Configure and verify IPv6 addressing and prefix
Compare IPv6 address types
In the early 1990s, the Internet Engineering Task Force (IETF) grew concerned about the exhaustion of IPv4 network addresses and began to look for a replacement for this protocol. This activity led to the development of what is now known as IPv6. Today’s review focuses on the IPv6 protocol and IPv6 address types. We also review the various ways to implement IPv6 addressing, including subnetting, autoconfiguring hosts, and running IPv6 and IPv4 in a dual-stack configuration. IPv6 configuration on routers will be reviewed on Day 18, “Basic Router Configuration.”
Scaling networks today requires a limitless supply of IP addresses and improved mobility that private addressing and NAT alone cannot meet. IPv6 satisfies the increasingly complex requirements of hierarchical addressing that IPv4 does not provide. The main benefits and features of IPv6 include the following:
Extended address space: A 128-bit address space represents about 340 trillion trillion trillion addresses.
Stateless address autoconfiguration: IPv6 provides host devices with a method for generating their own routable IPv6 addresses. IPv6 also supports stateful configuration using DHCPv6.
Eliminates the need for NAT/PAT: NAT/PAT was conceived as part of the solution to IPv4 address depletion. With IPv6, address depletion is no longer an issue. NAT64, however, does play an important role in providing backward compatibility with IPv4.
Simpler header: A simpler header offers several advantages over IPv4:
Better routing efficiency for performance and forwarding-rate scalability
No broadcasts and, thus, no potential threat of broadcast storms
No requirement for processing checksums
Simpler and more efficient extension header mechanisms
Mobility and security: Mobility and security help ensure compliance with mobile IP and IPsec standards:
IPv4 does not automatically enable mobile devices to move without breaks in established network connections.
In IPv6, mobility is built in, which means that any IPv6 node can use mobility when necessary.
IPsec is enabled on every IPv6 node and is available for use, making the IPv6 Internet more secure.
Transition strategies: You can incorporate existing IPv4 capabilities with the added features of IPv6 in several ways:
You can implement a dual-stack method, with both IPv4 and IPv6 configured on the interface of a network device.
You can use tunneling, which will become more prominent as the adoption of IPv6 grows.
Table 27-1 compares the binary and alphanumeric representations of IPv4 and IPv6 addresses.
Table 27-1 IPv4 and IPv6 Address Comparison
|
IPv4 (4 Octets) |
IPv6 (16 Octets) |
Binary representation |
11000000.101010 00.00001010. 01100101 |
10100101.00100100.01110010.11010011.0010110 |
Alphanumeric representation |
192.168.10.101 |
2001:0DB8:2C80:DD02:0029:EC7A:002B:EA73 |
Total IP addresses |
4,294,967,296, or 232 |
3.4 × 1038, or 2128 |
Figure 27-1 compares the IPv4 header with the main IPv6 header. Notice that the IPv6 header is represented in 64-bit words instead of the 32-bit words used by IPv4.
IPv4 has three address types: unicast, multicast, and broadcast. IPv6 does not use broadcast addresses. Instead, IPv6 uses unicast, multicast, and anycast addresses. Figure 27-2 illustrates these three types of IPv6 addresses.
The first classification of IPv6 address types shown in Figure 27-2 is the unicast address. A unicast address uniquely identifies an interface on an IPv6 device. A packet sent to a unicast address is received by the interface that is assigned to that address. Much as with IPv4, source IPv6 addresses must be unicast addresses. Because unicast addressing—as opposed to multicast and anycast addressing—is the major focus for a CCNA candidate, we spend some time reviewing the Unicast branch in Figure 27-2.
IPv6 has an address format that enables aggregation upward, eventually to the ISP. An IPv6 global unicast address is globally unique. Like a public IPv4 address, it can be routed in the Internet without modification. An IPv6 global unicast address consists of a 48-bit global routing prefix, a 16-bit subnet ID, and a 64-bit interface ID. Use Rick Graziani’s method of breaking down the IPv6 address with the 3-1-4 rule (also known as the pi rule, for 3.14), shown in Figure 27-3.
