Symptoms
When making an outbound connection, your server uses an additional IPv6 address assigned to a cPanel account instead of the Main Shared IPv6 address.
Description
When adding additional IPv6 addresses to an account, they are placed above the previously loaded addresses in the eth device. By default, the top-most IPv6 address in the eth device is used for outbound communication.
Implementing IPv6 via SNI is the recommended setup in cPanel when using many network addresses. cPanel will manage assignments, but the routing needs to be defined by the server administrators. IPv6 addresses are allocated without a weight or priority; this can also cause the outbound communication address to not match the source address. To resolve this, please follow the workaround below.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-49232.
Update: This case has been resolved. Developers have concluded that it would be best for network administrators to define the IPv6 default routing address for outgoing when establishing IPv6 addresses in the server's network.
Workaround
To specify the Main Shared IPv6 address for outbound communication, you will need to add a custom route as follows.
ip -6 route add default via GATE::WAY::IP dev ethX src MAIN::SHARE::IPV6 Please note that you will need to replace "GATE::WAY::IP" with the correct Gateway and "MAIN::SHARE::IPV6" with your Main Shared IPv6 address.
To apply this route persistently, it would need to be added to a sysconfig network configuration file.
/etc/sysconfig/network-scripts/route-ethXFor example:
default via GATE::WAY::IP dev ethX src MAIN::SHARE::IPV6 metric 1Please note that you will need to replace "ethX" with the interface name where the IPv6 addresses are allocated. This is generally the same device name as "ETHDEV" in the cPanel "/etc/wwwacct.conf" configuration file.
