I use both ULA and global addresses. Servers set a token to make the last 64bits predictable, which simplifies dyndns. For some critical internal communication, I hard code the ULA address in my hosts file, for everything else, I rely on DNS (with global addresses). No DHCPv6.

I usually just disable IPv4 on my VMs, unless there is a specific need for IPv4. Most container networks are single stack as well. I have a squid proxy that services can use to access IPv4 http/https destinations if really necessary (combined with some additional filter rules); ideally I would like to have 464xlat/a nat64 gateway, but I never bothered to set that up yet. I will likely do that when I buy a new router (end of year?). I expect all my devices to support CLAT by then, so that will be the end of IPv4 on my network.

In the home/lab, I use public addresses with mostly SLAAC, but the host server has a static IP. I get A public /56 prefix via DHCPv6-PD from my ISP. There is a bit of a pain point if the prefix changes but it hasn’t happened since I moved here.

My ”production” setup is a bit more controversial. Since Hetzner charges extra for extra IPv6 subnets I simply created small /80 subnets for the VMs. While this does mean that SLAAC doesn’t work I can simply generate and assign static IPv6 IPs, same way as I do with IPv4. All generated from an ansible playbook that creates the VMs.

I have some ULA ranges as well, but it’s a bit of a special case as I only use it as internal IP ranges in a Kubernetes cluster. This is completely separated from the external network, with the cluster doing NAT to the node IPs anyway (even for IPv6), and all internal traffic being on an overlay network.

Blocked by my ISP. So I have it all blocked.

Don’t use ULA, those are non internet routable addresses so they will never use v6 for internet things. Use the range assigned from your ISP.
SLAAC. Because Android has one ass of a dev who refuses to include DHCPv6

I have that conf: /etc/sysctl.d/01-ipv6.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

But that falls under your exception.

I use ULA for my WireGuard tunnels, otherwise it’s all public IPv6 (mostly lightly firewalled).

I’m fine with SLAAC, even for servers. I just manually update my DNS with the server addresses when I set them up.

Idk. what assignment we use, but our ISP gave us (company) a prefix and we offer our services (for our team) IPv6 first. IPv4 is only used within the company network where a DNS server resolves the domains if needed.

It works great for us. If my private ISP would allow it, I would do the same.

I use global addresses for everything. ULA is the equivalent of the private networks like 10.0.0.0/8 on IPv4. It doesn’t need a static IP. ULA will work without any internet connection. If you run an IPv6 only network, it would be a good idea to set up ULA so you can access your local devices if the internet goes down.

I only use SLAAC on my network because DHCPv6 is not well supported. My router does use DHCPv6 to get a prefix from the ISP though.

My ISP provides a /48 for IPv6 via prefix delegation so all internal machines that support it have a ULA and DHCPv6. I have disabled SLAAC . In docker I assign a /64 of that prefix to docker containers. The local addresses is what most of the internal network stuff is based on (DNS etc) rather than the globally accessible address. The PD addresses are only about going onto the internet.

SLAAC actually is just fine, I just didn’t really want to be exposing the manufacturer information of the addresses online so preferred DHCP, but either or both together works from OpenWRT prefix delegation.

The only systems with ip6v in my network are Wi-Fi devices and my public-facing reverse proxy. I use a prefix delegated by my ISP.

All of my non-public servers have ipv4 only.

1. Probably wouldn’t hurt to set them up, especially if you don’t have a static prefix. The good thing is that interfaces can have multiple IPv6 addresses, so they can use both the public address and the ULA.
2. SLAAC should always be enough. Make sure you don’t block the ICMP6 messages it needs though (I’ve been bitten by that once, firewalld behaves weirdly around this).

Just static IP, since I have a static subnet delegated by my provider, on a shitty cable modem.

Every discussion I have seen on the subject says that docker ipv6 is pretty busted from a security perspective and you have to implement a bunch of workarounds.

I don’t have to time both to migrate to podman (and maybe have to run dual stacks for what isn’t available) AND migrate to ipv6. But apparently the way podman does it is also kind of a hacky way (I am far from a networking expert) so I will sit with my pretty decent, secure, and working ipv4 lol

ISP issues a prefix that I delegate.

Also delegate an ULA prefix, intended for stake local addresses but d actually just use ipv4 for those (also had difficulty getting ipv6 to work with microk8s and multus due to inexperience).

SLAAC.

I live in spain so the main ISP is well provided with IPv4 blocks and have zero incentive to deploy IPv6 outside of mobile networks. So the IPv6 deployment here is like 3% and I don’t have access to it 🫠