IPv6 Addressing Primer – IPv6 Compression and Concepts
IPv6 is a mechanism that was created to overcome the limitations of the current IPv4 standard. One of the major shortcomings of IPv4 is that it uses a 32-bit address space. Because of the classful system and the growth of the Internet, the 32-bit address space has proven to be insufficient. The key factors that led to the evolution of IPv6 were large institutions, Enterprise Networks, and ISPs that demanded a larger pool of IP addresses for different applications and services.
IPv4 uses a 32-bit address space, so it offers around 4.2 billion possible addresses, including the multicast, experimental, and private ones. The IPv6 address space is 128 bits, so it offers around 3.4×1038 possible addressable nodes. The address space is so large that there are about 5×1028 addresses per person in the world. IPv6 also gives every user multiple global addresses that can be used for a wide variety of devices (e.g., PDAs, cell phones, and IP-enabled devices). IPv6 addresses will last a very long time. An IPv6 packet contains the following fields, as depicted in the figure below:
IPv6 Packet Fields
|Version||4 bits||Identifies the IP version (which is 6 in this case).|
|Traffic Class||8 bits||Similar to the ToS byte in the IPv4 header; QoS marking functionality.|
|Flow Label||20 bits||Used to identify and classify packet flows.|
|Payload Length||16 bits||The size of the packet payload.|
|Next Header||8 bits||Similar to the Protocol field in the IPv4 header; defines the type of traffic contained within the payload and which header to expect.|
|Hop Limit||8 bits||Similar to the TTL field in the IPv4 header; prevents endless loops.|
|Source IP Address||128 bits||Source logical IPv6 address.|
|Destination IP Address||128 bits||Destination logical IPv6 address.|
|Data||Variable||Transport Layer data.|
Knowing what is in the IPv4 header is important from a network designer standpoint because many of the fields in the header are used for features such as QoS or protocol type. The IPv6 header offers additional functionality, even though some fields from the IPv4 header have been eliminated, such as the Fragment Offset field and the Flags field.
The Version field, as in the IPv4 header, offers information about the IP protocol version. The Traffic Class field is used to tag the packet with the class of traffic it uses in its DiffServ mechanisms. IPv6 also adds a Flow Label field, which can be used for QoS mechanisms, by tagging a flow. This can be used for multilayer switching techniques and will offer faster packet switching on the network devices. The Payload Length field is the same as the Total Length field in IPv4.
The Next Header is an important IPv6 field. The value of this field determines the type of information that follows the basic IPv6 header. It can be a Transport Layer packet like TCP or UDP or it can designate an extension header. The Next Header field is the equivalent of the Protocol field in IPv4. The next field is Hop Limit, which designates the maximum number of hops an IP packet can traverse. Each hop/router decrements this field by one, so this is similar to the TTL field in IPv4. There is no Checksum field in the IPv6 header, so the router can decrement the Hop Limit field without recalculating the checksum. Finally, there is the 128-bit source address and the 128-bit destination address.
In addition to these fields there are a number of extension headers. The extension headers and the data portion of the packet will follow the eight fields covered thus far. The total length of an extension header’s chain can be variable because the number of extension headers is not fixed. There are different types of extension headers, such as the following:
- Routing header
- Fragmentation header
- Authentication header
- IPsec ESP header
- Hop-by-Hop Options header
The IPv4 address is comprised of a string of 32 bits represented in four octets using a dotted decimal format. IPv6, on the other hand, is comprised of 128 bits represented in eight groups of 16 bits using a hexadecimal format (i.e., 16 bits separated by colons), for example:
Considering the complex format of IPv6 addresses, some rules were developed to shorten them, these rules are referred to as IPv6 compression:
- One or more successive 16-bit groups that consist of all zeros can be omitted and represented by two colons (::).
- If a 16-bit group begins with one or more zeros, the leading zeros can be omitted.
Considering the IPv6 example above, here are its IPv6 compression (shortened) representations:
Note: The double colon (::) notation can appear only one time in an IPv6 address.
In a mixed IPv4 and IPv6 environment, the IPv4 address can be embedded in the IPv6 address, specifically in the last 32 bits.
