Omnisecu http://www.omnisecu.com/tcpip/ipv6/index.

php
Omnisecu - Limitations of IPv4
The Internet Protocol Version 4 (IPv4) is defined by IETF RFC 791. RFC 791 was published
in 1981. Initial design of IPv4 did not anticipate the growth of internet and this created
many issues, which proved IPv4 need to be changed. The main limitations of IPv4 are
listed below.
Scarcity of IPv4 Addresses: The IPv4 addressing system uses 32-bit address space.
This 32-bit address space is further classified to usable A, B, and C classes. 32-bit
address space allows for 4,294,967,296 IPv4 addresses, but the previous and current
IPv4 address allocation practices limit the number of available public IPv4 addresses.
Many addresses which are allocated to many companies were not used and this created
scarcity of IPv4 addresses.
Because scarcity of IPv4 addresses, many organizations implemented NAT (Network
Address Translation) to map multiple private IPv4 addresses to a single public IPv4
address. By using NAT (Network Address Translation) we can map many internal private
IPV4 addresses to a public IPv4 address, which helped in conserving IPv4 addresses. But
NAT (Network Address Translation) also have many limitations. NAT (Network Address
Translation) do not support network layer security standards and it do not support the
mapping of all upper layer protocols. NAT can also create network problems when two
organizations which use same private IPv4 address ranges communicate. More servers,
workstations and devices which are connected to the internet also demand the need for
more addresses and the current statistics prove that public IPv4 address space will be
depleted soon. The scarcity of IPv4 address is a major limitation of IPv4 addressing
system.
Security Related Issues: As we discussed before, RFC 791 (IPv4) was published in
1981 and the current network security threats were not anticipated that time.
Internet Protocol Security (IPSec) is a protocol suit which enables network security by
protecting the data being sent from being viewed or modified. Internet Protocol Security
(IPSec) provides security for IPv4 packets, but Internet Protocol Security (IPSec) is not
built-in and optional. Many IPSec implementations are proprietary.
Address configuration related issues: Networks and also internet is expanding and
many new computers and devices are using IP. The configuration of IP addresses (static
or dynamic) should be simple.
Quality of service (QoS): Quality of Service (QoS) is available in IPv4 and it relies on
the 8 bits of the IPv4 Type of Service (TOS) field and the identification of the payload.
IPv4 Type of Service (TOS) field has limited functionality and payload identification (uses
a TCP or UDP port) is not possible when the IPv4 datagram packet payload is encrypted.
Ominsecu - IPv6 History and related RFCs
The IPv4 was first developed in the 1970s, and the RFC 791 (IPv4) functionality was
published in 1981. Because of the rapid expansion of the internet, IPv4 address space
has been getting consumed over the years after 1990's.

Internet Engineering Task Force (IETF) started working on a new protocol from 1994,
which is going to replace IPv4.
Following are the major RFCs related with IPv6, which will replace IPv4 in near future.
The Recommendation for the IP Next Generation Protocol (RFC 1752), was published in
1995.
IPv6 Address Allocation Management (RFC 1881) was published in 1995.
A Compact Representation of IPv6 Addresses (RFC 1924) was published in 1996
RIPng for IPv6 (RFC 2080) was published in January 1997.
Internet Protocol, Version 6 (IPv6) Specification (RFC 2460) was published in December
1998.
Basic Socket Interface Extensions for IPv6 (RFC 2553) was published in March 1999.
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) (RFC 3315) was published in
July 2003.
IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 (RFC
3633) was published in 2003. RFC 3633 was later updated with RFC 6603 in 2012.
Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6 (RFC 3736) was
published in April 2004.
Deprecating Site Local Addresses (RFC 3879) was published in September 2004
Mobility Support in IPv6 (RFC 3775) was published in June 2004.
IPv6 Flow Label Specification (RFC 3697) was published in March 2004.
Unique Local IPv6 Unicast Addresses (RFC 4193) was published in October 2005
IP Version 6 Addressing Architecture (RFC 4291) was published in February 2006.
IPv6 Node Requirements (RFC 4294) was published in April 2006.
Multiprotocol Extensions for BGP-4 (RFC 4760) was published in January 2007.
Neighbor Discovery for IP version 6 (RFC 4861) was published in September 2007
Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (RFC 4941) was
published in September 2007.
OSPF for IPv6 (RFC 5340) was published in July 2008.

Ominsecu - IPv6 Features

The features of IPv6 are listed below.

New Packet Format and Header:

IPv6 specifies a new packet format.

The new IPv6 packet format helps to minimize packet header
processing by routers. This is achieved by moving both
nonessential and optional fields to extension headers that are
placed after the IPv6 header. Since IPv4 packets and IPv6 packets
are significantly different, the two protocols are not interoperable.
Large Address Space: IPv4 has 32 bit (4-byte) address space, but IPv6 has 128-bit
(16-byte) address space. The very large IPv6 address space supports a total of 2 128
(3.41038) addresses. This large address space allow a better, systematic, hierarchical
allocation of addresses and efficient route aggregation. With the large number of
available addresses we can eliminate address-conservation techniques like NAT (Network
Address Translation).
Stateful and Stateless IPv6 address configuration: In IPv6 stateful or stateless
configuration is possible. Hosts on a link can automatically configure with IPv6 addresses
called link-local addresses and with addresses derived from prefixes advertised by local
routers. When first connected to a network, a host sends a link-local router solicitation
multicast request for its configuration parameters. The router which is available in the
link responds to the request from the host with a router advertisement packet that
contains network-layer configuration parameters. Hosts can configure link-local
addresses automatically and communicate each other without manual configuration
even there is no router available. The hosts may also have stateful configuration with the
Dynamic Host Configuration Protocol version 6 (DHCPv6) or static configurations, as IPv4.
router solicitation multicast request === ICMP ???

