Let's go to understand IPv6!
If you are interested in the networking world, you probably are aware about the IPv4 address shortage.
In theory IPv4 can provide 4 294 967 296 of IP address.
However, the Internet traffic increase more and more (as a proof) !
The routing tables are constantly growing up.
And the coming of IoT and the growing up of Internet connections from Africa, Asia and other areas of the world do not ease the situation…
The number of IPv4 address are not enough for all of this.
Furthermore RIRs (ARIN, RIPE NCC, APNIC, AfriNIC and LACNIC) don’t have more IPv4 to provide.
To reduce the shortage of IPv4, we have used NAT, however NAT impact a lot of applications and have restrictions for peer-to-peer communications.
For theses major reasons, the migration to IPv6 is mandatory.
IPv6 can providing 340 undecillions IP address (due to 2128 = 340 282 366 920 938 463 463 374 607 431 768 211 456, an IPv6 address is composed of 128 bits). But the astronomic number of IPv6 address is not the only reason to migrate to it. IPv6 is an improvement of the IPv4 protocol (for example ICMPv6 includes the automatic configuration and address resolution and functions don’t exist with ICMPv4).
Furthermore with IPv6 they several benefits like the quality of service thanks to flow label, authentication and security which are integrated in the the protocol.
Before to have a full IPv6 environment, an IPv4 and IPv6 coexistence was setting up to migrate on IPv6.
There are three types of IPv4 and IPv6 coexistence, which are Dual Stack, Tunneling and Network Address Translation 64 (NAT64).
The Dual Stack type allows IPv4 and IPv6 to coexist on the same network. A Dual Stack device executes IPv4 and IPv6 simultaneously. It is also known as native IPv6, this type of coexistence means if a client has an IPv6 connection to their ISP, it can access both IPv4 and IPv6 address.
The Tunneling type aims to transport an IPv6 packet on an only IPv4 network. In fact, the IPv6 packets are encapsuled in IPv4 packets.
The Network Address Translation 64 (NAT64) allows IPv6 and IPv4 devices to communicate together. So if an IPv6 device wants to communicate with an IPv4 device, the IPv6 address is translated in IPv4 address and reciprocally.
Before to understand the format of an IPv6 address, it is important to understand what the hexadecimal system is. Hexadecimal is a base sixteen system. It uses digits 0 through 9 and letters A through F. So, there is 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F.
Each hexadecimal value has a binary equivalent value between 0 to 15 in decimal system.
Like this:
| decimal | binary | hexadecimal |
|---|---|---|
| 0 | 0000 | 0 |
| 1 | 0001 | 1 |
| 2 | 0010 | 2 |
| 3 | 0011 | 3 |
| 4 | 0100 | 4 |
| 5 | 0101 | 5 |
| 6 | 0110 | 6 |
| 7 | 0111 | 7 |
| 8 | 1000 | 8 |
| 9 | 1001 | 9 |
| 10 | 1010 | A |
| 11 | 1011 | B |
| 12 | 1100 | C |
| 13 | 1101 | D |
| 14 | 1110 | E |
| 15 | 1111 | F |
So, now you have an idea of the hexadecimal system we can understand the format of an IPv6 address. An IPv6 address is composed of 32 hexadecimal characters. Those 32 characters are grouped in 8 group of 4. And each group of 4 are separated through “:” like show below.
So, there is 32 hexadecimal characters, and 1 hexadecimal character is equal to 4 bits. Therefore, IPv6 address is composed of 128 bits (32 * 4 = 128).
Each group of 4 hexadecimal character is equal to 16 bits. A group of 16 bits can be called hextet.
An IPv6 can appear long, but it is possible to reduce it (generally it is better to write an IPv6 address with these 32-hexadecimal characters).
So how do it ? To simplify an IPv6 address, there are 2 steps.
The first step involves removing 0s only at the beginning of each hextet.
