With the expanding deployment of IPv6, the probability of Linux servers facing IPv6 network problems has increased significantly. Due to the fundamental differences between the IPv6 protocol stack and IPv4, troubleshooting methods need to be specifically adjusted. System administrators need to master IPv6-specific diagnostic techniques to quickly locate and resolve network connectivity issues.

IPv6 network troubleshooting begins with basic status checks. First, it's necessary to confirm whether the network interfaces are correctly configured with IPv6 addresses. The ip command can be used to view detailed interface information:

ip -6 addr show

This command's output will display the IPv6 address configuration for all interfaces, including link-local addresses (fe80::/10) and global unicast addresses. Pay special attention to address status markers, such as "tentative" indicating the address is still in the duplicate address detection phase, and "deprecated" indicating the address has expired but is still usable. If an interface lacks the expected IPv6 address, the network configuration file and router advertising status need to be checked.

Network connectivity testing is a crucial part of the troubleshooting process. The ping6 command is specifically used for IPv6 connectivity testing:

ping6 -c 4 2001:db8::1

If the ping6 command is unavailable, a more compatible alternative can be used:

ping -6 2001:db8::1

For test scenarios requiring a specified source interface, especially a link-local address, it must be explicitly specified via parameters:

ping6 -I eth0 fe80::1

Route table checks are crucial for understanding packet forwarding paths. IPv6 routing tables are independent of IPv4 and require a specific command to query:

ip -6 route show

In the routing table output, the default route is typically represented as "default via fe80::1 dev eth0", where the next hop using a link-local address must be associated with a specific device. If necessary route entries are missing, packets will not be correctly forwarded to the destination network.

The Neighbor Discovery Protocol (NIP) is equivalent to ARP in IPv6 and is responsible for MAC address resolution. Neighbor table anomalies often cause connectivity issues:

ip -6 neighbor show

Neighbor table entries should show a "REACHABLE" state. If a large number of entries are in a "STALE" or "INCOMPLETE" state, it may indicate packet loss or configuration problems in the network. You can try clearing invalid neighbor entries:

ip -6 neighbor flush dev eth0

Firewall rules may block IPv6 communication. Different Linux distributions use different firewall tools, so you need to check accordingly:

# For iptables
ip6tables -L -n -v
# For nftables
nft list ruleset ip6

Focus on rules in the INPUT, OUTPUT, and FORWARD chains to ensure that no legitimate traffic is being blocked unintentionally. Temporarily disabling the firewall can help determine if the problem is caused by rules:

ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT

Network tracing tools are essential in complex scenarios. traceroute6 provides path tracing functionality:

traceroute6 2001:db8::1

For situations requiring deep packet inspection, tcpdump supports IPv6 traffic capture:

tcpdump -i eth0 ip6
tcpdump -i eth0 'ip6 and host 2001:db8::1'

DNS resolution is equally important for IPv6 services. Use the dig command to test AAAA record resolution:

dig AAAA example.com

Check your system DNS configuration to ensure it includes an IPv6 DNS server:

cat /etc/resolv.conf

System-level IPv6 configuration needs verification. Check kernel parameters controlling IPv6 behavior:

sysctl -a | grep ipv6

Key parameters include net.ipv6.conf.all.disable_ipv6 (completely disable IPv6), net.ipv6.conf.all.forwarding (enable forwarding), and net.ipv6.conf.all.autoconf (autoconfigure stateless addresses). Router advertising and DHCPv6 related issues require specialized tools for diagnosis. radvdump can listen for router advertising messages:

radvdump

For environments using DHCPv6, test client communication:

dhcp6c -d -D -f /etc/dhcp6c.conf eth0

Application layer issues should not be ignored. Check if the service is correctly listening on IPv6 addresses:

ss -tuln | grep ':'

The ":::80" in the output indicates that the service is listening on port 80 of all IPv6 addresses. If the service is only bound to an IPv4 address (0.0.0.0), the service configuration needs to be adjusted to support IPv6.

When encountering intermittent connectivity problems, system logs provide important clues:

dmesg | grep -i ipv6
journalctl -u NetworkManager | grep -i ipv6

MTU issues are more sensitive in IPv6 environments because IPv6 does not allow fragmentation on intermediate paths. Path MTU discovery failure can lead to large packet transmission failures:

ping6 -s 1500 2001:db8::1

Gradually increasing packet size and observing when packet loss begins can help determine the path MTU limit.

For complex network environments, writing automated inspection scripts can improve efficiency:

#!/bin/
echo "=== IPv6 address check ==="
ip -6 addr show
echo -e "\n=== IPv6 routing table ==="
ip -6 route show
echo -e "\n=== IPv6 neighbor table ==="
ip -6 neighbor show
echo -e "\n=== IPv6 listening service ==="
ss -tuln | grep ':'

Through a systematic troubleshooting approach, administrators can quickly pinpoint the root cause of IPv6 network problems. Careful inspection of each link, from the physical layer to the application layer, from host configuration to network devices, is crucial to ensuring the reliability of IPv6 services. As IPv6 becomes increasingly prevalent, mastering these diagnostic skills is becoming more and more important for Linux server administrators.