The prefix portion in IPv6 is the number of contiguous bits that represent the network host. For example, the address 2001:0000:0000:0AABC:0000:0000:0000:0000/60 can be represented as 2001:0:0:ABC::/60.
IPv6 Address Types
Several types of IPv6 addresses are required for various applications. When compared to IPv4 address types (i.e., unicast, multicast, and broadcast), IPv6 presents some differences: special multicast addresses are used instead of broadcast addressing, and a new address type was defined called anycast.
|Aggregatable Global Unicast||2000::/3||Public addresses, host-to-host communications; equivalent to IPv4 unicast.|
|Multicast||FF00::/8||One-to-many and many-to-many communications; equivalent to IPv4 multicast.|
|Anycast||Same as Unicast||Interfaces from a group of devices can be assigned the same anycast address; the device closest to the source will respond; application-based, including load balancing, optimization traffic for a particular service, and redundancy.|
|Link-local Unicast||FE80::/10||Connected-link communications; assigned to all device interfaces and used only for local link traffic.|
|Solicited-node Multicast||FF02::1:FF00:0/104||Neighbor solicitation.|
Anycast addresses are generally assigned to servers located in different geographical locations. By connecting to the anycast address, users will reach the closest server. Anycast addresses are also called one-to-nearest addresses. The IPv6 multicast address is a one-to-many address that identifies a set of hosts that will receive the packet. This is similar to an IPv4 Class D multicast address. IPv6 multicast addresses also supersede the broadcast function of IPv4 broadcast. IPv6 broadcast functionality is an all-nodes multicast behavior. The following are well-known multicast addresses that should be remembered:
- FF01::1 = all-nodes multicast address (broadcast)
- FF02::2 = all-routers multicast address (used for link-local address mechanisms)
Another important multicast address is the solicited node multicast address, which is created automatically and placed on the interface. This is used by the IPv6 Neighbor Discovery process to improve upon IPv4 ARP. A special IPv6 address is 0:0:0:0:0:0:0:1, which is the IPv6 loopback address, equivalent to the 127.0.0.1 IPv4 loopback address. This can also be represented as ::1/128.
The link-local addresses are significant only to individual nodes on a single link. Routers forward packets with a link-local source or destination address beyond the local link. Link-local addresses can be configured automatically or manually. Global unicast addresses are globally unique and routable and are defined in RFC 2374 and RFC 3587.
IPv6 Global Unicast Address Format
Based on the IPv6 global unicast address format shown in the figure above, the first 23 bits represent the registry, the first 32 bits represent the ISP prefix, the first 48 bits are the site prefix, and /64 represents the subnet prefix. The remaining bits are allocated to the interface ID.
The global unicast address and the anycast address share the same format. The unicast address space actually allocates the anycast address. To devices that are not configured for anycast, these addresses will appear as unicast addresses.
IPv6 global unicast addressing allows aggregation upward to the ISP. A single interface may be assigned multiple addresses of any type (i.e., unicast, anycast, and multicast). However, every IPv6-enabled interface must have a loopback address and a link-local address.
The IPv6 global unicast address is structured as presented above in the figure to facilitate aggregation and reduce its number in the global routing tables, just like with IPv4. Global unicast addresses are defined by a global routing prefix, a subnet ID, and an interface ID. Typically, a global unicast address is made up of a 48-bit global routing prefix and a 16-bit subnet identifier.
As with IPv4, there are different mechanisms available for IPv6 and the most important of these includes the following:
- IPv6 Neighbor Discovery (ND)
- Name resolution
- Path Maximum Transmission Unit (MTU) Discovery
- IPv6 security
- IPv6 routing protocols
The Internet Control Message Protocol (ICMP) was modified to support IPv6 and is one of the most important mechanisms that support IPv6 functionality. ICMPv6 uses a Next Header number of 58. ICMP provides informational messages (e.g., Echo Request and Echo Reply) and error messages (e.g., Destination Unreachable, Packet Too Big, and Time Exceeded). IPv6 also uses ICMPv6 to determine important parameters, such as neighbor availability, Path MTU Discovery, destination addresses, or port reachability.
IPv6 uses a Neighbor Discovery protocol (RFC 2461), unlike IPv4, which uses the Address Resolution Protocol (ARP). IPv6 hosts use ND to implement “plug and play” functionality and to discover all other nodes on the same link. ND is also used in checking for duplicate addresses and finding the routers on a specific link. ND uses the ICMPv6 message structure in its operations and its type codes are 133 through 137:
- Router Solicitation
- Router Advertisement
- Neighbor Solicitation
- Neighbor Advertisement
Neighbor Discovery goes beyond the capabilities of ARP, as it performs many functions:
- Address Auto-Configuration (a host can find its full address without using DHCP)
- Duplicate Address Detection (DAD)
- Prefix Discovery (learns prefixes on local links)
- Link MTU Discovery
- Hop Count Discovery
- Next-Hop Determination
- Address Resolution
- Router Discovery (allows routers to find other local routers)
- Neighbor Reachability Detection
- Proxy Behavior
- Default Router Selection
Many of the features mentioned above have IPv4 equivalencies but some of them are unique to IPv6 and provide additional functionalities.
One of the important features made possible by the ND process is DAD, as defined in RFC 4862. This is accomplished through Neighbor Solicitation messages that are exchanged before the interface is allowed to use a global unicast address on the link, and this can determine whether the particular address is unique. The Target Address field in these specific packets is set to the IPv6 address for which duplication is being detected and the source address is set to unspecified (::).
The IPv6 stateless Auto-Configuration feature avoids using DHCP to maintain a mapping for the address assignment. This is a very low-overhead manner in which to disseminate addresses and it accommodates low-overhead re-addressing. In this process, the router sends a Router Advertisement message to advertise the prefix and its ability to act as a default gateway. The host receives this information and uses the EUI-64 format to generate the host portion of the address. After the host generates the address, it starts the DAD process to ensure that the address is unique on the network.
IPv4 performs Name Resolution by using A records in the DNS. RFC 3596 offers a new DNS record type to support the transition to IPv6 Name Resolution, which is AAAA (Quad A). The Quad A record will return an IPv6 address based on a given domain name.
IPv6 does not allow packet fragmentation through the network (except for the source of the packet), so the MTU of every link in an IPv6 implementation must be 1280 bytes or greater. The ICMPv6 Packet Too Big error message determines the path MTU because nodes along the path will send this message to the sending hosts if the packet is larger than the outgoing interface MTU.
DHCPv6 is an updated version of DHCP that offers dynamic address assignment for version 6 hosts. DHCPv6 is described in RD 3315 and provides the same functionality as DHCP but it offers more control, as it supports renumbering without numbers.
IPv6 also has some security mechanisms. Unlike IPv4, IPv6 natively supports IPsec (an open security framework) with two mechanisms: the Authentication Header (AH) and the Encapsulating Security Payload (ESP).
The support for IPsec in IPv6 is mandatory, unlike with IPv4. By making it mandatory in all the IPv6 nodes, secure communication can be created with any node in the network. An example of mandatory and leveraged IPsec in IPv6 is OSPF, which carries out its authentication using only IPsec. Another example of the IPsec IPv6 mechanism is the IPsec Site-to-Site Virtual Tunnel Interface, which allows easy creation of virtual tunnels between two IPv6 routers to very quickly form a site-to-site secured Virtual Private Network (VPN).
The following new routing protocols were developed for IPv6:
- RIPng (RIP new generation)
- Integrated Intermediate System-to-Intermediate System Protocol (IS-IS)
- EIGRP for IPv6
- BGP4 multiprotocol extensions for IPv6
Transitioning from IPv4 to IPv6
Because IPv6 almost always comes as an upgrade to the existing IPv4 infrastructure, IPv6 design and implementation considerations must include different transition mechanisms between these two protocol suites. The IPv4 to IPv6 transition can be very challenging, and during the transition period it is very likely that both protocols will coexist on the network.
The designers of the IPv6 protocol suite have suggested that IPv4 will not go away anytime soon, and it will strongly coexist with IPv6 in combined addressing schemes. The key to all IPv4 to IPv6 transition mechanisms is dual-stack functionality, which allows a device to operate both in IPv4 mode and in IPv6 mode.
