Chapter 10: Implementing IPv6

Cisco Press

1 2 3 4 5 6 7 8 9 Page 2
Page 2 of 9
  1. IPv6 header: This is the basic IPv6 header.

  2. Hop-by-hop options header: When this header is used, it is processed by all hops (routers) in the path of the packet. Example uses are for a Router Alert, including for Resource Reservation Protocol (RSVP) and Multicast Listener Discovery (MLD) messages (as defined in RFC 2711, IPv6 Router Alert Option), and for IPv6 Jumbograms (as defined in RFC 2147, IPv6 Jumbograms).

  3. Destination options header (when a routing header is used): This header (with a next-header value = 60) follows any hop-by-hop options header, in which case the destination options header is processed at the final destination and also at each destination specified by a routing header. Alternatively, the destination options header can follow any Encapsulating Security Payload (ESP) header, in which case the destination options header is processed only at the final destination. Mobile IPv6 is an example of when this header is used.

  4. Routing header: This header (with a next-header value = 43) is used for source routing and mobile IPv6. An IPv6 source lists one or more intermediate nodes that are to be visited on the way to a packet's destination in this header.

  5. Fragment header: This header (with a next-header value = 44) is used when a source must fragment a packet that is larger than the maximum transmission unit (MTU) for the path between itself and a destination device. The fragment header is used in each fragmented packet.

  6. Authentication header and Encapsulating Security Payload header: The authentication header (AH) (with a next-header value = 51) and the ESP header (with a next-header value = 50) are used within IPsec to provide authentication, integrity, and confidentiality of a packet. These headers are identical for both IPv4 and IPv6.

  7. Upper-layer header: The upper-layer (transport) headers are the typical headers used inside a packet to transport the data. The two main transport protocols are TCP (with a next-header value = 6) and UDP (with a next-header value = 17).

MTU Discovery

In IPv4, routers handle fragmentation, causing a variety of processing issues.

IPv6 routers no longer perform fragmentation; instead, a discovery process is used to determine the optimum MTU to use during a given session. In this discovery process, the source IPv6 device attempts to send a packet at the size that is specified by the upper IP layers, for example, the transport and application layers. If the device receives an Internet Control Message Protocol (ICMP) "packet too big" message, it retransmits the MTU discover packet with a smaller MTU; this process is repeated until the device receives a response that the discover packet arrived intact. The device then sets the MTU for the session.

The ICMP "packet too big" message contains the proper MTU size for the path. Each source device tracks the MTU size for each session. Generally, the tracking is done by creating a cache based on the destination address; however, it can also be done by using the flow label. Alternatively, if source-based routing is performed, the tracking of the MTU size can be done by using the source address.

The discovery process is beneficial because, as routing paths change, a new MTU might be more appropriate. When a device receives an ICMP "packet too big" message, it decreases its MTU size if the ICMP message contains a recommended MTU that is less than the current MTU of the device. Devices perform an MTU discovery every five minutes to see whether the MTU has increased along the path. Application and transport layers for IPv6 accept MTU reduction notifications from the IPv6 layer. If for some reason these upper layers do not accept the notifica-tions, IPv6 has a mechanism to fragment packets that are too large; however, upper layers are encouraged to avoid sending messages that require fragmentation.

IPv6 Address Representation

Rather than using dotted decimal format, IPv6 addresses are written as hexadecimal numbers with colons between each set of four hexadecimal digits (which is 16 bits); we like to call this the "coloned hex" format. The format is x:x:x:x:x:x:x:x, where x is a 16-bit hexadecimal field. An example address is as follows:


Key Point

IPv6 Address Format

Fortunately, you can shorten the written form of IPv6 addresses. Leading 0s within each set of four hexadecimal digits can be omitted, and a pair of colons ("::") can be used, once within an address, to represent any number of successive 0s.

For example, the previous address can be shortened to the following:


An all-0s address can be written as ::.

Key Point

Only One Pair of Colons Allowed

A pair of colons (::) can be used only once within an IPv6 address. This is because an address parser identifies the number of missing 0s by separating the two parts and entering 0 until the 128 bits are complete. If two :: notations were to be placed in the address, there would be no way to identify the size of each block of 0s.

Similar to how IPv4 subnet masks can be written as a prefix (for example, /24), IPv6 uses prefixes to indicate the number of bits of network or subnet.

Note - The hexadecimal digits A, B, C, D, E, and F in IPv6 addresses are not case-sensitive.

IPv6 Address Types

The following are the three main types of IPv6 addresses:

  • Unicast—Similar to an IPv4 unicast address, an IPv6 unicast address is for a single interface. A packet that is sent to a unicast address goes to the interface identified by that address. The two currently defined types of unicast addresses are global aggregatable (which is also called global unicast) and link-local. As in IPv4, a subnet prefix in IPv6 is associated with one link. The IPv6 unicast address space encompasses the entire IPv6 address range, with the exception of the FF00::/8 range (addresses starting with binary 1111 1111), which is used for multicast addresses.

  • Anycast—An IPv6 anycast address is a new type of address that is assigned to a set of interfaces on different devices; an anycast address identifies multiple interfaces. A packet that is sent to an anycast address goes to the closest interface (as determined by the routing protocol being used) identified by the anycast address. Thus, all nodes with the same anycast address should provide uniform service. Examples of when anycast addresses could be used are load balancing and content delivery services.

    Anycast addresses are syntactically indistinguishable from global unicast addresses because anycast addresses are allocated from the global unicast address space.

    Anycast addresses must not be used as the source address of an IPv6 packet.

  • Multicast—An IPv6 multicast address identifies a set of interfaces on different devices. A packet sent to a multicast address is delivered to all the interfaces identified by the multicast address. The range of multicast addresses in IPv6 is larger than in IPv4, and for the foreseeable future, allocation of IPv6 multicast groups is not being limited.

In IPv4, broadcasting results in a number of problems, including generating interrupts in every computer on the network and, in some cases triggering malfunctions, known as broadcast storms, which can completely halt an entire network.

Key PointIPv6 Does Not Have Broadcast Addresses

Broadcasting does not exist in IPv6; broadcasts are replaced by multicasts and anycasts.

Multicast enables efficient network operation by using a number of specific multicast groups to send requests to a limited number of computers on the network. The multicast groups prevent most of the problems related to broadcast storms in IPv4.

Key Point

IPv6 Interfaces May Have Multiple Addresses

A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, and multicast).

Every IPv6-enabled interface must contain at least one loopback (::1/128) and one link-local address. Optionally, an interface may have multiple unique local and global addresses.

Interface Identifiers in IPv6 Addresses

In IPv6, a link is a network medium over which network nodes communicate using the link layer. Interface identifiers (IDs) in IPv6 addresses are used to identify a unique interface on a link. They may also be thought of as the "host portion" of an IPv6 address. Interface IDs are required to be unique on a link, and may also be unique over a broader scope. When the interface identifier is derived directly from the data link layer address of the interface, the scope of that identifier is assumed to be universal (global).

Interface identifiers are always 64 bits and are dynamically created based on Layer 2 media and encapsulation.

IPv6 is defined on most of the current data link layers, including those shown in Table 10-1.

Table 10-1 Data-Link Layers Supported by IPv6

Point-to-Point Protocol (PPP)1
High-Level Data Link Control (HDLC)1
Fiber Distributed Data Interface (FDDI)
Token Ring
Attached Resource Computer Network (ARCNET)
Nonbroadcast multiaccess (NBMA)
Asynchronous Transfer Mode (ATM)2
Frame Relay3
IEEE 13944

1Data-link layers supported by Cisco.

2Cisco supports only ATM permanent virtual circuit (PVC) and ATM LAN Emulation (LANE).

3Cisco supports only Frame Relay PVCs.

4A Standard for a High Performance Serial Bus, supporting data rates of up to 800 Mbps (in IEEE 1394b).

The data link layer defines how IPv6 interface identifiers are created and how neighbor discovery deals with data link layer address resolution. RFCs describe the behavior of IPv6 in each of these specific data link layers, but the Cisco IOS Software does not necessarily support all of them.

Key Point

Ethernet Interface Identifier

For Ethernet, the interface ID used is based on the Media Access Control (MAC) address of the interface and is in an extended universal identifier 64-bit (EUI-64) format. The EUI-64 format interface ID is derived from the 48-bit link-layer MAC address by inserting the hexadecimal number FFFE between the upper three bytes (the organizationally unique identifier [OUI] field) and the lower 3 bytes (the vendor code or serial number field) of the link-layer address. The seventh bit in the high-order byte is set to 1 (equivalent to the IEEE G/L bit) to indicate the uniqueness of the 48-bit address.

This process is illustrated in Figure 10-5.