Each number refers to the number of hextets, or 16-bit segments, of that portion of the address:
3: Three hextets for the global routing prefix
1: One hextet for the subnet ID
4: Four hextets for the interface ID
Global unicast addresses that are currently assigned by the Internet Assigned Numbers Authority (IANA) use the range of addresses that start with binary value 001 (2000::/3). This range represents one-eighth of the total IPv6 address space and is the largest block of assigned addresses. Figure 27-4 shows how the IPv6 address space is divided into an eight-piece pie based on the value of the first 3 bits.
Using the 2000::/3 pie piece, the IANA assigns /23 or shorter address blocks to the five Regional Internet Registries (RIRs). From there, ISPs are assigned /32 or shorter address blocks. ISPs then assign each site—that is, each customer—a /48 or shorter address block. Figure 27-5 shows the breakdown of global routing prefixes.
In IPv6, an interface can be configured with multiple global unicast addresses, which can be on the same or different subnets. In addition, an interface does not have to be configured with a global unicast address, but it must at least have a link-local address.
A global unicast address can be further classified into the various configuration options available, as Figure 27-6 shows.
We review EUI-64 and stateless address autoconfiguration in more detail later in this day. In upcoming days, we review the rest of the configuration options in Figure 27-6 in more detail. For now, Table 27-2 summarizes them.
Table 27-2 Summary of Global Unicast Configuration Options
Global Unicast |
Configuration Option |
Description |
Manual |
Static |
Much as with IPv4, the IPv6 address and prefix are statically configured on the interface. |
|
EUI-64 |
The prefix is configured manually. The EUI-64 process uses the MAC address to generate the 64-bit interface ID. |
|
IPv6 unnumbered |
Much as with IPv4, an interface can be configured to use the IPv6 address of another interface on the same device. |
Dynamic |
Stateless address autoconfiguration |
SLAAC determines the prefix and prefix length from neighbor discovery router advertisement messages and then creates the interface ID using the EUI-64 method. |
|
DHCPv6 |
Much as with IPv4, a device can receive some or all of its addressing from a DHCPv6 server. |
As Figure 27-2 shows, link-local addresses are a type of unicast address. Link-local addresses are confined to a single link. They need to be unique only to that link because packets with a link-local source or destination address are not routable off the link.
Link-local addresses are configured in one of three ways:
Dynamically, using EUI-64
Using a randomly generated interface ID
Statically, entering the link-local address manually
Link-local addresses provide a unique benefit in IPv6. A device can create its link-local address completely on its own. Link-local unicast addresses are in the range FE80::/10 to FEBF::/10, as Table 27-3 shows.
Table 27-3 Range of Link-Local Unicast Addresses
Link-Local Unicast Address |
Range of First Hextet |
Range of First Hextet in Binary |
FE80::/10 |
FE80 |
1111 1110 10 00 0000 |
|
FEBF |
1111 1110 10 11 1111 |
Figure 27-7 shows the format of a link-local unicast address.
The loopback address for IPv6 is an all-0s address except for the last bit, which is set to 1. As in IPv4, an end device uses the IPv6 loopback address to send an IPv6 packet to itself to test the TCP/IP stack. The loopback address cannot be assigned to an interface and is not routable outside the device.
The unspecified unicast address is the all-0s address, represented as ::. It cannot be assigned to an interface but is reserved for communications when the sending device does not have a valid IPv6 address yet. For example, a device uses :: as the source address when using the duplicate address detection (DAD) process. The DAD process ensures a unique link-local address. Before a device can begin using its newly created link-local address, it sends out an all-nodes multicast to all devices on the link, with its new address as the destination. If the device receives a response, it knows that link-local address is in use and, therefore, needs to create another link-local address.
Unique local addresses (ULA) are defined by RFC 4193, “Unique Local IPv6 Unicast Addresses.” Figure 27-8 shows the format for ULAs.
These are private addresses. However, unlike in IPv4, IPv6 ULAs are globally unique. This is possible because of the relatively large amount of address space in the Global ID portion shown in Figure 27-8: 40 bits, or more than 1 trillion unique global IDs. As long as a site uses the pseudo-random global ID algorithm, it will have a very high probability of generating a unique global ID.
