The coming of IP version 6 has been imminent for quite a long time now. Ever since people realized that we were going to run out of public IPv4 addresses in a short period of time, then IPv6 has been pushed to the forefront as saying this is the future and where we need to migrate to. Now mind you, we’ve gotten really good at Network Address Translation, and because of that it’s really delayed the migration to IPv6 quite a lot. Really, it’s made a lot of engineers wonder whether there really is a need to actually move to IPv6.
IPv6 provides a much larger address field, as we’ll see very shortly here, and because of that we really do need to know what an IPv6 address looks like, how to work with them, and how to configure them on our devices. A lot of people get a bit intimidated by the IPv6 address. In this lesson, I’ll try and remove that scary cloak and work with them here.
First, an IPv6 address has a 128-bit address field, this is different than our IP version 4 addresses which are 32 bits and are written in four octets of dotted decimal notation. The dotted decimal represents an 8-bit section, thus where the name octet came from.
With IPv6, each section represents 16 bits, and thus are called hextets. We have four hexadecimal characters, each character representing four bi ts and each hextet representing 16 bits. Our hextets are separated by colons and that is standard notation for your IPv6 address, and here’s an example address:
Subnet masks with IPv6 work exactly the same as with IPv4 addresses. The subnet mask however is only written in CIDR notation, never dotted decimal or other notation. So, a /64 would mean there are 64 1s in a row, followed by 64 0s (128 bit address field) and that that is your subnet mask. Just like IPv4, each of the 1s represents that the corresponding bit in the address is part of the network identifier, as opposed to the host identifier.
The place where it seems most are intimidated by the IPv6 address is that it’s a much bigger address field. Now, because it is so much bigger, we need some rules here so that we’re not having to write out the full address every single time. Here we’ll go over them:
- Leading 0s
- Zero compression
With this convention, we can remove all preceding zeros within a hextet. Let’s take the following address for example:
In our second hextet here how we have 0db8. This can be simplified to just db8. In any hextet with fewer than 4 characters in it, it is implied that the additional characters are preceeding 0s. This is the compressed version, we do not put our preceding zeros there, we just remove them:
Next, if we have a section of contiguous zeros, we can, once per an address, remove that section and replace it with just a double colon. It’s important to remember that this can only be done once per address. Taking our same example, let’s apply the Zero Compression convention:
IPv6 Address Assignments
let’s talk a little about how IPv6 addresses are assigned. In North America we’ve got ARIN, which is the American Registry for Internet Numbers. Now with IPv6 addresses, because there are just so many, it’s likely that everything is going to have a public IPv6 address. However, there does exist a private address space in IPv6 which is analogous to the RFC1918 private address space of IPv4. This is the Unique Local space:
The most common prefix length in IPv6 is /64, in fact many devices do not support assigning an address with anything longer than /64. Considering that IPv6 provides a 128 bit address field, this gives us 64 bits of host addressing space, a whopping 18 quintillion host addresses. That might give you a sense of just how many IPv6 addresses there are. A /64 is even recommended on point-to-point links, mostly because /64 addresses are compatible with EUI-64 stateless address configuration, where we can automatically generate a valid IPv6 address using the MAC address of the interface, the 48-bit MAC address, and we’ll talk more about EUI-64 in just a little bit.
So, ARIN, or your regional internet numbers registry, will generally assign an ISP a block of addresses to assign to its customers. This larger block will commonly be a /16 or /32. Then the ISP, if they have a large enterprise that needs a static address block, the ISP can offer the enterprise a /48 address assignment. Now this, mind you, leaves you with 16-bits of IPv6 subnets for subnetting. If the network engineers of that enterprise want to do 64 subnets throughout your organization, as is recommended, then you have 16-bits to assign /64 subnets. That would be 65,536 /64 subnets available for the enterprise to use. huge numbers.
IPv6 Address Types
- Global Unicast
- Unique Local
- Link Local
- Modified EUI-64
First up: global unicast addresses. These are addresses that are in the range 2000::/3. This prefix is broken up further and assigned to regional registries for public registration. More information on the allocations from this range can be found on IANA.
The unique local address space is the private IPv6 address space that is analogous to the RFC 1918 address space in IPv4. The unique local prefix is fc00::/7. Since this address space is a private space, it’s not routable on the internet, just like the RFC 1918 space, and therefore any devices which are assigned addresses in this space may only access the internet through the use of NAT. As mentioned above, with the shear number of IPv6 addresses available, NAT simply isn’t necessary. However, there is active unsettled discussion around whether NAT is still preferred as a security measure. You still need a firewall, though in a sense NAT does provides an additional layer of security, where your devices are not directly reachable over the internet unless explicitly configured as such.
