Score:4

Server

GCP, basic IPv6 set up for Linux VM Instance

sirkus7

11/26/22, 3:08 AM

I'm trying to set up a simple VM in Google Cloud Platform that can ping ipv6.google.com successfully. I'm using these GCP docs regarding IPv6 support, including :

[NOTE: Edited/updated to provide full commands used]

Here's my simple and repeatable proof of concept:

Within a project, create a VPC network

$ gcloud config set project my-test-project

$ gcloud compute networks create targetnet \
   --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional

Create subnet with IPv6 support

$ gcloud compute networks subnets create targetnet-1 \
   --network=targetnet --range=10.9.9.0/24 \
   --stack-type=IPV4_IPV6 --ipv6-access-type=EXTERNAL \
   --region=us-west2

Create an instance with IPv6 support

$ gcloud compute instances create test-1 \
   --stack-type=IPV4_IPV6 --ipv6-network-tier=PREMIUM \
   --subnet=targetnet-1 --zone=us-west2-a \
   --image-family=debian-10 --image-project=debian-cloud \
   --machine-type=e2-micro

Add a firewall rule to give SSH access to the instance

$ gcloud compute firewall-rules create target-ssh-home \
   --network targetnet --allow tcp:22 --source-ranges <my IPv4 addr>

SSH to the instance, look at the network addresses & route:

$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 state UP qlen 1000
    inet6 2600:1900:xxxx:xxxx:0:1::/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::4001:aff:fe04:2d2/64 scope link 
       valid_lft forever preferred_lft forever

$ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2600:1900:xxxx:xxxx:0:1:: dev ens4 proto kernel metric 256 pref medium
fe80::/64 dev ens4 proto kernel metric 256 pref medium
default via fe80::4001:aff:fe04:201 dev ens4 proto ra metric 1024 expires 85sec pref medium

Attempt to ping an external IPv6 resource:

$ ping6 ipv6.google.com
PING ipv6.google.com(lax31s01-in-x0e.1e100.net (2607:f8b0:4007:80e::200e)) 56 data bytes
From fe80::4001:ff:fe00:0%ens4 (fe80::4001:ff:fe00:0%ens4): icmp_seq=1 Destination unreachable: No route

The docs indicate the firewall defaults should allow outgoing ICMP. Still, I've also tried adding firewall rules to allow ICMP (and every) service in various forms to see if that helped. This did not change the result. Also, I confirmed that GCP added a default IPv6 route for the network. (::/0).

According to the documentation, the GCP is to provide a /64 and the NIC should be assigned the first address from that range. I don't see that here. Is there something I need to do on the host to get that? Or is there something I've missed that is needed in GCP?

1171

1 + 4

ipv6

linux-networking

google-compute-engine

google-cloud-platform

John Hanley

11/26/22, 6:14 AM

Check that your VPC has an IPv6 default route. Can you ping **fe80::4001:aff:fe04:201**? If not the problem is within the OS (OS firewall rule, etc.)

sirkus7

11/26/22, 1:23 PM

Thanks @JohnHanley. No I cannot ping the next hop. As I mentioned, I'm using the default Debian 10 image. I haven't added any firewall rules, and ip6tables shows nothing blocking that I can see. Do you know of anything I should look for on the OS?

sirkus7

11/27/22, 3:17 AM

In case I was missing something in my explanation, I updated the post to include the exact commands I'm using to build the test. Hopefully that may help someone identify a step I'm missing.

John Hanley

11/27/22, 3:19 AM

Try creating a new VM with a different OS. If you cannot ping the next hop, you probably have an OS level problem.

Ray Foss

3/23/23, 11:39 PM

I'm also having a similar experience across multiple ISPs, ssh over IPV6 works after opening up the firewall, but ICMP seems to be permanently blocked. Why does your ens4 have a prefix of 128, when GCP subnets are 96 and the VMs are 64. I just for go the whole gateway thing and use the loopback for IPv6 in external mode. To be clear SSH over IPv6 works.

Score:3

Server

Anant Swaraj

11/28/22, 8:53 AM

Connecting to Google APIs and services from VPCs via external IPv6 addresses is currently not supported. Efforts to ping ‘ipv6.google.com’ from Cloud VM via IPv6 often lead to a destination unreachable ICMP response.
I had replicated your setup with the steps you mentioned and I was also getting the same “Destination unreachable: No route” error while trying to ping ipv6.google.com, however I was able to ping other IPv6 sites like ‘wikipedia.org’ quite successfully.

Furthermore, to best use VMs with IPv6 network, you can prefer incorporating GCP Load Balancing with IPv6 support.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: GCP, basic IPv6 set up for Linux VM Instance

TH: GCP, basic IPv6 set up for Linux VM Instance

RO: GCP, basic IPv6 set up for Linux VM Instance

RU: GCP, basic IPv6 set up for Linux VM Instance

VI: GCP, basic IPv6 set up for Linux VM Instance

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.