SSL Certificate Automation with Let's Encrypt
Automate SSL/TLS certificate issuance and renewal using Let's Encrypt, Certbot, and ACME. Cover HTTP and DNS challenges, wildcard certificates, and monitoring.
Three Categories of IPv6 Addresses
Unlike IPv4 which has unicast, broadcast, and multicast, IPv6 has three types:
| Type | Delivery | IPv4 Equivalent |
|---|---|---|
| Unicast | One-to-one | Unicast |
| Multicast | One-to-many | Broadcast + Multicast |
| Anycast | One-to-nearest | No direct equivalent |
There is no broadcast in IPv6. All one-to-many communication uses multicast.
Unicast Address Types
Global Unicast (GUA)
The equivalent of IPv4 public addresses. Globally routable and unique.
Prefix: 2000::/3 (addresses starting with 2 or 3)
Example: 2001:db8:1234:5678::1
Link-Local
Automatically assigned to every IPv6 interface. Only valid within a single network segment -- routers do not forward link-local traffic.
Prefix: fe80::/10
Example: fe80::1a2b:3c4d:5e6f:7890
Link-local addresses are essential for IPv6 operations: Neighbor Discovery, Router Advertisements, and routing protocol next-hops all use them.
Unique Local Address (ULA)
The IPv6 equivalent of RFC 1918 private addresses. Routable within your organization but not on the public internet.
Prefix: fc00::/7 (practically fd00::/8)
Example: fd12:3456:789a::1
Use ULA when you need stable internal addressing that does not depend on your ISP's prefix.
Loopback
::1/128 (equivalent to IPv4's 127.0.0.1)
Unspecified
::/128 (equivalent to IPv4's 0.0.0.0)
Multicast Addresses
All multicast addresses start with ff. The structure encodes the scope and group:
ff[flags][scope]::[group ID]
| Address | Scope | Meaning |
|---|---|---|
| ff02::1 | Link-local | All nodes on the link |
| ff02::2 | Link-local | All routers on the link |
| ff02::1:ff00:0/104 | Link-local | Solicited-node (for NDP) |
| ff05::2 | Site-local | All routers in the site |
Scope values: 1=interface, 2=link, 5=site, 8=organization, e=global.
Anycast Addresses
An anycast address is assigned to multiple interfaces (usually on different routers). Packets sent to an anycast address are delivered to the topologically nearest instance.
Common use: DNS root servers
2001:503:ba3e::2:30 -> Multiple anycast instances worldwide
Traffic goes to the nearest one
Anycast addresses look identical to unicast addresses -- the difference is in routing configuration, not address format.
Every Interface Has Multiple Addresses
A typical IPv6 interface has at least three addresses simultaneously:
eth0:
fe80::1a2b:3c4d:5e6f:7890 (link-local, auto)
2001:db8:1:1::100 (global unicast, SLAAC or DHCPv6)
fd00:1:1::100 (ULA, if configured)
This multi-address design is fundamental to IPv6 and enables features like privacy extensions, address deprecation, and seamless renumbering.