The Ultimate Guide to IPv6 Addressing: What You Need to Know

The transition to IPv6 addressing is a critical development in the evolution of internet protocols, driven by the exhaustion of IPv4 addresses. IPv6, with its 128-bit addressing, offers an expansive address space capable of providing a unique public address for every device on the planet.

This guide explains IPv6 of Layer 3 OSI Model, covering its prefix length, unicast, multicast, and unique local addresses, along with various methods of address configuration and generation.

As the Internet runs out of IPv4 addresses, IPv6 emerges as the permanent solution. IPv6 uses 128-bit addresses, creating an address space so large that every device on the planet could have a unique public address.

IPv6 is the most recent version of the Internet Protocol, intended to eventually replace IPv4. IPv6 addresses are 128 bits in length, providing a theoretical maximum of 340 undecillion addresses.

To migrate networks to IPv6, there are three migration techniques:

  1. Dual Stack: IPv4 and IPv6 coexist on the same network segment, with devices running both protocol stacks simultaneously.
  2. Tunneling: IPv6 packets are transported over an IPv4 network by encapsulating them inside IPv4 packets.
  3. Network Address Translation 64 (NAT64): IPv6-enabled devices communicate with IPv4-enabled devices using a translation technique similar to IPv4 NAT.

Improvements IPv6 Provides:

  • Increased Address Space: IPv6 uses 128-bit hierarchical addressing, greatly expanding the address pool.
  • Improved Packet Handling: The IPv6 header has been simplified for more efficient processing.
  • Elimination of NAT: IPv6 eliminates the need for Network Address Translation (NAT), avoiding problems with applications that require end-to-end connectivity.
  • Built-in Security: IPv6 has built-in support for IPSec, offering integrated encryption.

IPv6 addresses and Ethernet MAC addresses are represented in the hexadecimal numbering system. IPv6 addresses use hexadecimal numbers: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. Every four bits is represented by a single hexadecimal digit, totaling 32 hexadecimal values.

Hex to Binary to Decimal Table

Hexadecimal Number Binary Number Decimal Number
0 0000 0
1 0001 1
2 0010 2
3 0011 3
4 0100 4
5 0101 5
6 0110 6
7 0111 7
8 1000 8
9 1001 9
A 1010 10
B 1011 11
C 1100 12
D 1101 13
E 1110 14
F 1111 15

 

The preferred format for IPv6 is x:x:x:x:x:x:x , with each “x” consisting of four hexadecimal values from 0000 to FFFF (example: 2001:0db8:000a:0001:c012:9aff:fe9a:19ac).

A "hextet" refers to a segment of four hexadecimal values in 16 bits.

Rules to Simplify IPv6 Notation:

1. Omit Leading Zeros: Leading zeros in any hextet can be omitted (e.g., 01ab -> 1ab, 0a00 -> a00).

2. Use Double Colon (::): A double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros (e.g., 2001:db8:cafe:1:0:0:0:1 -> 2001:db8:cafe:1::1). The rule can only be used once within an address. If an address has more than one contiguous string of all-0 hextets, use the double colon (::) on the longest string. If the strings are equal, the first string should use the double colon (::).

Understanding IPv6 Prefix Length

IPv6 operates under the same principles as IPv4. The network portion of an IPv6 address is represented in slash notation, known as the prefix length, which can range from 0 to 128. For LANs and most other networks, the recommended IPv6 prefix length is /64. This allocation leaves 64 bits for the interface ID (host portion) of the address, simplifying subnetting and enabling stateless address autoconfiguration (SLAAC).

IPv6 Address Types: Unicast, Multicast, and Anycast

IPv6, like IPv4, includes different types of addresses.

These fall into three categories:

  1. Unicast: An address that uniquely identifies an interface on an IPv6-enabled device.
  2. Multicast: Used to send a single IPv6 packet to multiple destinations. The multicast group must have a single IPv6 multicast destination address that begins with ff00::/8.
  3. Anycast: Any IPv6 unicast address that can be assigned to multiple devices. A packet sent to an anycast address is routed to the nearest device having that address.

Unlike IPv4, IPv6 does not have a broadcast address. However, it includes an all-nodes multicast address that serves a similar function.

Exploring IPv6 Unicast Addresses

There are various categories of unicast addresses, each serving different functions. Each network interface on a typical IPv6 host is logically multihomed, meaning it can have more than one NIC or IP address. In the context of IPv6, this implies that devices will have more than one type of unicast address assigned.

IPv6 Unicast Addresses:

  1. Global Unicast (starts with 2 or 3);
  2. Link-Local (starts with fe8);
  3. Loopback (::1/128);
  4. Unspecified (::);
  5. Unique local (fc00::/7 - fdff::/7);
  6. Embedded IPv4.
IPv6 addresses typically have two unicast addresses:
  1. Global Unicast Address (GUA) - globally unique, internet-routable addresses. GUAs can be configured statically or assigned dynamically.
  2. Link-Local Address (LLA) - required for every IPv6-enabled device.

LLAs are used to communicate with other devices on the same local link. With IPv6, the term link refers to a subnet. Their uniqueness must only be confirmed on that link because they are not routable beyond the link. When IPv6 is enabled on any interface, that interface will automatically generate an IPv6 link-local address.

Detailed Look at Global Unicast Addresses (GUA)

The Internet Committee for Assigned Names and Numbers (ICANN), which operates the Internet Assigned Numbers Authority (IANA), allocates IPv6 address blocks to the five Regional Internet Registries (RIRs). Currently, only IPv6 global unicast addresses with the first three bits of 001 or 2000::/3 are being assigned. The 2001:db8::/32 address has been reserved for documentation purposes.

Anatomy of IPv6 Global Unicast Address (GUA)

A Global Unicast Address (GUA) consists of three parts:

  1. Global Routing Prefix;
  2. Subnet ID;
  3. Interface ID.

The global routing prefix (network portion of the address) is assigned by the provider (ISP). /48 prefixes are a common global routing prefix. The size of the global routing prefix determines the size of the subnet ID.

The subnet ID field is the area between the global routing prefix and the interface ID, used by organizations to identify subnets within their site.

A /64 subnet or prefix (global routing prefix + subnet ID) leaves 64 bits for the interface ID, which is recommended to allow SLAAC-enabled devices to create their own 64-bit interface ID.

There are two ways in which a device can obtain an IPv6 GUA automatically:

  1. Stateless address autoconfiguration (SLAAC)
  2. Stateful DHCPv6

A Global Unicast Address (GUA) is dynamically obtained through Internet Control Message Protocol version 6 (ICMPv6) messages.

IPv6 routers periodically send out ICMPv6 Router Advertisement (RA) messages every 200 seconds to all IPv6-enabled devices on the network. An RA message is also sent in response to a host sending an ICMPv6 Router Solicitation (RS) message, which is a request for an RA message.

ICMPv6 Router Solicitation (RS) and Router Advertisement (RA) Messages:

  1. RS messages are sent to all IPv6 routers by hosts requesting addressing information.
  2. RA messages are sent to all IPv6 nodes. If Method 1 (SLAAC only) is used, the RA includes network prefix, prefix-length, and default-gateway information.

The ICMPv6 RA message is a suggestion to a device on how to obtain an IPv6 GUA.

The ICMPv6 RA message includes:

  • Network prefix and prefix length - This tells the device which network it belongs to.
  • Default gateway address - This is an IPv6 LLA, the source IPv6 address of the RA message.
  • DNS addresses and domain name - These are the addresses of DNS servers and a domain name.

There are three methods for RA messages:

  1. Method 1: SLAAC
  2. Method 2: SLAAC with a Stateless DHCPv6 Server
  3. Method 3: Stateful DHCPv6 (No SLAAC)

Method 1: Stateless Address Autoconfiguration (SLAAC)

The SLAAC method allows a device to create its own GUA without using DHCPv6 services. Devices rely on the ICMPv6 RA messages from the local router to obtain the necessary information.

SLAAC is stateless, meaning there is no central server allocating GUAs and keeping a list of devices and their addresses.

The two parts of the address created are:

  • Prefix: Advertised in the RA message.
  • Interface ID: Created using the EUI-64 process or by generating a random 64-bit number, depending on the device's operating system.

When a client is configured to obtain its addressing information automatically via SLAAC, it sends a router solicitation message to the IPv6 all-routers multicast address FF02::2. Router advertisement messages are sent by routers to provide addressing information to clients. FF02::2 identifies all IPv6 routers on the link or network.

Method 2: Combining SLAAC and Stateless DHCPv6

In this method, the RA message suggests devices use:

  • SLAAC to create their own IPv6 GUA.
  • The router's LLA as the default gateway address.
  • A stateless DHCPv6 server to obtain other information, such as DNS server addresses and a domain name.

A stateless DHCPv6 server distributes DNS server addresses and domain names.

Method 3: Utilizing Stateful DHCPv6

In this method, the RA message suggests devices use:

  • The router's LLA for the default gateway address.
  • A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name, and other necessary information.

The default gateway address can only be obtained dynamically from the RA message.

EUI-64 Process for IPv6 Interface IDs

When the RA message indicates SLAAC or SLAAC with stateless DHCPv6, the client must generate its own interface ID. This can be done using the EUI-64 process or by generating a random 64-bit number.

The IEEE defined the Extended Unique Identifier (EUI) or modified EUI-64 process, which uses the client's 48-bit Ethernet MAC address and inserts another 16 bits in the middle to create a 64-bit interface ID.

An EUI-64 interface ID is represented in binary and consists of three parts:

  1. 24-bit OUI from the client MAC address, with the 7th bit (the Universally/Locally (U/L) bit) reversed (if the 7th bit is a 0, it becomes a 1, and vice versa).
  2. The inserted 16-bit value fffe (in hexadecimal).
  3. 24-bit device identifier from the client MAC address.

Randomly Generated IPv6 Interface IDs

Starting with Windows Vista, the operating system uses a randomly generated interface ID instead of one created with EUI-64.

After the interface ID is established, either through the EUI-64 process or through random generation, it can be combined with an IPv6 prefix in the RA message to create a GUA.

To ensure the uniqueness of any IPv6 unicast address, the client may use a process known as duplicate address detection (DAD). This is similar to an ARP request for its own address. If there is no reply, then the address is unique.

Understanding Link-Local Addresses (LLA)

IPv6 Link-Local Addresses (LLAs) are in the fe80::/10 range. The /10 prefix indicates that the first 10 bits are 1111 1110 10xx xxxx.

The first hextet ranges from 1111 1110 1000 0000 (fe80) to 1111 1110 1011 1111 (febf).

If an LLA is not manually configured on an interface, the device will automatically create its own without communicating with a DHCP server. This allows IPv6-enabled devices to communicate with other IPv6-enabled devices on the same subnet. Hosts use the LLA of a local router as the default gateway.

Routers use the LLAs of neighbor routers to send routing updates.

Two ways that a device can obtain an LLA:

  1. Statically - the device has been manually configured.
  2. Dynamically - the device creates its own interface ID by using randomly generated values or using the Extended Unique Identifier (EUI) method, which uses the client media access control (MAC) address along with additional bits.
Dynamic LLAs

All IPv6 devices must have an IPv6 LLA. Like IPv6 GUAs, you can also create LLAs dynamically.

Unique Local Addresses: Their Role and Importance

Unique local addresses (range fc00::/7 to fdff::/7) are not yet commonly implemented. They can be used to address devices that should not be accessible from the outside, such as internal servers and printers.

Deep Dive into IPv6 Multicast Addresses

A multicast address is used to send a single packet to one or more destinations (multicast group). IPv6 multicast addresses have the prefix ff00::/8.

There are two types of IPv6 multicast addresses:

  1. Well-Known Multicast Addresses;
  2. Solicited-Node Multicast Addresses.

Well-known IPv6 multicast addresses are assigned to predefined groups of devices.

Two common IPv6 assigned multicast groups are:

  1. ff02::1 All-Nodes Multicast Group: This group includes all IPv6-enabled devices. A packet sent to this group is received and processed by all IPv6 interfaces on the link or network, serving a similar function to the broadcast address in IPv4. IPv6 routers send ICMPv6 RA messages to the all-nodes multicast group.
  2. ff02::2 All-Routers Multicast Group: This group includes all IPv6 routers. A router joins this group when it is enabled as an IPv6 router using the ipv6 unicast-routing global configuration command. A packet sent to this group is received and processed by all IPv6 routers on the link or network. IPv6-enabled devices send ICMPv6 RS messages to the all-routers multicast address.

A solicited-node multicast address is similar to the all-nodes multicast address. It is mapped to a special Ethernet multicast address, allowing the Ethernet NIC to filter the frame by examining the destination MAC address. This avoids sending the frame to the IPv6 process unless the device is the intended target of the IPv6 packet.

Dissecting the IPv6 Packet Structure

The simplified IPv6 header consists of a fixed-length header of 40 octets, largely due to the length of the source and destination IPv6 addresses.

IPv6 Packet Header Field Descriptions and Lengths:

  1. Version: A 4-bit binary value set to 0110 that identifies this as an IPv6 packet.
  2. Traffic Class: An 8-bit field equivalent to the IPv4 Differentiated Services (DS) field.
  3. Flow Label: A 20-bit field suggesting that all packets with the same flow label receive the same type of handling by routers.
  4. Payload Length: A 16-bit field indicating the length of the data portion or payload of the IPv6 packet, excluding the length of the IPv6 header, which is a fixed 40-byte header.
  5. Next Header: An 8-bit field equivalent to the IPv4 Protocol field, indicating the data payload type the packet is carrying, enabling the network layer to pass the data to the appropriate upper-layer protocol.
  6. Hop Limit: An 8-bit field replacing the IPv4 TTL field. This value is decremented by 1 by each router that forwards the packet. When the counter reaches 0, the packet is discarded, and an ICMPv6 Time Exceeded message is sent to the sending host, indicating that the packet did not reach its destination because the hop limit was exceeded.
  7. Source IPv6 Address: A 128-bit field identifying the IPv6 address of the sending host.
  8. Destination IPv6 Address: A 128-bit field identifying the IPv6 address of the receiving host.

An IPv6 packet may also contain extension headers (EH), which are optional and placed between the IPv6 header and the payload. They are used for fragmentation, security, mobility support, and more. Routers do not fragment routed IPv6 packets.

IPv6 Addresses

Global unicast addresses starts with 2 or 3
Link-local addresses prefix fe80::/10
Multicast addresses prefix ff00::/8
All-routers multicast address ff02::2
All-nodes multicast address ff02::1
Loopback address ::1/128
Unique local addresses prefix fc00::/7 - fdff::/7