IPv6 at KIT

IPv6 is the follow up to IPv4. For the time being, IPv6 and IPv4 will be operated in parallel. For the moment most of the hosts have an IPv6 and an IPv4 address.

The IPv6 service at KIT is productive. IPv6 is available in the authenticated Wireless LAN at KIT (wkit-802.1x) and in eduroam-WiFi. All VLANs of the institutes and administrative units for the fixed network access are being at the moment equipped with IPv6. The KIT is project coordinator in the Baden-Württemberg project bwIPv6∂Academia.

The difference of IPv6 is not only in the size of the address space. Many innovations have been introduced. In the following FAQ the most important questions are answered. For further information please use directly the linked slides

Frequently asked questions

What exactly is changing with IPv6?

IPv6, which means the internet protocol version 6, offers an extended address space of 2128 addresses, or 264 delimitable subnets. In contrast to IPv4 with variable subnet sizes, IPv6 always offers enough addresses for all connected devices; this means it never has to be expanded. Furthermore there have been administrative and operational simplifications introduced, like the stateless address-auto configuration. A computer must have an IPv6 address in order to be able to reach servers that are connected only via IPv6. An address conversion from IPv4 to IPv6 addresses isn’t possible.

How can I use IPv6 at KIT?

With the migration to the new KIT-core IPv6 was activated for all VLANs.

For my VLAN IPv6 is introduced at the moment, what do I have to consider?

Basically: nothing. Only if you have named your subnet or addresses from your subnet anywhere for validation, it can happen that you have to register your new IPv6 subnet there again. This is exactly the case when the destination (where it is validated) also speaks IPv6. More precisely, when the name, you are addressing, is also registered in DNS with an IPv6 address.

Can my computer be reached directly from the outside?

For both IPv4 and IPv6 the central firewall ensures that services in the KITnet are only accessible from outside after explicit activation. Within the KITnet there are only a few barriers. This means that a computer is generally not accessible from outside.

Are router advertisements activated?

Yes. This means the routers sends information to all clients in the subnet via the default gateway. It doesn’t have to and also should not be set manually on clients. The gateway is a link-local address from the range fe80::/16 and is only valid in the broadcast-domain/in the VLAN.

Does my computer automatically get an IPv6 address, when IPv6 is activated in my VLAN?

By default the stateless address autoconfiguration (SLAAC) is activated. Thereby the prefix (subnet) will be published over the router-advertisement and the computers configure themselves an IPv6 address. There is always a stable address that does not change even after restarting the computer. This can be entered in the DNS. The DNS resolvers are also automatically distributed via router advertisements.

Static IP address configuration for servers
On servers we recommend to configure static IP-address as it is for IPv4. We have reserved the addresses <…>:: to <…>::f for network services in each subnet. The first free and usable address is <…>::10. From the rest of the address space you can choose the address randomly.
The DNS-resolver should also be configured statically on servers. On a server that has an IPv6 address, only the IPv6 addresses of the resolvers should be entered. The IP addresses of the DNS resolver at KIT can be found on our overview page for the DNS server at KIT.
Not only with clients but also with servers the default gateway can be configured automatically by router advertisement. From our point of view there are no disadvantages in doing so. In order to configure the server completely statically, you can configure the first address in the subnet as the default gateway as it is listed in the DNSVS. In every BCD in the KIT core there can be fe80::1 as a default gateway configured instead.
Attention: there where observed problems with the simultaneous evaluation of the router advertisements and the static configuration of the gateways under linux. It is highly recommended to deactivate the evaluation of router advertisements on linux servers, when the default gateways is registered statically. This is described in the slides above.

How can I store IPv6 DNS entries?

DNSVS section representatives can create IPv6 DNS entries (AAAA/PTR) by themselves. DNS entries are published every two hours as with IPv4. For questions to DNSVS please get in touch with dns-betrieb∂scc.kit.edu

Is there a possibility to operate IPv6 without IPv4?

IPv6 is an independent protocol that can be set up in parallel to IPv4 (dual stack). Services that aren’t accessible via IPv6 yet, can still be accessed via IPv4. If you do not need to set up IPv4, you can use NAT64 as temporary solution. To activate the NAT64 services, the following resolvers must be entered on a system:

  • 2a00:1398::64:1

  • 2a00:1398::64:2

The SCC offers two VLANs for testing purpose via wifi2vlan. When logging with realm “ipv6-only-dns64”, the special resolvers for NAT64 are automatically sent to the end device. The second realm "ipv6-only” uses the standard-resolver of the KIT. A connection to IPv4 services isn’t possible here.