Blocked by my ISP. So I have it all blocked.

Don’t use ULA, those are non internet routable addresses so they will never use v6 for internet things. Use the range assigned from your ISP.
SLAAC. Because Android has one ass of a dev who refuses to include DHCPv6

I have that conf: /etc/sysctl.d/01-ipv6.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

But that falls under your exception. It seems to me that IPv6 causes more problems than it solves.

Idk. what assignment we use, but our ISP gave us (company) a prefix and we offer our services (for our team) IPv6 first. IPv4 is only used within the company network where a DNS server resolves the domains if needed.

It works great for us. If my private ISP would allow it, I would do the same.

The only systems with ip6v in my network are Wi-Fi devices and my public-facing reverse proxy. I use a prefix delegated by my ISP.

All of my non-public servers have ipv4 only.

I use global addresses for everything. ULA is the equivalent of the private networks like 10.0.0.0/8 on IPv4. It doesn’t need a static IP. ULA will work without any internet connection. If you run an IPv6 only network, it would be a good idea to set up ULA so you can access your local devices if the internet goes down.

I only use SLAAC on my network because DHCPv6 is not well supported. My router does use DHCPv6 to get a prefix from the ISP though.

1. Probably wouldn’t hurt to set them up, especially if you don’t have a static prefix. The good thing is that interfaces can have multiple IPv6 addresses, so they can use both the public address and the ULA.
2. SLAAC should always be enough. Make sure you don’t block the ICMP6 messages it needs though (I’ve been bitten by that once, firewalld behaves weirdly around this).

ISP issues a prefix that I delegate.

Also delegate an ULA prefix, intended for stake local addresses but d actually just use ipv4 for those (also had difficulty getting ipv6 to work with microk8s and multus due to inexperience).

SLAAC.

I use ULA for my WireGuard tunnels, otherwise it’s all public IPv6 (mostly lightly firewalled).

I’m fine with SLAAC, even for servers. I just manually update my DNS with the server addresses when I set them up.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

8 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #284 for this comm, first seen 11th May 2026, 19:20] [FAQ] [Full list] [Contact] [Source code]

My setup is a pile of kludges built on top of each other over the last two decades.

I started with ULAs distributed through DHCP, connected to named, which allows hosts do declare their own name and let me access local services as though I had a real domain.

My ISP eventually started supporting IPV6, but only assigned /128, so the ULAs got NAT-6ed out to the real world.

I eventually learned how to request prefix delegation from the ISP and set up SLAAC.

So now, my PIv6 clients have a) their link-local address, b) the ULA, c) a “privacy” SLAAC, and d) a unique SLAAC. All my internal services still refer to the ULAs.

I don’t think I’d recommend this system for someone setting up from scratch. The easiest thing would be to go with SLAAC, if you can get prefix delegation, and set your DNS/pihole to send the unique-SLAAC address of any servers you run.

I’m doing slaac and some reservations for devices that just randomly pop new MACs (vms or something, I don’t remember why.

I use aliases for my firewall rules. DNS I don’t really have working.

SLAAC with ISP-provided prefix. Everything that wants an IPv6 address gets one and I’ve got my firewall set to block pretty much all in-bound traffic other than SSH. It’s nice being able to SSH directly to something rather than using a jump host or VPN.

I also use ULA because NFS mounts over IPv6 on the global addresses would hang/timeout every time the SLAAC address rotated which is frequent due to privacy extensions.

Until very recently, I exclusively used the /56 prefix I get from my ISP exclusively. This is still relatively annoying in my case as this prefix changes at least daily for some reason. Clients get their IP via SLAAC.

I’ve added ULA literally less than a week ago as I have a local reverse proxy I want to handle both local and external request, in both v6 and v4. Obviously more hosts should be accessible from local clients. But I can’t tell local clients apart except by IP, and since the prefix is unstable this would require some sort of hook to update the proxy with that new prefix (might be possible, but seems like a real hassle). So here we are.

I live in spain so the main ISP is well provided with IPv4 blocks and have zero incentive to deploy IPv6 outside of mobile networks. So the IPv6 deployment here is like 3% and I don’t have access to it 🫠

I don’t use IPv6 on my lab. They been screaming to the bleachers since like 2010 that IPv6 is right around the corner due to lack of addresses, and I’ve still seen no real reason to want to adopt for it.

My current provider doesn’t even support it… so why should I?

I use IPv6 local only. Everything else is IPv4. Reason being, my commercial VPN does not support IPv6 and I have reservations about leakage. My ISP already ships with IPv4 & IPv6.

I can’t get IPv6 in any worthwhile form from my ISP. IMHO IPv6 isn’t any more useful than IPv4 if you only have ULA. And NAT is not as well supported since it wasn’t intended to even be really necessary for example. So even if you are starting from scratch or just using it internally, there are some disadvantages to implementing it over just sticking with IPv6. But if your ISP actually provides IPv6 it might be worth it as long as your devices all support it. But otherwise you’re going to need to set up IPv4 in addition, anyway, so you’re just going to create problems for no good reason, IMHO.

Just static IP, since I have a static subnet delegated by my provider, on a shitty cable modem.

My provider doesn’t provide IPv6, but I rented a server in a data center, bought a subnet, and tunneled it home via WireGuard. So the scheme is roughly: VPS (fd00:1::/64) <-> (fd00:1::/64) Home router (realv6/64) <-> Home network

Router configuration:

/etc/sysctl.d/10-ipv6-privacy.conf

net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1

/etc/radvd.conf

interface br0 {
    AdvSendAdvert on;
    MinRtrAdvInterval 3;
    MaxRtrAdvInterval 30;

    AdvManagedFlag on;      # M=1 → Address via DHCPv6
    AdvOtherConfigFlag on;  # O=1 → Additional options via DHCPv6

    # SLAAC is still possible for Android
    prefix realv6::/64 {
        AdvOnLink on;
        AdvAutonomous on;   # Allow SLAAC
    };

    RDNSS realv6::1 {
        AdvRDNSSLifetime 1800;
    };
    DNSSL home.lan {
        AdvDNSSLLifetime 1800;
    };
};

/etc/kea/kea-dhcp6.conf

{
  "Dhcp6": {
    "interfaces-config": {
      "interfaces": [ "br0" ]
    },

    "lease-database": {
      "type": "memfile",
      "persist": true,
      "lfc-interval": 86400,
      "name": "/var/lib/kea/dhcp6.leases"
    },

    "renew-timer": 21600,
    "rebind-timer": 43200,
    "preferred-lifetime": 43200,
    "valid-lifetime": 86400,

    "subnet6": [
      {
        "id": 1,
        "subnet": "realv6::/64",
        "interface": "br0",
        "pools": [
          { "pool": "realv6::1000 - realv6::ffff" }
        ],
        "option-data": [
          { "name": "dns-servers",   "data": "realv6::1" },
          { "name": "domain-search", "data": "home.lan" }
        ]
      }
    ],

    "loggers": [
      {
        "name": "kea-dhcp6",
        "output-options": [
          { "output": "stdout" }
        ],
        "severity": "WARN"
      }
    ]
  }
}

And of course, iptables is necessary. Something like: /etc/iptables/ip6tables.rules