For example, with a few hextets below:
| Before | After removing 0s |
|---|---|
| 0010 | 10 |
| 0EAA | EAA |
| 0073 | 73 |
| 0009 | 9 |
| 0000 | 0 |
Now we have remove 0s at the beginning of each hextet, we can go to the second step !
The second step involves to shorten an IPv6 address by replacing a row of 0s by “::”
The principle of this step is to replace an all unique and neighbor row of 0s from one or many hextet which are composed by 0s. We can use only one time this step to reduce an IPv6 address, because a reduced IPv6 address can have multiple means finally if you apply many times this step.
For example if we apply 2 times the second step for this IPv6 address: fe80:0000:0000:6aee:0000:0000:0000:20a1 we obtain fe80::6aee::20a1 and it is wrong !
This IPv6 address can mean fe80:0000:0000:0000:6aee:0000:0000:20a1 or fe80:0000:0000:6aee:0000:0000:0000:20a1.
However, if an IPv6 address have multi times an all unique and neighbor row of 0s, the good practice is to apply this step at the first row.
With the previous IPv6 address example : fe80:0000:0000:6aee:0000:0000:0000:20a1.
With the good practice we obtain fe80::6aee:0:0:0:20a1.
Now we know the two steps to reduce an IPv6 address, let me show you a few examples.
Initial IPv6 address:
fe80:0000:0000:0000:0200:5aee:feaa:20a2
Step 1:
fe80:0:0:0:200:5aee:feaa:20a2
Step 2:
Fe80::200:5eaa:feaa:20a2
Initial IPv6 address:
2013:ef12:0123:4567:89ab:cdef:0000:0001
Step 1:
2013:ef12:123:4567:89ab:cdef:0:1
Step 2:
2013:ef12:123:4567:89ab:cdef::1
Initial IPv6 address:
fe80:0000:0000:0000:0000:0000:0101:1111
Step 1:
fe80:0:0:0:0:0:101:1111
Step2:
fe80::101:1111
It exists different types of IPv6 addresses. There are 3 principal types of IPv6 address, such as: unicast address, multicast address and anycast address.
Unicast (one to one), represents a single interface. A sent packet will be delivered only at the designated interface. For example, this IPv6 address: 2001:0db8:0000:1234:5678:9101:1112:1113.
Multicast (one to many), represents a group of interfaces. A sent packet will be delivered at all interfaces which are members of the group. For example, this IPv6 address: ff01:0000:0000:0000:0000:0000:0000:0002.
Anycast (one to one which is closest among many), represents a single interface among a group of interfaces. A sent packet will be delivered by one interface of the anycast group. This interface is the closest to the source of the sent packet. A possible scenario with anycast address, was DNS servers which are regrouping with the same IPv6 address.
With IPv6, broadcast doesn’t exist! We use multicast instead of broadcast because broadcast is insecure and inefficient.
Loopback address - ::1/128. This address is used by a host to test her TCP/IP stack. The host talks to itself.
Link-Local Addresses - fe80::/10. This address is required for each device compatible with IPv6. This address is used to communicate with devices on the same subnet. This address is not routable beyond the link, so routers will not forward packets with a link-local source or destination address.
Unique Local Address (ULAs) - fc00::/7. This address is used in LAN like IPv4 private address. Devices which use this address should not be accessible from outside. However, compared to Link-Local Address, Unique Local Address can be routed in another network.
Global Unicast - 2000::/3. This address is like IPv4 public address. They are unique and Internet-routable.
Unspecified - ::/128. This address is used only as source address by a host when it is initializing when it doesn’t have its own addresses.
Documentation - 2001:db8::/32. This address is used as example and for documentation. They are not usable.
Benchmarking - 2001:0002::/48. This address is reserved for documentation only.
Multicast - ff00::/8. This address is used to identify multicast groups. It is only used as destination address.
Teredo - 2001:0000::/32. This address allows to create a tunnel through IPv4 NATs. It is a mapped address.
6to4 - 2002::/16. This address allows connection of IPv6 domains via IPv4 clouds. (Obsolete).
IPv4-Mapped - ::ffff/96. This address embeds IPv4 address in IPv6 address. It is used with Dual stack.
It exists two types of IPv6 multicast addresses: Well-known multicast addresses and Solicited node multicast addresses.
Well-known multicast addresses are reserved multicast addresses for predefined groups of devices. This address is a single address assigned to a group of devices which are running a common protocol or service like DHCPv6. With this address there are two types of address:
All-nodes multicast group - ff02::1. This address is used to groups all IPv6 hosts. If a packet was sent to this address, all hosts on the network threat it.
All-routers multicast group - ff02::2. This address is used to groups all IPv6 routers. If a packet was sent to this address, all routers on the network receive and process it.
Solicited node multicast addresses. A Solicited node multicast addresses is like all-nodes multicast address. Moreover it’s mapped to a special Ethernet multicast address (33-33-00-00-00-00 through 33-33-FF-FF-FF-FF). It allows a device to determine more efficiently if it is the target of the IPv6 packet.
An IPv6 address is composed of a Prefix and an Interface ID. With IPv6, the Prefix identifies the network. You can identify it thanks to prefix length. The prefix length is comprise between 0 to 128 bits. For a local network the recommended length is 64 bits. The Interface ID identifies host on the network.
A Global Unicast Address is composed of a Global Routing Prefix, a Subnet ID and an Interface ID.
The Global Routing Prefix represents the network, it is assigned by the provider like an ISP to a customer or site. Commonly the prefix length of Global Routing Address is /48.
The Subnet ID is located between the Global Routing Prefix and the Interface ID. It allows to create subnets.
The Interface ID identifies a host on a subnet. We calls this part the address Interface ID because a host can have several interfaces and each one can have several IPv6 addresses.
An IPv6 packet header has a 40-byte fixed length. So it doesn’t have a length field.
The number of fields has been reduced, it improves the speed of routers treatment.
An IPv6 header doesn’t have a checksum, it improves also the task for routers (routers don’t need to compute the checksum at each TTL decrement).
Now I will explain you in detail an IPv6 packet header.
Version: field composed of 4-bit, it describes the Internet Protocol (IP) version. In this case 6.
Traffic Class: field composed of 8-bit, it used to describe the packet priority / traffic management.
Flow Label: field composed of 20-bit, the aim of this field is to specify the same handling of the packet by the router for all packet with identical field.
Payload Length: field composed of 16-bit unsigned integer, it describes the length of data or payload of the IPv6 packet. It doesn’t include the length of the IPv6 header.
Next Header: field composed of 8-bit, it describes the data or payload type of the IPv6 packet carry.
Hop Limit: field composed of 8-bit unsigned integer, it replaces the TLL field in IPv4 header. Hop limit field was decremented by 1 by each router / node crossed. When the value is equal to 0 the packet was dropped.
Source Address: field composed of 128-bit, it identifies the sender of IPv6 packet.
Destination Address: field composed of 128-bit, it identifies the receiver of IPv6 packet.
An IPv6 packet is composed of an IPv6 packet header and options, which are inserted between IPv6 packet header and header of the transport layer. These options also called extensions are treated like new headers and most of them are treated by end equipment’s.
Below an IPv6 packet representation.
| Order | Header Type | Next header code |
|---|---|---|
| 1 | Basic IPv6 Header | none |
| 2 | Hop-by-Hop Options | 0 |
| 3 | Destination Options (with routing options) | 60 |
| 4 | Routing Header | 43 |
| 5 | Fragment Header | 44 |
| 6 | Authentication Header | 51 |
| 7 | Encapsulation Security Payload Header | 50 |
| 8 | Destination Header | 60 |
| 9 | Mobility Header | 135 |
| No next header | 59 | |
| Upper Layer | TCP | 6 |
| Upper Layer | UDP | 17 |
| Upper Layer | ICMPv6 | 58 |
I will explain the most used extension.