The link local address is a special address which doesn’t really have an IPv4 equivalent. The prefix is fe80::/10. It is similar to the MAC address at layer 2, because the link local address is only for communication on the local network segment, it cannot be routed at all. Often you’ll see a device is assigned multiple IPv6 addresses, one of which will start with fe80 and is the link local address that’s only used for communication within the broadcast domain, since routers will not route the link local address space.
In IPv6, we have a formalized anycast address. Now anycast addresses and global unicast addresses are actually the same, in that there is no differentiation between them, there is just a formal definition for anycast addressing in IPv6. This differs from IPv4 where engineers have made anycast routing work, though it was never intended in the IPv4 RFCs. Anycast is the concept of having multiple servers or devices use the same address, and a client of that server will communicate with whichever one is closer, to provide the fastest communication and best experience.
Next up: Multicast. IPv6 is very heavy in multicast. we’ll talk about some well-known multicast addresses a little later here
Finally: Modified EUI-64. EUI-64 (Extended Unique Identifier – 64) is a stateless autoconfiguration technique. See with IPv6, it’s possible to self-assign fully routable addresses. This means technically you could have an entire enterprise network function without the use of an DHCP servers. Of course in IPv4 you have the 169.254.0.0/16 APIPA addresses in Windows. However the APIPA self-assigned addresses in a Windows LAN are not globally unique and are not routable, it’s only functional on the local LAN. In IPv6 though, with Modified EUI-64 stateless auto configuration, we actually create a globally unique address that can be used to route across the internet.
How Modified EUI-64 works: First, we split the MAC address in half and jam ffffe in the middle. Then the seventh bit from the left of the MAC address should be inverted. Remember these are hexadecimal, so each character is representing four bits. The seventh bit from the left is the 2^1 position of the second character of the MAC address.
Documentation Address Space
A global unicast address space that starts with 2001:db8/32 is a special address space that is reserved for documentation. so the smart minds behind IPv6 decided to create a whole separate range just for example documentation. When you read white papers or when you read RFCs, or other documentation you’re going to see this address space, 2001:db8 a lot. As it is a reserved range for example documentation, and it is only to be used for that purpose.
Anycast Vs. Multicast
Anycast is ‘one to closest‘, whereas multicast is ‘one to many‘. In IPv4 Anycast was achieved through clever routing techniques with BGP, however IPv6 has purposeful builtin mechanisms for anycast.
Multicast is kind of like listening to the radio where we would tune into the right frequency we wanted and be able to receive the stream. The ‘frequencies’ are called groups, which are multicast addresses. To receive the traffic that is sent to that group, the end device simply listens in on that address. There are other mechanisms for an endpoint to signal its interest in receiving a group’s stream to upstream routers, like IGMP and PIM, though that’s outside the scope of this lesson.
Here’s some well-known multicast addresses, I would commit these to memory as they’re likely to be on the CCNA exam.
First, the multicast range is ff00::/8
- FF02::1 – All IPv6 devices (broadcast)
- FF02::2 – All IPv6 routers
- FF02::5 – All OSPFv3 routers
- FF02::A – All EIGRP(IPv6) routers
Let’s dig into these a little bit. First, ff02::1, is the group that all devices capable of IPv6 listen to. Recall in the IPv6 address types we mentioned that IPv6 doesn’t have a broadcast mechanism built in. What we do have is a multicast address that everyone listens to. This can help avoid flooding of a broadcast message where no IPv6 devices exist in the network.
Next, ff02::2, all IPv6 routers. All routers capable of routing for IPv6 are required to listen to this group. This plays a significant role in the stateless autoconfiguration. In order to generate a globally unique address, a device needs to know what prefix to use (The first 64 bits of the address). The device will ask for that prefix with a router solicitation message, sending out an IPv6 packet to the ff02::2 address, the all IPv6 routers multicast address, saying “any IPv6 routers out there, please send me your router advertisement. The router advertisement includes the router’s unicast IP as well as the prefix that the end device can use to generate a globally unique IPv6 address using Modified EUI-64.
Take a look at this lesson’s video for more details and a lab demonstration of Modified EUI-64 stateless autoconfiguration!