19.

IPv6 Basics

1. Comparison Between IPv6 and IPv4

IPv6 was developed to overcome the limitations of IPv4, particularly the
exhaustion of public IP addresses and inefficient packet header design.

Feature IPv4 IPv6

Address length 32 bits 128 bits

Address format Dotted-decimal Hexadecimal

Unicast, multicast,
Address types Unicast, multicast, anycast
broadcast

40 bytes + variable-length extension

Packet header size 20-60 bytes
headers

Address
Static, DHCP Static, DHCP, SLAAC
configuration

IPsec integrated, enhanced security

Security Limited
features

IPv6 significantly expands the address space, enabling unique addresses for
every device globally and simplifying network configurations.

2. iPv6 Advantages
Nearly Infinite Address Space:

IPv6 uses a 128-bit address space, which is much larger than IPv4's
32-bit space.

This massive address pool allows for the possibility of assigning a

unique IP address to every device and object connected to the internet
(even as small as grains of sand).

It enables the Internet of Things (IoT) and ensures that every terminal
can be online simultaneously without running out of addresses.

Hierarchical Address Structure:

IPv6 addresses are organized hierarchically based on application

scenarios, ensuring efficient routing and network management.

19. IPv6 Basics 1

 By maintaining continuity in IPv6 address segments, IPv6 allows route
aggregation, reducing the size of routing tables and improving network
efficiency.

Plug-and-Play:

IPv6 supports Stateless Address Autoconfiguration (SLAAC), which

allows devices to configure themselves automatically without the need
for manual IP configuration or DHCP. This makes setting up networks
easier and faster.

End-to-End Network Integrity:

Unlike IPv4, which often uses Network Address Translation (NAT) to

map private addresses to public ones, IPv6 allows for true end-to-end
connections without NAT.

This simplifies network monitoring and management and removes the

need for complex NAT configuration.

Enhanced Security:

IPsec (Internet Protocol Security) was initially designed for IPv6,

enabling packet encryption and secure communication.

Although not yet widely used, IPv6 has built-in security features that
can be leveraged to encrypt traffic end-to-end.

3. Basic IPv6 Header

IPv6 headers consist of a basic header and optional extension headers:

The basic IPv6 header provides essential information for packet

forwarding. It is parsed by all devices along the forwarding path.

Here are the fields in the basic IPv6 header:

1. Version (4 bits): Specifies the IP version. In IPv6, this value is always 6 .

2. Traffic Class (8 bits): Indicates the priority of the packet, similar to the
TOS field in IPv4, primarily used for QoS control.

3. Flow Label (20 bits): Used to identify and differentiate real-time traffic
flows. A source IP address and a flow label together uniquely identify a
data flow.

19. IPv6 Basics 2

 4. Payload Length (16 bits): Specifies the length of the data following the
basic IPv6 header (extension headers and upper-layer PDU).

5. Next Header (8 bits): Indicates the type of the next extension header or
the protocol type of the upper-layer PDU (similar to IPv4’s protocol
field).

6. Hop Limit (8 bits): This is equivalent to the TTL (Time to Live) field in
IPv4. It specifies how many hops (or routers) the packet can traverse. It
decreases by one with each hop and is discarded when it reaches zero.

7. Source Address (128 bits): The IP address of the sender.

8. Destination Address (128 bits): The IP address of the recipient.

4. IPv6 Extension Headers

IPv6 has a flexible extension header structure, allowing additional headers to
be added between the basic IPv6 header and the upper-layer data (like TCP or
UDP). This is a key feature that differentiates IPv6 from IPv4:

IPv4 had an Options field that could extend the IPv4 header, but it was
limited and required processing by all intermediate devices, which was
inefficient.

In IPv6, the options have been moved to extension headers. These

headers can be added only when needed, and they don't require
processing by all intermediate devices, which conserves resources.

For example, the Hop-by-Hop Options Header is used to convey

information that needs to be processed by every device along the path.

The extension headers form a chained list where each header indicates the
type of the next one. This way, an IPv6 packet can include zero, one, or
multiple extension headers.

5. IPv6 Addressing
IPv6 addresses are 128 bits long and are usually written as eight groups of four
hexadecimal digits separated by colons ( : ). Here’s an example:

makefile
Copy code

19. IPv6 Basics 3

 2001:0D88:2345:CD30:1230:4567:89AB:CDEF/64

The /64 at the end represents the subnet prefix length, indicating that the
first 64 bits of the address are used for the network portion.

6. IPv6 Address Abbreviation

To make IPv6 addresses easier to read and manage, there are rules for
abbreviation:

1. Leading Zeros: Leading zeros in each segment can be omitted. For

instance, 0D88 can be written as D88 .