The Hop-by-Hop Options, is treated by all intermediate routers. More, it’s used for the support of Jumbogram or with the router alert option.
The Destination Options, is used for IPv6 mobility as well as support of certain applications.
The Routing Header, is used for IPv6 mobility and in Source Routing.
The Fragment Header, is used in support of communication using fragmented packets.
The Mobility Header is used in support of Mobile IPv6 service.
The Authentication Header, is similar in format and use like IPv4 authentication header.
The Encapsulation Security Payload Header, is similar in format and use to the IPv4 Encapsulation Security Payload.
In fact the auto configuration of IPv6 address works thanks to RS (Router Solicitation) and RA (Router Advertisement) messages through the ICMPv6 protocol.
A device which wants a Global Unicast Address can obtain it thanks to ICMPv6 RA messages.
On a network with IPv6 enabled on each device, a router sends out every 200 seconds an ICMPv6 RA messages on the network. Furthermore an ICMPv6 RA messages can be sent as response if an ICMPv6 RS was sent from host before.
RS messages were sent by host and RA messages were sent by routers.
An ICMPv6 RA message includes the following information for auto configuration: network prefix and prefix length, a default gateway address and DNS addresses and domain name.
It exists 3 methods for ICMPv6 RA messages for auto configuration which are:
I will explain this method in detail.
To begin SLAAC. SLAAC is stateful and it allows a device to create its own Global Unicast Address. Thanks to information delivered to a host, it can create her address. So the Global Unicast Address is composed of the prefix provided in ICMPv6 RA message and the Interface ID is created thanks to EUI-64 process or by generating a random 64-bit number.
Then SLAAC with stateless DHCPv6 server. This method allows a device to create its own Global Unicast Address addresses. It gives the gateway and suggests to contact a Stateless DHCPv6 sever in the aim to get additional network configuration (like DNS server address).
And to conclude Stateful DHCPv6 (no SLAAC). This method is similar to DHCPv4. It allows a device to obtain all network information for its configuration (prefix, prefix length and DNS servers addresses).
Remarks about EUI-64 and Randomly Generated !
With the methods SLAAC or SLAAC with stateless DHCPv6 messages, client creates alone its Interface ID part in the IPv6 address. The Interface ID can be created with either EUI-64 or Randomly Generated method.
About EUI-64 Process:
EUI stands for Extended Unique Identifier. It was developed by IEEE. The EUI-64 process uses the 48-bit of MAC address client, then it inserts another 16-bit in the middle of 48-bit from client MAC address to create the Interface ID.
A MAC address is composed of OUI (stands for Organizationally Unique Identifier) and a Device Identifier. OUI it’s a 24-bit vendor code assigned by IEEE. Device Identifier it’s a unique 24-bit value within common OUI.
Thus an EUI-64 Interface ID is composed of 24-bit OUI host MAC’s address but the 7th bit is reversed, then another 16 bits value (1111 1111 1111 1110, fffe in hexadecimal) and the rest of host MAC’s address (Device Identifier).
About Randomly Generated Interface IDs:
According to the operating systemn a device can use the Randomly Generated Interface ID instead of EUI-64 process. With this method, to be sure the IPv6 address created is unique, the device use a proccess DAD stands for Duplicate Address Detection.
Note: The process for Link-Local Address is the same.
With DNS protocol, IPv6 addresses are designated by AAAA records.
The Neighbor Discovery protocol replace ARP with IPv6.
June 8, 2011 was the IPv6 Day. The goal of this day is to turn on IPv6 access on several Internet content services. Companies like Google and Akamai Technologies was participated to this day.
I hope you have enjoyed this article, and have learned new things. There will be another articles linked to IPv6 !