Unique local addresses have the following characteristics:
Possess a globally unique prefix or at least have a very high probability of being unique
Allow sites to be combined or privately interconnected without address conflicts or addressing renumbering
Remain independent of any Internet service provider and can be used within a site without having Internet connectivity
If accidentally leaked outside a site by either routing or the Domain Name System (DNS), don’t cause a conflict with any other addresses
Can be used just like a global unicast address
IPv4 and IPv6 packets are not compatible. Features such as NAT-PT (now deprecated) and NAT64 are required to translate between the two address families. IPv4-mapped IPv6 addresses are used by transition mechanisms on hosts and routers to create IPv4 tunnels that deliver IPv6 packets over IPv4 networks.
To create an IPv4-mapped IPv6 address, the IPv4 address is embedded within the low-order 32 bits of IPv6. Basically, IPv6 just puts an IPv4 address at the end, adds 16 all-1 bits, and pads the rest of the address. The address does not have to be globally unique. Figure 27-9 illustrates this IPv4-mapped IPv6 address structure.
The second major classification of IPv6 address types in Figure 27-2 is multicast. Multicast is a technique by which a device sends a single packet to multiple destinations simultaneously. An IPv6 multicast address defines a group of devices known as a multicast group and is equivalent to IPv4 224.0.0.0/4. IPv6 multicast addresses have the prefix FF00::/8.
Two types of IPv6 multicast addresses are used:
Assigned multicast
Solicited-node multicast
Assigned multicast addresses are used in context with specific protocols.
Two common IPv6 assigned multicast groups include the following:
FF02::1 All-nodes multicast group: This is a multicast group that all IPv6-enabled devices join. As with a broadcast in IPv4, all IPv6 interfaces on the link process packets sent to this address. For example, a router sending an ICMPv6 Router Advertisement (RA) uses the all-nodes FF02::1 address. IPv6-enabled devices can then use the RA information to learn the link’s address information, such as prefix, prefix length, and default gateway.
FF02::2 All-routers multicast group: This is a multicast group that all IPv6 routers join. A router becomes a member of this group when it is enabled as an IPv6 router with the ipv6 unicast-routing global configuration command. A packet sent to this group is received and processed by all IPv6 routers on the link or network. For example, IPv6-enabled devices send ICMPv6 Router Solicitation (RS) messages to the all-routers multicast address requesting an RA message.
In addition to every unicast address assigned to an interface, a device has a special multicast address known as a solicited-node multicast address (refer to Figure 27-2). These multicast addresses are automatically created using a special mapping of the device’s unicast address with the solicited-node multicast prefix FF02:0:0:0:0:1:FF00::/104.
As Figure 27-10 shows, solicited-node multicast addresses are used for two essential IPv6 mechanisms, both part of Neighbor Discovery Protocol (NDP):
Address resolution: In this mechanism, which is equivalent to ARP in IPv4, an IPv6 device sends an NS message to a solicited-node multicast address to learn the link layer address of a device on the same link. The device recognizes the IPv6 address of the destination on that link but needs to know its data link address.
Duplicate address detection (DAD): As mentioned earlier, DAD allows a device to verify that its unicast address is unique on the link. An NS message is sent to the device’s own solicited-node multicast address to determine whether anyone else has this same address.
As Figure 27-11 shows, the solicited-node multicast address consists of two parts:
FF02:0:0:0:0:FF00::/104 multicast prefix: This is the first 104 bits of the all solicited-node multicast address.
Least significant 24 bits: These bits are copied from the far-right 24 bits of the global unicast or link-local unicast address of the device.
The last major classification of IPv6 address types in Figure 27-2 is the anycast address. An anycast address can be assigned to more than one device or interface. A packet sent to an anycast address is routed to the “nearest” device that is configured with the anycast address, as Figure 27-12 shows.
An IPv6 address can look rather intimidating to someone who is used to IPv4 addressing. However, an IPv6 address can be easier to read and is much simpler to subnet than IPv4.
