Introduction to Network — #12 IPv6 Addressing
Cisco Networking Academy, Hands-on Course!
12.0 — Introduction
12.0.1 — Why should I take this module?
After the hard work of learning to subnet an IPv4 network, you may find that subnetting an IPv6 network is much easier.
You probably didn’t expect that, did you? A Packet Tracer at the end of this module will give you the opportunity to subnet an IPv6 network.
12.0.2 — What will I learn from this module?
Module Title: IPv6 Addressing
Module Objective: Implement an IPv6 addressing scheme.
12.1 — IPv4 Issues
12.1.1 — Need for IPv6
IPv6 is designed to be the successor to IPv4. IPv6 has a larger 128-bit address space, providing 340 undecillion.
It used this opportunity to fix the limitations of IPv4 and include enhancements.
IPv4 has a theoretical maximum of 4.3 billion addresses. Private addresses in combination with Network Address Translation (NAT) have been instrumental in slowing the depletion of IPv4 address space.
However, NAT is problematic for many applications, creates latency, and has limitations that severely impede peer-to-peer communications.
With an increasing Internet population, a limited IPv4 address space, issues with NAT and the IoT, the time has come to begin the transition to IPv6.
12.1.2 — IPv4 and IPv6 Coexistence
The IETF has created various protocols and tools to help network administrators migrate their networks to IPv6. The migration techniques can be divided into three categories:
Dual-Stack
Allows IPv4 and native IPv6 to coexist on the same network segment. Run both IPv4 and IPv6 protocol stacks simultaneously
Tunneling
Tunneling is a method of transporting an IPv6 packet over an IPv4 network. The IPv6 packet is encapsulated inside an IPv4 packet, similar to other types of data.
Translation
(NAT64) allows IPv6-enabled devices to communicate with IPv4-enabled devices using a translation technique similar to NAT for IPv4.
An IPv6 packet is translated to an IPv4 packet. Vice versa
12.2 — IPv6 Representations
12.2.1 — IPv6 Addressing Formats
IPv6 addresses are 128 bits in length and written as a string of hexadecimal values. Every four bits is represented by a single hexadecimal digit; for a total of 32 hexadecimal values.
IPv6 addresses are not case-sensitive and can be written in either lowercase or uppercase.
An IPv6 address is x:x:x:x:x:x:x:x, with each “x” consisting of four hexadecimal values.
These are examples of IPv6 addresses in the preferred format.
12.2.2 — Rule 1-Omit Leading Zeros
To help reduce the notation of IPv6 addresses is to omit any leading 0s (zeros) in any hextet.
Here are four examples of ways to omit leading zeros:
- 01ab can be represented as 1ab
- 09f0 can be represented as 9f0
- 0000 can bre represented as 0
This rule only applies to leading 0s, NOT to trailing 0s.
12.2.3 — Double Colon
To help reduce the notation of IPv6 addresses is that a double colon (::)
For example, 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1. The double colon (::) is used in place of the three all-0 hextets (0:0:0).
The double colon (::) can only be used once within an address.
Here is an example of the incorrect use of the double colon: 2001:db8::abcd::1234
If an address has more than one contiguous string of all-0 hextets, best practice is to use the double colon (::) on the longest string.
Here is an example of the correct use of the double colon: 2001:db8:0:1111::200, 2001:db8:0:0:ab00::
12.3 — IPv6 Address Types
12.3.1 — Unicast, Multicast, Anycast
In fact, there are three broad categories of IPv6 addresses:
- Unicast — An IPv6 unicast address uniquely identifies an interface on an IPv6-enabled device.
- Multicast — An IPv6 multicast address is used to send a single IPv6 packet to multiple destinations.
- Anycast — An IPv6 anycast address is any IPv6 unicast address that can be assigned to multiple devices. A packet sent to an anycast address is routed to the nearest device having that address.
12.3.2 — IPv6 Prefix Lenght
The prefix, or network portion. In IPv6 it is only called the prefix length. IPv6 does not use the dotted-decimal subnet mask notation.
