IPv6 Feature Facts

The current IP addressing standard, version 4, will eventually run out of unique addresses, so a new
system is being developed. It is named IP version 6 or IPv6. You should know about the following IPv6
features:

Feature Description
The Internet Corporation for Assigned Names and Numbers (ICANN)
assigns IPv6 addresses based on the following strategy:

 Public IPv6 addresses are grouped by major geographic region,

Geographic assignment of such as a continent.
addresses  Inside each region, the address is further subdivided by each
ISP.
 Inside each ISP, the address is further subdivided for each
customer or other smaller Internet registries.

Route summarization combines blocks of addresses in a routing table

Efficient route as a single route. As IPv6 addresses are assigned by geographic
summarization region, then ISP, and then the customer, the route summarization of
IPv6 addresses is efficient when compared to IPv4 route summarization.
No need for Network
From the large amount of IP addresses afforded by IPv6, each device
Address Translation (NAT)
has a publicly registered address. Having a unique address for each
or Port Address Translation
device removes the need for NAT and PAT.
(PAT)
IPSec can be used to encrypt any traffic supported by the IP protocol.
This includes Web, e-mail, Telnet, file transfer, and SNMP traffic as well
as countless others.
Native Internet Protocol
Security (IPSec)
IPv6 has built-in support for the IPSec security protocol. Within an IPv4
environment, IPSec security features are available as add-ons but are
required in IPv6.
IPv6 packet headers do not need to have their logical link address
Header improvements changed as the packet hops from router to router. This leads to a
reduction in per-packet overhead.
Built-in support for bandwidth reservations make guaranteed data
Built-in Quality of Service
transfer rates possible. Within an IPv4 environment, Quality of Service
(QoS)
features are available as add-ons but are not part of the native protocol.
The flow label is a field in the IPv6 packet header. Packets belonging to
the same stream, session, or flow share a common flow label value,
Flow label
making the session easily recognizable without having to open the inner
packet to identify the flow.
IPv6 Address Facts

The IPv6 address is a 128-bit binary number. A sample IPv6 IP address looks like:
35BC:FA77:4898:DAFC:200C:FBBC:A007:8973. The following list describes the features of an IPv6
address:

 The address is made up of 32 hexadecimal numbers, organized into 8 quartets.

 The quartets are separated by colons.
 Each quartet is represented as a hexadecimal number between 0 and FFFF. Each quartet
represents 16-bits of data (FFFF = 1111 1111 1111 1111).
 Leading zeros can be omitted in each section. For example, the quartet 0284 could also be
represented by 284.
 Addresses with consecutive zeros can be expressed more concisely by substituting a double-
colon for the group of zeros. For example:
o FEC0:0:0:0:78CD:1283:F398:23AB
o FEC0::78CD:1283:F398:23AB (concise form)
 If an address has more than one consecutive location where one or more quartets are all
zeros, only one location can be abbreviated. For example, FEC2:0:0:0:78CA:0:0:23AB could
be abbreviated as:
o FEC2::78CA:0:0:23AB or
o FEC2:0:0:0:78CA::23AB

But not FEC2::78CA::23AB

 The 128-bit address contains two parts:

o The first 64-bits is known as the prefix. The prefix includes the network and subnet
address. Because addresses are allocated based on physical location, the prefix also
includes global routing information. The 64-bit prefix is often referred to as the global
routing prefix.
o The last 64-bits is the interface ID. This is the unique address assigned to an
interface. Note: Addresses are assigned to interfaces (network connections), not to
the host. Technically, the interface ID is not a host address.

The 64-bit prefix can be divided into various parts, with each part having a specific meaning.

 The prefix length identifies the number of bits in the relevant portion of the prefix. To indicate
the prefix length, add a slash (/) followed by the prefix length number.
 Bits past the end of the prefix length are all binary 0s. For example, the full 64-bit prefix for
address 2001:0DB8:4898:DAFC:200C:FBBC:A007:8973 is
2001:0DB8:4898:DAFC:0000:0000:0000:0000/64.
 Full quartets with trailing 0's in the prefix address can be omitted (for example
2001:0DB8:4898:DAFC::/64).
 If the prefix is not on a quartet boundary (this applies to any prefix that is not a multiple of 16),
any hex values listed after the boundary should written as 0's. For example, the prefix
2001:0DB8:4898:DAFC::/56 should be written as 35BC:FA77:4898:DA00::/56. Remember,
only leading 0's within a quartet can be omitted.
 Be aware that the prefix length number is a binary value, while the prefix itself is a
hexadecimal value.