IPv6 conventions use 32 hexadecimal numbers, organized into eight hextets of four hex digits separated by colons, to represent a 128-bit IPv6 address. For example:
2340:1111:AAAA:0001:1234:5678:9ABC
To make things a little easier, two rules allow you to shorten what must be configured for an IPv6 address:
Rule 1: Omit the leading 0s in any given hextet.
Rule 2: Omit the all-0s hextets. Represent one or more consecutive hextets of all hex 0s with a double colon (::), but only for one such occurrence in a given address.
For example, in the following address, the highlighted hex digits represent the portion of the address that can be abbreviated:
FE00:0000:0000:0001:0000:0000:0000:0056
This address has two locations in which one or more hextets have four hex 0s, so two main options work for abbreviating this address with the :: abbreviation in one of the locations. The following two options show the two briefest valid abbreviations:
FE00::1:0:0:0:56
FE00:0:0:1::56
In the first example, the second and third hextets preceding 0001 were replaced with ::. In the second example, the fifth, sixth, and seventh hextets were replaced with ::. In particular, note that the :: abbreviation, meaning “one or more hextets of all 0s,” cannot be used twice because that would be ambiguous. Therefore, the abbreviation FE00::1::56 would not be valid.
An IPv6 prefix represents a range or block of consecutive IPv6 addresses. The number that represents the range of addresses, called a prefix, is usually seen in IP routing tables, just as you see IP subnet numbers in IPv4 routing tables.
As with IPv4, when writing or typing a prefix in IPv6, the bits past the end of the prefix length are all binary 0s. The following IPv6 address is an example of an address assigned to a host:
2000:1234:5678:9ABC:1234:5678:9ABC:1111/64
The prefix in which this address resides is as follows:
2000:1234:5678:9ABC:0000:0000:0000:0000/64
When abbreviated, this is:
2000:1234:5678:9ABC::/64
If the prefix length does not fall on a hextet boundary (that is, is not a multiple of 16), the prefix value should list all the values in the last hextet. For example, assume that the prefix length in the previous example is /56. By convention, the rest of the fourth hextet is written, after being set to binary 0s, as follows:
2000:1234:5678:9A00::/56
The following list summarizes some key points about how to write IPv6 prefixes:
The prefix has the same value as the IP addresses in the group for the first number of bits, as defined by the prefix length.
Any bits after the prefix length number of bits are binary 0s.
The prefix can be abbreviated with the same rules as for IPv6 addresses.
If the prefix length is not on a hextet boundary, write down the value for the entire hextet.
Table 27-4 shows several sample prefixes, their formats, and a brief explanation.
Table 27-4 Example IPv6 Prefixes and Their Meanings
Prefix |
Explanation |
Incorrect Alternative |
2000::/3 |
All addresses whose first 3 bits are equal to the first 3 bits of hex number 2000 (bits are 001) |
2000/3 (omits ::) 2::/3 (omits the rest of the first hextet) |
2340:1140::/26 |
All addresses whose first 26 bits match the listed hex number |
2340:114::/26 (omits the last digit in the second hextet) |
2340:1111::/32 |
All addresses whose first 32 bits match the listed hex number |
2340:1111/32 (omits ::) |
In many ways, subnetting IPv6 addresses is much simpler than subnetting IPv4 addresses. A typical site is assigned an IPv6 address space with a /48 prefix length. Because the least significant bits are used for the interface ID, that leaves 16 bits for the subnet ID and a /64 subnet prefix length, as Figure 27-13 shows.
For our subnetting examples, we use 2001:0DB8:000A::/48, or simply 2001:DB8:A::/48, which includes subnets 2001:DB8:A::/64 through 2001:DB8:A:FFFF::/64. That’s 216, or 65,536 subnets, each with 264, or 18 quintillion, interface addresses.
To subnet in a small to medium-size business, simply increment the least significant bits of the subnet ID (as in Example 27-1) and assign /64 subnets to your networks.
2001:DB8:A:0001::/64 2001:DB8:A:0002::/64 2001:DB8:A:0003::/64 2001:DB8:A:0004::/64 2001:DB8:A:0005::/64
Of course, if you are administering a larger implementation, you can use the four hexadecimal digits of the subnet ID to design a quick and simple four-level hierarchy. Most large enterprise networks have plenty of room to design a logical address scheme that aggregates addresses for an optimal routing configuration. In addition, applying for and receiving another /48 address is not difficult.