The prefix length can range from 0 to 128. The recommended IPv6 prefix length for LANs and most other types of networks is /64.
12.3.3 — Type of IPv6 Unicast Addressing
An IPv6 unicast address uniquely identifies an interface on an IPv6-enabled device.
The destination IPv6 address can be either a unicast or a multicast address.
IPv6 addresses typically have two unicast addresses:
- Global Unicast Address (GUA) — This is similar to a public IPv4 address. These are globally unique, internet-routable addresses. GUAs can be configured statically or assigned dynamically.
- Link-local Address (LLA) — This is required for every IPv6-enabled device. LLAs are used to communicate with other devices on the same local link. In other words, routers will not forward packets with a link-local source or destination address.
12.3.4 — A Note About Unique Local Address
Unique local addresses (range fc00::/7 to fdff::/7) are not yet commonly implemented.
The IPv6 unique local addresses have some similarity to RFC 1918 private addresses for IPv4, but there are significant differences:
- Unique local addresses are used for local addressing within a site or between a limited number of sites.
- Unique local addresses can be used for devices that will never need to access another network.
- Unique local addresses are not globally routed or translated to a global IPv6 address.
12.3.5 — IPv6 GUA
IPv6 global unicast addresses (GUAs) are globally unique and routable on the IPv6 internet.
Currently, only GUAs with the first three bits of 001 or 2000::/3 are being assigned,
Note: The 2001:db8::/32 address has been reserved for documentation purposes, including use in examples.
12.3.6 — IPv6 GUA Structure
Global Routing Prefix
The global routing prefix is the prefix, or network, portion of the address that is assigned by the provider, such as an ISP, to a customer or site.
For example, it is common for ISPs to assign a /48 global routing prefix to its customers.
The IPv6 address 2001:db8:acad::/48 has a global routing prefix that indicates that the first 48 bits (3 hextets) (2001:db8:acad) is how the ISP knows of this prefix (network).
Subnet ID
The Subnet ID field is the area between the Global Routing Prefix and the Interface ID. IPv6 was designed with subnetting in mind.
Many organizations are receiving a /32 global routing prefix. Using the recommended /64 prefix in order to create a 64-bit Interface ID, leaves a 32 bit Subnet ID.
Interface ID
The IPv6 interface ID is equivalent to the host portion of an IPv4 address.
A /64 subnet or prefix (Global Routing Prefix + Subnet ID) leaves 64 bits for the interface ID. This is recommended to allow SLAAC-enabled devices to create their own 64-bit interface ID.
12.3.7 — IPv6 LLA
An IPv6 link-local address (LLA) enables a device to communicate with other IPv6-enabled devices on the same link and only on that link (subnet).
If an LLA is not configured manually on an interface, the device will automatically create its own without communicating with a DHCP server.
IPv6 LLAs are in the fe80::/10 range. The /10 indicates that the first 10 bits are 1111 1110 10xx xxxx.
The first hextet has a range of 1111 1110 1000 0000 (fe80) to 1111 1110 1011 1111 (febf).
There are two ways that a device can obtain an LLA:
- Statically — This means the device has been manually configured.
- Dynamically — This means the device creates its own interface ID by using randomly generated values or using the Extended Unique Identifier (EUI) method, which uses the client MAC address along with additional bits.
12.4 — GUA and LLA Static Configuration
12.4.1 — Static Configuration GUA on a Router
An IPv6 LLA lets two IPv6-enabled devices communicate with each other on the same link (subnet).
For example, the Cisco IOS command to configure an IPv4 address on an interface is ip address ip-address subnet-mask. In contrast, the command to configure an IPv6 GUA on an interface is ipv6 address ipv6-address/prefix-length.
