REDES DE DATOS I

Class 8. IPv6 Addressing

Alberto Arellano A. Ing. Msc.
[email protected]
CCNA – CCNP – CCSP-JNCIA
IPv6 Adoption Statistics
IPv6 Adoption Statistics

https://stats.labs.lacnic.net/IPv6/graph-access.html
When will IPv6 exceed IPv4?
• Traffic doubles every 2 years.
• 80% of traffic is still IPv4.
• IPv6 is at 20%. Let’s assume its share increases by 10 % per year
• IPv6 reaches 60% in 2019
Transitioning to IPv6?
Dual Stack
Dual stack means that devices are able to run IPv4 and IPv6 in
parallel. It allows hosts to simultaneously reach IPv4 and IPv6
content, so it offers a very flexible coexistence strategy.

Benefits
• Native dual stack does not require any tunneling mechanisms on
internal networks
• Both IPv4 and IPv6 run independent of each other
• Dual stack supports gradual migration of endpoints, networks,
and applications
Dual Stack - Windows
Dual Stack - GNU/Linux
Tunneling – 6to4
6to4 is an IPv4 tunnel-based transition mechanism defined in RFC-
3056 (02/2001). It was designed to allow different IPv6 domains
communicate with other IPv6 domains through IPv4 clouds without
explicit IPv4 tunnels. Use protocol number 41 in the ipv4 header.
 IPv6 over IPv4 GRE Tunnels
GRE – RFC 2784 (03/2000) provides a way to encapsulate
packets inside of a transport protocol and transmit them
from one tunnel endpoint to another. Use protocol
number 47 in the IPv4 header.

20 Bytes 4 Bytes 40 Bytes

IPv6 Address
IPv6 addresses are 128 bits long
• Segmented into 8 groups of four HEX characters (called HEXtets)
• Separated by a colon (:)
• Default is 50% for Prefix ID, 50% por Interface ID
IPv6 Address Format
IPv6 Address Notation

2001:0DB8:AAAA:1111:0000:0000:0000:0100

2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100

16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

1 2 3 4 5 6 7 8

IPv6 addresses are 128-bit addresses represented in:

• Hexadecimal: 1 hex digit = 4 bits
• Eight 16-bit segments or “hextets” (not a formal term) between 0000
and FFFF
• Separated by colons
• Reading and subnetting IPv6 is easier than IPv4
Rules for Compressing IPv6 Addresses
• Two rules for reducing the size of written IPv6 addresses.
• First rule: Leading zeroes in any 16-bit segment do not have to be written.
Rules for Compressing IPv6 Addresses
• Second rule: Any single, contiguous string of one or more 16-bit segments
consisting of all zeroes can be represented with a double colon (::).
IPv6 Prefix Length
• IPv6 prefixes are always identified by prefix length.
• Prefix length - The number of bits in the Prefix portion of the
address (equivalent to the network portion of the address).
• Separates the Prefix portion from the Interface ID (equivalent to
the host portion of the address).
• Written immediately following the IPv6 address, usually no space.
Interface ID /64
• The standard LAN size has been set at a /64
• 18,446,744,073,709,600,000 IPv6 addresses
• Let’s attempt to exhaust all of the available addresses
• We will allocate 10,000,000 addresses per second
• Hint: there are 31,536,000 seconds per year
• 10,000,000 x 31,536,000 = 315,360,000,000,000

18,446,744,073,709,600,000
/ 315,360,000,000,000
= 58494,24 years

17
IPv6 Address Types…. Road Map
IPv6 Addresses

Unicast Multicast Anycast

Assigned Transient Solicited-Node

ff00::/8 ff10::/12 ff02::1:ff00:0000/104

Global Unique Embedded

Link-Local Loopback Unspecified
Unicast Local IPv4
2000::/3 fe80::/10 ::1/128 ::/128 fc00::/7 ::/80

IPv6 does not have a “broadcast” address.

