IPv6 addressing (not on blueprint)

Unicast

General information on “IPv6 Unicast”:

• 128 bit in length and notated in hexadecimal
• Leading zeroes can be omitted; 0001 => 1
• Consecutive octets with only zeroes can be shortened once, e.g. 0000:0000:0000 => ::

IPv6 Unicast address format: 2001:aa11:bb22:cc33:dd44:ee55:ff66:0001

IPv6 Unicast address types:

• Global Unicast Address (GUA):
  • Routable across the internet
  • Prefix is 2000::/3
• Unique Local Address (ULA):
  • Private address space
  • Prefix is FC00::/7 but…
  • FD00::/8 is currently the only valid prefix because the L-Bit („Local“-bit, 8th bit from left) must be set to 1
• Link Local Address (LLA):
  • Only valid on a given link
  • Mandatory for each interface running IPv6
  • Prefix is FE80::/10
• Loopback:
  • Similar to 127.0.0.1 in IPv4
  • Address is ::1 (without any subnet!)
• Unspecified:
  • Used when the host has no valid IPv6 address
  • Address is ::/128 (everything zero)
• Documentation Prefix:
  • Used for documentation purposes (eg. Cisco Docs)
  • Prefix is 2001:0db8::/32
• Discard Prefix:
  • Used for traffic black-holing (eg. large-scale BGP deployments)
  • Prefix is 0100::/64

EUI-64

Extended Unique Identifier

General information on “IPv6 EUI-64”:

• Used to automatically generate the Interface ID portion of an IPv6 address
• MAC address of the interface is used for this
• This is done in two steps:
  1. FFFE gets inserted in the middle of
  2. 7th bit from left (the “U/L”-bit, Universally/Locally) of the MAC address gets flipped

Example for “IPv6 EUI-64”:

• Prefix: FE80::/64
• MAC address: 1111.1111.1111
• Prefix + MAC + Bit Flip: FE80::1311:11FF:FE11:1111

ND, RS/RA

ND

Neighbor Discovery (Protocol)

General information on “ND(P)":

• NDP (Neighbor Discovery Protocol) dynamically discovers the MAC addresses (L2) of neighbors
• This feature is implemented into the ICMPv6 suite (with IPv4, ARP was needed for this)
• This is done by sending out a multicast NS (Neighbor Solicitation) ICMPv6 messages
• The device will answer with a unicast NA (Neighbor Advertisement) ICMPv6 message back
• The NS should be sourced by the link-local address
• The NS is sent to the solicited note multicast address
• The solicited note IPv6 multicast address FF02:0:0:0:0:1:FF00::/104 + last 24-bytes of the IPv6 unicast address
• The solicited note MAC address is 33:33:FF:xx:xx:xx + last 24-bytes of the IPv6 unicast address
• For each assigned IPv6 address on the interface a solicited note IPv6 multicast address will be joined

DAD (not on blueprint)

Duplicate Address Detection

General information on “DAD”:

• Runs on an interface when it first learns its IPv6 address
• Done by sending an NS message to the solicited node multicast address
• The source address is unspecified (::)
• If there’s a reply with the same IPv6 address, the host knows that a duplicate exists
• The reply will be sent to the all-nodes multicast address FF02::1
• If a duplicate address exists the configured IPv6 address will not be assigned to the interface

IND (not on blueprint)

Inverse Neighbor Discovery

General information on “IND”:

• Inverse version of ND(P)
• Comparable to Reverse ARP in IPv4
• Uses the Inverse NS message to get the IPv6 address of a known MAC address (L2)

RS/RA

Router Solicitation

General information on “RS”:

• Sent out by the host to find an router/a gateway
• Destination IPv6 address is FF02::2 (all-routers multicast address)
• Destination MAC address is 33:33:00:00:00:02
• Source IPv6 address is link-local address of the sender
• Source MAC address is the interface MAC address of the sender
• ICMPv6 type is 133

Router Advertisement

General information on “RA”:

• IPv6 routing needs to be activated on the router in order to send out RAs
• Advertisements are sent out by router periodically on all of their configured interfaces (default 200 seconds)
• Advertisement is sent out immediately after a solicitation message is received
• Destination address is FF02::1 (all-nodes multicast address) or the link-local unicast address if it is a response to a RS message
• Source address is link-local address of the router
• ICMPv6 type is 134
• Parameters included in the RA:
  • Link prefix and length (must be /64 for SLAAC)
  • Address lifetime (Valid lifetime 30 days, preferred lifetime 7 days)
  • Configuration flags (“A”, “M”, “O”)
  • Default router information (If the router should be used as default gateway, and if so, how long)
  • Router preference (useful when several routers exist)
  • Additional information (eg. hop limit, MTU, […])
• Hosts can obtain the default gateway information only out of the RA (router lifetime needs to be greater than 0 seconds, default value is 1800 seconds)
• Even if using stateless/stateful DHCPv6, there‘s no default gateway option which can be configured (DHCPv4 has option 003 for this)

“IPv6 RS/RA” CLI configuration commands:

## Modifying the IPv6 address lifetime
Router(config)# interface <if>
Router(config-if)# ipv6 nd prefix <ipv6-prefix>/<prefix-length> [valid-lifetime] [preferred-lifetime]

## Modifying the IPv6 ND router preference
Router(config)# interface <if>
Router(config-if)# ipv6 nd router-preference [high | medium | low]

Autoconfig (SLAAC)

Stateless Address Autoconfiguration

General information on “SLAAC”:

• With SLAAC the host generates its own IPv6 address
• Address is based on prefix in RA message + EUI-64 or random 64-bit value (privacy extensions)
• Optionally a stateless DHCPv6 server can give out additional information (when the “O” flag is set to 1)
• A SLAAC address can have different states:
  • TENTATIVE: The uniqueness of an address is in the verification state and the address isn’t assigned to an interface/not used yet.
  • VALID PREFERRED: The uniqueness of an address is verified, it is assigned to an interface and used for sending/receiving traffic (address is within the “preferred”-time range).
  • VALID DEPRECATED: The uniqueness of an address is verified, it is assigned to an interface and used for sending/receiving traffic but should be avoided to be used (address is within the “valid”-time range).
  • INVALID: Address reached end of its “valid”-time range and shouldn’t be used for sending/receiving traffic anymore.

“IPv6 SLAAC” CLI configuration commands:

## Configuring an interface to use IPv6 SLAAC
Router(config)# interface <if>
Router(config-if)# ipv6 address autoconfig

IPv6 General Prefix

General information on “IPv6 General Prefix”:

• Simplifies network numbering in case network gets a new IPv6 prefix
• Useful when the IPv6 prefix is assigned by the ISP and not acquired from the RIR

“IPv6 General Prefix” CLI configuration commands:

## Defining an IPv6 general prefix
Router(config)# ipv6 general-prefix [NAME] <ipv6-prefix/prefix-length>

## Assigning an IPv6 address to an interface based on the configured general prefix
Router(config)# interface <if>
Router(config-if)# ipv6 address [PREFIX-NAME] <ipv6-if-id>

IPv6 interface behavior

General information on “IPv6 interface behavior”:

• When configuring and de-configuring IPv6 addresses on an interface, the behavior of what gets deleted and what remains differs based on the configuration parameters
• Parameters and behavior:
  • ipv6 enable: Interface gets a IPv6 link-local address only. Useful when interface doesn’t need to be routable, eg. when running OSPFv3/EIGRPv6 over it. When removing the command, the link-local address will be removed.
  • ipv6 address <addr>: Interface gets a IPv6 routable AND link-local address. When removing the command, both addresses are removed except when the ipv6 enable command is still configured on the interface.