2. Consecutive Zero Segments: If there are consecutive segments of zeros,

you can use a double colon ( :: ) to replace them. For example:

2001:0D88:0000:0000:0000:4567:0000:0001 can be abbreviated as

2001:D88::4567:0:1 .

Note: You can only use :: once in an address to avoid ambiguity.

7. IPv6 Packet Processing Mechanism

When processing an IPv6 packet, network devices use the Next Header field to
determine the type of the following header or protocol. Here’s an example of
how it might look:

Basic IPv6 Header ( Next Header = 0 indicates a Hop-by-Hop Options Header)

Hop-by-Hop Options Header ( Next Header = 51 indicates an Authentication

Header)

Authentication Header ( Next Header = 6 indicates TCP)

The TCP data segment follows.

This chain-like approach allows flexibility in how packets are handled.

8. IPv6 Address Classification

IPv6 addresses are classified into three main types based on their prefixes and
usage:

1. Unicast Address:

19. IPv6 Basics 4

 A unicast address identifies a single interface on the network. A packet
sent to a unicast address is delivered to the specific interface with that
address.

IPv6 allows an interface to have multiple addresses, including:

Global Unicast Address (GUA): Publicly routable addresses similar

to IPv4 public addresses.

Unique Local Address (ULA): Private addresses used within local

networks.

Link-Local Address (LLA): Addresses used for communication on

the same local link.

Special unicast addresses:

Unspecified Address ( ::/128 ): Used as a source address in certain

situations, like during Duplicate Address Detection (DAD) or
DHCPv6 initialization.

Loopback Address ( ::1/128 ): Used for local loopback, similar to

127.0.0.1 in IPv4, to test the protocol stack locally.

2. Multicast Address:

A multicast address identifies multiple interfaces, and a packet sent to a

multicast address is delivered to all interfaces that belong to the
corresponding multicast group. Only the interfaces that have joined the
group receive the packet.

IPv6 does not define broadcast addresses as IPv4 does; instead, all
broadcast-like functions are handled by multicast.

3. Anycast Address:

An anycast address identifies a group of interfaces, typically located on

different nodes. A packet sent to an anycast address is delivered to the
nearest interface (based on the routing table) in the group.

Anycast addresses provide redundancy and can enhance service

quality by ensuring that users connect to the nearest service point.

9. IPv6 Unicast Address Format

An IPv6 unicast address is composed of two parts:

19. IPv6 Basics 5

 1. Network Prefix: The first n bits, similar to the network ID in an IPv4
address.

2. Interface ID: The remaining 128 - n bits, similar to the host ID in IPv4.

Most common unicast addresses, such as GUAs and LLAs, have a 64-bit
network prefix and a 64-bit interface ID.

9.1 Generating the Interface ID

The interface ID of an IPv6 address can be generated in several ways:

1. Manual Configuration: You manually set the interface ID.

2. Automatic Generation: The system can automatically generate the

interface ID.

3. EUI-64 Format: This method uses the MAC address of the device to
form a 64-bit interface ID. However, this method has a potential security
risk because attackers could deduce the MAC address from the IPv6
address.

9.2 Common IPv6 Unicast Addresses

1. Global Unicast Address (GUA):

These are globally routable addresses used for internet communication,

similar to public IPv4 addresses.

GUAs usually have a 64-bit network prefix and a 64-bit interface ID.

They consist of:

Global Routing Prefix: Assigned by a provider and is typically at

least 45 bits long.

Subnet ID: Allows organizations to create subnets within their

network.

Interface ID: Identifies a specific interface within the subnet.

2. Unique Local Address (ULA):

These are private IPv6 addresses used within a local network

(equivalent to private IPv4 addresses).

ULAs use the prefix FC00::/7 , with only FD00::/8 being currently in use,
while FC00::/8 is reserved.

19. IPv6 Basics 6

 Even though they are private, ULAs have a globally unique prefix
generated using a pseudo-random algorithm to minimize conflicts.

3. Link-Local Address (LLA):

These addresses are valid only on the local link (network segment) and
have the prefix FE80::/10 .

LLAs are used for local communication, such as neighbor discovery and
SLAAC. They cannot be routed outside the local link.

Every IPv6 interface must have an LLA, and these can be generated
automatically or manually configured.

10. IPv6 Multicast Address

IPv6 multicast addresses are used for one-to-many communication. Key points
include:

Multicast addresses can only be used as the destination of an IPv6 packet.

They consist of:

Flags: Indicate if the multicast group is permanent or transient.

Scope: Defines the range of the multicast group (e.g., link-local, site-
local, organization-local, or global).

Group ID: Identifies the specific multicast group.

Common multicast group scopes:

2 : Link-local (e.g., FF02::1 for all nodes on the local link).

5 : Site-local (within an organization site).

E : Global scope for broader multicast communication.

11. Solicited-Node Multicast Address

This address is generated for each IPv6 unicast or anycast address and is
used for neighbour discovery and duplicate address detection (DAD).

When a device needs to resolve the MAC address corresponding to an IPv6

address, it sends a packet to the solicited-node multicast address, ensuring
that only the target node responds, reducing network traffic.

19. IPv6 Basics 7

 12. IPv6 Anycast Address
An anycast address is used to reach the nearest node in a group of interfaces
with the same address. This address type provides several advantages:

1. Service Redundancy:

Multiple servers can use the same anycast address. If one server fails,
the client can connect to another server using the same address,
maintaining service availability.

2. Optimized Service Delivery:

Based on routing rules, clients connect to the nearest server, improving

access speed and reducing latency.

This classification system allows IPv6 to efficiently manage different types of

communication, optimize routing, and provide redundancy and flexibility.

13. IPv6 Address Configuration

13.1 Service Process of IPv6 Unicast Addresses
Before an interface can send IPv6 packets, it undergoes several steps:

1. Address Configuration: The interface is assigned one or more IPv6

addresses (e.g., Global Unicast Addresses (GUAs) or Link-Local
Addresses (LLAs)).

2. Duplicate Address Detection (DAD): This process checks for address

conflicts to ensure that no other device on the network is using the same
address.

3. Address Resolution: Similar to ARP in IPv4, this step involves mapping

IPv6 addresses to data link layer addresses (typically MAC addresses)
using ICMPv6 messages.

13.2 Neighbor Discovery Protocol (NDP)

NDP is essential for IPv6 networking. It uses ICMPv6 messages for several
functions:

Router Discovery: Hosts learn about available routers.

Prefix Discovery: Hosts obtain subnet prefixes for SLAAC.

19. IPv6 Basics 8

 Address Resolution: Hosts map IPv6 addresses to MAC addresses.

Neighbor Unreachability Detection: Ensures connectivity to neighbors.

Duplicate Address Detection (DAD): Confirms that no two devices

share the same address.

13.3 Stateless Address Autoconfiguration (SLAAC)

SLAAC allows IPv6 hosts to automatically configure their addresses without
manual input or a DHCP server. It uses ICMPv6 messages:

Router Solicitation (RS): Sent by a host to request router information.

Router Advertisement (RA): Sent by routers to provide network

information, including the prefix needed for SLAAC.

With SLAAC, the host generates its IPv6 address by combining the prefix
provided by the router with a locally generated interface ID (e.g., using the EUI-
64 method). The process ensures that hosts can configure themselves
automatically in IPv6 networks.

13.4 Dynamic IPv6 Address Configuration (DHCPv6)

In addition to SLAAC, IPv6 supports dynamic address configuration using
DHCPv6, which can be either stateful or stateless:

1. Stateful DHCPv6:

The host obtains a full 128-bit IPv6 address from the DHCPv6 server.

The DHCPv6 server also provides other configuration parameters, such

as DNS server addresses.

The server keeps track of which addresses have been assigned (this is
the "stateful" aspect).

2. Stateless DHCPv6:

Hosts use SLAAC to get their IPv6 address but rely on DHCPv6 for
additional information like DNS servers.

The M flag (Managed Address Configuration) and O flag (Other

Configuration) in RA messages control how hosts obtain addresses:

M = 1, O = 1 : Use stateful DHCPv6 for both addresses and other

information.

19. IPv6 Basics 9

 M = 0, O = 0 : Use SLAAC for addresses, and no DHCPv6 is used.

13.5 Duplicate Address Detection (DAD)

Regardless of how an IPv6 address is assigned (manually, SLAAC, or DHCPv6),
DAD is performed to ensure that the address is unique on the network:

1. The host sends an ICMPv6 Neighbor Solicitation (NS) message to the

network using the solicited-node multicast address corresponding to the
IPv6 address being checked.

2. If no other device responds with a Neighbor Advertisement (NA) message,

the host confirms that the address is unique and starts using it.

3. If a response is received, the host marks the address as duplicate and

cannot use it.

13.6 Address Resolution

IPv6 replaces ARP (used in IPv4) with ICMPv6 Neighbor Solicitation (NS) and
Neighbor Advertisement (NA) messages for address resolution:

1. When a host (e.g., PC) needs to determine the MAC address corresponding
to an IPv6 address (e.g., 2001::2 on Router R1), it sends an NS message to
the solicited-node multicast address for 2001::2 .

2. R1 receives the NS message, records the source IPv6 and MAC addresses
of the PC, and replies with a unicast NA message containing its IPv6 and
MAC addresses.

3. After receiving the NA message, the PC records R1’s IPv6 and MAC
addresses, completing the neighbor discovery process and establishing a
neighbor entry.

By using NS and NA messages, IPv6 avoids broadcasts, making the process

more efficient and reducing unnecessary network traffic.

19. IPv6 Basics 10