RFC 6724 (09/2012) - Default Address Selection

IPv6 Source and Destination Addresses
• IPv6 Source – Always a unicast
• IPv6 Destination – Unicast,
IPv4
multicast or anycast.

IPv6
Global Unicast Address (GUA)

IPv6 Internet

• Global Unicast Address (GUA)

• 2000::/3 (Range 2000::/64 thru 3fff:fff:fff:fff::/64)
• Globally unique, routable, similar to public IPv4
addresses
• 2001:DB8::/32 - RFC 2839 reserves this range of
addresses for documentation
• 1/8th of IPv6 address space
Global Unicast Address (GUA)
Interface ID

• Except under very specific circumstances, all end users will have
a global unicast address.
• Note: A host (an interface) can potentially have multiple IPv6
addresses on the same or different networks.
• Terminology:
• Prefix equivalent to the network address of an IPv4
address
• Prefix length equivalent to subnet mask in IPv4
• Interface ID equivalent to host portion of an IPv4 address
IPv6 GUA Assigment by RIRs

https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtml
Options for Configuring a GUA Address
Global Unicast

Manual Dynamic

Stateless Stateful
Manual
SLAAC DHCPv6

SLAAC +
Manual + EUI 64 DHCPv6

IPv6 DHCPv6-PD
Unnumbered
Options for Configuring a GUA Address
Options for Configuring a GUA Address

Configuring the IPv6 global unicast address

LinuxPC$ ifconfig eth0 inet6 add 2001:db8:cafe:4::400/64

Configuring the IPv6 default gateway address

LinuxPC$ route –A inet6 add default gw 2001:db8:cafe:4::1

Verifying the IPv6 global unicast address

LinuxPC$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:af:14:1b
inet6 addr:0.0.0.6 Bcast:255.255.255.255 Mask:0.0.0.0
inet6 addr: 2001:db8:cafe:4::400/64 Scope:Global
inet6 addr: fe80::250:56ff:feaf:141b/64 Scope:Link
<output omitted>

Verifying the IPv6 default gateway

LinuxPC$ ip -6 route show
<output omitted>
default via 2001:db8:cafe:4::1 dev eth0 metric 1
Parts of a Global Unicast Address
IPv4 Unicast Address /?

Network portion Subnet portion Host portion

32 bits

IPv6 Global Unicast Address

/48 /64
16-bit
Global Routing Prefix Interface ID
Subnet ID

128 bits

• 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616)

devices/subnet
• 16-bit Subnet ID (initially recommended) = 65,536 subnets
/64 Global Unicast Address and the 3-1-4
Rule
/48 /64
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

Global Routing Prefix Subnet ID Interface ID

3 1 4

2001 : 0DB8 : CAFE : 0001 : 0000 : 0000 : 0000 : 0100

3 + 1 = 4 (/64) : 4
2001:0DB8:CAFE:0001:0000:0000:0000:0100/64
2001:DB8:CAFE:1::100/64
Subnetting IPv6
Can you count in hex?
Just increment by 1 in Hexadecimal:
2001:0DB8:CAFE:0000::/64
2001:0DB8:CAFE:0001::/64

3-1-4 Rule
2001:0DB8:CAFE:0002::/64 ...
2001:0DB8:CAFE:0009::/64
2001:0DB8:CAFE:000A::/64

Valid abbreviation is to remove the leading 0s:

2001:DB8:CAFE:1::/64
Interface ID - SLAAC
SLAAC stands for Stateless Address Autoconfiguration, it is a mechanism that enables
each host on the network to auto-configure a unique IPv6 address without any device
keeping track of which address is assigned to which node.
EUI-64 PROCESS
One of IPv6's key benefits over IPv4 is its capability for automatic interface
addressing. By implementing the IEEE's 64-bit Extended Unique
Identifier (EUI-64) format, a host can automatically assign itself a unique
64-bit IPv6 interface identifier without the need for manual configuration
or DHCP. This is accomplished on Ethernet interfaces by referencing the
already unique 48-bit MAC address, and reformatting that value to match
the EUI-64 specification.
EUI-64 PROCESS
OUI Device Identifier
24 bits 24 bits

Hexadecimal 00 03 6B E9 D4 80
Step 1: Split the MAC address

Binary 0000 0000 0000 0011 0110 1011 1110 1101 0100 1000 0000
1001

Step 2: Insert FFFE F F F E

Binary 0000 0000 0000 0011 0110 1011 1111 1111 1111 1110 1110 1101 0100 1000 0000
1001

Step 3: Flip the U/L bit

Binary 0000 0010 0000 0011 0110 1011 1111 1111 1111 1110 1110 1101 0100 1000 0000
1001

Modified EUI-64 Interface ID in Hexadecimal Notation

Binary 02 03 6B FF FE E9 D4 80
 LINK-LOCAL UNICAST RANGE

• Link – Network segment Link-

local means, local to that link
or network.
LINK-LOCAL UNICAST

Link-Local Communications

• Used to communicate with other devices on the link.

• Are NOT routable off the link (network).
• Only have to be unique on the link.
• Not included in the IPv6 routing table.
• An IPv6 device must have at least a link-local address.
LINK-LOCAL UNICAST
LINK LOCAL ADDRESS - AN IMPORTANT
ROLE IN IPV6
From: Link-local or
Routing Protocol unspecified
Messaging address
To: Multicast
From: Link-local ICMPv6 Router
To: Multicast Solicitation

ICMPv6 Router I will use your

Advertisement link-local as my
default
From: Link-local
gateway,
To: Multicast

• Used as a source IPv6 address before a device gets one dynamically (SLAAC and
DHCPv6).
• Router’s link-local address is used by devices as the default gateway.
• Routers exchange routing messages.
• Router use the link-local address as the next-hop address in the routing table: via
link-local address.
DYNAMIC LINK-LOCAL UNICAST
ADDRESS
First 10 bits
1111 1110 10xx xxxx Remaining 54 bits 64-bit Interface ID

fe80::Interface ID

Link-local addresses are created

• Automatically :
• fe80 (usually) – First 10 bits
• Interface ID
• EUI-64 (routers)
• Random 64 bits (many host operating systems)
• Static (manual) configuration – Common practice for
routers.
LOOPBACK & UNSPECIFIED ADDRESSES
• Loopback Address
• ::1/128
• Used by a node to send an IPv6 packet to itself, typically
when testing the TCP/IP stack
• Same functionality as IPv4 loopback 127.0.0.1
• Not routable.

• Unspecified Address
• :: (all-0s)
• Indicates the absence or anonymity of an IPv6 address (RS
source address)
• Used as a source IPv6 address during duplicate address
detection process
MULTICAST ADDRESSES

ff00::/8
Multicast

Well-Known Transient Solicited-Node

ff00::/12 ff10::/12 ff02:0:0:0:0:1:ff00::/104

• Used by a device to send a single packet to multiple destinations

simultaneously (one-to-many).
• Equivalent to 224.0.0.0/4 in IPv4.
• Two types of multicast addresses:
• Well-known or Assigned
• Transient
• Solicited-Node
IPV6 MULTICAST ADDRESSES - FLAG

• Flag
• The first three flags are: 0 (reserved), R (rendezvous point), and P (network
prefix), used on multicast routing.)
• The fourth flag is the transient flag (T flag), which denotes two types of multicast
addresses:
• Permanent (0): These addresses, known as predefined multicast addresses, are
assigned by the Internet Assigned Numbers Authority (IANA) and include both
well-known and solicited-node multicast.
• Nonpermanent (1): These are “transient,” or “dynamically assigned,” multicast
addresses.
• They are assigned by multicast applications.
• An example might be ff18::cafe:1234, used for a multicast application with
organizational scope.
IPV6 MULTICAST ADDRESSES - SCOPE

Multicast

• Scope is a 4-bit field used to define the range of the multicast packet.
• Scope (partial list):
• 0 Reserved
• 1 Interface-Local scope
• 2 Link-Local scope
• 5 Site-Local scope
• 8 Organization-Local
scope
• e Global scope
MULTICAST ADDRESSES
Flag = 0, Assigned multicast
Scope = 2, Link-local scope
Prefix Flag Scope Predefined Group ID Compressed Description
Format (IPv6 assumed)
ff 0 2 0:0:0:0:0:0:1 ff02::1 All-devices
ff 0 2 0:0:0:0:0:0:2 ff02::2 All-routers
ff 0 2 0:0:0:0:0:0:5 ff02::5 OSPF routers
ff 0 2 0:0:0:0:0:0:6 ff02::6 OSPF DRs
ff 0 2 0:0:0:0:0:0:9 ff02::9 RIP routers
ff 0 2 0:0:0:0:0:0:A ff02::a EIGRP routers
ff 0 2 0:0:0:0:0:1:2 ff02::1:2 DHCP
servers/relay
agents

IPv6 does not have a broadcast address, but there is an all-nodes or all-
IPv6 devices multicast address, ff02::1, which has a similar effect.
MULTICAST ADDRESSES

• Solicited Node Multicast Address

• FF02:0:0:0:0:1:FF00::/104 (FF02::1:FFxx:xxxx)
• Used during ICMPv6 neighbor discovery address
resolution (ARP in IPv4) for obtaining the layer 2 link -
layer addresses of other nodes.
 ANYCAST ADDRESSES
• An IPv6 anycast address is any IPv6 unicast address. We can assign this
address to multiple network devices.
• Like a multicast address, anycast address identifies multiple interfaces,
however, while multicast packets accepted by multiple machines,
anycast packets delivered to the nearest device having that address.
• The nearest is determined by the routing protocol.
• An anycast address must be assigned to a router, not to a host and
cannot be used as a source address
ICMPV6 - INTERNET CONTROL
MESSAGE PROTOCOL FOR IPV6
• ICMPv6 is defined in RFC 4443 (03/2006)
• Similar to ICMPv4, describes two types of
messages:
• Informational
• Error
• ICMPv6 Neighbor Discovery is described
in RFC 4861.
• Much more robust than ICMP for IPv4.
• Contains new functionality and
improvements.

Next
All ICMPv6 IPv6 Main ICMPv6
Header Data
messages Header 58 Header
ICMPV6 MESSAGES
• Neighbour or router discovery (133-137)
• Multicast Listener Discovery (130-132, 143)
• Diagnostics using Ping, Traceroute (128, 129)
• Destination Unreachable(1)
• Packet Too Big (2)
• Time Exceeded (3)
• Parameter Problem (4)

Type → (1-127) = Error messages, 128-255 Informational messages

ERROR MESSAGE:
DESTINATION UNREACHABLE MESSAGE
Code Values
0 - No route to destination
0 8 16 24 31 1 - Communication with
destination administratively
Type = 1 Code Checksum
prohibited
2 - Beyond scope of source
address
Unused 3 - Address unreachable
4 - Port unreachable
5 - Source address failed
ingress/egress policy
6 - Reject route to destination

Sent when a packet cannot be delivered to its destination

for reasons other than congestion.
• A router (or a firewall) usually generates these messages.
• Type = 1
• Code values vary, giving more detail.
ERROR MESSAGE: PACKET TOO BIG

0 8 16 24 31
Type = 2 Code = 0 Checksum

MTU of the next hop link

• IPv4 routers fragment a packet when the MTU

(Maximum Transmission Unit) of the outgoing link is
smaller than the size of the packet.
• The destination device is responsible for reassembling
the fragmented packets.
• IPv6 routers do not fragment packets. (PMD)
ERROR MESSAGE: TIME EXCEEDED

IPv6

0 8 16 24 31
Type = 3 Code = 0 Checksum

Unused

• If a router receives a packet with a Hop Limit of zero, or if a

router decrements a packet's Hop Limit to zero, it MUST:
• Discard the packet
• Send an ICMPv6 Time Exceeded message (Type = 3, Code
0) to the source of the packet.
• This indicates either a routing loop or too small an initial Hop
Limit value.
ERROR MESSAGE: PARAMETER PROBLEM
Code Extension Header Name

0 8 16 24 31 0 Erroneous header field

encountered
Type = 4 Code Checksum
1 Unrecognized Next
Header type
encountered
Pointer
2 Unrecognized IPv6
option encountered

Next
? Next
IPv6 Main Extension TCP
Header Header Data
Header 138
Header
6 Header

• Type 4
• Generated when a receiving device finds a problem with a field in
the main IPv6 header such as the Next Header field – packet is
discarded.
ICMPV6
ECHO REQUEST AND ECHO REPLY
Type 128 = Echo Request
Type 129 = Echo Reply
0 8 16 24 31
Type = 128/129 Code = 0 Checksum
Identifier Sequence Number

Data

Ping PCB ICMPv6 Echo Request

PCA PCB
ICMPv6 Echo Reply

• Similar to IPv4 Echo Request and Echo Reply messages are

used by the ping utility.
ICMPV6
NEIGHBOR DISCOVER PROTOCOL (RFC4861)
ICMPv6 Neighbor Discovery defines 5 different packet types:
• Router Solicitation Message
• Router Advertisement Message

Used with dynamic address allocation Router-Device Messaging

• Neighbor Solicitation Message

• Neighbor Advertisement Message

Used with address resolution (IPv4 ARP)

Device-Device
Messaging

• Redirect Message
Similar to ICMPv4 redirect message
Router-to-Device messaging
DYNAMIC ADDRESS ALLOCATION IN IPV6

To all IPv6 routers: I I might not be

need IPv6 address needed.
information.

ICMPv6 Router Solicitation

DHCPv6 Server
To all IPv6 devices: ICMPv6 Router Advertisement
Let me tell you how
to do this …
1. SLAAC

2. SLAAC with
Stateless DHCPv6

3. Stateful DHCPv6
SLAAC
(Stateless Address
Autoconfiguration)
ROUTER ADVERTISEMENT FLAGS
ICMPv6 Router
Advertisement DHCPv6
Option 1, 2, or 3 Server

RA Address Allocation Method A Flag O Flag M Flag

(SLAAC) (Stateless DHCPv6) (Stateful DHCPv6)
Default: On Default: Off Default: Off
Method 1: SLAAC (default) 1 (on) 0 (off) 0 (off)
Method 2: SLAAC and stateless DHCPv6 1 (on) 1 (on) 0 (off)
Method 3: Stateful DHCPv6 0 (off) N/A 1 (on)

RA message contains three flags to tell a device how to obtain or create its global
unicast address:
• Address Autoconfiguration flag (A flag): When set to 1 (on), this flag tells the
receiving host to use SLAAC to create its global unicast address.
• Other Configuration flag (O flag): When set to 1 (on), this flag tells the host to
get other addressing information, other than its global unicast address, from a
stateless DHCPv6 server.
• Managed Address Configuration flag (M flag): When set to 1 (on), this flag tells
the host to use a stateful DHCPv6 server for its global unicast address and all other
addressing information.
SLAAC
2001:db8:cafe:1::/64
G0/0 R1
GUA ::1
WinPC
LLA fe80::1
LLA fe80::d0f8:9ff6:4201:7086
Method 1: SLAAC

2 Default Gateway: fe80::1 1 IPv6 Header

Prefix: 2001:db8:cafe:1:: To: ff02::1 (All-IPv6 devices)
Prefix-length: /64 RA From: fe80::1 (Link-local address)
Flags: A = 1 --------------------------------------------------------
ICMPv6 Router Advertisement
3
GUA Address: Prefix: 2001:db8:cafe:1::
2001:db8:cafe:1: + Interface ID Prefix-length: /64
Flags: A = 1, O = 0, M = 0
-------------------------------------------------------
EUI-64 Process or 4 Other Options:
Random 64-bit value
DNS Server Address
ROUTER SOLICITATION - ROUTER ADVERTISEMENT

2001:DB8:CAFE:1::/64
Link-local: FE80::1 Link-local: FE80::50A5:8A35:A5BB:66E1
R1 MAC: 00-03-6b-e9-d4-80 MAC: 00-21-9b-d9-c6-44
PC1
Router Solicitation
• Sent when device needs IPv6 1
addressing information. To: FF02::2 (All-IPv6 Routers)
Router Advertisement From: FE80::50A5:8A35:A5BB:66E1
• Sent every 200 seconds or in RS
response to RS ICMPv6 Router Solicitation
2
To: FF02::1 (All-IPv6 devices)
From: FE80::1 (Link-local address) RA
ICMPv6 Router Advertisement
ADDRESS RESOLUTION: IPV4 AND IPV6

ARP Request: Broadcast

IPv4: ARP over Ethernet Ethernet ARP Request/Reply
ARP
Cache Know
IPv4, what
My IPv4! 2 1 PC1
PC2 is the
Here is the ARP Reply
MAC?
ARP Request MAC?

2 1 Neighbor Know
My IPv6!
Neighbor Neighbor Cache IPv6, what
Here is the
Advertisement Solicitation is the
MAC?
MAC?

IPv6: ICMPv6 over IPv6 over Ethernet

NS: Multicast NS: Solicited Node Multicast
Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement
NEIGHBOR SOLICITATION - NEIGHBOR
ADVERTISEMENT

2001:DB8:CAFE:1::200/64 2001:DB8:CAFE:1::100/64
FF02::1:FF00:200 (Solicited Node Multicast)
MAC Address MAC Address
PC2 00-1B-24-04-A2-1E 00-21-9B-D9-C6-44 PC1
1
PC1> ping 2001:DB8:CAFE:1::200

4 3 Neighbor Cache 2 5
Neighbor Neighbor <empty until step 5>
Advertisement Solicitation

NS: Multicast NS: Solicited Node Multicast

Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement
NA: Unicast NA: Unicast
NEIGHBOR CACHE

Neighbor Solicitation Neighbor Advertisement

PC1
Neighbor Cache
IPv6 Address MAC Address
2001:DB8:ACAD:1::10 0021.9bd9.c644
? IPv6 - 2001:DB8:ACAD:1::10
MAC - 0021.9bd9.c644

• Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses

• Similar to ARP Cache for IPv4
• 5 States (2 noticeable and 3 transitory):
• Reachable: Packets have recently been received providing confirmation that
this device is reachable.
• Stale: A certain time period has elapsed since a packet has been received
from this address.
• Transitory States: INCOMPLETE, DELAY, PROBE
NEIGHBOR CACHE
R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0

2001:DB8:AAAA:1::100 16 0021.9bd9.c644 STALE Fa0/0

R1# ping 2001:db8:aaaa:1::100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0

2001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0

R1#
Enabling IPv6 Unicast Routing on
Cisco_1
The ipv6 unicast-
routing global configuration
command must be configured
to enable the CISCO router to
forward IPv6 packets and
participate static/dynamic IPv6
routing.

R1(config)# ipv6 unicast-routing

R1(config)#
Configure IPv6 Address Cisco_1
Configure IPv6 Address VYOS
Configure IPv6 Address VYOS
Configure IPv6 Address JUNOS-1
set interfaces em0 unit 0 family inet6 address 2001:ACDC:1212:2::2/64
set interfaces em1 unit 0 family inet6 address 2001:ACDC:1212:6::1/64
Check connectivity