The example configuration uses the topology shown in the figure and these IPv6 subnets:
- 2001:db8:acad:1:/64
- 2001:db8:acad:2:/64
- 2001:db8:acad:3:/64
IPv6 GUA Configuration on Router R1
R1(config)# interface gigabitethernet 0/0/0
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface gigabitethernet 0/0/1
R1(config-if)# ipv6 address 2001:db8:acad:2::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface serial 0/1/0
R1(config-if)# ipv6 address 2001:db8:acad:3::1/64
R1(config-if)# no shutdown
12.4.2 — Static Configuration GUA on a Windows Host
Manually configuring the IPv6 address on a host is similar to configuring an IPv4 address.
The default gateway address configured for PC1 is 2001:db8:acad:1::1. This is the GUA of the R1 GigabitEthernet interface on the same network. Alternatively, the default gateway address can be configured to match the LLA of the GigabitEthernet interface.
There are two ways in which a device can obtain an IPv6 GUA automatically:
- Stateless Address Autoconfiguration (SLAAC)
- Stateful DHCPv6
When DHCPv6 or SLAAC is used, the LLA of the router will automatically be specified as the default gateway address.
12.4.3 — Static Configuration of a Link-Local Unicast Address
Configuring the LLA manually lets you create an address that is recognizable and easier to remember.
LLAs can be configured manually using the ipv6 address ipv6-link-local-address link-local command. When an address begins with this hextet within the range of fe80 to febf, the link-local parameter must follow the address.
R1(config)# interface gigabitethernet 0/0/0
R1(config-if)# ipv6 address fe80::1:1 link-local
R1(config-if)# exit
R1(config)# interface gigabitethernet 0/0/1
R1(config-if)# ipv6 address fe80::2:1 link-local
R1(config-if)# exit
R1(config)# interface serial 0/1/0
R1(config-if)# ipv6 address fe80::3:1 link-local
R1(config-if)# exit
all the interfaces of router R1 have been configured with an LLA that begins with fe80::n:1.
R1(config)#interface g0/0/0
R1(config-if)#ipv6 address fe80::1:1 link-local
R1(config-if)#exit
R1(config-if)#ipv6 address 2001:db8:acad:1::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
Input LLAs first and then GUAs
12.5 — Dynamic Addressing for IPv6 GUAs
12.5.1 — RS and RA Message
For the GUA, a device obtains the address dynamically through Internet Control Message Protocol version 6 (ICMPv6) messages.
Router Advertisement (RA) messages are on IPv6 router Ethernet interfaces. The router must be enabled for IPv6 routing, which is not enabled by default. To enable a router as an IPv6 router, the ipv6 unicast-routing on global configuration.
The ICMPv6 RA message includes the following:
- Network prefix and prefix length — This tells the device which network it belongs to.
- Default gateway address — This is an IPv6 LLA, the source IPv6 address of the RA message.
- DNS addresses and domain name — These are the addresses of DNS servers and a domain name.
There are three methods for RA messages:
- Method 1: SLAAC — “I have everything you need including the prefix, prefix length, and default gateway address.”
- Method 2: SLAAC with a stateless DHCPv6 server — “Here is my information but you need to get other information such as DNS addresses from a stateless DHCPv6 server.”
- Method 3: Stateful DHCPv6 (no SLAAC) — “I can give you your default gateway address. You need to ask a stateful DHCPv6 server for all your other information.”
12.5.2 — Method 1: SLAAC
SLAAC is a method that allows a device to create its own GUA without the services of DHCPv6.
SLAAC is stateless, which means there is no central server (for example, a stateful DHCPv6 server) allocating GUAs and keeping a list of devices and their addresses.
- Prefix — This is advertised in the RA message.
- Interface ID — This uses the EUI-64 process or by generating a random 64-bit number, depending on the device operating system.
12.5.3 — Method 2: SLAAC and Stateless DHCPv6
A router interface can be configured to send a router advertisement using SLAAC and stateless DHCPv6.
- SLAAC to create its own IPv6 GUA
- The router LLA, which is the RA source IPv6 address, as the default gateway address
- A stateless DHCPv6 server to obtain other information such as a DNS server address and a domain name
A stateless DHCPv6 server distributes DNS server addresses and domain names. It does not allocate GUAs.