One of the most important IPv4 to IPv6 transition mechanisms involves tunneling between dual-stack devices and this can be implemented in different flavors:
- Static tunnels:
- Generic Routing Encapsulation (GRE) – default tunnel mode
- IPv6IP (less overhead, no CLNS transport)
- Automatic tunnels:
- 6to4 (embeds IPv4 address into IPv6 prefix to provide automatic tunnel endpoint determination); automatically generates tunnels based on the utilized addressing scheme
- Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) – automatic host-to-router and host-to-host tunneling
IPv6 over IPv4 Tunneling
Analyzing the figure above, the IPv4 island contains two dual-stack routers that run both the IPv4 and the IPv6 protocol stacks. These two routers will be able to support the transition mechanisms by tunneling IPv6 inside IPv4, and the two routers each connect to an IPv6 island. To carry IPv6 traffic between the two edge islands, a tunnel is created between the two routers that encapsulate IPv6 packets inside IPv4 packets. These packets are sent through the IPv4 cloud as regular IPv4 packets and they get de-encapsulated when they reach the other end. An IPv6 packet generated in the left-side network reaches a destination in the right-side network, so it is very easy to tunnel IPv6 inside IPv4 because of the dual-stack routers at the edge of the IPv4 infrastructure. Static tunneling methods are generally used when dealing with point-to-point links, while dynamic tunneling methods work best when using point-to-multipoint connections.
Network Address Translation Protocol Translation (NAT-PT) is another technology that can be utilized to carry out the transition to an IPv6 network. NAT-PT is often confused with NAT but it is a completely different technology. Simple NAT can also be used in IPv6 but this is very rare because IPv6 offers a very large address space and private addresses are not necessary. NAT-PT is another translation mechanism that will dynamically convert IPv4 addresses to IPv6 addresses, and vice-versa.
Another static tunneling technology is IPv6IP, which encapsulates IPv4 packets directly into IPv6. This is also called manual tunneling. Another type of static tunnel that can be created is a GRE tunnel that encapsulates the IPv6 packets within a GRE packet. GRE tunneling might be necessary when using special applications and services, like the IS-IS routing protocol for IPv6.
The dynamic tunnel types include the 6to4 tunnel, which is appropriate when a group of destinations needs to be connected dynamically utilizing IPv6. ISATAP is a unique type of host-to-router dynamic tunnel, unlike the previously mentioned tunneling techniques, which are router-to-router. ISATAP allows hosts to dynamically get to their IPv6 default gateway.
Note: ISATAP is a protocol that will soon fade away because almost all modern hosts and routers have native IPv6 support.
IPv6 vs IPv4
A network designer should have a very clear picture of the advantages IPv6 has over IPv4. The enhancements of IPv6 can be summarized as follows:
- IPv6 uses hexadecimal notation instead of dotted-decimal notation (IPv4).
- IPv6 has an expanded address space, from 32 bits to 128 bits.
- IPv6 addresses are globally unique due to the extended address space, eliminating the need for NAT.
- IPv6 has a fixed header length (40 bytes), allowing vendors to improve switching efficiency.
- IPv6 supports enhanced options (that offer new features) by placing extension headers between the IPv6 header and the Transport Layer header.
- IPv6 offers Address Auto-Configuration, providing for the dynamic assignment of IP addresses even without a DHCP server.
- IPv6 offers support for labeling traffic flows.
- IPv6 has security capabilities built-in, including authentication and privacy via IPsec
- IPv6 offers Path MTU Discovery before sending packets to a destination, eliminating the need for fragmentation.
- IPv6 supports site multi-homing.
- IPv6 uses the ND protocol instead of ARP.
- IPv6 uses AAAA DNS records instead of A records (IPv4).
- IPv6 uses site-local addressing instead of RFC 1918 (IPv4).
- IPv4 and IPv6 use different routing protocols.
- IPv6 provides for anycast addressing.
Please check out our three IPv6 certification training courses below. Beginner to expert level. You learn IPv6 compression, addressing, protocols, configuration, troubleshooting and much more.