In the course of setting up a new home router based on pfSense, I decided to wade into the IPv6 waters. I couldn’t find the kind of short, pithy information I was looking for. So here’s what I think is important to know. It assumes the reader knows what an RFC is and where to find them, and has a passing familiarity with IPv4.
I plan to update this as I learn more. Links to the relevant RFCs and standards will be added, eventually. Comments and corrections are welcomed.
Addressing
128 bits total, a huge expansion from IPv4’s 32. We’ll never need to expand addressing again. (Never say never – address allocation grows to fill the available space, a corollary of Parkinson’s Law.)
Fully specified format is 32 hex digits, separated by colons every 4 digits. Leading zeroes in a group can be omitted. E.g.
1234:5678:9ABC:DEF0:0FED:CBA9:8765:4321
Groups of all zeroes can be elided, but only once per address. Anywhere you see double colons, imagine a bunch of zeroes between them. This convention makes it a little easier to deal with the 128 bit format. Examples below.
Networks or address ranges are specified with a slash and the number of prefix bits, e.g. the above address is routed to the network
1234:5678:9ABC:DEF0::/64
Interpretation varies by purpose. More below.
Wait a minute… HOW MANY addresses per interface?
Typically two or more. And they serve different purposes.
All interfaces must have a link-local address (see below). This is used between neighbors on the network segment, and by the router(s). This cannot be routed to from another network segment, so will never be seen outside the local network segment. Link-local addresses always start with FE80:.
Interfaces may also have a secured routable address, and a temporary one as well. These can be visible to the world.
A network can have more than one prefix/subnet pair. (One example being a network served by multiple ISPs for redundancy.) In this case an interface can have multiple global addresses, one or more per prefix/subnet.
On my Mac, ‘ifconfig en0’ shows 3 addresses:
- The link-local address;
- The “secured” routable address;
- The “temporary” routable address.
And other than the prefix/subnet in the routable addresses, they have no fields the same.
Unicast/anycast address format and subnetting
The basic format for IPv6 addresses:
pppp:pppp:pppp:ssss:iiii:iiii:iiii:iiii
where:
p – network prefix, 48 bits
s – subnet, 16 bits
i – interface identifier, 64 bits
In the first example:
- The upper 48 bits (1234:5678:9ABC) are the routing prefix.
- Next 16 bits (DEF0) are the subnet ID. The prefix and subnet combined are 64 bits.
- Last 64 bits (0FED:CBA9:8765:4321) are the interface identifier.
IPv6 subnets are 64 bits MINIMUM. This helps facilitate autoconfiguration.
Anycast
Anycast is “one-to-one-of-many”, used for (e.g.) failover, load sharing, etc.
There are two reserved anycast addresses:
- Subnet Router anycast addresses have an interface ID of all zeroes. (RFC 4291)
- RFC 2526 designates x:x:x:x:FFFF:FFFF:FFFF:FF80/121 for subnet anycast,
currently x:x:x:x:FFFF:FFFF:FFFF:FFFE is assigned to
Mobile IPv6 Home-Agents, all others are reserved.
Link-local
Link-local addresses are in the FE80::/10 block. They take the form:
FE80:0000:0000:0000:xxxx:xxxx:xxxx:xxxx
Which is usually abbreviated as:
FE80::xxxx:xxxx:xxxx:xxxx
The last 64 bits are again the interface identifier.
Link-local addresses CANNOT be routed.
Multicast format
FFfs:gggg:gggg:gggg:gggg:gggg:gggg:gggg
FF – 8 bits, all 1s
f – flags (Rendezvous, Prefix, Transient)
s – scope (interface, link, realm, admin, site, org, global)
g – group ID (112 bits)
There are many variations. Some are significant for router administrators; see below.
Special address blocks
- ::/0 – routing, default route
- ::/128 – unspecified address (all zeroes)
- ::1/128 – loopback (internal to originating host)
The IPv6 equivalent of 127.0.0.1. - ::ffff:0:0/96 – IPv4 mapped addresses
(i.e. 0:0:0:0:0:FFFF:x:x)
Bottom 32 bits represent the IPv4 address. - ::ffff:0:0:0/96 – IPv4 translated addresses (SIIT protocol)
(i.e. 0:0:0:0:FFFF:0:x:x)
Bottom 32 bits represent the IPv4 address. - 64:ff9b::/96 – 6to4 addressing
(i.e. 64:ff9b:0:0:0:0:x:x) - 100::/64 – Discard prefix (RFC 6666)
- 2001::/32 – Teredo tunneling (RFC 4380)
- 2001:2:::/48 – Reserved for Benchmarking Methodology Working Group
- 2001:20::/28 – ORCHIDv2 crypto hash identifiers, not routable
- 2001:db8::/32 – Example use, not routable
- 2002::/16 – Old 6to4, deprecated
- FC00::/8 was meant to be used for unique addresses globally allocated prefixes,
but no policy was established for allocation, so this range is unused. - FD00::/8 – Unique local addresses, not routable outside site or organization (RFC 4193)
Analogous to IPv4 10.0.0.0/8 or 192.168.0.0/16 – private networks not exposed to the outside world.
The following 40 bits of the prefix are randomly generated and the 16-bit subnet IDs are as well, so the general form is:
FDpp:pppp:pppp:ssss::/64
where:
FD – first 8 bits (1111 1101)
p – 40 bits of prefix
s – 16 bits of subnet
Unique local addresses are routed same as global, but never leave the private net. - FE80::/10 (effectively FE80::/64, as the next 54 bits must be zeroes) – Link-local address, not routable outside originating net segment
- FF00::/8 – Multicast
Many options. See https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
Some specific variants that will show up in router logs:
FF02::1 – All-nodes, link-local. Typical uses include Neighbor Advertisement and Router Advertisement.
FF02::2 – All-routers, link-local.
FF02::1:2 – All DHCP servers/relay agents, link-local. You’ll see these if your network uses DHCPv6 locally.
Address Allocation
One of the goals of IPv6 was to simplify network administration, in part by freeing admins from having to do address and subnet allocation. