IPv6 is receiving a lot of attention at the moment in the IT community, even though development on it started back in 1991. I know many IT engineers have avoided learning IPv6 addressing because they think that it’s a complicated subject, but rest assured that once you’ve read about it and start doing some configurations, you will find that it actually makes sense and is just as understandable as IPv4, if not more so.
You can expect to be heavily tested on IPv6 concepts in the CCNA exam, so prepare accordingly. Please also read some of the IPv6 RFCs.
IPv6 Addressing
Nobody could have predicted the exponential explosion in the growth of the Internet when it was first created. Who could possibly have imagined that as of just a few years ago, nearly every household in the world would have a PC in it? Or that every person will require an IP address for their work PCs, home PCs, mobile phones, mobile IP devices, and even remote IP management of such things as home intruder alarms, ovens, garage doors, and TVs? Experts now agree that estimates of each individual requiring over 250 IP addresses is well within the bounds of possibility.
IPv4 was developed when only large companies required IP addresses. These addresses were cut into blocks from Class A to Class C, with Class D being reserved for multicasting and Class E for experimental use. The original incarnation of IPv4 created huge waste; for example, for Class A addresses, potentially thousands of addresses were wasted, and for Class C addresses, smaller companies were forced to buy several blocks of network addresses for use in their networks. Often, the addresses were non-contiguous, which added to route summarization problems.
Work on IPv6 began as soon as the scale of the IPv4 problem was fully realized (1991). At the time of writing this section of the manual, various Internet Service Providers were issuing press releases to announce that they had finally run out of IPv4 addresses. This means that there is a massive opportunity for engineers to help companies make the transition from IPv4 to IPv6.
The development of IPv6 has addressed some of the shortfalls of IPv4, which include:
- LAN latency – When IPv4 is used on Ethernet segments, there has to be a layer 3-to-layer 2 mapping; in addition, IPv4 uses an ARP broadcast to perform address resolution, which involves an ARP broadcast packet being sent to and received by all stations on an Ethernet segment that is processed as an interrupt on the Ethernet port.
- Autoconfiguration – IPv4 lacks a simple autoconfiguration addressing system.
- Security – IPv4 has no built-in security parameters, as this function is left to PC and router firewalls.
- Mobility – IPv4 has no facility to allocate IP addresses to mobile devices.
- Routing – IPv4 addressing can lead to huge routing tables and vast amounts of routing update packets traversing the Internet. Moreover, changes made to Domain Name System (DNS) entries can take up to 48 hours to propagate, leading to network downtime.
IPv6 has some similarities to IPv4, along with many new features, as illustrated in Figure 7.1 below:
FIG 7.1 – IPv4 compared to IPv6
Anatomy of an IP Packet
The design of a new IP addressing scheme has given network architects a clean slate and the ability to incorporate a wish list into the design of the IPv6 packet. The requirements were a pure design for the header with as few fields as possible, as opposed to the IPv4 header shown in Figure 7.2 below:
FIG 7.2 – IPv4 header: 20 octets
IPv4 allows a unique network number to be allocated to every device on the Internet, but IPv6 takes this one step further, as can be seen in Figure 7.3 below:
FIG 7.3 – IPv6 header: 40 octets
The Version field is set to 6, of course, or in binary 0110. While going into the field properties is beyond the CCNA syllabus, it is worth noting that the Flow Label field is unique to IPv6. This field allows routers to identify a flow by looking at just the packet header as opposed to having to dig deeper into TCP/UDP headers to find this information. A flow is a packet that matches the same source/destination address and service/port, thus speeding up the passing of the packet.
There is no Checksum field in the IPv6 packet due to the reliability of modern devices and the fact that upper-layer protocols usually carry out their own error checking.
IPv6 assigns a 128-bit numerical address to each interface in a network. This, of course, will lead to extreme difficulty for network administrators tracking which interface is using which address. For this reason, IPv6 works hand in hand with DNS. There is no requirement for a subnet mask in IPv6; instead, a prefix is used.
An IPv6 address has two parts. The first part is the data link layer address, which identifies the host destination within the subnet. This is the layer 2 address. The second address is layer 3, and it identifies the destination network the packet must reach. IPv6 uses the Neighbor Discovery Protocol (NDP), not ARP, for layer 2-to-layer 3 address mapping.
FIG 7.4 – IPv6 address size
There are 2 to the power of 128 (2128) addresses available with IPv6, which is exactly 340,282,366,920,938,463,374,607,431,768,211,456 addresses. That is over 5 x 1028 addresses for every person in the world! These addresses are available without the need for private address translation or any other techniques required for address conservation (such as NAT).
RFC 1884 recommends that IPv6 syntax for the 128 bits is represented in eight groups of hexadecimal digits (so eight groups of 16 bits). Each group is divided by a colon so the syntax is referred to as coloned hex, as shown in the example below:
EEDE:AC89:4323:5445:FE32:BB78:7856:2022
IPv6 Address Representation
IPv6 addresses can be represented in three ways:
- The preferred or complete address representation or form
- Compressed representation
- IPv6 addresses with an embedded IPv4 address
Although the complete address representation (preferred form) is the most common method for expressing 128-bit IPv6 addresses, you should be familiar with the other methods, which are described in the following sections.
The Preferred Form
The preferred form expresses the 128 bits as 32 hexadecimal digits grouped into eight 16-bit fields (each represented by four hexadecimal digits). This is expressed by separating each group of four hex digits with a colon, for example, 3FFF:1234:ABCD:5A78:020C:CDFF:FEA7:F3A0. This is the longest format for expressing an IPv6 address.
Each 16-bit field can have a value between 0x0000 and 0xFFFF. As will be described later, some bits in the first field have been reserved and not all the possible values of the first field are used. Hexadecimal characters are not case sensitive, so 2001:ABCD:0000 and 2001:abcd:0000 are the same thing. The preferred form of IPv6 address representation is illustrated in Figure 7.5 below:
FIG 7.5 – The preferred form for IPv6 address representation
The following IPv6 addresses are examples of valid IPv6 addresses in the preferred form:
0000:0000:0000:0000:0000:0000:0000:0003
2001:0000:0000:ABCD:0000:5678:af23:bcd5
3FFF:0000:0000:1010:12AB:9000:0B00:DE09
fec0:2004:ab10:00cd:1234: 0000:0000:6AE9
0000:0000:0000:0000:0000:0000:0000:0000
Compressed Representation
Compressed representation allows IPv6 addresses to be shortened using two methods. The first uses a double colon (::) to represent consecutive zero values or leading zeros in an IPv6 address. The caveat here is that the double colon can be used only once. Each node or device can then expand the value by calculating the number of bits missing and replacing them with zeros. Table 7-1 below illustrates this representation:
Table 7-1: Representing complete IPv6 addresses in the preferred compressed form
| Complete IPv6 Address Representation | Compressed IPv6 Address Representation |
| 0000:0000:0000:0000:0000:0000:0000:000D | ::000D |
| 2001:0000:0000:12A0:0000:5678:af23:bcdd | 2001::12A0:0000:5678:af23:bcdd |
| 3FFF:0000:0000:1010:1A2B:5000:0B00:DE0D | 3FFF::1010:1A2B:5000:0B00:DE0D |
| FEC0:2004:AB10:00CD:1234:0000:0000:6789 | FEC0:2004:AB10:00CD:1234::6789 |
| 0000:0000:0000:0000:0000:0000:0000:0000 | :: |
Note that in the example with 2001:0000:0000:12A0:0000:5678:af23:bcdd, the double colon was used only once, even though there are two sets of consecutive strings of zeros. This is because it would be impossible for a device to convert the address further without losing its unique value, therefore a value of 2001::12A0::5678:af23:bcdd would be wrong (illegal). However, a value of 2001:0000:0000:12A0::5678:af23:bcdd would still represent the same IPv6 address.
The second method allows the leading zeros in each IPv6 field to be omitted. The only caveat here is that when the field is all zeros, then you need to represent the field with one zero so as not to lose its value. The second method is illustrated in Table 7-2 below:
Table 7-2: Representing complete IPv6 addresses in the alternative compressed form
| Complete IPv6 Address Representation | Compressed IPv6 Address Representation |
| 0000:0123:0abc:0000:04b0:0789:f000:0001 | 0:123:abc:0:4b0:789:f000:1 |
| 2001:0000:0000:5678:0000:1234:af23:bcdd | 2001:0:0:5678:0:1234:af23:bcdd |
| 3FFF:0000:0000:1010:1A2B:6000:0B00:DE0D | 3FFF:0:0:1010:1A2B:6000:B00:DE0D |
| fec0:2004:ab10:00cd:1234:0000:0000:6789 | fec0:2004:ab10:cd:1234:0:0:6789 |
| 0000:0000:0000:0000:0000:0000:0000:0000 | 0:0:0:0:0:0:0:0 |
The two methods of compressing IPv6 addresses can be used together if an IPv6 address has both consecutive strings of zeros and leading zeros in other fields. This is illustrated in Table 7-3 below:
Table 7-3: Representing complete IPv6 addresses using both compressed form methods
| Complete IPv6 Address Representation | Compressed IPv6 Address Representation |
| 0000:0000:0000:0000:1a2b:000d:f123:0456 | ::1a2b:d:f123:456 |
| FEC0:0004:AB10:00CD:1234:0000:0000:6789 | FEC0:4:AB10:CD:1234::6789 |
| 3FFF:0c00:0000:1010:1A2B:0000:0000:DE0F | 3FFF:c00:0:1010:1A2B::DE0F |
| 2001:0000:0000:1234:0000:5678:af23:00d5 | 2001::1234:0:5678:af23:d5 |
You can expect to be quizzed on IPv6 address compression in the CCNA exam.
IPv6 Addresses with an Embedded IPv4 Address
The third method of representing an IPv6 address is to embed an IPv4 address within the IPv6 address. Although this method is valid, it is important to note that it is on the path to deprecation, because it is only applicable to migrations from IPv4 to IPv6.
The Different IPv6 Address Types
IPv4 supports four different classes of addresses, which are anycast, broadcast, multicast, and unicast. An anycast address is an IP address that is assigned to multiple devices that provide the same function in such a way that the closest device (based on the routing protocol metric) responds when that IP address is queried for the same function. This is an easy way to provide load balancing and redundancy in networks. Common uses of anycast include DNS server load balancing in networks.
NOTE: IPv6 allows multiple addresses to be allocated per interface. There is no concept of primary and secondary IP addressing in IPv6.
At this point, you should be familiar with IPv4 broadcast, multicast, and unicast addresses. In IPv6, broadcast addresses are no longer supported. The following types of addresses are supported in IPv6:
- Link-local addresses
- Site-local addresses
- Aggregate global unicast addresses
- Multicast addresses
- Anycast addresses
- Loopback addresses
- Unspecified addresses
FIG 7.6 – IPv6 address types
Link-local Addresses
IPv6 link-local addresses, as defined in Section 2.5.6 of RFC 4291, are valid only on the local link (the shared segment between devices). They are automatically assigned to each IPv6-enabled interface. Link-local addresses are assigned from the FE80::/10 prefix (fe80:: through to febf::). This means that the first 10 bits must be 1111 1110 10. Also, the next 54 bits must be set to 0. The remaining 64 bits are the Extended Unique Identifier 64 (EUI-64) address. The EUI-64 address will be covered in detail later in this chapter.
The format for a link-local address is illustrated in Figure 7.7 below:
FIG 7.7 – IPv6 link-local addressing
It’s important to note that every IPv6 interface, be it Ethernet, PPP, Frame Relay, or other interface, will be assigned a link-local address for use on that segment as soon as IPv6 is enabled on the interface. An example of a link-local address is FE80::211:77FF:FE80:72B7. These addresses can be automatically created using stateless address autoconfiguration (SLAAC), which will be discussed later. If you wanted to manually configure a link-local address, you would use the commands below:
R1#conf t
R1(config)#ipv6 unicast-routing
R1(config)#int f0/0
R1(config-if)#ipv6 address fe80::211:77ff:fe80:72b7 link-local
R1(config-if)#end
R1#show ipv6 interface f0/0
FastEthernet0/0 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::211:77FF:FE80:72B7
[output truncated]The link-local address is created when you enable IPv6 on an interface, such as by adding a global unicast address or with the ipv6 enable command. IPv6 must be enabled globally on the router before this command will take effect.
R1(config)#ipv6 unicast-routing
R1(config)#int f0/0
R1(config-if)#ipv6 enable
R1(config-if)#end
R1#
*Mar 1 00:02:17.227: %SYS-5-CONFIG_I: Configured from console by console
R1#show ipv6 interface f0/0
FastEthernet0/0 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::C000:6FF:FEFF:0 [TEN]
No Virtual link-local address(es):
No global unicast address is configured
[output truncated]Link-local traffic is not forwarded from the local link (it’s non-routable); instead, it’s used for routing protocol neighbor communication and other local operations.
You should note that IPv4 also supports link-local IP addressing, although it is less commonly used than in IPv6. The link-local range for IPv4 addresses is 169.254.0.0/16. The most common use of IPv4 is when a device automatically assigns itself an IP address from this range after an unsuccessful attempt to obtain an IP address from a DHCP server.
Site-local Addresses and Unique Local Addresses
Site-local addresses are unicast IPv6 addresses that are used only within a site. This serves as the equivalent of RFC 1918 (private) IPv4 addresses, meaning they are not guaranteed to be unique globally and are therefore not routed on the IPv6 Internet.
Although it is possible to perform Network Address Translation (NAT) for IPv6, it is not recommended; hence, the reason for the much larger IPv6 addresses. Site-local addresses are assigned from the FEC0::/10 prefix (the first 10 bits are 1111 1110 11). The next 54 bits are a subnet ID, while the remaining 64 bits are an interface identifier in the EUI-64 format. The format for site-local addresses is illustrated in Figure 7.8 below:
FIG 7.8 – IPv6 site-local addressing
Site-local addresses are described in this section because they are still supported in Cisco IOS Software. However, it is important to note that these addresses have since been deprecated by RFC 4193, which describes unique local addresses (ULAs); these addresses serve the same function as site-local addresses and are also not routable on the IPv6 global Internet.
Unique local addresses are assigned from the FC00::/7 prefix, which is further subdivided into two /8 address groups referred to as the assigned and random groups. These two groups are the FC00::/8 and the FD00::/8 IPv6 address blocks. The FC00::/8 block is managed by an allocation authority for /48s in use, while the FD00::/8 block is formed by appending a randomly-generated 40-bit string to derive a valid /48 block.
Aggregate Global Unicast Addresses
Aggregate global unicast addresses are the IPv6 addresses used for generic IPv6 traffic and the IPv6 Internet. These are equivalent to the public IPv4 addresses (i.e., host-to-host communication). Each IPv6 address is made up of three parts: a 48-bit prefix received from a provider, a 16-bit site prefix, and the host portion, which is 64 bits. Figure 7.9 below shows you how the address is comprised:
FIG 7.9 – IPv6 global unicast addressing
Providers have a larger /32 prefix from which they assign /48 prefixes to organizations. These /32s are unique to the provider and other providers have to assign them to their own allocated /32 prefixes.
Within an organization, the /48 prefix can be further subdivided into 64-bit site prefixes. This allows for up to 65,536 different 64-bit subnets to be used. The remaining 64 bits are used for the host portion of the network.
A /64 prefix will provide any company with 216 (or 65,536) unique networks, with each network having 232 (or 18,446,744,073,709,551,616) addresses.
Cisco routers can derive the interface ID using a variety of methods, which will be covered later.
The aggregate global unicast addresses are assigned by the Internet Assigned Numbers Authority (IANA) from the IPv6 prefix 2000::/3 (the first three bits are 001). The range of the IPv6 aggregate global unicast addresses is shown in Table 7-4 below:
Table 7-4: IPv6 aggregate global unicast addresses
| Description | Address |
| First Address in Range | 2000:0000:0000:0000:0000:0000:0000:0000 |
| Last Address in Range | 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF |
| Binary Notation | The three high-order bits are set to 001 |
You can find a list of the globally allocated unicast prefixes via the URL below:
Multicast Addresses
You already know that multicast traffic is used for one-to-many or even many-to-many communications. Because IPv6 has no broadcast capability, multicast takes over this function in IPv6. Multicast will always be a destination address, never a source address.
IPv6 multicast addresses are assigned from the FF00::/8 IPv6 prefix (1111 1111). IP multicast is used extensively in IPv6 to perform multiple operations. IPv6 multicast has replaced ARP. In addition, it is used in IPv6 for prefix advertisements and renumbering, as well as for Duplicate Address Detection (DAD), which, as the name suggests, checks that the address is used only once in the network.
IPv6 does not use the TTL value to restrict multicast packets to the local network segment. Instead, the scope of an IPv6 multicast packet is defined within the multicast address itself via the use of the Scope field. This allows all nodes on an IPv6 segment to know about all other neighbors on that same segment. The format for multicast addresses used in IPv6 networks is illustrated in Figure 7.10 below:
FIG 7.10 – IPv6 multicast addressing
The first eight bits of the IPv6 multicast address represent the multicast prefix FF::/8. The Flag field in the IPv6 multicast address is used to indicate the type of multicast address, either permanent or temporary.
Permanent IPv6 multicast addresses are assigned by the IANA, while temporary IPv6 multicast addresses can be used in pre-deployment multicast testing. The Flag field can contain one of the two possible values, as illustrated and described in Table 7-5 below:
Table 7-5: IPv6 permanent and temporary multicast addresses
| Type of Multicast Address | Binary Representation | Hexadecimal Value |
| Permanent | 0000 | 0 |
| Temporary | 0001 | 1 |
The next four bits in the multicast address represent the Scope field. In IPv6 multicasting, this field is a mandatory field that restricts multicast packets from being sent to other areas in the network. This field specifies the domain where the multicast traffic can be sent. The IPv6 multicast address scope types are listed in Table 7-6 below:
Table 7-6: IPv6 multicast address scope types
| Scope Type | Binary Representation | Hexadecimal Value |
| Interface-local | 0001 | 1 |
| Link-local | 0010 | 2 |
| Subnet-local | 0011 | 3 |
| Admin-local | 0100 | 4 |
| Site-local | 0101 | 5 |
| Organization | 1000 | 8 |
| Global | 1110 | E |
Within the IPv6 multicast prefix, certain addresses are reserved. These reserved addresses are well-known multicast addresses that represent specific multicast groups. They are described in Table 7-7 below and you should memorize these for the exam:
Table 7-7: IPv6 reserved multicast addresses
| Address | IPv4 Equivalent | Description |
| FF02::1 | Subnet broadcast | All hosts on the link-local scope |
| FF02::2 | 224.0.0.2 | All routers on the link-local scope |
| FF02::5 | 224.0.0.5 | OSPFv3 routers |
| FF02::6 | 224.0.0.6 | OSPFv3 designated routers |
| FF02::9 | 224.0.0.9 | All RIP routers |
| FF02::A | 224.0.0.10 | EIGRP routers |
All routers must join the all-hosts multicast group of FF02::1 and the all-routers multicast group of FF02::2. I have demonstrated this by enabling IPv6 on a Fast Ethernet link between two connected routers, as shown below:
R1(config)#ipv6 unicast-routing
R1(config)#int f0/0
R1(config-if)#ipv6 enable
R1(config-if)#no shut
R1(config-if)#end
R1#show ipv6 interface f0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C000:6FF:FE95:0
No Virtual link-local address(es):
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
Anycast Addresses
Anycast, as mentioned earlier, can be described as using the nearest address based on the routing protocol metrics for one-to-nearest communication and can be considered in the same way that we think of unicast traffic. In IPv6, global unicast, site-local, or even link-local addresses can be used for anycast. However, there is also an anycast address reserved for special use. This anycast address is referred to as the subnet-router anycast address and is formed with the subnet’s 64-bit unicast prefix, with the remaining 64-bits set to zero (e.g., 2001:1a2b:1111:d7e5:0000:0000:0000:0000).
These addresses are commonly used by protocols such as Mobile IPv6, and they represent a service rather than a device. The same address can be found on multiple devices that are providing the same service. Any router receiving anycast advertisements from a group of servers (for example) would not be aware that they are coming from a group of devices. Instead, the router assumes it has three routes to the same device and therefore, chooses the route with the lowest cost. This concept is illustrated in Figure 7.11 below:
FIG 7.11 – Anycast addressing
Address Autoconfiguration
IPv6 offers an easy addressing solution for network administrators faced with the mammoth task of having to allocate addresses from an unimaginably huge range available. Automatic address configuration allows an IPv6 host to self-allocate the complete address or just the host portion. The methods available are manual, stateful, and stateless autoconfiguration.
Manual autoconfiguration is, of course, not autoconfiguration. In stateful autoconfiguration, the router uses DHCPv6 to obtain an IPv6 address, and DHCP assigns either the host portion or the entire 128-bit address. Finally, in stateless autoconfiguration (SLAAC), the interface configures its own address using Router Solicitation (RS) and Router Advertisement (RA) messages. Stateless autoconfiguration dynamically assigns the interface a 64-bit prefix, and for the host portion, the EUI-64 addressing process (described below) is used. There is also stateless DHCP; however, we won’t be discussing this method. Figure 7.12 below shows the stateless autoconfiguration process. We will cover RA messages shortly.
FIG 7.12 – Stateless autoconfiguration
EUI-64 Addressing
One of the coolest features of IPv6 is automatic address assignment without the need for configuration by the administrator. This immediately allows devices to communicate across an IPv6 link. A device can automatically assign itself an IPv6 address using the IEEE Extended Unique Identifier-64 (EUI-64) format. This address is generated from the unique 48-bit MAC address of the device. Because 48 bits are too short to create an IPv6 address, additional hex digits are added (see below). EUI-64 allows autoconfiguration of IPv6 addresses without depending on the DHCP or manual configuration.
The host portion of an EUI-64 address is generated in two steps. First, a 16-bit field, FFFE, is inserted in the middle of the MAC address. For example, inserting FFFE in the middle of MAC address 00.11.AA.BB.CC.DD would give you this 64-bit address: 00.11.AA.FF.FE.BB.CC.DD.
The next step is to invert the U/L flag, which is the seventh bit in the 64-bit Host field. It may sound somewhat complicated but it’s simply flipping one of the bits. Going back to the previous example, inverting the seventh bit in 00.11.AA.FF.FE.BB.CC.DD would give you 02.11.AA.FF.FE.BB.CC.DD. This is because the first 8 bits (00 in hex) are 0000 0000. Inverting the seventh bit would give you 0000 0010, which is 02 in hex. This is then used as the interface ID in the EUI-64 address.
A router interface that has a MAC address of 00.11.AA.BB.CC.DD would have the following EUI-64 autogenerated IPv6 address:
Router#show interface f0/0
FastEthernet0/0 is up, line protocol is down
Hardware is Gt96k FE, address is 0011.aabb.ccdd (bia 0011.aabb.ccdd)
Router(config)# interface f0/0
Router(config-if)#ipv6 address 2001:aa::/64 eui-64
Router(config-if)#do show ipv6 interface f0/0
FastEthernet0/0 is up, line protocol is down
….
Global unicast address(es):
2001:AA::211:AAFF:FEBB:CCDD, subnet is 2001:AA::/64 [EUI]
You can expect to see a question on EUI-64 addressing in the exam because Cisco has specifically included it in the syllabus.
Loopback Addresses
Loopback addresses in IPv6 are used in the same manner as in IPv4. Each device has an IPv6 Loopback address, which is the equivalent of the 127.0.0.1 Loopback address used in IPv4, and this address is used by the device itself. IPv6 Loopback addresses use the ::1 prefix, which is represented as 0000:0000:0000:0000:0000:0000:0000:0001 in the preferred address format. This means that in IPv6 Loopback addresses, all bits are set to 0 except for the last bit, which is always set to 1.
These addresses are always assigned automatically when IPv6 is enabled on a device and they can never be changed. Figure 7.13 below shows me pinging the IPv6 Loopback address on my Windows 7 PC:
FIG 7.13 – Pinging the IPv6 Loopback address on a PC
Unspecified Addresses
In IPv6 addressing, unspecified addresses are simply unicast addresses that are not assigned to any interface. These addresses indicate the absence of an IPv6 address and are used for special purposes that include IPv6, DHCP, and DAD. Unspecified addresses are always used as a source address by an interface that has yet to learn its unicast address and are represented by all 0 values in the IPv6 address, which can be written using the :: prefix. In the preferred format, these addresses are represented as 0000:0000:0000:0000:0000:0000:0000:0000, or compressed as 0:0:0:0:0:0:0:0:/128, or ::/128 for short. The unspecified address cannot be a destination address and cannot be assigned to an interface.
Migrating from IPv4 to IPv6
You will not find Internet users all over the world using IPv4 one day and then switching to IPv6 the next. The change will take place over a number of years in a phased approach. You will find that the address allocation is done in batches of addresses using a combination of DNS and DHCP or DHCPv6 autoconfiguration scripts. To manually assign IPv6 addresses to nodes in a network would be an almost impossible task. DHCPv6 operation is described in RFC 3736.
There are a few methods available to phase IPv6 addressing into networks, including tunneling, dual stack, Automatic 6to4, ISATAP, and NAT-PT. These topics are no longer specifically mentioned in the CCNA exam. They are, however, well worth knowing—just in case.
Tunneling
FIG 7.14 – Tunneling
Tunneling in internetworking usually refers to one type of packet being encapsulated in another type of packet. In this instance, an IPv6 packet is encapsulated inside an IPv4 packet. In order for tunneling to work here, the routers must support dual stack so both IPv4 and IPv6 are running. Because almost every major network in existence is built on IPv4, tunneling already existed before IPv6 was created.
IPv6 packets up to 20 bytes can be transmitted because the IPv4 header is 20 bytes in length. The IPv4 header is appended to the packet and removed at the destination router.
IPv6 tunneling allows current IPv4 addresses to be used in conjunction with IPv6 addresses in much the same way that dual protocols can be run in a network that is transitioning from one to another.
IPv6 tunneling is defined in RFC 3056 and 2893, among others. Although Teredo tunneling is one method available, it won’t be covered in this guide. Just be aware that it is available.
FIG 7.15 – IPv4 header on an IPv6 packet
For the purposes of the CCNA exam, we will look at:
- Dual stack
- Automatic 6to4
- ISATAP
- NAT-PT
Manually Configured Dual Stack
FIG 7.16 – Dual stack
Dual stack is where two IP protocol stacks run on a network device—IPv4 and IPv6. The dual stack method is the preferred migration method for networks transitioning from IPv4 to IPv6 because they can continue to run both seamlessly while the transition takes place. Dual stack can operate in the same network node interface and choose which version of IP to use based on the destination address.
This process has been thoroughly tested by a project team referred to as 6-Bone. The only requirement for implementing IPv6 addressing in a network is connectivity to a DNS server.
Automatic 6to4
Automatic 6to4 is outlined in RFC 3056, and it enables IPv6 packets to be encapsulated within IPv4 packets. This method treats the underlying network as a Non-Broadcast Multi-Access (NBMA) network (which will be covered in the WAN section) and allows traffic to be tunneled without having to specifically configure a tunnel.
Any IPv6 address that begins with the 16-bit 2002::/16 prefix is known as a 6to4 address. The first 16 bits of the prefix are always 2002:, the next 32 bits are the IPv4 address, and the last 16 bits of the prefix are available for addressing multiple IPv6 subnets in the same 6to4 router.
ISATAP Tunnels
Intra-Site Automatic Tunnel Addressing Protocol (RFC 4214) also treats the underlying network as an NBMA cloud. ISATAP addressing requires the address 0000:5EFE to be sandwiched between the 64-bit link-local address and the IPv4 address on the ISATAP link.
NAT-PT
Network Address Translation (NAT)-Port Translation (PT) for Cisco software is based on RFC 2766 and RFC 2765. NAT-PT is a migration tool that helps customers transition their IPv4 networks to IPv6 networks. Its purpose is to facilitate bidirectional connectivity between IPv4 and IPv6 domains.
Although NAT-PT is still being used as a translation method between the two protocols, it has been deemed deprecated by IETF because of its tight coupling with DNS and general limitation in translation. NAT-PT is still supported by Cisco and other vendors and is still considered a viable option. However, Cisco recommends not using NAT-PT but instead supporting its replacement, NAT64.
IPv6 Functionality Protocols
IPv6 uses a number of underlying protocols in order to function (much in the same way IPv4 does). Some are enhancements of already familiar protocols, such as DNS, CDP, and DHCP, but a key protocol is Neighbor Discovery Protocol, which will be covered in some detail due to its importance.
DHCP for IPv6
As you already know, DNS does for IPv6 what it does for IPv4, namely, it resolves hostnames to IP addresses. DHCP is used for stateful autoconfiguration of IPv6 interfaces. You can read more about DHCPv6 in RFC 3315.
Hosts can be configured to use DHCPv6 to obtain configuration settings, or an IPv6 router can state that it wants to use DHCPv6 in an outgoing RA message. If this is the case, one of two well-known multicast addresses are used (via UDP port 547)—FF02::1:2 (all DHCP relay agents and servers) or FF05::1:3 (all DHCP servers).
DHCPv6 then replies with the relevant configuration settings using UDP port 546. In addition to the usual information you would obtain for IPv4, it can also send information for multiple subnets. Configuring a Cisco router as a DHCPv6 server is outside the scope of the CCNA exam.
ICMPv6
In much the same way that IPv4 needs a protocol to control and forward informational messages, IPv6 uses ICMP (Internet Control Message Protocol) for this service. ICMPv6 was designed exclusively for use with IPv6 and was specified in RFC 2463. Many values from ICMP match ICMPv6, such as “Destination Unreachable” and “Time Exceeded”; however, other mechanisms have been added for use by another protocol developed for IPv6 called Neighbor Discovery Protocol (NDP).
Neighbor Discovery Protocol
NDP is known as the plug-and-play aspect of IPv6. Some of these features include:
- Router discovery – a router can discover when it is at the end of another IPv6 link
- Prefix discovery – a router can discover the prefix of the other side of an IPv6 link
- Address autoconfiguration – without using DHCP, a router can self-assign an IPv6 address
- Parameter discovery – a router can discover the MTU size for the link and hop limits
- Address resolution – without using ARP, a router can discover the layer 2 address of connected devices
- Next-hop discovery – the layer 2 address of the next hop to get to a certain destination
- Neighbor unreachability – a router can determine that another host or router is no longer reachable
- Duplicate Address Detection – a router can determine whether an address, it wants to use, is already allocated
- Redirect – a router can notify another device of a better next-hop address for a destination
Some of the features above will be discussed shortly.
NDP packets are exchanged by connected links and therefore should be using either a link-local address or a multicast address with a link-local scope. The hop limit is set to 255 to prevent hackers from spoofing or attacking NDP. If a packet arrives with a hop limit of 254 or less, it is dropped (because it has passed through at least one router).
As previously mentioned, ICMPv6 has IPv6-specific messages built in to support IPv6 features. These messages include:
- Redirects – mentioned above
- Router Advertisement (RA) – allows routers to advertise their presence on the link and can include MTU, prefix, and hop limits; RA messages are periodically sent in response to Router Solicitations
- Router Solicitation (RS) – generated by a router to request an RA from another router
- Neighbor Solicitation (NS) – generated in order to request the data link address from another router and for Duplicate Address Detection (DAD)
- Neighbor Advertisement (NA) – these are sent in response to NS messages
FIG 7.17 – An IPv6 neighbor solicitation packet
R1#ping ipv6 FE80::C001:7FF:FE10:0
Output Interface: FastEthernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::C001:7FF:FE10:0, timeout is 2 seconds:
Packet sent with a source address of FE80::C000:7FF:FE10:0
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/40 ms
R1#
*Mar 1 01:41:47.103: ICMPv6-ND: DELETE -] INCMP: FE80::C001:7FF:FE10:0
*Mar 1 01:41:47.103: ICMPv6-ND: Sending NS for FE80::C001:7FF:FE10:0 on FastEthernet0/0
*Mar 1 01:41:47.119: ICMPv6-ND: Received NA for FE80::C001:7FF:FE10:0 on FastEthernet0/0 from FE80::C001:7FF:FE10:0
For the output above, I had the debug ipv6 nd and debug ipv6 icmp commands running.
Router Discovery
RA messages are periodically sent by routers running IPv6 to advertise their presence to any device on the same link. These messages will work on broadcast networks such as Ethernet, where multiple devices can receive the message. They are also sent in response to RS messages from local devices.
FIG 7.18 – RS and RA messages
Cisco has set the interval to 200 seconds (with built-in jitter control) for RA messages, but this value can be changed.
R1#show ipv6 interface fast0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C000:7FF:FE10:0
No Virtual link-local address(es):
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF10:0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
RD messages are sent to the all-nodes multicast address FF02::1.
FIG 7.19 – RD messages sent to FF02::1
R1#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
*Mar 1 01:46:26.695: ICMPv6-ND: Sending RA from
FE80::C000:7FF:FE10:0 to FF02::1 on FastEthernet0/0
*Mar 1 01:46:26.695: ICMPv6-ND: MTU = 1500
RAs are sent in response to RS messages, as mentioned:
Mar 1 01:49:47.199: ICMPv6-ND: Request to send RA for FE80::C000:7FF:FE10:0
Duplicate Address Detection
We discussed address autoconfiguration with EUI-64 addressing earlier, so you know that the chances of actually having a duplicate address are remote; however, the facility to detect any duplicate address is built into IPv6 just in case.