Global routing information is identified within the 64-bit prefix by subdividing the prefix using varying
prefix lengths. The following graphic is an example of how the IPv6 prefix could be divided:
This sample assignment of IPv6 addresses is explained in the following table:

Prefix Description
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for
the assignment of IPv6 addresses. ICANN assigns a range of IP addresses to Regional
Internet Registry (RIR) organizations. Each current regional organization corresponds
roughly to a continent.
Regional
Internet
Registry The exact size of the address range assigned to the RIR may vary, but current
(RIR) guidelines assign a minimum prefix of 12-bits. In the above example, the RIR has been
assigned a 12-bit prefix, and is responsible for addresses in the following range:

2000::/12 to 200F:FFFF:FFFF:FFFF::/64

A regional organization subdivides its block of IP addresses into smaller blocks and
assigns those blocks to National Internet Registries (NIR), Local Internet Registries
(LIR), or Internet Service Providers (ISP). Larger organizations can further subdivide the
address space to allocate to smaller ISPs.
Internet
Service The exact size of the address range assigned by the RIR may vary, but current
Provider guidelines assign a minimum prefix of 32-bits. In the above example, the ISP has been
(ISP) assigned a 32-bit prefix, and is therefore responsible for addresses in the following
range:

2001:0DB8::/32 to 2001:0DB8:FFFF:FFFF::/64

Individual companies and other organizations request blocks of IP addresses from an

ISP for use in their private networks. Each network organized by a single entity is often
called a site, although the exact definition of the term is under debate.

Although the exact size of the address range assigned to a site may vary, by
Site convention, each site is assigned a 48-bit site ID. In the above example, the site is
responsible for managing the addresses in the following range:

2001:0DB8:4898::/48 to 2001:0DB8:4898:FFFF::/64
ISPs typically follow these guidelines for assigning address ranges to sites:
  By default, all sites that represent a network, including home networks, get an
address with a 48-bit prefix.
 Sites that require an address space larger than this might be assigned two
consecutive blocks, or might be allocated an address with a 47-bit prefix.
 If the network is known to have only a single subnet, the ISP might assign a 64-
bit prefix. This is typically used for mobile devices.
 If the network is known to have only a single device, such as a dialup
connection, the ISP might assign a 128-bit prefix.

Most networks receive an address range identified with a 48-bit prefix. The remaining
16-bits in the global routing prefix are then used by the local network administrator for
creating subnets. In the example above, the site has received the prefix of
2001:0DB8:4898::/48. The following list shows some of the subnets that could be
created by the administrator using a 64-bit prefix:
2001:0DB8:4898:0001::/64
Subnet ID
2001:0DB8:4898:0002::/64
2001:0DB8:4898:0003::/64
...
2001:0DB8:4898:FFFD::/64
2001:0DB8:4898:FFFE::/64
2001:0DB8:4898:FFFF::/64

In most cases, individual interface IDs are not assigned by ISPs, but are rather generated
automatically or managed by site administrators. Interface IDs must be unique within a subnet, but can
be the same if the interface is on different subnets. All addresses that identify a single interface,
except those that start with 000 binary, but use a 64-bit interface ID that follows the modified EUI-64
format. On Ethernet networks, the modified EUI-64 format interface ID can be automatically derived
from the MAC address using the following process:

1. The MAC address is split into 24-bit halves.

2. The hex constant FFFE is inserted between the two halves to complete the 64-bit address.
For example, 20-0C-FB-BC-A0-07 becomes:
200C:FBFF:FEBC:A007.
3. The seventh bit of the MAC address (reading from left to right) is set to binary 1. This bit is
called the universal/local (U/L) bit.
o Modifying the seventh binary bit modifies the second hex value in the address.
o For a MAC address of 20-0C-FB-BC-A0-07, the first two hex values translate to the
following binary number:
0010 0000
o Setting the seventh bit to 1 yields 0010 0010, which translates into 22 hex.

In this example, the MAC address of 20-0C-FB-BC-A0-07 in modified EUI-64 format becomes:
220C:FBFF:FEBC:A007 (portions in red indicate modified values).
IPv6 Address Types

In IPv6, addresses are assigned to interfaces (network connections). All interfaces are required to
have some addresses, and interfaces can have more than one address. IPv6 identifies the following
types of addresses:

Address
Description
Type
Unicast addresses are assigned to a single interface for the purpose of allowing that one
host to send and receive data. Packets sent to a unicast address are delivered to the
interface identified by that address.

Described below are three types of unicast addresses.

Link-local addresses (also known as local link addresses) are addresses that
are valid on only the current subnet.

 Link-local addresses have a FE80::/10 prefix. This includes any

address beginning with FE8, FE9, FEA, or FEB.
Link-  All nodes must have at least one link-local address, although each
local interface can have multiple addresses.
 Routers never forward packets destined for local link addresses to
other subnets.
 Link-local addresses are used for automatic address configuration,
neighbor discovery, or for subnets that have no routers.

Unique local addresses are private addresses used for communication within a
site or between a limited number of sites.

 Unique local addresses have a FC00::/7 prefix. Currently, however, the

Unicast
8th bit is always set to 1 to indicate that the address is local (and not
global). Thus, addresses beginning with FC or FD are unique local
addresses.
 Following the prefix, the next 50-bits are used for the Global ID. The
Global ID is generated randomly such that there is a high probability of
Unique
uniqueness on the entire Internet.
local
 Following the Global ID, the remaining 16-bits in the prefix are used for
subnet information.
 Unique local addresses are globally unique, but are not globally
routable. Unique local addresses might be routed between sites by a
local ISP.
 Earlier IPv6 specifications defined a site-local address that was not
globally unique and had a FEC0::/10 prefix. The site-local address has
been replaced with the unique local address.

Global unicast addresses are addresses that are assigned to individual

interfaces that are globally unique (unique throughout the entire Internet).
Global
unicast Global unicast addresses are any addresses that are not link-local, unique
local, or multicast addresses. Currently, ISPs assign global unicast addresses
with a 2000::/3 prefix (this includes any address beginning with a 2 or a 3). In
the future, however, global unicast addresses might not have this restriction.
Multicast addresses represent a dynamic group of hosts. Packets sent to a multicast
address are sent to all interfaces identified by that address. By using a different multicast
Multicast
address for different functions, only the devices that need to participate in the particular
function will respond to the multicast; devices that have no need to participate in the
 function will ignore the multicast.

 All multicast addresses have a FF00::/8 prefix.

 Multicast addresses that are restricted to the local link only have a FF02::/16
prefix. Packets starting with FF02 are not forwarded by routers.
 Multicast addresses with a FF01::/16 prefix are restricted to a single node.

You should be familiar with the following well-known multicast addresses:

 FF02::1 is for all nodes on the local link. This is the equivalent of the IPv4 subnet
broadcast address. FF01::1 is for all interfaces on a node.
 FF02::2 is for all routers on the local link. FF01::1 is for all routers on the node.
 FF02::1:2 is for all DHCP servers or DHCP relay agents on the local link. DHCP
relay agents forward these packets to other subnets.

The anycast address is a unicast address that is assigned to more than one interface,
typically belonging to different hosts. An anycast packet is routed to the nearest interface
having that address (based on routing protocol decisions).

 An anycast address is the same as a unicast address. Assigning the same

unicast address to more than one interface makes it an anycast address.
Anycast
 You can have link-local, unique local, or global unicast anycast addresses.
 When you assign an anycast address to an interface, you must explicitly identify
the address as an anycast address (to distinguish it from a unicast address).
 Anycast addresses can be used to locate the nearest server of a specific type,
for example the nearest DNS or network time server.

The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or
Loopback ::1/128). The local loopback address is not assigned to an interface. It can be used to
verify that the TCP/IP protocol stack has been properly installed on the host.
The unspecified address is 0:0:0:0:0:0:0:0 (also identifies as :: or ::/128). The unspecified
address is used when there is no IPv6 address. It is typically used during system startup
Unspecified
when the host has not yet configured its address. The unspecified address should not be
assigned to an interface.

Note: There are no broadcast addresses in IPv6. IPv6 multicast addresses are used instead of
broadcast addresses.

IPv6 Configuration Facts

An IPv6 address is configured by any one of the following methods:

Method Description
Static full Static full assignment is where the entire 128-bit IPv6 address and all other
assignment configuration information is statically assigned to the host.
Static partial Static partial assignment is where the prefix is statically assigned and the
assignment interface ID uses the modified EUI-64 format derived from the MAC address.
Stateless autoconfiguration is where clients automatically generate the interface
Stateless ID, and learn the subnet prefix and default gateway through the Neighbor
autoconfiguration Discovery Protocol (NDP). NDP uses the following messages for
autoconfiguration:
  Router solicitation (RS) is a message sent by the client to request that
routers respond.
 Router advertisement (RA) is a message sent by the router periodically
and in response to RS messages to inform clients of the IPv6 subnet
prefix and the default gateway address.

NDP is also used by hosts to discover the address of other interfaces on the
network, replacing the need for Address Resolution Protocol (ARP).

Note: Even though NDP provides enough information for the addressing of the
client and for clients to learn the addresses of other clients on the network, it does
not provide the client with DNS server information or other IP configuration
information besides the IP address and the default gateway.
IPv6 uses an updated version of DHCP (called DHCPv6) that operates in one of
two different modes:

 Stateful DHCPv6 is when the DHCP server provides each client with the
IP address, default gateway, and other IP configuration information (such
as the DNS server IP address). The DHCP server tracks the status (or
DHCPv6
state) of the client.
 Stateless DHCPv6 does not provide the client an IP address and does
not track the status of each client, but rather is used to supply the client
with the DNS server IP address. Stateless DHCPv6 is most useful when
used in conjunction with stateless autoconfiguration.

When a host starts up, it uses the following process to configure the IPv6 address for each interface:

1. The host generates an IPv6 address using the link-local prefix (FE80::/10) and modifying the
MAC address to get the interface ID. For example, if the MAC address is 20-0C-FB-BC-A0-07,
the link-local address for the interface would be: FE80::220C:FBFF:FEBC:A007.
2. The host then sends a neighbor solicitation (NS) message addressed to its own link-local
address to see if the address it has chosen is already in use.
o If the address is in use, the other network host responds with a neighbor
advertisement (NA) message. The process stops and manual configuration of the host
is required.
o If the address is not in use (no NA message), the process continues.
3. The host waits for a router advertisement (RA) message from a router to learn the prefix.
o If an RA message is not received, the host sends out a router solicitation (RS)
message addressed to all routers on the subnet using the multicast address FF02::2.
o The router sends out an RA message addressed to all interfaces on the subnet using
the multicast address FF02::1.
o If no routers respond, the host attempts to use stateful DHCPv6 to receive
configuration information.
4. The RA message contains information that identifies how the IPv6 address and other
information is to be configured. Possible combinations are:

Configuration
Description
Method
Obtain the interface ID, subnet prefix, default gateway, and other
configuration information from a DHCPv6 server.
Use stateful
The host sends out a REQUEST message addressed to the multicast
autoconfiguration
address FF02::1:2 to request this information from the DHCPv6
server.
Use stateless Set the interface ID automatically.
 autoconfiguration Get the subnet prefix and default gateway from the RA message.
Get DNS and other configuration information from a DHCPv6 server.
The host sends out an INFORMATION-REQUEST message
addressed to the multicast address FF02::1:2 to request this
information from the DHCPv6 server.

5. If a manual address or stateful autoconfiguration is used, the host sends an NS message to

make sure the address is not already in use. If stateless autoconfiguration is used, the NS
message at this step is unnecessary because the interface ID has already been verified in
step 2.

IPv6 Implementation Facts

The worldwide implementation from IPv4 to IPv6 will be a long process. Although not yet widely
adopted, you can implement IPv6 if your systems support it. As the implementation of IPv6 proceeds,
there will be cases when compatibility with IPv4 is required. The following table lists various strategies
for deploying IPv6:

Method Description
With a dual stack configuration, both the IPv4 and IPv6 protocol stacks run
concurrently on a host. IPv4 is used to communicate with IPv4 hosts, and IPv6
is used to communicate with IPv6 hosts. When implemented on hosts,
Dual stack intermediate routers and switches must also run both protocol stacks.

Use a dual stack configuration to enable a host to communicate with both IPv4
and IPv6 hosts.
Tunneling wraps an IPv6 packet within an IPv4 packet, allowing IPv6 hosts or
sites to communicate over the existing IPv4 infrastructure. With tunneling, a
device encapsulates IPv6 packets in IPv4 packets for transmission across an
IPv4 network, and then the packets are de-encapsulated to their original IPv6
packets by another device at the other end.

Several tunneling solutions are listed below.

With a manually configured tunnel, tunnel endpoints are
configured as point-to-point connections between devices.
Manual tunneling:

 Is configured between routers at different sites.

 Requires dual-stack routers as the tunnel endpoints.
Tunneling Hosts can be IPv6-only hosts.
Manually
 Works through NAT.
configured
tunnel  Uses a static (manual) association of an IPv6
address with the IPv4 address of the destination
tunnel endpoint.

Because of the time and effort required for configuration, use

manually configured tunnels only when you have a few sites
that need to connect through the IPv4 Internet, or when you
want to configure secure site-to-site associations.
With 6-to-4 tunneling, tunneling endpoints are configured
automatically between devices. 6-to-4 tunneling:
6-to-4 tunneling
 Is configured between routers at different sites.
  Requires dual-stack routers as the tunnel endpoints.
Hosts can be IPv6-only hosts.
 Works through NAT.
 Uses a dynamic association of an IPv6 site prefix to
the IPv4 address of the destination tunnel endpoint.
 Automatically generates an IPv6 address for the site
using the 2002::/16 prefix followed by the public IPv4
address of the tunnel endpoint router. For example,
a router with the IPv4 address of 207.142.131.202
would serve the site with the following prefix:
2002:CF8E:83CA::/48 (CF8E:83CA is the
hexadecimal equivalent of 207.142.131.202).

Use 6-to-4 tunneling to dynamically connect multiple sites

through the IPv4 Internet. Because of its dynamic
configuration, 6-to-4 tunneling is easier to administer than
manual tunneling.
The Intra-site Automatic Tunnel Addressing Protocol
(ISATAP) is a tunneling method for use within a site to
provide IPv6 communication over a private IPv4 network.
ISATAP tunneling:

 Is configured between individual hosts and an

ISATAP router.
 Requires a special dual-stack ISATAP router to
perform tunneling, and dual-stack or IPv6-only
clients. Dual stack routers and hosts perform
tunneling when communicating on the IPv4 network.
 Does not work through NAT.
 Automatically generates link-local addresses that
Intra-site
includes the IPv4 address of each host:
Automatic
o The prefix is the well-known link-local prefix:
Tunnel
FE80::/16.
Addressing
o The remaining prefix values are set to 0.
Protocol
o The first two quartets of the interface ID are
(ISATAP)
set to 0000:5EFE.
o The remaining two quartets use the IPv4
address, written in either dotted-decimal or
hexadecimal notation.

A host with an IPv4 address of 192.168.12.155

would have the following IPv6 address when using
ISATAP: FE80::5EFE:C0A8:0C9B (also designated
as FE80::5EFE:192.168.12.155).

Use ISATAP to begin a transition to IPv6 within a site. You

can start by adding a single ISATAP router and configuring
each host as an ISATAP client.
Teredo tunneling establishes the tunnel between individual
hosts so they can communicate through a private or public
IPv4 network. Teredo tunneling:

Teredo tunneling  Is configured between individual hosts.

 Hosts are dual-stack hosts and perform tunneling of
IPv6 to send on the IPv4 network.
 Works through NAT.
 Use Teredo tunneling to enable host-to-host communications
between IPv6 devices through a public or private IPv4
network.
NAT-PT is a protocol that converts the IPv6 packet header into an IPv4 packet
header, and vice versa. With NAT-PT, a translation table is referenced by the
device, such as a Cisco router, as it converts the headers to ensure that the
packet is sent to the correct host. This method is different than tunneling
Network Address because the packet headers are converted between the IPv4 and IPv6,
Translation-Protocol whereas tunneling wraps the IPv6 packet into an IPv4 packet. NAT-PT:
Translation (NAT-PT)
 Is configured on a single router running NAT-PT.
 The router is a dual-stack router. Hosts run either IPv4 or IPv6.

Use NAT-PT to allow IPv4 hosts to communicate with IPv6 hosts.