Internet Protocol v6 (IPv6)
Introduction
IP version 6 (originally referred to as Next Generation IP, or IPng)
as defined in RFC 2460
has been designed to enhance the Internet protocol in the following areas:
- Increase the availability of Internet address space
- Enhance the ability of backbone routers to maintain large routing tables
- Better support for Quality of Service (QoS) particularly with respect to real time data.
- Increase security built into IP
- Increase autoconfiguration facilities
Techniques such as NAT
and DHCP have staved off immediate problems with address space, whereas CIDR
eased the pressure on routing table sizes. Despite these tools however
Internet appliances, PDAs, wireless phones, 'Ethernet to the home' and online gaming are on the increase and are
not served well by these techniques. NAT for instance prevents certain applications from operating
as well as creating processor load on the routing devices.
In case you are wondering why version number is 6 rather than 5, IP version 5 had already been allocated to Internet
Streaming Protocol version 2. ISPv2 is detailed in RFC 1190.
Test Networks
There are two test networks that have been set up to allow testing of IPv6. The 6bone network is used
primarily for testing problems, IPv4 to IPv6 transition and new protocols. It has been designed to look
like a worldwide hierarchical setup with pseudo Tier I, Tier II and local site providers that communicate using
BGP-4 multiprotocol extensions for IPv6 ( RFC 2545).
Another network called the IPv6 Research and Education Networks (6REN) was also established to enable non-profit
organisations as well as educational and research institutions to access IPv6 transit mechanisms as well as
provide access to the 6bone.
Packet Format
- Version - 4 bits to indicate the IP version number, in this case 6
- Traffic Class/Diff Serv - 8 bits used by source nodes and intermediate routers to distinguish
different priorities of IPv6 traffic. The structure of this is identical to the DiffServ field
in IPv4 and functions in the same way (see QoS)
- Flow Label - 20 bits used by nodes that initiate traffic flows. This is a label that tells
intermediate routers to treat this flow differently from other traffic. This can be initiated by
an application to override the default QoS.
- Payload Length - 16 bits used to indicate the length of the packet without the header but including
the Extension headers. This value is the number of octets.
- Next Header - 8 bits used to indicate the header that follows the IPv6 header. This will be either
an Extension header or an upper layer protocol header.
- Hop Limit - 8 bits containing a value up to 255 that is decremented each time the packet crosses
a router boundary. At zero the packet is discarded. The value 255 is used to prove a packet is locally sourced i.e.
from the same network segment. A packet with a Hop Limit of 255 is dropped.
- Source Address - 128 bits used to indicate the source address of the sending device. Compare this
length of address with the 32 bits used in IPv4.
When comparing this IPv6 header with the IPv4 Header, you can see how much simpler it is.
The Options field is replaced by Extension Headers that are generally processed by the end nodes rather than by
every intermediate routing device. In addition, you do not have flags, ID and frag offset.
Extension Headers
An end node MUST process the extension headers in the order that they exist. To determine which extension header
a node must process it looks at the preceding header, this means that extension headers must take a certain order.
The IPv6 header kicks off with the first Extension header if it exists. Each Extension header has its own
Next Header field which lists the next Extension header that follows it.
The order is as follows:
| Header |
Next Header Value of the Preceding Header |
| Hop-by-Hop Options |
0 |
| Destination Options (examined by ALL destination nodes) |
60 |
| Routing |
43 |
| Fragment |
44 |
| Authentication |
51 |
| Encapsulating Security Payload |
50 |
| Destination Options (examined ONLY by the final destination node) |
60 |
| OSPF for IPv6 |
89 |
The available types of Extension Headers are as follows:
Hop-by-Hop Options Header
This MUST be examined by every router along the path from source to destination and HAS to be the header that
follows the main IPv6 header. This extension header contains a number of TLV options that may change
as the packet traverses the network if a particular flag is set. The Pad1 option pads the
header with one octet whereas the PadN option pads the header with a multiple number of
octets.
Routing Header
The Routing Header has a list of addresses thatare required to be visited whilst on the way to the
destination. The first address to be visited is actually in the IPv6 header and this node
processes the Routing Header. All the rest of the addresses are listed in the Routing Header.
There is a field called the Segments Left field which indicates the number of nodes
left to be visited before the destination node is reached. As each node processes the Routing
Header it places the next node address in the destination address field of the IPv6 header
and decrements the Segments Left value.