Whenever a device attempts to allocate an IPv6 address, it does so tentatively. The address is never confirmed until DAD takes place (i.e., no other device replies to an NS packet generated by the router with that address in it as the target and the source address is unspecified). If a response is received from the target address it wants to allocate, then it confirms that the address is in use.
Neighbor Address Resolution
A major difference between IPv4 and IPv6 is how they discover the data link layer address of a host they want to send a packet to. You’ve already learned that IPv4 uses ARP for this purpose, but IPv6 uses NDP.
If the IPv6 address of the host is on the local link, then the router can simply examine its neighbor cache for the data link layer address. In the output below, there is only one address in the neighbor cache:
R1#show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
FE80::C001:7FF:FE10:0 0 c201.0710.0000 REACH Fa0/0
Here is the output from my Windows 7 command prompt:
C:\Users\owner>netsh
netsh>interface ipv6
netsh interface ipv6>show neighbors
Interface 14: VMware Network Adapter VMnet1
Internet Address Physical Address Type
————————————— —————— —–
ff02::1 33-33-00-00-00-01 Permanent
ff02::2 33-33-00-00-00-02 Permanent
ff02::c 33-33-00-00-00-0c Permanent
ff02::16 33-33-00-00-00-16 Permanent
ff02::fb 33-33-00-00-00-fb Permanent
ff02::1:2 33-33-00-01-00-02 Permanent
ff02::1:3 33-33-00-01-00-03 Permanent
ff02::1:fff2:6984 33-33-ff-f2-69-84 Permanent
Mini-lab – Neighbor Discovery Protocol in Action
The output below shows the NDP process taking place with a short configuration and debugging. Use the ipv6 enable command on both Fast Ethernet interfaces to create IPv6 addresses, and then make a note of them for your ipv6 route command. Also, make sure that you enable IPv6 globally on both routers with the ipv6 unicast-routing command. Add an IPv6 address manually to a Loopback interface on R2.
We’ll kick off the configuration commands below presuming that you have already done the above. First, add the IPv6 address to a Loopback interface on R2.
FIG 7.20 – Mini-lab: Neighbor Discovery Protocol in action
R2(config)#int lo0
R2(config-if)#ipv6 add 2001::1/64
R2(config-if)#end
On R1, start debugs for ND messages and add a static IPv6 route for the 2001::1 address (the static route below is for any network in fact). Check your local IPv6 addresses on your equipment when you copy my commands because they will differ (show ipv6 interface f0/0). You must add the next-hop address in this example.
R1#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
R1#conf t
R1(config)#ipv6 route ::/0 FastEthernet0/0 FE80::C001:7FF:FE10:0
R1(config)#end
Next, ping the Loopback address on R1. Because the address is not present in the neighbor cache, it is marked as incomplete (INCMP). An NS is then sent and an NA is received, allowing the Data Link field to be populated and the packet sent.
R1#ping ipv6 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
!
*Mar 1 06:39:08.622: ICMPv6-ND: STALE -] DELAY: FE80::C001:7FF:FE10:0
*Mar 1 06:39:08.650: ICMPv6-ND: DELETE -> INCMP: 2001::1
*Mar 1 06:39:08.650: ICMPv6-ND: Sending NS for 2001::1 on FastEthernet0/0.!
*Mar 1 06:39:13.618: ICMPv6-ND: Sending NS for FE80::C001:7FF:FE10:0 on FastEthernet0/0
*Mar 1 06:39:13.654: ICMPv6-ND: Received NA for FE80::C001:7FF:FE10:0 on FastEthernet0/0 from FE80::C001:7FF:FE10:0
*Mar 1 06:39:13.654: ICMPv6-ND: PROBE -> REACH: FE80::C001:7FF:FE10:0
*Mar 1 06:39:13.662: ICMPv6-ND: Received NS for FE80::C000:7FF:FE10:0 on FastEthernet0/0 from FE80::C001:7FF:FE10:0
*Mar 1 06:39:13.666: ICMPv6-ND: Sending NA for FE80::C000:7FF:FE10:0 on FastEthernet0/0
Success rate is 60 percent (3/5), round-trip min/avg/max = 8/22/36 ms
R1#
[END OF MINI-LAB]Mini-lab – Configuring IPv6
Cisco IOS supports IPv6 commands in version 12.2(2)T or later. To implement IPv6 on a Cisco device, add the configuration below to the interface:
R1#config t
R1(config)#ipv6 unicast-routing
R1(config)#interface FastEthernet0/0
R1(config-if)#ipv6 address 2001:c001:b14:2::c12/125
R1(config-if)#end
R1#show ipv6 interface
FastEthernet0/0 is up, line protocol is down
IPv6 is enabled, link-local address is FE80::20E:83FF:FEF5:FD4F [TENTATIVE]
Global unicast address(es):
2001:C001:B14:2::C12, subnet is 2001:C001:B14:2::C10/125 [TENTATIVE]
You can also use automatic address configuration with the commands below:
R1(config)#int fast0/1
R1(config-if)#ipv6 address autoconfig
R1(config-if)#no shut
R1(config-if)#end
R1#show ipv6 int f0/1
FastEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C000:6FF:FE95:1
No Virtual link-local address(es):
No global unicast address is configured
To enable IPv6 processing on an interface that has not been configured with an explicit IPv6 address, use the ipv6 enable command in interface configuration mode.
[END OF MINI-LAB]Subnetting IPv6
The mind-boggling amount of available IPv6 addresses actually negates the need to worry about address exhaustion. The CCNA exam requires an understanding of how to allocate IPv6 subnets to satisfy addressing for a LAN or WAN.
The truth is that subnetting in IPv6 is not the same concept as IPv4 subnetting. IPv4 is concerned with how many addresses are available per subnet, while IPv6 is concerned with how many /64 subnets are available and how these are allocated to end-users.