Multicast: The three types of communication available in in IPv4 are unicast,

multicast and broadcast. Unicast is one-to-one communication; multicast is one-to-many

communication and broadcast is one-to-all communication. The transmission of a packet

to all hosts was performed by using special broadcast addresses in IPv4. Broadcast
communication is not available in IPv6 and therefore does not define broadcast
addresses. In IPv6, the effect of broadcast can be achieved by sending a packet to the
link-local all nodes multicast group at address ff02::1.

PENDING
Integrated Internet Protocol Security (IPSec): Internet Protocol Security (IPSec) is
a set of Internet standards that uses cryptographic security services to provide
Confidentiality, Authentication, Data integrity. The support for Internet Protocol
Security (IPSec) was optional in IPv4. Internet Protocol Security (IPSec) is an
integral part of the base protocol suite in IPv6. Internet Protocol Security
(IPSec) support is mandatory in IPv6.
Neighbor Discovery Protocol: The Neighbor Discovery Protocol (NDP) is a protocol
available IPv6. The Neighbor Discovery protocol (NDP) is based on Internet Control
Message Protocol Version 6 (ICMPv6) messages that manage the interaction nodes on
the same link. There is no Address Resolution Protocol (ARP) for IPv6 and the role of the
Address Resolution Protocol (ARP) is replaced by Neighbor Discovery Protocol (NDP).
Extensibility: The features of IPv6 can be extended by adding extension headers
after IPv6 header. The size IPv6 extension headers is constrained only by the size of the
IPv6 datagram packet, unlike 40 bytes of options of IPv4.
Jumbograms: Jumbograms is an optional feature of IPv6. Jumbograms allow packets
with payloads 2^32 - 1 (4,294,967,295) bytes by making use of a 32-bit length field.

Omnisecu - Differences Between IPv4 and IPv6

The following table lists the important differences between IPv4 and IPv6.
IPv4
IPv4 addresses are 32 bit length.
IPv4 addresses are binary numbers
represented in decimals.
IPSec support is only optional.
Fragmentation is done by sender and
forwarding routers.

IPv6
IPv6 addresses are 128 bit length.
IPv6 addresses are binary numbers
represented in hexadecimals.
Inbuilt IPSec support.
Fragmentation is done only by sender.

PENDING
No packet flow identification.

Packet flow identification is available within

the IPv6 header using the Flow Label field.

PENDING
Checksum field is available in IPv4
header
Options fields are available in IPv4
header.

No checksum field in IPv6 header.

No option fields, but IPv6 Extension headers
are available.

Address Resolution Protocol (ARP) is

available to map IPv4 addresses to
MAC addresses.

Address Resolution Protocol (ARP) is replaced

with a function of Neighbor Discovery Protocol
(NDP).

Internet Group Management Protocol

(IGMP) is used to manage multicast
group membership.
Broadcast messages are available.

IGMP is replaced with Multicast Listener

Discovery (MLD) messages.
Broadcast messages are not available. Instead
a link-local scope "All nodes" multicast IPv6
address (FF02::1) is used for broadcast similar
functionality.

PENDING
Manual configuration (Static) of IPv4
addresses or DHCP (Dynamic
configuration) is required to configure
IPv4 addresses.

Auto-configuration of addresses is available.

Omnisecu - Unicast, Multicast and Anycast - Types of communication in IPv6

If you remember the lessons learned in IPv4 lessons, the types of network
communication in IPv4 are Unicast, Multicast and Broadcast. There is no broadcast in
IPv6. The types of network communication in IPv6 are Unicast, Multicast and Anycast.
Read the below contents to know more about Unicast, Multicast and Anycast.
What is Unicast?
Unicast is a type of communication where data is sent from one computer to another
computer. Unicast is a one-to-one type of network communication. Different data
streams are generated for each Unicast connection. This type of communication is the
option when clients need different data from network server.
In Unicast type of communication, there is only one sender, and only one receiver.
Example for IPv6 Unicast type of network communication:
1) Browsing a website. (Webserver is the sender and your computer is the receiver.)
2) Downloading a file from a FTP Server. (FTP Server is the sender and your computer is
the receiver.)

As you can see from the above picture, different data streams are created for different
clients in IPv6 Unicast type of communication.
What is Multicast?
Multicast is a type of communication where multicast traffic addressed for a group of
devices on the network. IPv6 multicast traffic are sent to a group and only members of
that group receive the Multicast traffic.
Devices which are interested in a particular Multicast traffic must join to that Multicast
group to receive the traffic. IPv6 Multicast Groups are identified by IPv6 Multicast
Addresses.
In Multicast, the sender transmit only one copy of data and it is delivered to many
devices (Not all devices as in IPv4 Broadcast) who are interested in that traffic.