Figure 10-5

Figure 10-5

EUI-64 Format IPv6 Interface Identifier

The seventh bit in an IPv6 interface identifier is referred to as the Universal/Local (U/L) bit. This bit identifies whether this interface identifier is locally unique on the link or whether it is universally unique. When the interface identifier is created from an Ethernet MAC address, it is assumed that the MAC address is universally unique and, therefore, that the interface identifier is universally unique. The purpose of the U/L bit is for future use by upper-layer protocols to uniquely identify a connection, even in the context of a change in the leftmost part of the address. However, this feature is not yet used.

The eighth bit in an IPv6 interface identifier, also known as the "G" bit, is the group/individual bit for managing groups.

Because of privacy and security concerns, hosts may create a random interface identifier using the MAC address as a base. This is considered a privacy extension because, without it, creating an interface identifier from a MAC address allows activity to be tracked to the point of connection. Microsoft Windows XP is currently the only known implementation of this capability and prefers to use this address for outgoing communication because the address has a short lifetime and will be regenerated periodically. This process is defined in RFC 3041, Privacy Extensions for Stateless Address Autoconfiguration in IPv6.

IPv6 Global Unicast Addresses

The IPv6 addressing architecture is defined in RFC 4291.

Key Point

IPv6 Global Aggregatable Unicast Address

The IPv6 global aggregatable unicast address, also known as the IPv6 global unicast address, is the equivalent of the IPv4 global unicast address.

A global unicast address is an IPv6 address from the global unicast prefix. The structure of global unicast addresses enables aggregation of routing prefixes so that the number of routing table entries in the global routing table can be reduced. Global unicast addresses used on links are aggregated upward through organizations and eventually to the ISPs, as illustrated in Figure 10-6. This provides for more efficient and scalable routing within the Internet, and improved bandwidth and functionality for user traffic.

Figure 10-6

IPv6's Larger Address Space Enables Address Aggregation

The global unicast address typically consists of a 48-bit global routing prefix, a 16-bit subnet ID, and a 64-bit interface ID (typically in EUI-64 bit format), as illustrated in the example in Figure 10-7.

The subnet ID can be used by individual organizations to identify subnets and create their own local addressing hierarchy. This field allows an organization to use up to 65,536 individual subnets.

Figure 10-7

Example of an IPv6 Global Unicast Address

Addresses with a prefix of 2000::/3 [binary 001] through E000::/3 [binary 111], excluding the FF00::/8 [binary 1111 1111] multicast addresses, are required to have 64-bit interface identifiers in the EUI-64 format.

The current global unicast address assignment by the Internet Assigned Numbers Authority (IANA) uses the range of addresses that start with binary value 001 (2000::/3). This is one-eighth of the total IPv6 address space and is the largest block of assigned addresses.

The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the registries.

In the now obsoleted RFC 2374, An IPv6 Aggregatable Global Unicast Address Format, the global routing prefix included two other hierarchically structured fields called Top-Level Aggregator and Next-Level Aggregator. Because these fields were policy based, the IETF decided to remove the fields from the RFCs. However, some existing IPv6 networks deployed in the early days might still be using networks based on the older architecture. (RFC 2374 has now been replaced by RFC 3587, IPv6 Aggregatable Global Unicast Address Format.)

IPv6 Link-Local Unicast Addresses

Link-local addresses have a scope limited to the local link and are dynamically created on all IPv6 interfaces by using a specific link-local prefix FE80::/10 and a 64-bit interface identifier, as shown in Figure 10-8. Link-local addresses are used for automatic address configuration, neighbor discovery, router discovery, and by many routing protocols.

Figure 10-8

IPv6 Link-Local Address Structure

Key Point

Link-Local Unicast Addresses

A link-local unicast address can serve as a method to connect devices on the same local network without requiring global addresses.

When communicating with a link-local address, the outgoing interface must be specified because every interface is connected to FE80::/10.

IPv6 Anycast Addresses

An IPv6 anycast address is a global unicast address that is assigned to more than one interface; the format is illustrated in Figure 10-9. For IPv6, anycast is defined as a way to send a packet to the nearest (or closest) interface that is a member of the anycast group, thus providing a discovery mechanism to the nearest point.

Figure 10-9

IPv6 Anycast Address Structure

1 2 3 4 5 6 7 8 9 Page 2
Page 2 of 9
The 10 most powerful companies in enterprise networking 2022