To maintain important features such as stateless address autoconfiguration and some of the plug-and-play functions that make IPv6 so user-friendly to network administrators, /64 subnets are used more often. The exception is point-to-point links, where a /127 subnet is recommended by the IETF in order to address possible accidental or malicious neighbor requests that could bring down the router. However, even in this instance, the entire /64 subnet could be allocated to the link for consistency and design efficiency.
A /64 subnet is the standard allocation, while a /56 subnet would leave 16 bits for subnetting, generating 256 available subnets. This could be allocated to enterprise customers. A /48 subnet would usually be allocated to an ISP customer’s end site and would generate 65,536 subnets. Most ISPs receive a /32 block size.
RFC 5375 – IPv6 Unicast Address Assignment Considerations – addresses subnets for IPv6:
“An important part of an IPv4 addressing plan is deciding the length of each subnet prefix. Unlike in IPv4, the IPv6 addressing architecture [RFC4291] specifies that all subnets using Globally Unique Addresses and ULAs always have the same prefix length of 64 bits.”
The interface ID for IPv6 interfaces will always be /64. If your company was assigned a /56 block for some reason, the presumption is that you would be subnetting this into /64 blocks.
As a reminder, CIDR notation is used with IPv6 addressing. For example, the configuration of an interface with the address 2001:bb8:b::111 sitting on subnet 2001:bb8:b::/64 would be written as 2001:bb8:b::111/64.
For IPv6 subnetting, you should be familiar with a few terms, as illustrated in Figure 7.21 below:
FIG 7.21 – IPv6 subnetting terms
An IPv6 address features both a subnet ID and a subnet prefix. The subnet ID refers to the part of the address used to allocate individual subnets (see Figure 7.22 below).
FIG 7.22 – IPv6 subnet ID
The subnet prefix refers to both the global routing prefix and the subnet ID (see Figure 7.23 below).
FIG 7.23 – IPv6 subnet prefix
Allocating subnets is a very simple process, more so than IPv4 subnetting, in fact. With the subnet ID consisting of 16 bits, you can start with 0000 and continue adding bits (in hexadecimal) until you reach FFFF. Adding the 16 bits to the allocated /48 prefix will give you 65,536 possible subnets, each with up to 264 (or 18,446,744,073,709,551,616 host addresses), which I think you will agree is more than sufficient.
The first 16 subnets are listed in Figure 7.24 below. Remember that in IPv4 subnetting, the subnets go from 0009 to 000F because they are counted in hex.
FIG 7.24 – The first 16 subnets
There are too many subnets to list here, but Figure 7.25 below demonstrates the first and last few:
FIG 7.25 – The first and last few subnets
You can extend the subnet ID, but as discussed already, if you do this on any part of your network that needs to use neighbor discovery or SLAAC, you will disable some essential features of IPv6, so you can only do this on the network infrastructure links (not segments with end systems such as servers or hosts).
Figure 7.26 shows an extension of the original subnet ID of 64 bits, resulting in a prefix of /112. If you subnet on a nibble (4 bits) boundary, you can still easily see how to write out your subnets.
FIG 7.26 – Extension of the original subnet ID of 64 bits
You can subnet outside a nibble boundary, but this will make calculating your subnets much harder.
End of Chapter Questions
Please visit www.howtonetwork.com/ccnasimplified to take the free Chapter 7 exam.
Chapter 7 Labs
Lab 1: Simple IPv6
The physical topology is shown in Figure 7.27 below:
FIG 7.27 – Simple IPv6
Lab Exercise
Your task is to configure the network in Figure 4.27 above. Text in Courier New font indicates the commands that can be entered on the router. You can ignore the clock rate command if you are using GNS3.
Purpose
Configuring IPv6 addressing, which is very easy to do.
Lab Objectives
- Use the IP addressing scheme depicted in Figure 7.27 above.
- Enable IPv6 on both routers.
- Add the designated IPv6 address on each router interface.
- Ping across the Serial link.
Lab Walk-through
- To set the IP addresses on a router interface, you will need to do the following:
Router#config t
Router(config)#hostname Router1
Router1(config)#interface f0/0
Router1(config-if)#ipv6 address 2001:c001:b14:2::c2/125
Router1(config-if)#no shutdown
Router1(config-if)#end
Router 2:
Router#config t
Router(config)#hostname Router2
Router2(config)#interface f0/0
Router2(config-if)#ipv6 address 2001:c001:b14:2::c1/125
Router2(config-if)#no shutdown
Router2(config-if)#^Z
- Check your IPv6 addresses and interface details. Note how the MAC address has been used to automatically create a link-local EUI-64 address.
Router1#show ipv6 interface brief
FastEthernet0/0 [administratively down/down]
FE80::C006:8FF:FE56:0
2001:C001:B14:2::C2
FastEthernet0/1 [administratively down/down]
Router1#
Router1#show ipv6 interface f0/0
FastEthernet0/0 is up, line protocol is down
IPv6 is enabled, link-local address is FE80::C006:8FF:FE56:0 [TEN]
No Virtual link-local address(es):
Global unicast address(es):
2001:C001:B14:2::C2, subnet is 2001:C001:B14:2::C0/125 [TEN]
Joined group address(es):
FF02::1
FF02::2
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.
Router1#
- Ping across the link now.
Router1#ping ipv6 2001:c001:b14:2::c1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:C001:B14:2::C1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/13/52 ms
Router1#
Show Runs
hostname Router1
!
ipv6 unicast-routing
!
interface FastEthernet0/0
ipv6 address 2001:C001:B14:2::C2/125
!
[output truncated]
hostname Router2
!
ipv6 unicast-routing
!
interface FastEthernet0/0
ipv6 address 2001:C001:B14:2::C1/125
!
[output truncated]
