Digitalboard/docs
5
1
Fork 0
Code Pull requests 1 Activity Actions
docs/infrastructure/ipv6.md

3.2 KiB
Raw Permalink Blame History

IPv6 Overview and Best Practices

Summary

We agreed to setup dual stack by default as IPv6 is essential for modern IT infrastructures and significantly simplifies network management in the long term. By relying on DNS names instead of raw IP addresses, operating an own, globally valid IPv6 stack, using Dual Stack during the migration phase, and providing a Jump Host for IPv6-only zones, networks become more robust, scalable, and future-proof.

Decisions

  • Use Dual Stack (IPv4 and IPv6 addresses)
  • Rely on DNS names instead of raw IP addresses
  • Each school is responsible for its DNS records and must manage them for IPv4/IPv6 (including CNAME records for ACME)
  • The Digitalboard provides an optional service (dynamic DNS zone for acme challenge responses) as described in the ACME documentation
  • The Digitalboard might act as a RIPE customer and provide a /32 or /48 IPv6 network for interested schools

Meetings

  • 05.08.2025: Bert-Jan Fikse, Tobias Schaller, Tobias Wüst, Tom Jampen (inital version)

Why IPv6?

IPv6 was introduced to address the limitations of IPv4, most notably the shortage of available addresses. It provides an almost unlimited address space, improved support for modern networking, and forms the foundation for future-proof infrastructures.

DNS instead of IP addresses

  • IPv6 addresses are long and difficult to memorize (e.g. 2001:db8:85a3::8a2e:370:7334).
  • It is therefore recommended to use DNS names for virtual machines (VMs) and other systems.
    → This improves administration, readability, and reduces error potential.

Own IPv6 Stack

  • The RFC4193 range (fd00::/8) is reserved for local, private use, similar to private IPv4 networks (e.g. 192.168.x.x). → Disadvantages:
    • In a dual stack environment (IPv4 and IPv6 with fd00::/8 addresses) IPv4 is used by default, so IPv6 is never used!
  • For production environments, it is preferable to use public, globally routable IPv6 prefixes obtained from an ISP or an own IPv6 allocation.
    → Advantages:
    • Unique addressing without overlaps
    • Direct reachability and routability on the Internet
    • Sustainable, future-oriented network design
    • As a direct RIPE customer an institution can get one /29 IPv6 network (resulting in 8 /32 IPv6 networks) for < CHF 2'000.-/year (e.g. one /32 network for CHF 250.-/year)

Dual Stack as a Transition Strategy

  • In many environments, IPv4 cannot be replaced immediately.
  • Dual Stack allows IPv4 and IPv6 to operate in parallel.
  • This enables a gradual transition to IPv6 without requiring a complete redesign of the network infrastructure at once.
  • Dual Stack can be maintained as long as necessary, until IPv6 adoption is complete.

Jump Host for IPv6-only Zones

  • When migrating to IPv6-only environments, not all clients or tools may yet support IPv6.
  • A Jump Host with both IPv4 and IPv6 connectivity can serve as an entry point.
  • It enables access from IPv4-based networks into IPv6-only segments, acting as a controlled and secure bridge during the transition phase.
  • This approach ensures operability while gradually phasing out IPv4.