Fragment Header
This header is used when the path MTU is deemed to small for a particular packet. The source node either
assumes the IPv6 minimum MTU of 1280 bytes or
uses MTU Path Discovery to determine the smallest MTU along the path and then IT,
rather than a router, has the responsibility of fragmenting the packet.
Destination Options Header
This header must be processed by the destination node. If this header comes before the Routing Header
then each node in the Routing Header has to process it. If it comes after the Routing Header
then only the destination node processes it.
Authentication Header
All non-changing fields in the IPv6 header and the Extension Headers are used in the authentication calculation.
Changing fields such as those with options are seen as zero for the authentication calculation.
This prevents fields that change along the path from invalidating the authentication.
Encapsulating Security Payload Header
This header encrypts data and places it in the data part of the header. The Tunnel Mode means that
the whole IPv6 packet is encrypted whereas the Transport Mode means that just the transport layer portions
such as UDP, ICMP and TCP, are encrypted (see IPsec for more detail).
IPv6 Address Format
Address Space
One of the initial drivers for the development of a new version of Internet Protocol was the limited
address space afforded by the 32-bit (4 octet) address. Although over the recent years ways have been
developed to get around this limitation to some extent, the address space problem still needed to be
resolved in order to address the potential enormous global demand for directly reachable addresses.
Choosing an existing variable address format such as the NSAP which could be as large as 160 bits,
was discounted because of the extra processing overhead in dealing with the variable length address.
For IPv6 a fixed address length of 128 bits was chosen. This gives a theoretical maximum number of addresses
as 3.4 x 1037 (approximately).
Format
IPv6 addresses are written in hexadecimal and are divided up into 8 hexadecimal fields separated by colons.
An example is FEA0:D4C3:A727:0034:CF8A:2294:B39A:33FF. Each field of 4 hexadecimal characters
represents 16 bits.
The problem with these addresses is that they are very long and cumbersome to type out. Most addresses however,
will not be as complex as the example above. Most addresses will have a large number of zeros which have
led to a number of rules that allow it to be easier to manage addresses.
- You can remove leading zeros e.g. 003A can become 3A.
- You cannot remove trailing zeros e.g. you cannot change 3C00 to 3C.
- At least one character must be present in each field e.g. :1:A:0:
- If there are multiple zero fields adjacent to each other then they can be compacted with ::
e.g. :0000:0000:0000: can become ::
- You cannot have multiple ::s because you would not know how many fields have been compacted by each ::
- In a mixed IPv6/IPv4 environment you can represent an IPv4 address as the four rightmost fields within an IPv6
address, the format being v6:v6:v6:v6:v6:v6:v4.v4.v4.v4, note that the IPv4 addresses are 8 bits per dotted field
as opposed to the 16 bits per IPv6 field.
Examples
| Full Address |
Shortcut |
Explanation |
| |
|
|
| 25A0:0EA4:0004:00F5:008A:E5DD:3FCA:5BB2 |
25A0:EA4:4:F5:8A:E5DD:3FCA:5BB2 |
Leading zeros have been dropped |
| 25A0:0000:0000:0000:0000:E5DD:3FCA:5BB2 |
25A0::E5DD:3FCA:5BB2 |
Four fields of zeros are represented by :: |
| E5DD:0000:0000:3FCA:0000:0000:D32C:04F3 |
E5DD:0:0:3FCA::D32C:04F3 |
Two fields of zeros have been replaced by one zero, the others by :: |
| 0000:0000:0000:0000:0000:0000:0000:0001 |
::1 |
All the zero fields are contiguous |
| 0000:0000:0000:0000:0000:0000:0000:0000 |
:: |
|
Address Structure
The address mask prefix works in the same work as the IPv4 method in that the format is /<number>
where the number represents the bits that make up the prefix. The number of prefix bits is alot greater of course, plus
compared with CIDR, there is much more detailed structure to the way IPv6 address space is allocated. Prefixes
are allocated as follows:
| Allocation |
Prefix |
Hexadecimal |
Portion of Address Space |
| |
|
|
|
| Reserved |
0000 0000 |
|
1/256 |
| Unassigned |
0000 0001 |
|
1/256 |
| Reserved for NSAP |
0000 001 |
|
1/128 |
| Reserved for IPX |
0000 010 |
|
1/128 |
| Unassigned |
0000 011 |
|
1/128 |
| Unassigned |
0000 1 |
|
1/32 |
| Unassigned |
0001 |
|
1/16 |
| Aggregatable Global Unicast Addresses |
001 |
2 and 3 |
1/8 |
| Unassigned |
010 |
|
1/8 |
| Unassigned |
011 |
|
1/8 |
| Unassigned |
100 |
|
1/8 |
| Unassigned |
101 |
|
1/8 |
| Unassigned |
110 |
|
1/8 |
| Unassigned |
1110 |
|
1/16 |
| Unassigned |
1111 0 |
|
1/32 |
| Unassigned |
1111 10 |
|
1/64 |
| Unassigned |
1111 110 |
|
1/128 |
| Unassigned |
1111 1110 0 |
|
1/512 |
| Link-local Unicast Addresses |
1111 1110 10 |
FE8 |
1/1024 |
| Site-local Unicast Addresses |
1111 1110 11 |
FEC |
1/1024 |
| Multicast Addresses |
1111 1111 |
FF |
1/256 |
The IPv6 address format is defined in RFC 2373.
