Internet Protocol version 6 (IPv6)

Uncategorized 10 Minutes

Internet Protocol version 6 (IPv6) is the latest version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion.
IPv6 is intended to replace IPv4, which still carries more than 96% of Internet traffic worldwide as of May 2014.As of February 2014, the percentage of users reaching Google services over IPv6 surpassed 3% for the first time.
Every device on the Internet is assigned an IP address for identification and location definition. With the ever-increasing number of new devices being connected to the Internet, the need arose for more addresses than the IPv4 address space has available. IPv6 uses a 128-bit address, allowing 2128, or approximately 3.4×1038 addresses, or more than 7.9×1028times as many as IPv4, which uses 32-bit addresses. IPv4 provides approximately 4.3 billion addresses. The two protocols are not designed to be interoperable, complicating the transition to IPv6.
IPv6 addresses are represented as eight groups of four hexadecimal digits separated by colons, for example 2001:0db8:85a3:0042:1000:8a2e:0370:7334, but methods of abbreviation of this full notation exist.

The two most notable differences between a v4 (IPv4) and v6 (IPv6) address is that the v6 address is 128 bits long and uses hex.  As you know (or should know) a v4 address is 32 bits long and uses decimal notation.  You’ve likely heard the phrase ‘dotted decimal notation’ to describe a v4 address that’s displayed in this form.  The decimal is really shorthand for the actual 32 bit binary number.  The 32 bits are broken into four 8 bit segments which are then converted to decimal for ease of use.  A v4 address looks like this…
image
So that’s pretty easy to understand.  The binary bits are broken apart and simply changed into their decimal counterparts.  You end up with a somewhat manageable decimal number that can easily be understood.
v6 address are ‘way’ different.  You now have a much larger number to deal with.  Even when broken apart 128 bit binary number that makes up the v6 address yields eight 16 bit segments with a hexadecimal range of 0×0000 to 0xFFFF
Note: If you haven’t worked with hex before, hex numbers are always represented by prepending a ‘0x’ to the number.  In this manner, you can easily identify when someone is referring to hex rather than a decimal number when the letters don’t come into play (AKA 0×1234 or just 1234).  When the hex numbers are used in the v6 address, hex is implied so we don’t need to use the ‘0x’. 
These 16 bit segments are broken up by colons rather than decimal points as we have seen with the v4 addressing.  In addition, there are some rules that allow you to shorten an IPv6 address by removing unused space from the address.  Take for instance this v6 address…
image

