ip -6 route
> tcpdump -i eth0 ip6 -vv
> netstat -r
> ip -6 neigh show
> traceroute6 ipv6.google.com
> modprobe ipv6
> lsmod
> ip address show
> lsof -i TCP
> netstat -ln

Tomcat 7 and IPv6#

Tomcat has three different "connectors". They are called "BIO", "NIO" and "APR", see connector comarison.

Regrading IPv6 all connectors support it from scratch, e.g. the server must simply provide IPv6 (see above). I tested IPv6 connecttions to the server with BIO and APR successfully without modification to the default settings.

Generally the BIO one is taken, see catalina.out:

Jan 12, 2014 12:33:23 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib/jni:/lib:/usr/lib
Jan 12, 2014 12:33:23 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-80"]

With the "protocol" attribute you can specify the connector type in <tom>/conf/server.xml

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

protocol=HTTP/1.1"	auto
protocol="org.apache.coyote.http11.Http11Protocol"	(BIO) blocking Java connector
protocol="org.apache.coyote.http11.Http11NioProtocol"	(NIO) non blocking Java connector
protocol="org.apache.coyote.http11.Http11AprProtocol"	(APR) the APR/native connector

APR is the best choice, BUT needs a native compiled lib. This can be done this way on Linux (Ubuntu 12.04):

There are some instructions, see at liferay or at Apache.

Requirements (according to Tomcat docu)

1. APR 1.2+ development headers (libapr1-dev package) (http://packages.ubuntu.com/source/precise/apr)
2. OpenSSL 0.9.7+ development headers (libssl-dev package)
3. JNI headers from Java compatible JDK 1.4+
4. GNU development environment (gcc, make)

> apt-get install libapr1-dev
> apt-get install libssl-dev
> apt-get install make

You will find the native source code in the <tom>/bin/tomcat-native.tar.gz file in your installation.

gunzip tomcat-native.tar.gz
tar xvf *

When you have extracted it go to folder .../tomcat-native-1.1.29-src/jni/native. Make sure you have set the JAVA_HOME. Simply try configure:

JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64;export JAVA_HOME
cd /markus/native/tomcat-native-1.1.29-src/jni/native
> ./configure --with-apr=/usr/bin/apr-config

This must return without errors or warnings ! Follow instructions if there are any. I got this one

Cannot find jni_md.h in /usr/lib/jvm/java-7-openjdk-amd64/

You can check at Ubuntu in which package the file is provided. In my case I needed the full JDK package:

apt-get install openjdk-7-jdk

> make
> make install
==> result:
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/local/apr/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------

Add to <tom>/bin/startup.sh

LD_LIBRARY_PATH=/usr/local/apr/lib;export LD_LIBRARY_PATH

Restart:

Jan 07, 2014 8:33:59 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR version 1.4.6.
Jan 07, 2014 8:33:59 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Jan 07, 2014 8:33:59 PM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
Jan 07, 2014 8:33:59 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-0.0.0.0-80"]

Additional comment:
There are some websites which tell you to configure two connectors, one for IPv4 and one for IPv6 like here. You may specify it with the "address" attribute, but as I set above, the server is the main point regarding IPv6. If you specify IPv6 with address="::0" and your server does not support it you may get something like this

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-0:0:0:0:0:0:0:0-80"]
org.apache.tomcat.jni.Error: 670009: Address family for hostname not supported
        at org.apache.tomcat.jni.Address.info(Native Method)

Generally NIO/BIO (and APR) connector binds to both IPv4 and IPv6 when no "address" is specified. When you specify two then Tomcat says following

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-0:0:0:0:0:0:0:0-80"]
java.net.BindException: Address already in use /0:0:0:0:0:0:0:0:80
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)

Note: For Windows or other Linux distrubutions it seems to be different, see here. If you want to prefer IPv4 this is suggested

JAVA_OPTS="Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true"
CATALINA_OPTS="Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true" 

---

Kabel Deutschland IPv6#

I have a connection from Kabel Deutschland.

• Fritzbox 7270
• Kabelmodem Thomson THG540K

Kabel Deutschland statements (Juni 2012):
Kabel Deutschland hat sein Netz bereits auf die gleichzeitige Verwendung von IPv4 und IPv6 (sog. DualStack) umgestellt. Ab sofort erhalten alle Neukunden mit einem Kabelrouter, die im DOCSIS3-Ausbaugebiet wohnen, zusätzlich öffentliche IPv6-Adressen zugewiesen. Welchen Präfix bekommt der Kunde zugewiesen?:
Ein Kunde kann minimal einen/64 und maximal /56 Prefix vom DHCP anfordern. Welche Prefixgröße er letztendlich abfragt hängt hauptsächlich vom Endgerät ab. Im Normalfall wird tatsächlich aber nur ein /64 angefordert.

Here are some pro&cons

• according to this DOCSIS3.0 map my connection should be enabled for IPv6.
• some state that THG540K is not IPv6 enabled
• some state that a cable model uses only layer 1+2 and IP is done with layer 3 (so the THG540K should work)
• Website ipv6-test fails with my connection
• The FritzBox is not receiving a IPv6 address

==> UPDATE

• the kabel modem seems not to matter, it is transporting IPv6 anyway
• I connected my Windos 8.1 computer directly to the kabel modem and got an IPv6 address and could connect to IPv6 servers
• problem seems to be my FritzBox 7270, where I do not get any IPv6 address => ticket at AVM as of 11.01.2014