During my IPv6 deployments I've built up a collection of commands to handle some issues with addressing. I've set some of the more common ones up as bash aliases in my "~/.bashrc" for easy access. As you're deploying your own networks, you might find these useful.
Scanning techniques in IPv6 tend to rely on lazy administrators. This can be seen in using sequential addressing (::1, ::2, ::3, ...), using IPv4 addresses to determine IPv6 addresses, or just accepting SLAAC generated addresses. All of these can be predictable and can greatly reduce an attacker's time to scan and identify hosts on your network.
Manually configuring randomly generated addresses can keep that scan time in that "unfeasible" category. This first command will generate a random IPv6 suffix.
- alias ipv6-randip='dd if=/dev/urandom bs=8 count=1 2>/dev/null | od -x -A n | sed -e "s/^ //" -e "s/ /:/g" -e "s/:0*/:/g" -e "s/^0*//"'
The problem with random addresses is they are a pain to remember. Unless you're only dealing with a hand full of hosts, your address space is going to be impossible to keep track of without relying on other tools. The good news is that those tools are so numerous that I could never list all the possible ways of doing it. But even with those tools, there's a lot of configurations and settings that need to be dealt with. Probably the most common tool to keep track of these is going to be your DNS server. After all, you need to configure DNS for your hosts there anyway.
The first hurdle you'll hit when configuring your DNS is reverse lookup. This can be really annoying. Thankfully, this next command will take some of the annoyance out of setting up all those PTR records.
- alias ipv6-arpa='sed -e "s/:/:0000/g" -e "s/:0*\([0-9a-f][0-9a-f][0-9a-f][0-9a-f]\)/:\1/g" -e "s/://g" | rev | sed -e "s/./&./g" -e "s/$/ip6.arpa/"'
I have a tendency to build up a backlog of PTRs to generate so I can do multiple at the same time. So in that case I start up a terminal and run the following line.
- read X;while [ -n "$X" ];do echo "$X" | ipv6-arpa; read X; done
The last thing to consider when using random addresses in IPv6 is to keep track of your MACs. Every once in a while you'll need to look up a host on based on it's MAC or link local address. The next commands will take a MAC address and convert it to it's SLAAC equivalent, and convert a SLAAC back to it's MAC address.
- alias ipv6-mac2slaac='perl -e "\$_=lc<>;\$_=~s/[-:]//g;\$_ =~ m/^(..)(..)(..)(..)(....)/;printf(\"%02x%s:%sff:fe%s:%s\n\", ((hex \$1)|0x02), \$2, \$3, \$4, \$5);"'
- alias ipv6-slaac2mac='perl -e "\$_=lc<>;\$_=~m/(..)(..):(..)ff:fe(..):(..)(..)/;printf(\"%02x:%s:%s:%s:%s:%s\n\",((hex \$1)^0x02),\$2,\$3,\$4,\$5,\$6);"'
Hopefully these will save you some time and headache with your IPv6 deployment.