- Addresses are 128 bits long
- Separated with colons every 16 bits
- Address separated in prefix and interface id, most common is /64
- Leading zeroes can be omitted from address and double colon may be used to represent Successive zeroes, may only be used once
- Unicast, multicast and anycast, doesn’t use broadcast
Currently addresses from 2000::/3 are being handed out (1/8 of total space)
Only used on links (link-local), addresses from FE80::/10 span.
Interface addresses and routing
To enable routing use ipv6 unicast-routing
Enable IP addresses with ipv6 address and then the prefix with slash notation, note that
several IPv6 addresses can be present on an interface. Compare this to IPv4 where only one
address can be active and the other addresses are secondary.
Multicast replaces broadcast in IPv6. Multicast addresses are always a destination, not a source. DHCP uses multicast instead of broadcast in IPv6. FF00::/8 is reserverd for multicast. Of the first 16 bits in a multicast address the first eight are always FF. The next four bits define the lifetime, where 0000 is permanent and 0001 is temporary. The four bits after that define the scope, these are the options:
Well known multicast addresses
FF02::1 All hosts
FF02::2 All routers
FF02::5 OSPFv3 routers
FF02::6 OSPFv3 designated routers
FF02::A EIGRP routers
FF02::D PIM routers
IP address that is used on multiple hosts/routers. Routing will decide which one is the closest and that one will reply. Anycast addresses should not be used as a source address. To define an interface as anycast, use the anycast keyword when configuring the IP address.
The unspecified address is ::. This address is used as a source when the client hasn’t got
an address yet. May not be used as a destination.
Autoconfiguration can be stateful or stateless. Statefull autoconfiguration uses DHCP
to provide the IP address. Stateless uses the local routers to tell the hosts what prefix
to used. The hosts can then append a 64 bit interface identifer through EUI-64 or other means.
Used to derive an interface ID. With Ethernet this is based on the MAC-address. The MAC address is 48 bits long and the interface ID is 64 bits long which means padding has to be done. The prefix FFFE is inserted in the middle of the MAC address. Also, the U/L bit (bit seven) has to be set to one to indicated that this is a locally administered address.
Functions of neighbor discovery
- Stateless autoconfiguration
- Duplicate address detection (DAD)
- Router discovery
- Prefix discovery
- Neighbor discovery
- Neighbor address resolution (replaces ARP)
Types of ND messages
Router advertisements (RA) – Sent by routers to announce their presence, sent to FF02::1 (all hosts).
Router solicitation (RS) – Hosts query for routers on local link. Sent to FF02::2 (all routers).
Neighbor solicitation (NS) – Hosts query for other nodes link layer addresses. Used for DAD
and to verify neighbor reachability.
Neighbor advertisement (NA) – Sent in response to NS messages and also sent periodically to provide information to neighbors.
Redirect – Sent to inform host of better next-hop routers.
To find out the link-layer address of a host NS is used. The message is sent to the other nodes solicited multicast address.
Router advertisements are sent very 200 seconds by default. To suppress them use the ipv6 nd suppress-ra command.
When hosts boot they can send a RS to find a router instead of waiting for the next RA coming in (could take up to 200 seconds).
Hosts sends NS message to solicited node multicast address of local IP to ensure that the IP is unique which it should be if assigned through EUI-64. The message is sent with the unspecified :: address as a source. There should be no reply unless there is a IP address conflict.
IPv6 access lists
At the end there is an implicit permit for ND traffic or else it would not be possible to resolve layer two addresses. To override this behaviour deny statements are needed. The command syntax is ipv6 traffic-filter instead of access-group.