If you extend your subnetting into the interface ID portion of the address, it is a best practice to subnet on the nibble boundary. A nibble is 4 bits, or one hexadecimal digit. For example, let’s borrow the first 4 bits from the interface ID portion of the network address 2001:DB8:A:1::/64. That means the network 2001:DB8:A:1::/64 would now have 24, or 16, subnets from 2001:DB8:A:1:0000::/68 to 2001:DB8:A:1:F000::/68. Listing the subnets is easy, as Example 27-2 shows.
2001:DB8:A:1:0000::/68 2001:DB8:A:1:1000::/68 2001:DB8:A:1:2000::/68 2001:DB8:A:1:3000::/68 thru 2001:DB8:A:1:F000::/68
Day 18 reviews static IPv6 addressing, including how to configure a router to use EUI-64 addressing (EUI stands for Extended Unique Identifier). Today we are reviewing the concept behind the EUI-64 configuration.
Recall from Figure 27-13 that the second half of the IPv6 address is called the interface ID. The value of the interface ID portion of a global unicast address can be set to any value, as long as no other host in the same subnet attempts to use the same value. However, the size of the interface ID was chosen to allow easy autoconfiguration of IP addresses by plugging the MAC address of a network card into the interface ID field in an IPv6 address.
MAC addresses are 6 bytes (48 bits) in length. To complete the 64-bit interface ID, IPv6 fills in 2 more bytes by separating the MAC address into two 3-byte halves. It then inserts hex FFFE between the halves and sets the seventh bit in the first byte to binary 1 to form the interface ID field. Figure 27-14 shows this format, called the EUI-64 format.
For example, the following two lines list a host’s MAC address and corresponding EUI-64 format interface ID, assuming the use of an address configuration option that uses the EUI-64 format:
MAC address: 0034:5678:9ABC
EUI-64 interface ID: 0234:56FF:FE78:9ABC
IPv6 supports two methods of dynamic configuration of IPv6 addresses:
Stateless address autoconfiguration (SLAAC): A host dynamically learns the /64 prefix through the IPv6 Neighbor Discovery Protocol (NDP) and then calculates the rest of its address by using the EUI-64 method.
DHCPv6: This works the same conceptually as DHCP in IPv4. We review DHCPv6 on Day 23, “DHCP and DNS.”
By using the EUI-64 process and Neighbor Discovery Protocol (NDP), SLAAC allows a device to determine its entire global unicast address without any manual configuration and without a DHCPv6 server. Figure 27-15 illustrates the SLAAC process between a host and a router configured with the ipv6 unicast-routing command, which means it will send and receive NDP messages.
Two major transition strategies are currently used to migrate to IPv6:
Dual-stacking: In this integration method, a node has implementation and connectivity to both an IPv4 network and an IPv6 network. This is the recommended option and involves running IPv4 and IPv6 at the same time.
Tunneling: Tunneling is a method for transporting IPv6 packets over IPv4-only networks by encapsulating the IPv6 packet inside IPv4. Several tunneling techniques are available.
Because of the simplicity of running dual-stacking, it will most likely be the preferred strategy as IPv4-only networks begin to disappear. But it will probably still be decades before we see enterprise networks running exclusively IPv6. Figure 27-16 illustrates one way Wendell Odom thinks about the transition to IPv6: “But who knows how long it will take?”
Remember this advice: “Dual-stack where you can; tunnel where you must.” These two methods are the most common techniques to transition from IPv4 to IPv6. Dual-stacking is easy enough: Just configure all your devices to use both IPv4 and IPv6 addressing. Tunneling is more complex and beyond the scope of the CCNA exam topics.
For today’s exam topics, refer to the following resources for more study.
Resource |
Module or Chapter |
Cisco Network Academy: CCNA 1 |
4 |
|
6 |
|
7 |
CCNA 200-301 Official Cert Guide, Volume 1 |
5 |
|
8 |
Portable Command Guide |
5 |
3.142.114.245