IPv6 support for Vault

Avatar
Owen Zhang
  • Updated

Introduction

IPv6 is the most recent version of the Internet Protocol, IPv4 is the most widely used Internet Protocol. Vault support both IPv4 and IPv6. From Vault configuration, IPv6 can be used on Vault Configuration file listener TCP parameter localhost, cluster_addr and api_addr

Vault are written with Golang, and uses the Golang net package, so it will inherit compatibility, or any issues it may have. https://golang.org/pkg/net/ The few issues reported to HashiCorp Support have been due to older hardware-based network switches not having full IPv6 support, and not due to Vault.

About IPv6 address representation

  • The 128 bits of an IPv6 address are represented in 8 group of 16 bits each. Each group is written as four hexadecimal digits and groups are separated by colons(::). An example of this representation is 2001::0db8::0000::0000::0000::ff00::0042::8329

  • One or more leading zeros from any group of hexadecimal digits are removed, which is usually done to all of the leading zeros. For example the group 0042 is converted to 42

  • Consecrative sections of zeros are replaced with two colons(::). This may only be used once in an address as multiple use would render address indeterminate 

    e.g. Initial address: 2001:0db8:0000:0000:0000:ff00:0042:8329

    After removing all leading zeros in each group: 2001:db8:0:0:0:ff00:42:8329

    After omitting consecutive sections of zeros: 2001:db8::ff00:42:8329

  • Based on IPv6 addresses contain colons, and URLs use colons to separate the host from port number, so an IPv6 address used as the host part of a URL should be enclosed in square bracket,

    e.g. http://[2001:db8:4006:812::200e] or http://[2001:db8:4006:812::200e]:8080/path/page.html.

Listening on all IPv6 & IPv4 Interfaces

This example shows Vault listening on all IPv4 & IPv6 interfaces including localhost.

listener "tcp" {
address         = "[::]:8200"
cluster_address = "[::]:8201"
}

Listening to specific IPv6 address

This example shows Vault only using IPv6 and binding to the interface with the IP address: 2001:1c04:90d:1c00:a00:27ff:fefa:58ec

listener "tcp" {
address         = "[2001:1c04:90d:1c00:a00:27ff:fefa:58ec]:8200"
cluster_address = "[2001:1c04:90d:1c00:a00:27ff:fefa:58ec]:8201"
}

# Advertise the non-loopback interface
api_addr = "https://[2001:1c04:90d:1c00:a00:27ff:fefa:58ec]:8200"
cluster_addr = "https://[2001:1c04:90d:1c00:a00:27ff:fefa:58ec]:8201"

Additional Information: 

Articles in this section

See more

Related articles