Skip to main content

Search

How do I use IPv6 on my Canary?

Do you want to use IPv6 on your Canaries? This page shows you how to enable IPv6 in dynamic or static mode on your Canaries. You can also find information about running your Canaries in IPv6-only networks on this page.

Canaries and IPv6

Your Canaries have IPv6 disabled by default (relying only on IPv4). You can enable IPv6 on your Canaries in either dynamic or static mode.

The default network configuration is shown below (with IPv6 disabled).

Once you have enabled IPv6 on your Canary, the Canary will always have a link-local address (that looks similar to this fe80::ab:cd:ef:12) regardless of whether the network is IPv6 capable. The services running on the Canary will be accessible over all of the Canary's IPv6 addresses.

Configuring your Canary to dynamically obtain IPv6 addresses

Dynamic mode will allow the Canary to use SLAAC and DHCPv6 to obtain an IP address and DNS servers and should just work in most networks. Depending on your network configuration, the Canary might obtain multiple IPv6 addresses (aside from the link-local address which is always present).

Follow these steps to enable dynamic IPv6 on your Canary.

  1. Enable the Use an IPv6 address toggle.
  2. Dynamic mode is enabled by default.

image_edit.png

If your network does not supply DNS servers via DHCPv6 or RAs, you must specify custom IPv6 DNS servers, otherwise the Canary will roll back to its previous working settings.

The following Cloud providers don't serve DNS servers through DHCPv6 and therefore custom IPv6 DNS servers must be specified for birds running in those environments.

  • AWS — No IPv6 DNS servers provided via DHCP in dual stack subnets, but IPv6 DNS servers are provided in IPv6-only subnets (if they are configured on the subnet).
  • GCP — No IPv6 DNS servers provided via DHCP.
  • Oracle — No IPv6 DNS servers provided via DHCP.

Configuring your Canary with a static IPv6 address

You can also configure your Canary with a static IPv6 address that you specify. In this case you will need to specify two DNS servers, but the gateway is optional.

Follow these steps to enable static IPv6 on your Canary.

  1. Enable the Use an IPv6 address toggle.
  2. Enable the Static toggle.
  3. Enter a valid IPv6 address in the Canary IP Address input.
  4. Enter your first IPv6 DNS server's address in the IPv6 DNS Server 1 input.
  5. Enter your second IPv6 DNS server's address (or the first address again) in the IPv6 DNS Server 2 input.
  6. Optionally specify the gateway address that your Canary should us.

image2_edited.png

Deploying your Canary in an IPv6-only network

Since Canaries launch with IPv6 disabled by default, they must be customised at launch in order to successfully launch them in IPv6-only networks. See the Customising your Cloud or Virtual Canary on Launch page for details on general customisation for different platforms.

The two important keys to add to your user data are ipv4_enabled and ipv6. See the example below for disabling IPv4 (necessary in an IPv6-only network) and enabling IPv6 in dynamic mode.

{
  "autocommission_token": "...",
  "initial_settings": "...",
  "network": {
    "ipv4_enabled": false,
    "ipv6": {
        "mode": dynamic
    }
  }
}

You can specify custom DNS servers in dynamic mode as shown in the following example.

"ipv6": {
    "mode": dynamic,
    "dns1": "2001:db8:abcd:12::53",
    "dns2": "2001:db8:abcd:12::53"
}

You can also enable IPv6 in static mode as shown in the following example.

"ipv6": {
    "mode": "static",
    "ip_address": "2001:db8:abcd:12::100",
    "dns1": "2001:db8:abcd:12::53",
    "dns2": "2001:db8:abcd:12::53"
}

A static address in the Cloud init user data will be ignored on Cloud Canaries since they do not support static IP addresses.

IPv6-only Canaries on AWS

On AWS you need to add the following options when launching your Canary through the AWS CLI to assign a IPv6 address on launch and to allow it to access the IPv6 metadata URL.

--ipv6-address-count 1 --metadata-options HttpEndpoint=enabled,HttpProtocolIpv6=enabled,HttpTokens=required

The example below shows the user-data you should supply to the instance alongside the above options in order to launch a Canary in a IPv6-only network.

#cloud-config

canary_cloud_init:
  autocommission_token: ...
  network:
    ipv4_enabled: false
    ipv6:
      mode: dynamic
      dns1: 2001:4860:4860::8888
      dns2: 2001:4860:4860::8844

The two DNS servers (dns1 and dns2) can be omitted if your IPv6-only subnet has been configured to serve DNS servers on AWS.

Was this article helpful?
0 out of 0 found this helpful
Return to top