You will notice that a few of the address types have been named and highlighted. These represent the main
address types (apart from the special and unassigned cases) i.e. Aggregatable Global Unicast Addresses,
Link-local Unicast Addresses, Site-local Unicast Addresses and Multicast Addresses. Let us
look at each type in turn.
Aggregatable Global Unicast Addresses
Defined in RFC 2374
the Aggregatable Global Unicast Addresses (AGUA) are those assigned to exchanges for allocation to users.
There is a hierarchy of three levels:
- Public - this topology is made up of providers that offer transit services and exchanges
- Site - local to a site or organisation where no services are offered externally
- Interface - the interfaces within a network
The structure of the AGUA is as follows:
- Format Prefix (FP) - 001
- Top-Level Aggragation Identifier (TLA ID)
- Reserved (RES)
- Next-Level Aggregation Identifier (NLA ID)
- Site-Level Aggregation Identifier (SLA ID)
- Interface Identifier
Within each topology hierarchies can be created to suit the regional IP registries or organisations.
An important stipulation is that for the TLA there is a Default-free Zone where routers do not
have a default route in their routing tables. These routers know every TLA-ID.
The Interface Identifier identifies an interface on a specific link and is in the EUI-64 format.
The EUI-64 format is constructed by taking the interface MAC address, inserting FFFE after
the OUI and then setting the Universal/Local bit to 1. e.g.
- Take the MAC address 0000:0C23:5D31
- Insert FFFE after the OUI to obtain 0000:0CFF:FE23:5D31
- Set the U/L bit to 1 to give 0200:0CFF:FE23:5D21
Link-Local Addresses
The Link-Local Address is relevant only for the link and routers do not forward packets that contain Link-Local
Addresses in the source or destination fields.
There is no TLA, SLA or any hierarchical information just zeros. The addresses start with FE8 and can
be configured manually or with auto-configuration.
Site-Local Addresses
Site-Local Addresses are used strictly within the site or organisation. There are no TLA or NLA-IDs and the routers
must ensure that packets carrying these addresses are not forwarded externally, in that way they are equivalent to
the IPv4 private addresses.
The addresses start with FEC and the subnet ID allows you to create a hierarchy within the site
network.
Anycast Addresses
The idea of Anycast is to provide a method of sending traffic to the nearest of a number of nodes. These
nodes all having the same address. The Subnet-Router Anycast Address is pre-configured and all the interfaces connected
to a particular link has this address assigned to them. This is a unicast address
where the Interface Identifier is set to all zeros.
At the top end of the Interface IDs, 128 Anycast Identifiers have been reserved and are used to
construct the Reserved Subnet Anycast Addresses. Including the eighth MSB these Anycast Identifiers run from
1000 0000 (0x80) to 1111 1111 (0xFF), as you can see
the least significant bits of the Interface Identifier Field are reserved. So for
an EUI-64 interface these give the Interface IDs of FDFF:FFFF:FFFF:FF80 through to
FDFF:FFFF:FFFF:FFFF that can be used for Reserved Subnet Anycast Addresses.
See RFC 2526 for the reserved IPv6 subnet Anycast addresses.
Multicast Addresses
Broadcasts do not exist in IPv6 but multicasts do. Multicast addresses begin with FF and target
groups of interfaces that belong to the multicast groups. You can also set up
Transient multicast addresses for local use.
- FF - the first 8 bits indicate that this address is a multicast address.
- Flags - The first three bits must be zero whereas the fourth bit indicates whether the address
is well-known (set to 0) or Transient (set to 1).
- Scope - The scope of the address can be restricted to the node, the link, the site/organisation or global.
This field takes the following values:
- 0 - Reserved
- 1 - Node local scope
- 2 - Link local scope
- 5 - Site local scope
- 8 - Organisation local scope
- e - Global scope
- f - Reserved
- Group ID - Multicast address
Some well-known IPv6 multicast addresses are as follows:
| IPv6 Multicast Address |
IPv4 Multicast Address |
Multicast Group |
| |
|
|
| Node-Local Scope |
|
|
| FF01:0:0:0:0:0:0:1 |
224.0.0.1 |
All-nodes |
| FF01:0:0:0:0:0:0:2 |
224.0.0.2 |
All-routers |
| Link-Local Scope |
|
|
| FF02:0:0:0:0:0:0:1 |
224.0.0.1 |
All-nodes |
| FF02:0:0:0:0:0:0:2 |
224.0.0.2 |
All-routers |
| FF02:0:0:0:0:0:0:5 |
224.0.0.5 |
OSPF |
| FF02:0:0:0:0:0:0:6 |
224.0.0.6 |
All OSPF DRs |
| FF02:0:0:0:0:0:0:9 |
224.0.0.9 |
All RIP routers |
| FF02:0:0:0:0:0:0:D |
224.0.0.13 |
All PIM routers |
| Site-Local Scope |
|
|
| FF05:0:0:0:0:0:0:2 |
224.0.0.2 |
All routers |
| Any Scope |
|
|
| FF0x:0:0:0:0:0:0:101 |
224.0.1.1 |
NTP |
| FF0x:0:0:0:0:0:0:127 |
224.0.1.39 |
cisco-rp-announce |
| FF0x:0:0:0:0:0:0:128 |
224.0.1.40 |
cisco-rp-discovery |
Well-known IPv6 multicast addresses are defined in
RFC 2375.
From the list above it can be seen that a multicast group is able to operate with multiple scopes and therefore
have multiple addresses. The advantage that IPv6 has over IPv4 is that scoping is built in and defined
as standard whereas with IPv4, scoping was more arbitrary (either TTL or administrative scoping). With IPv6
therefore it is easier for organisations to come together since scoped addresses means that the same address
isn't used or two applications.
There is a particular type of multicast address called the Solicited-Node Address. This is used by
IPv6 processes to communicate with IPv6 nodes. Apart from the Link-Local address,
every unicast and anycast address has a Solicited-Node Address assigned to it. The Solicited-Node Address
multicast address is created by taking the last 24 bits of the Interface ID (formed from the MAC address
as described earlier)and placing it on the end of FF02:0:0:0:0:1:FF00::/104. If the Interface ID
is 0200:0CFF:FE23:5D21 (as in the example earlier), then the last 24 bits form 23:5D21.
Adding this to the end of FF02:0:0:0:0:1:FF00::/104 gives FF02:0:0:0:0:1:FF23:5D21 which is the
Solicited-Mode Address. Because the Interface ID is unlikely to change on a particular interface, even though
that interface may have a number of IPv6 addresses associated with it, only one Solicited-Mode Address
is required.
Special Addresses
The Unspecified Address is 0:0:0:0:0:0:0:0 and means that no address is present e.g. on a source device
that has yet to receive an address.
The Loopback Address is 0:0:0:0:0:0:0:1 and is used by a device to send packets to itself.
Other types of special addresses include IPv6 with IPv4 embedded addresses used in transition environments.
Further Reading
RFC 2461 - Neighbour Discovery for IPv6
RFC 2462 - IPv6 Stateless Address Autoconfiguration
RFC 2463 - ICMPv6
RFC 1886 - DNS extensions for IPv6
RFC 1887 - Architecture for IPv6 Unicast Address Allocation
RFC 1981 - Path MTU Discovery for IPv6
RFC 2080 - RIPng for IPv6
RFC 2473 - Generic Packet Tunnelling in IPv6
RFC 2529 - IPv6 over IPv4 without explicit tunnels
RFC 2710 - Multicast Listener Discovery (MLD) for IPv6
RFC 2740 - OSPF for IPv6
|