As you can see from the above picture, when multiple clients require same data at the
same instance (for example, online TV) we can use multicast instead of unicast. The
multicast server generate only one stream of data and that stream is replicated to
different devices, who are interested in that data traffic.
Multicast type of network communication can save precious network bandwidth and also
network device processor utilization. Refer the below link to know more about IPv6
multicast addresses.
What is Anycast?
Anycast is a type of IPv6 network communication in which IPv6 datagrams from a source
are routed to the nearest device (in terms of routing distance) from a group servers
which provide the same service. Every nodes which provide the same service are
configured with same Anycast destination address.

IPv6 Anycast Network Communication

Refer the above image. Here we have three servers providing the same network service,
but located at different routing distances from the source network. With the help of
routing protocols, IPv6 Anycast network communication can identify the near node from
a group of server nodes, which provides the same service and avail the service from the
near server.
Omnisecu - IPv6 Datagram Header Format
Before learning IPv6 datagram header and fields, I recommend you to learn IPv4
datagram header the different fields in IPv4 datagram header also.

PENDING
IPv6 Datagram Packet Structure
IPv6 has a much simpler packet header compared with IPv4, by including only the
information needed for forwarding the IP datagram. IPv6 has a fixed length header of
size 40 bytes. Fixed length IPv6 header allows the routers to process the IPv6 datagram

packets more efficiently. The following figure shows the structure of IPv6 datagram
packet.

We may divide IPv6 datagram packet header as three parts.

IPv6 datagram packet header

Extension Header

Upper Layer Protocol Data.

IPv6 datagram packet has also extension headers of varying lengths. If extension
headers are present in IPv6 datagram packet, a Next Header field in the IPv6 header
points the first extension header. Each extension header contains another Next Header
field, pointing the next extension header. The last IPv6 datagram packet extension
header points the upper layer protocol header (Transmission Control Protocol (TCP), User
Datagram Protocol (UDP) , or Internet Control Message Protocol (ICMPv6)). There is

no "options" in IPv6 datagram packet header, which was present in

IPv4 header.

IPv6 Datagram Packet Header and Fields

Version: The size of the Version field is 4 bits. The Version field shows the version of
IP and is set to 6.
Traffic Class: The size of Traffic Class field is 8 bits. Traffic Class field is similar to the
IPv4 Type of Service (ToS) field. The Traffic Class field indicates the IPv6 packets class or
priority.
Flow Label: The size of Flow Label field is 20 bits. The Flow Label field provide
additional support for real-time datagram delivery and quality of service features. The
purpose of Flow Label field is to indicate that this packet belongs to a specific sequence
of packets between a source and destination and can be used to prioritized delivery of
packets for services like voice.
Payload Length: The size of the Payload Length field is 16 bits. The Payload Length
field shows the length of the IPv6 payload, including the extension headers and the
upper layer protocol data
Next Header: The size of the Next Header field is 8 bits. The Next Header field shows
either the type of the first extension (if any extension header is available) or the protocol
in the upper layer such as TCP, UDP, or ICMPv6.
Hop Limit: The size of the Hop Limit field is 8 bits The Hop Limit field shows the
maximum number of routers the IPv6 packet can travel. This Hop Limit field is similar to
IPv4 Time to Live (TTL) field.
This field is typically used by distance vector routing protocols, like Routing Information
Protocol (RIP) to prevent layer 3 loops (routing loops).

 Source Address: The size of the Source Address field is 128 bits. The Source Address
field shows the IPv6 address of the source of the packet.
Destination Address: The size of the Destination Address field is 128 bits. The Destination
Address field shows the IPv6 address of the destination of the packet.

Omnisecu - Comparison between IPv4 Header and IPv6 Header

There are many differences between IPv4 header and IPv6 header. Following images are
IPv4 header and IPv6 header respectively.

IPv6 Datagram Header

Following are the main differences and comparison between IPv4 header and IPv6
header.
IPv6 header is much simpler than IPv4 header.
The size of IPv6 header is much bigger than that of IPv4 header, because of IPv6
address size. IPv4 addresses are 32bit binary numbers and IPv6 addresses are 128 bit
binary numbers.
In IPv4 header, the source and destination IPv4 addresses are 32 bit binary numbers. In
IPv6 header, source and destination IPv6 addresses are 128 bit binary numbers.
IPv4 header includes space for IPv4 options. In IPv6 header, we have a similar feature
known as extension header. IPv4 datagram headers are normally 20-byte in length. But
we can include IPv4 option values also along with an IPv4 header. In IPv6 header we do
not have options, but have extension headers.
The fields in the IPv4 header such as IHL (Internet Header Length), identification, flags
are not present in IPv6 header.
Time-to-Live (TTL), a field in IPv4 header, typically used for preventing routing loops, is
renamed to it's exact meaning, "Hop Limit".

Omnisecu Introduction to IPv6 Addressing

The depleting IPv4 addresses is one of the main reasons for a new IP version, IPv6. The
size of an address in IPv4 address is 32-bit (4-bytes). This is increased much larger and
the size of an address in IPv6 is 128 bits, which is four times longer than the 32-bit IPv4
address. The number of possible addresses in IPv4 is 2^32 (4,294,967,296) but in IPv6 it
is 2^128 (3.4x10^38) addresses. Such a large amount of available IPv6 addresses
ensure that we will never again run out of IPv6 addresses and it also allows multiple
levels of hierarchy and flexibility in designing hierarchical unicast addressing and
routing.
IPv4 addresses are 32-bit binary addresses, divided into 4-Octets (Bytes). This 32-bit
large number is difficult to represent in binary format and therefore IPv4 addresses are
represented in decimals, separated by a dot. An example of IPv4 address is
192.168.100.10. However, IPv6 addresses are so much larger than IPv4 addresses and
even representing them in decimals is difficult. Hence the IPv6 addresses are
represented in hexadecimal numbers, separated by a colon. An example of IPv6 address
is 2001:0DB8:0000:0002:0022:2217:FF3B:118C.
Omnisecu - What is prefix and prefix length in IPv6, Similarity between IPv4
subnet mask and IPv6 prefix
We already learned from our IPv4 lessons that an IP addresses (IPv4 or IPv6) consists of
two parts; a NETWORK part and HOST part. NETWORK part is used to identify the
network and the HOST part is used to identify a host (a server, a workstation, a printer
etc) within the network. In IPv4, we use subnet masks to differentiate the network part
and host part in an IPv4 address.
For example, consider the below IPv4 address:
172.16.133.18 - IPv4 address
255.255.0.0 - Subnet mask
Here 172.16 - denotes the network part and 133.18 denotes the host part.
What is IPv6 Network Prefix
IPv6 has a similar mechanism as described above, called IPv6 network prefixes. The
leftmost fields of the IPv6 address along with the network bits length represented in CIDR
format is known as the network prefix. The prefixes in IPv6 can be considered similar to
the subnet mask used in IPv4 addresses. In IPv6, we use a notation similar to CIDR mask
(using an integer between 1-128 to represent the network bits) representation in IPv4.
For example, in IPv6 address 2001:0DB8:0000:000b:0000:0000:0000:001A/64,
2001:0DB8:0000:000b::/64 represents the network prefix and the possible IPv6
addresses ranges from 2001:0DB8:0000:000b:0000:0000:0000:0001/64 to
2001:0DB8:0000:000b:ffff:ffff:ffff:ffff/64.
You can see that the above IPv6 network prefix representation is similar to IPv4 network
address and subnet mask representation. 172.16.0.0/16 represents all IPv4 addresses
from 172.16.0.0 to 172.16.255.255.
Note that the network prefix shown above, 2001:0DB8:0000:000b::/64, includes the 48
bit IPv6 global routing prefix 2001:0DB8:0000::/48 and the next 16 bits "000b" are used
for internal subnetting within an organization.

What is IPv6 Prefix Length

IPv6 Prefix Length is used to identify how many bits of a Global Unicast IPv6 Address are
there in network part. For example, in 2001:0DB8:0000:000b::/64, the number 64 is used
to identify that the first 64 bits are in network part.
Omnisecu - IPv6 Address formats
The IPv6 address size is 128 bits. IPv6 addresses are represented in hexadecimals. The
128-bit address is divided in to 16-bits, and each 16-bit block is converted to a 4-digit
hexadecimal number and separated by colons. This type of representation is called colon
hexadecimal. The format of IPv6 address is xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
where each x is a hexadecimal digit representing 4 bits or a nibble. IPv6 addresses range
from 0000:0000:0000:0000:0000:0000:0000:0000 to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff.
An IPv6 address can be simplified by the following two methods.
Omit leading zeros: Omit the leading zeros in any 16-bits. For example, IPv6 address
2001:0DB8:0000:0000:0022:F376:FF3B:AC99 may be written as
2001:DB8:0:0:22:F376:FF3B:AC99.
Double colon: Use double colons (::) in place of a series of zeros. For example, The
above address can be further simplified as 2001:DB8::22:F376:FF3B:AC99.
Omnisecu - How to Simplify Shorten and Compress IPv6 Addresses
IPv6 addresses are 128 bit binary numbers (represented in hexadecimal format), which
are so lengthy and difficult handle in our day-to-day life. Consider a situation where you
need to ping to an IPv6 address 2001:0db8:0000:000b:0000:0000:0000:001A to check
the network connectivity. Think about the pain in typing all those IPv6 address
hexadecimal characters in any shell prompt.
Somehow we need to shorten and simplify IPv6 addresses to use it with more ease in our
day-to-day life. IPv6 addresses often contain consecutive zeros.
We can further simplify shorten and compress IPv6 Addresses using following methods.
Consider the IPv6 Address 2001:0db8:0000:000b:0000:0000:0000:001A as an example.
Omit leading zeros: For simplifying and shortening lengthy IPv6 Address, we can
omit the leading zeros in any 16-bit IPv6 Address blocks.
For example, in IPv6 address 2001:0db8:0000:000b:0000:0000:0000:001A the leading
zeros are marked as 2001:0db8:0000:000b:0000:0000:0000:001A.
After removing the leading zeros, the IPv6 Address quoted above can be written as
2001:db8:0:b:0:0:0:1A
Compress consecutive hexadecimal fields of zeros using Double colon: IPv6
addresses can be further simplified by using double colons (::) in place of a series of
consecutive hexadecimal zeros.
For above example 2001:db8:0:b:0:0:0:1A, we have a series of three consecutive fields
of hexadecimal zeros as marked 2001:db8:0:b:0:0:0:1A.
We can further simplify and shorten the above IPv6 Address as 2001:db8:0:b::1A.

Note that compressing and shortening a series of consecutive fields of hexadecimal

zeros in an IPv6 Address is possible ONLY once. If you compress a series of consecutive
fields of hexadecimal zeros twice in an IPv6 Address, it will be impossible to identify how
many zeros are compressed in each double colon (::).
Omnisecu - Types of IPv6 Addresses, Global Unicast, Link-local, Multicast,
Anycast, Loopback addresses
IPv6 has several types of addresses, some of which are explained below.
Global Unicast IPv6 addresses: Used to identify a single interface. These are
standard globally unique unicast addresses (public IPv4 addresses) as in IPv4, one per
host interface. Global Unicast IPv6 addresses are internet routable IPv6 addresses.
Link Local IPv6 addresses: Link Local IPv6 addresses allow communications
between devices on a local link. Link Local IPv6 addresses are not routable. They are
used on a subnet. Normal Link Local IPv6 address prefix is fe80::/10.
Multicast: A multicast address identifies zero or more interfaces on the same or
different hosts. A multicast transmission sends packets to all interfaces that are part of a
multicast group. The group is represented by the IPv6 destination address of the packet.
IPv6 multicast addresses start with FF. Following are the important IPv6 multicast
addresses.
ff02::1 - All nodes on the local network segment
ff02::2 - All routers on the local network segment
Anycast: An anycast address identifies multiple interfaces. An anycast transmission
sends packets to only one of the interfaces associated with the address, not to all of the
interfaces. This interface is typically the closest interface, as defined by the routing
protocol.
Loopback: Used by a node to send an IPv6 packet to itself. An IPv6 loopback address
functions the same as an IPv4 loopback address. The IPv6 loopback address is
0000:0000:0000:0000:0000:0000:0000:0001/128, which can be also represented as::1.
Omnisecu - Global Unicast IPv6 Addresses, Global Unicast IPv6 Address prefix,
format and range
An IPv6 unicast address is used to identify a single interface in a node. An
IPv6 Unicast address identifies only one node in networks and unicast addresses are
used for one to one communication. IPv6 Aggregate Global Unicast Addresses are similar
to IPv4 public addresses. Aggregate Global Unicast Addresses are globally routable
addresses on IPv6 Internet. RFC 3587 defines the usable range of IPv6 global unicast
addresses. RFC 3587 states that out of the 128 bits in IPv6 addresses, left most three
bits are must be fixed as 001. Remaining 45 bits are reserved for global routing
prefix. 16 bits after that can be used for subnetting and the 64 remaning bits are the
host bits.
The first fixed three bits (001) and the 45 bit global routing prefix (45+3 = 48 bits)
together can be assigned to an organization as their IPv6 prefix. Since the leftmost

three bits are reserved as "001" for Global unicast IPv6 addresses, the range of Global
Unicast Addresses available now are from 2000 to 3FFF, as shown below.

Values for left

most part
Global Unicast
Addresses
Minimum possible
Maximum possible

In Binaries

001000000000
0000
001111111111
1111

In
Hexadecim
als
2000
3FFF

Global Unicast Addresses prefixes: The prefix is the part of the IPv6 address that
indicates the network. Prefixes for IPv6 routes and subnet identifiers are similar to
Classless Inter-Domain Routing (CIDR) notation for IPv4. For the IPv4 network 172.16.0.0
255.255.0.0, we can consider 172.16/16 as the prefix.
Consider an IPv6 example. 21DA:D3::/48 (the first three fixed bits 001 and remaining 45
bits, 45+3 = 48 bits) is a route prefix and 21DA:D3:0:2F3B::/64 is a subnet prefix. Here
the fourth part of the IPv6 address "2F3B" is the subnet part.
Which means that, currently first 48 bits of an IPv6 address are used to identify the
network globally. The next 16 bits are used for subnetting (which makes 48+16=64 bits,
network part) and the remaining 64 bits are used for identifying the hosts (host part),
specifically an Interface of a specific host!
All addresses that are not the unspecified, loopback, link-local, or multicast addresses
are unicast and anycast addresses. Currently IANA has assigned only 2000::/3 addresses
(IPv6 addresses starting from 2000 to 3FFFF)to the global pool. Check the below IANA
link to get more information about IANA IPv6 address allocation.
To explain it in more clear way, 128 bit IPv6 global unicast addresses has two 64-bit
parts. Leftmost 64-bit address defines globally unique prefix. In the leftmost 64 bits, first
48 bits are assigned by ISP to the organization and the remaining 16 bits can be used by
the organization for subnetting. By using 16 bits for subnetting, we will get 65536

subnets (2^16). The remaining 64 bits on the right side of 128 bit IPv6 address is used to
identify the hosts in the subnet.
Omnisecu - Different methods to assign a Global Unicast IPv6 address to an
interface
In IPv6, a network interface must be configured with following important IPv6
configuration settings for internet communication.
A Global Unicast IPv6 Address
IPv6 Address Prefix
IPv6 Address Prefix length
Default Router IPv6 address
DNS Server IPv6 address
In IPv6, we have different methods to assign an IPv6 Global Unicast Address to a network
interface. We can assign Global Unicast IPv6 Address to a network interface using the
following methods.
Configuring IPv6 Global Unicast Address using Stateful DHCPv6
Similar to DHCP in IPv4, IPv6 network interfaces can also be configured with an IPv6
address, Prefix length, IPv6 address of the default gateway, and the DNS IPv6 address
using IPv6 stateful DHCP.
Some important differences between DHCPv4 and DHCPv6 are
1) IPv4 DHCP, DHCP client uses limited broadcast IPv4 address (255.255.255.255) to
discover DHCP Server. DHCPv6 clients uses IPv6 DHCP servers and relay agents IPv6
Multicast Address (ff02::1:2) to discover DHCP Server.
2) IPv4 DHCP provide the default router information the DHCP clients. DHCPv6 does not
provide the default router information. DHCPv6 servers just rely on NDP (Neighbor
Discovery Protocol) messages between DHCPV6 clients and routers.
Note that there are changes in names and formats between DHCPv4 messages and
DHCPv6 messages. But the basic process of leasing an IP address remains the same.
Configuring IPv6 Global Unicast Address using Stateless Autoconfiguration
IPv6 has a new IPv6 address configuration feature called Stateless Auto-configuration.
IPv6 Stateless Autoconfiguration allows a network interface to automatically learn the
IPv6 Network Prefix, IPv6 Prefix Length, default router IPv6 address and DNSv6 server
addresses. There are different processes to obtain all the above mentioned TCP/IPv6
configuration parameters.
IPv6 uses the Router Solicitation and Router Advertisement messages to learn the IPv6
Network Prefix, IPv6 Prefix Length, default router IPv6 address from network routers.
After obtaining the IPv6 Network Prefix, IPv6 Prefix Length, default router IPv6 address
from network routers, IPv6 network interfaces can automatically derive a Global Unicast
IPv6 Address using EUI-64 method. IPv6 can use Stateless DHCPv6 to learn the DNS

[follow this - Geoff's Blog - Blog Archive

- IPv6 and DHCPv6_ Does SLAAC have aFuture.DOCX]
Server IPv6 addresses.

Static IPv6 Global Unicast Address Configuration

Similar to IPv4, you can configure Static IPv6 addresses (Manual IPv6 Global Unicast
Address Configuration) for network interfaces. There are two methods for Static IPv6
Global Unicast Address Configuration.
You can type-in the entire 128-bit IPv6 address for the network interface.
You can configure 64 bit IPv6 Global Unicast Address network prefix and then use EUI64 method to derive the remaining 64 host part bits.
Other TCP/IP network configuration information required (default router, DNS Server IPv6
Address) can be configured by typing-in the details or using Network Discovery Protocol
(NDP). Default router information can be obtained using Router Solicitation and Router
Advertisement messages and DNS Server IPv6 Address can be obtained using Stateless
DHCPv6.
Click the following links to learn how to configure Static Global Unicast IPv6 Address in a Cisco
Router Interface and how to configure EUI-64 based Global Unicast IPv6 Address in a Cisco Router
Interface.

Omnisecu - What are IEEE EUI-64 based Global Unicast IPv6 addresses
When an interface generate an autoconfigured Global Unicast IPv6 Address, there should
be some mechanism to guarantee the uniqueness of autoconfigured Global Unicast IPv6
Addresses.
IPv6 has a method (as defined in RFC 4291) to generate a 64 bit interface part (host
part) of the Global Unicast IPv6 Address from the interface MAC address. MAC Addresses
are considered as Globally Unique addresses and therefore the IPv6 address derived from
MAC address also should be Globally Unique. The EUI-64 method of generating an Global
Unicast IPv6 Address involves selecting the 6 byte (48 bit) interface MAC address and
then generating a Global Unicast IPv6 Address by expanding it into a 64 bit interface part
(host part).
EUI Extended Unique Identifier [Wiki Organizationally Unique Identifier]
To make a Global Unicast IPv6 Address unique, IPv6 insert 2 bytes (16 bits) into the
middle of the MAC address. The 48 bit MAC address is divided into two 3 byte parts, a
binary number 1111111111111110 (0xFFFE in hexadecimals) is inserted in between
them to make complete 64 bits.
Also the 7th bit (from left) in the MAC address is flipped. Which means, if the 7th bit in
the MAC address (from left) is 1, change it to 0 or if the 7th bit (from left) in the MAC
address is 0, change it to 1.
The 7th bit (from left) in the MAC address is called as Universal/Local (U/L) bit.
Universal/Local (U/L) bit is used to indicate whether the address is universally assigned
or locally assigned. The Universal/Local (U/L) bit set to 0 means that it is IEEE assigned

MAC address. The Universal/Local (U/L) bit set to 1, means that the MAC address is
locally assigned.
7th Bit dejavu - Todd Lamlle CCNA sixth edition 1st or 2nd Chapter
The reason behind flipping the Universal/Local (U/L) bit is for better compressibility of
IPv6 addresses.
Refer the screen shot given below.

As marked, the MAC address of the interface is 00:AB:29:8C:3E:00 and the

autoconfigured EUI-64 Global Unicast IPv6 Address is
2001:db8:aaaa:1:2ab:29ff:fe8c:3e00/64.
The following table explains how EUI-64 Global Unicast IPv6 Address
2001:db8:aaaa:1:2ab:29ff:fe8c:3e00/64 is generated automatically from the MAC
address 00:AB:29:8C:3E:00.
MAC Address
MAC Address
with
0xFF:FE added in
middle to make it
64 bits
64 bit Host part
64 bit Host part
(in binaries)
64 bit Host part
in binaries and

00:AB:29:8C:3E:00
00:AB:29:FF:FE:8C:3E:00

00AB:29FF:FE8C:3E00
0000000010101011:0010100111111111:1111111010001100:00
11111000000000
0000001010101011:0010100111111111:1111111010001100:00
11111000000000

7th bit flipped

0000 0010
0
2
2AB:29FF:FE8C:3E00

64 bit Host part

(in hexadecimals
and 7th bit
flipped)
Global Unicast
2001:db8:aaaa:1:2ab:29ff:fe8c:3e00/64
IPv6 address
with network
prefix
2001:db8:aaaa:1:
:/64 added
As shown in the above table, the EUI-64 Global Unicast IPv6 address
2001:db8:aaaa:1:2ab:29ff:fe8c:3e00/64 for the Ethernet interface eth0, is derived from
the MAC address of that interface.
Well, everything looks good. But, what about an interface which does not has a MAC
address? You may aware that a Serial Interface in a Cisco router does not has a MAC
address. RFC 4291 states that if there is no MAC address available for a network
interface, borrow a MAC address from another interface which has a MAC address. Good
idea!!!
Omnisecu - How to configure Static Global Unicast IPv6 Address in a Cisco
Router Interface
Global Unicast IPv6 Addresses are globally routable addresses on IPv6 Internet. Currently
left most three bits of Global Unicast IPv6 Addresses are fixed as 001. Therefore the
range of Global Unicast Addresses available now are from 2000 to 3FFF. Please visit
Global Unicast IPv6 Addresses for more details. We can assign a Global Unicast IPv6
Addresses to an interface using different ways. Please visit the below link to learn more
about different methods to assign a Global Unicast IPv6 address to an interface.
Following Cisco IOS configuration commands can be used to configure a Static Global
Unicast IPv6 Address in a Cisco Router Interface.
OmniSecuR1#configure terminal
OmniSecuR1(config)#interface fastEthernet 0/0
OmniSecuR1(config-if)#ipv6 address 2001:db8:aaaa:1::1/64
OmniSecuR1(config-if)#no shutdown
OmniSecuR1(config-if)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

After configuring the IPv6 address, you can view the interface status using the Cisco IOS
show command "show ipv6 interface brief" as shown below.
OmniSecuR1#show ipv6 interface brief
FastEthernet0/0
[up/up]
FE80::C800:DFF:FE80:8
2001:DB8:AAAA:1::1
FastEthernet0/1
[administratively down/down]
unassigned
Serial1/0
[administratively down/down]
unassigned
Serial1/1
[administratively down/down]

unassigned
Serial1/2
unassigned
Serial1/3

[administratively down/down]
[administratively down/down]

Omnisecu - How to configure EUI-64 based Global Unicast IPv6 Address in a

Cisco Router Interface
Global Unicast IPv6 Addresses are globally routable addresses on IPv6 Internet. Currently
left most three bits of Global Unicast IPv6 Addresses are fixed as 001. Therefore the
range of Global Unicast Addresses available now are from 2000 to 3FFF. Please visit
Global Unicast IPv6 Addresses for more details. We can assign a Global Unicast IPv6
Addresses to an interface using different ways. Please visit the below link to learn more
about different methods to assign a Global Unicast IPv6 address to an interface.
EUI-64 based Global Unicast IPv6 addresses are also a type of auto configured Global
Unicast IPv6 Addresses. As defined in RFC 4291, IPv6 generate a 64 bit interface part
(host part) of the Global Unicast IPv6 Address from the interface MAC address. The EUI64 method of generating an Global Unicast IPv6 Address involves selecting the 6 byte
(48 bit) interface MAC address and the and then generating a Global Unicast IPv6
Address by expanding it into a 64 bit interface part (host part).
Click the following link to learn more about EUI-64 based Global Unicast IPv6 Address and
how EUI-64 Global Unicast IPv6 are generated from interface MAC address.
Following Cisco IOS configuration commands can be used to configure a Static Global
Unicast IPv6 Address in a Cisco Router Interface.
OmniSecuR1#configure terminal
OmniSecuR1(config)#int fastEthernet 0/0
OmniSecuR1(config-if)#ipv6 address 2001:db8:aaaa:1::/64 eui-64
OmniSecuR1(config-if)#no shutdown
OmniSecuR1(config-if)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

After configuring the EUI-64 based Global Unicast IPv6 address, you can view the
interface status using the Cisco IOS show command "show ipv6 interface brief" as shown
below.
OmniSecuR1#show ipv6 interface brief
FastEthernet0/0
[up/up]
FE80::C800:CFF:FEF0:8
2001:DB8:AAAA:1:C800:CFF:FEF0:8
FastEthernet0/1
[administratively down/down]

The MAC address of the interface is "ca00.0cf0.0008". Visit the following lesson EUI-64
based Global Unicast IPv6 and calculate yourself how the IPv6 address
2001:DB8:AAAA:1:C800:CFF:FEF0:8 is autoconfigured.
xxxx1010 flip the seventh bit xxxx1000 xxxx 1000 A xxxxA
Omnisecu - Link Local IPv6 Addresses, How Link Local IPv6 addresses are
generated

The IPv6 addresses starting with FE in hexadecimals represent link local IPv6 addresses.
Link-local addresses cannot be routed to public networks and limited to the local
network. Link-local addresses are auto-configured (or auto-generated plug-and-play)
addresses (Stateless addresses) similar to IPv4 APIPA addresses (169.254.0.0/16).
Typically, getting an APIPA IPv4 address in an IPv4 network is because of some network
error, but a Link local addresses are IPv6 addresses which can be used for local
communication. A link-local address is for use on a single link and should never be
routed.
IPv6 Link Local addresses are identified among IPv6 addresses by reserving the left most
64 bits as 1111111010000000 0000000000000000 0000000000000000
0000000000000000 | 1111=F | 1110=E | 1000=8 | 0000=0 (translates to FE80 in
hexadecimals). IPv6 Link Local addresses are used by devices for communicating with
other nodes on the same link. The scope of an IPv6 Link Local address is the local link.

IPv6 Link Local addresses are auto-generated and many international technology leaders
generate IPv6 Link Local addresses from MAC Address of the interface.
View the following output of show command "show ipv6 interface gigabitEthernet 0/0", in
a Cisco router.
OmniSecuR1#show ipv6 interface gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C800:EFF:FE74:8
No Virtual link-local address(es):
Global unicast address(es):
2001:4AF1::28, subnet is 2001:4AF1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:28
FF02::1:FF74:8
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 26049)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.

The output shows the IPv6 Link Local address as FE80::C800:EFF:FE74:8, for interface
gigabitEthernet 0/0. How this IPv6 Link Local address as FE80::C800:EFF:FE74:8 is auto
generated by the router? Read below.
We already know the first 64 binary bits of IPv6 Link Local addresses are reserved as
1111111010000000 0000000000000000 0000000000000000 0000000000000000
(FE80::/64 in hexadecimals, is the link local IPv6 address prefix).
Next, view the interface information of the same interface mentioned above using the
IOS command "show interfaces gigabitEthernet 0/0". The MAC address of interface
gigabitEthernet 0/0 is ca00.0e74.0008.
OmniSecuR1#show interfaces gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is i82543 (Livengood), address is ca00.0e74.0008 (bia ca00.0e74.0008)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
<output omitted>

Now we have the IPv6 Link local address of interface gigabitEthernet 0/0 as
FE80::C800:EFF:FE74:8 and MAC address as ca00.0e74.0008.
The IPv6 Link Local addresses are made from the first 64-bit reservation (FE80::/64) and
remaining bits are taken from the MAC address of the interface. But, MAC addresses are
48 bit numbers. 64+48 is only 112bits to form IPv6 address (IPv6 addresses are 128 bit
in length). What about the remaining 16 bits (128-112=16)?
The answer is, an hexadecimal number "FF:FE" is added in between the MAC address of
the related interface to form the complete 128 bit IPv6 Link Local addresses. Also the 7th
bit (from left) in the MAC address is flipped. Which means, if the 7th bit in the MAC
address (from left) is 1, change it to 0 or if the 7th bit (from left) in the MAC address is 0,
change it to 1. Refer the following table.
MAC Address
MAC Address
(FF:FE added to make it
64 bit Host Part)
64 bit Host Part
64 bit Host Part (in
binaries)
64 bit Host Part (in
binaries and 7th bit
flipped)
64 bit Host Part (in
hexadecimals and 7th bit
flipped)
IPv6 Link local IPv6
address
(Combining Link local
IPv6 address prefix
FE80:0000:0000:0000
with derived host part)

CA00.0E74.0008
CA00.0EFF:FE74.0008
CA00.0EFF:FE74.0008
1100101000000000:0000111011111111:1111111001110100:00
00000000001000
1100100000000000:0000111011111111:1111111001110100:00
00000000001000
C800:0EFF:FE74:0008
FE80:0000:0000:0000:C800:0EFF:FE74:0008

The above IPv6 Link local address we got from combining FE80::/64 prefix and MAC
Address part can be further simplified as FE80::C800:EFF:FE74:8.

Note that I had noticed by default some Microsoft Operating Systems are not following
the above method for auto generating the IPv6 Link Local addresses (for network
security). Cisco IOS, GNU/Linux Operating Systems and Unix Operating Systems are
following the above method by default for auto generating IPv6 Link Local addresses.