12.5.4 — Method 3: Stateful DHCPv6
Stateful DHCPv6 is similar to DHCP for IPv4. A device can automatically receive its addressing information including a GUA, prefix length, and the addresses of DNS servers from a stateful DHCPv6 server.
- The router LLA, which is the RA source IPv6 address, for the default gateway address.
- A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and other necessary information.
The default gateway address can only be obtained dynamically from the RA message. The stateless or stateful DHCPv6 server does not provide the default gateway address.
12.5.5 — EUI-64 Process vs. Randomly Generated
When the RA message is either SLAAC or SLAAC with stateless DHCPv6, the client must generate its own interface ID. The interface ID can be created using the EUI-64 process or a randomly generated 64-bit number.
12.5.6 — EUI-64 Process
Ethernet MAC addresses are usually represented in hexadecimal and are made up of two parts:
- Organizationally Unique Identifier (OUI) — The OUI is a 24-bit (6 hexadecimal digits) vendor code assigned by IEEE.
- Device Identifier — The device identifier is a unique 24-bit (6 hexadecimal digits) value within a common OUI.
An EUI-64 Interface ID is represented in binary and is made up of three parts:
- 24-bit OUI from the client MAC address, but the 7th bit (the Universally/Locally (U/L) bit) is reversed. This means that if the 7th bit is a 0, it becomes a 1, and vice versa.
- The inserted 16-bit value ff:fe (in hexadecimal).
- 24-bit Device Identifier from the client MAC address.
R1 GigabitEthernet MAC address of fc99:4775:cee0
The example output for the ipconfig command shows the IPv6 GUA being dynamically created using SLAAC and the EUI-64 process.
From fc99:47|75:cee0 to fc99:47ff:fe75:cee0
12.5.7 — Randomly Generated Interface IDs
Beginning with Windows Vista, Windows uses a randomly generated interface ID instead of one created with EUI-64.
To ensure the uniqueness of any IPv6 unicast address, the client may use a process known as Duplicate Address Detection (DAD). This is similar to an ARP request for its own address. If there is no reply, then the address is unique.
12.6 — Dynamic Addressing for IPv6 LLAs
12.6.1 — Dynamic LLAs
All IPv6 devices must have an IPv6 LLA. Like IPv6 GUAs, you can also create LLAs dynamically.
The figure shows the LLA is dynamically created using the fe80::/10 prefix and the interface ID using the EUI-64 process, or a randomly generated 64-bit number.
12.6.2 — Dynamic LLAs on Windows
Operating systems, such as Windows, will typically use the same method for both a SLAAC-created GUA and a dynamically assigned LLA.
12.6.3 — Dynamic LLAs on Cisco Router
Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the interface.
By default, Cisco IOS routers use EUI-64 to generate the interface ID for all LLAs on IPv6 interfaces.
For serial interfaces, the router will use the MAC address of an Ethernet interface.
12.6.4 — Verify IPv6 Address Configuration
Show IPv6 Interface Brief
The show ipv6 interface brief command displays the MAC address of the Ethernet interfaces.
R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::1:1
2001:DB8:ACAD:1::1
GigabitEthernet0/0/1 [up/up]
FE80::1:2
2001:DB8:ACAD:2::1
Serial0/1/0 [up/up]
FE80::1:3
2001:DB8:ACAD:3::1
Serial0/1/1 [down/down]
unassigned
R1#
Show IPv6 route
As shown in the example, the show ipv6 route command can be used to verify that IPv6 networks and specific IPv6 interface addresses have been installed in the IPv6 routing table.
a C next to a route indicates that this is a directly connected network.
The L indicates a Local route, the specific IPv6 address assigned to the interface. This is not an LLA. LLAs are not included in the routing table of the router because they are not routable addresses.