Here you can see the v6 address in three different forms.  The top form is the binary representation of the v6 address.  The middle representation is the hex representation of the binary.  This shortens up the address quite a bit.  The bottom shows the address after we trimmed it down by applying these v6 address shortening rules…
-Leading zeros in any 16 bit segment do not need to be written
-Any single contiguous string of one or more 16 bit segments consisting of all zeros may be replaced with a double colon.
As you can see above, we applied the first rule when we converted the address from binary to hex as the segments of all zeros were replaced with a single ‘0’ rather than ‘0000’.  The next rule was applied when we removed the string of three all zeros segments between 802 and 1010 with ‘::’.  Note that you can only do this once within any given IPv6 address.
The format of the v6 addresses ,as well as the aforementioned rules, means that you can have a v6 address that can be represented in a few different forms.  For instance…
image
The top address can be shortened into either the second of the third form as shown here.  It’s the same address, we just applied the shortening rule in different places.
Now that we’ve talked about address format, we need to talk about the masks that are used with v6 addresses.  Recall that v4 addresses used a subnet mask to break the v4 address into the ‘network’ and ‘host’ sections like this…
image
The host is described by a v4 address and subnet mask.  From this, you can discern the network from which the host is a member of.  The network is described by taking the ‘host’ portion of the IP address and replacing it with all zeros.  Above we can see that the first 3 octets (first 24 bits) are the network piece of this IP address.  That leaves the last octet (last 8 bits) as the host section of the IP address.  When we describe the network we concatenate the network section and the host section replacing any host bits with zeros.
v6 addresses can be described in a very similar fashion.  For instance, look at these examples…
Note: These aren’t valid v6 addresses.  I’m purposely making them look like this for this specific example.
image
Here you can see that the host portion of the address would include the last 4 segments of the address.  The v6 network is represented by the first 4 segments (/64 is half of the total 128 bit address so 4 and 4).  It’s common to hear the network section referred to as the ‘prefix’ of the v6 address.  I use the two terms interchangeably in most cases.
This brings up an interesting point about v6 addressing.  In v4, subnet bits were allocated out of the ‘host’ portion of the address.  That is, if you wanted to subnet the 192.168.0.0/24 network, you would use the remaining 8 host bits to create subnets.  Extending the subnet mask into the host range with a /25 mask would allow you to split the /24 into two smaller /25 networks.  Extending the mask further into the /26 mask would allow you to create four smaller /26 networks out of the /24 network.
With v6, the subnet definition is part of the ‘network’ part of the v6 address.
image
The above example shows what’s considered to be a ‘global unicast’ v6 address.  As you can see, the the network part of the address is 64 bits in length.  This 64 bits is broken into a 48 bit global routing prefix and 16 bit subnet ID.  The remaining 64 bits are for the v6 device which is commonly referred to as the ‘interface ID’.  They decided to call the host end of things the ‘interface ID’ since you’d logically have a single IP address per interface.  However, with v6 you can have multiple v6 addresses per interface so it’s sort of already out of context.
You might be wondering what a global unicast address is.  Global unicast addresses just imply that they are globally unique making them globally routable.  This would be very similar to what we see today with v4 public IP space except the scale of the space is significantly larger.  For instance, most service providers ,or local registries, believe they will (or already are) handing out /48 networks to their clients.  This would leave 16 bits left for subnetting. Given that a bit can be a one or a zero (two options) ,and that there are 16 of them, that would give us 2^16 possible subnets, or 65536 possible subnets. On top of that consider that you can have 2^64 hosts per subnet if you have a full 64 bit ‘host’ space to work with.
So you might be asking yourself why the strict layout?  Why can’t some bits just be network and some be host like we are used to and we can subnet as we chose?  In practice, you might actually be able to to (to some degree), but the point is to make the global space highly hierarchical which in turns makes it rather easy to summarize.  With this many possible IP addresses and no route summarization, the internet would be a mess.  Also, there are some other reasons why you want 64 bits left on the host end of things as we’ll see later.
It’s probably worth while to bring up that most ‘types’ of v6 addresses can be identified by examining their highest order bits…
image
As you can see here, the first 3 bits of a global unicast address will always (with the current allocation) be 001.  Since there are 4 hex characters for every 16 bits we know that each hex character consumers 4 bits.  If the first 3 need to be 001 we know that the first hex character will either be a 2 (0010) or a 3 (0011).  Note that in hex this is shown as 2000::/3.  That’s because we need to at least show a full segment (4 hex characters) and then we delimit it with the mask of 3 saying we are only really interested in the first 3.  Same goes for link-local unicast and the multicast allocations (more on those coming up).
Another major difference with v6 is that there is no concept of broadcast traffic.  In v6 land, there is only unicast, anycast (same as unicast from a address perspective), and multicast IP traffic.  v6 accommodates for this by having a ‘all nodes’ multicast address which essentially serves the same purpose.
The last two major types of addresses I want to look at are the link-local unicast and multicast.  The concept of link-local unicast is a rather interesting one.  Most design guides I’ve read reference link-local unicast to be “an address whose scope is limited to a single link.  This implies that the address is only unique on the local link itself”.  Better yet, the IP address gets automatically assigned to any v6 IP interface.  Sure, you can assign a global unicast IP address to the interface, but it will always have a link-local v6 address as well.  Furthermore, the address can be configured statically or automatically generated for each v6 interface based off of the MAC address (if it has one) or a pool of virtual MAC addresses that the router has.  So before we talk about the use cases of the link-local unicast address, let’s talk about how it would get automatically assigned.
One of the most common v6 auto-configuration methods for v6 is called EUI-64. It’s actually pretty simple.  In a normal auto-configuration scenario, a network administrator would configure the prefix (the network part of the v6 address) for a given network.  Once configured, we have the first half (first 64 bits) of the v6 address already configured for us.  At this point, it’s just a matter of configuring the last 64 bits.  This is where EUI-64 comes in.  With EUI-64, the host’s MAC address is used to configure the last 64 bits.  Since the MAC is globally unique to start with, this works out great for hosts that are trying to use EUI-64 to gain a global unicast address.  However, the MAC address is only 48 bits long, so EUI-64 needs to fill some additional information in to fill the space.  Let’s take a look at a live router to see how it uses the EUI-64 method to generate the link-local v6 address for one of it’s interfaces…
image
Here you can see that the MAC address has been used as part of the link-local address creation.  Here’s a zoomed in view so you can see more clearly…
image
So as you can see, it appears that the router insert FFFE into the middle of the MAC address.  The other interesting thing that the EUI-64 process does is invert the 7th bit.  We can see this more clearly by manually configuring the MAC address of the interface…
image
In my case, the 7th bit should have been a ‘1’ to indicate the hexadecimal value of 2.  Walking through it quickly we can see that the first 4 binary values of the host piece of this address should be ‘0001’ (1 in hex).  The next 4 should have been ‘001’0’ (2 in hex) but in this example we see a ‘0’ .  Putting the first two hex digits together we see that the 7th value is where the 2 should have been, 00010000.  We can change the MAC again to show that the process is actually inverting the 7th bit…
image
Note that with a link-local address, the first 10 bits (as show in the table above) are 1111111010 (Hex of FE80::/10).  The EUI-64 format is used to fill in the last 64 bits and the remaining 54 bits of the prefix are filled with all zeros.  If this were a global unicast address the first 64 bits would be entirely filled with the specified prefix, I just used link-local in this example which is why the address starts with ‘FE80::’.
So now that our router has a link-local unicast that was automatically generated for it, what can it use it for?  Think of any use case that you want to have local connectivity to only directly connected hosts.  Think routing-protocol advertisements that previously used layer 2 multicast addressing to communicate for instance.  As for right now, just focus on what they are (how they are defined) and what they can be used for.  We’ll talk more about them in a later post.
The last type of address I want to talk about in this post is the v6 multicast address.  Link multicast in v4, multicast in v6 serves a very similar purpose.  In addition, multicast also fills the gap left by not including the broadcast in the v6 protocol.
Like v4 multicast, certain addresses are used for certain purposes.  In v6, they summarized quite a bit of information in the second 8 bits of the multicast IP address.  As we said above, the first 8 bits are what determines that a v6 address is a multicast address.  The first 8 bits need to be ‘11111111’ in binary or FF00::/8 in hex…
image
Here you can see that the first 8 bits are static, it’s the next 8 bits we are really interested in.  These next 8 bits are what define the lifetime and the scope of the multicast v6 packet.
image
Above you can see the different meanings for the second 8 bits.  In addition, there are several well known v6 multicast addresses like there are in the v4 world…
image
I’m not going to dive into the specifics of multicast in this post since I just want to cover the v6 addressing basics to get our feet wet.   I’m hoping this post gave you enough information to get at little bit more comfortable with what v6 address look like and the different forms they can come in.

Published by skminhaj

Published

Leave a comment