IPv6 binding error: Cannot assign requested address

Question

As I understand, IPv6 addresses are allocated in blocks. Each machine gets a range of IPv6 address and any IPv6 address in that range would point to it.

Basis for this assumption: https://stackoverflow.com/a/15266701/681671

The /64 is the prefix length. It is the number of bits in the address that is fixed. So a /64 indicates that the first 64 bits of the 128-bit IPv6 address are fixed. The remaining bits (64 in this case) are flexible, and you can use all of them. This means that when your ISP gives you a /64 they are giving you 264 addresses (that is 18,446,744,073,709,551,616 addresses).

Edit: I confirmed using Wireshark that the packets sent to any IP in that /64 range do get routed to my server.

Looking at this line from ifconfig output

inet6 2a01:2e8:d2c:e24c::1  prefixlen 64  scopeid 0x0<global>

I conclude that all IPv6 addresses with 2a01:2e8:d2c:e24c prefix will point to my machine.

However I am unable to bind any service to any IPv6 address other than 2a01:2e8:d2c:e24c:0000:0000:0000:0001

nc -l 2a01:2e8:d2c:e24c:0000:0000:0000:0002 80 Does not work

nc -l 2a01:2e8:d2c:e24c:0000:0000:0001:0001 80 Does not work

nc -l 2a01:2e8:d2c:e24c:1000:0000:0000:0001 80 Does not work

nc -l 2a01:2e8:d2c:e24c:0000:0000:0000:0001 80 Only this works

nc -l <IP> <PORT> opens up a simple TCP server on the specified IP and port.

The error I get is nc: Cannot assign requested address

I want to run multiple instances of a service on same port but different IPv6 addresses. Since public IPv6 address are abundantly available to each machine, I thought of utilizing the same.

ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 88.77.66.55  netmask 255.255.255.255  broadcast 88.77.66.55
        inet6 fe80::9300:ff:fe33:64c1  prefixlen 64  scopeid 0x20<link>
        inet6 2a01:2e8:d2c:e24c::1  prefixlen 64  scopeid 0x0<global>
        ether 96:00:00:4e:31:e4  txqueuelen 1000  (Ethernet)
        RX packets 26788391  bytes 21199864639 (21.1 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21940989  bytes 20045216536 (20.0 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

OS: Ubuntu 18.04

VPS Host: Hetzner

I am actually trying to run multiple nginx docker containers mapped to port 80 on different IPv6 addresses of the host. That is when I encountered the problem. The nc -l test is just to simplify the problem description.

Answer 1

I conclude that all IPv6 addresses with 2a01:2e8:d2c:e24c prefix will point to my machine

That assumption is wrong. The prefix length has the same meaning as the IPv4 netmask. It determines which addresses are on your local network, not which addresses belong to your local host.

Answer 2

This is all you need:

ip route add local 2a01:2e8:d2c:e24c::/64 dev lo

Credit: Can I bind a (large) block of addresses to an interface?

Answer 3

To re-iterate and expand upon Sander's answer:

You must bind each individual IP address to the nic, network interface card, before it considers the traffic to send up the stack.

Wireshark sets the nic in promiscuous mode,i.e. send all traffic received.

There is a practical limit to how many IP addresses can be assigned on a system, MUCH less than the 2^64 required by the op post. Storing the addresses alone would be more than any system's memory.

Unlike IPV4 with its, 127.0.0.0/8, 2^24 loopback addresses, IPV6 only defines a single address 0::1/128.

The only practical solution would be to treat the entire IPV6 subnet as a "reverse" NAT using IP masquerading(NAT). This solution would require a second instance acting as the NAT "router". The rules would rewrite the destination addresses to a single address/port.