R1# show ipv6 route
IPv6 Routing Table — default — 7 entries
Codes: C — Connected, L — Local, S — Static, U — Per-user Static route
C 2001:DB8:ACAD:1::/64 [0/0]
via GigabitEthernet0/0/0, directly connected
L 2001:DB8:ACAD:1::1/128 [0/0]
via GigabitEthernet0/0/0, receive
C 2001:DB8:ACAD:2::/64 [0/0]
via GigabitEthernet0/0/1, directly connected
L 2001:DB8:ACAD:2::1/128 [0/0]
via GigabitEthernet0/0/1, receive
C 2001:DB8:ACAD:3::/64 [0/0]
via Serial0/1/0, directly connected
L 2001:DB8:ACAD:3::1/128 [0/0]
via Serial0/1/0, receive
L FF00::/8 [0/0]
via Null0, receive
R1#
Ping
The ping command for IPv6 is identical to the command used with IPv4, except that an IPv6 address is used.
R1# ping 2001:db8:acad:1::10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:ACAD:1::10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#
12.7 — IPv6 Multicast Addresses
12.7.1 — Assigned IPv6 Multicast Address
IPv6 multicast addresses are similar to IPv4 multicast addresses. Recall that a multicast address is used to send a single packet to one or more destinations (multicast group). IPv6 multicast addresses have the prefix ff00::/8.
Multicast addresses can only be destination addresses and not source addresses.
There are two types of IPv6 multicast addresses:
- Well-known multicast addresses
- Solicited node multicast addresses
12.7.2 — Well-Known IPv6 Multicast Address
Well-known IPv6 multicast addresses are assigned. Assigned multicast addresses are reserved multicast addresses for predefined groups of devices.
hese are two common IPv6 assigned multicast groups:
- ff02::1 All-nodes multicast group — This is a multicast group that all IPv6-enabled devices join. The figure shows an example of communication using the all-nodes multicast address. An IPv6 router sends ICMPv6 RA messages to the all-node multicast group.
- ff02::2 All-routers multicast group — This is a multicast group that all IPv6 routers join. A router becomes a member of this group when it is enabled as an IPv6 router with the ipv6 unicast-routing global configuration command.
12.7.3 — Solicited-Node IPv6 Multicast Address
A solicited-node multicast address is similar to the all-nodes multicast address. The advantage of a solicited-node multicast address is that it is mapped to a special Ethernet multicast address.
12.8 — Subnet an IPv6 Network
12.8.1 — Subnet Using the Subnet ID
Recall that with IPv4, we must borrow bits from the host portion to create subnets. However, IPv6 was designed with subnetting in mind. A separate subnet ID field in the IPv6 GUA is used to create subnets.
The benefit of a 128-bit address is that it can support more than enough subnets and hosts per subnet, for each network.
- 16-bit subnet ID — Creates up to 65,536 subnets.
- 64-bit interface ID — Supports up to 18 quintillion host IPv6 addresses per subnet (i.e., 18,000,000,000,000,000,000).
IPv6 subnetting is also easier to implement than IPv4, because there is no conversion to binary required.
12.8.2 — IPv6 Subnetting Example
For example, assume an organization has been assigned the 2001:db8:acad::/48 global routing prefix with a 16 bit subnet ID. This would allow the organization to create 65,536 /64 subnets
Subnetting using a 16-bit Subnet ID
12.8.3 — IPv6 Subnet Allocation
Unlike the example for IPv4, with IPv6 the serial link subnet will have the same prefix length as the LANs.
As shown in the next figure, the five IPv6 subnets were allocated, with the subnet ID field 0001 through 0005 used for this example. Each /64 subnet will provide more addresses than will ever be needed.
12.8.4 — Router Configuration with IPv6 Subnets
The example shows that each of the router interfaces has been configured to be on a different IPv6 subnet.
IPv6 Address Configuration on Router R1
R1(config)# interface gigabitethernet 0/0/0
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface gigabitethernet 0/0/1
R1(config-if)# ipv6 address 2001:db8:acad:2::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface serial 0/1/0
R1(config-if)# ipv6 address 2001:db8:acad:3::1/64
R1(config-if)# no shutdown
References: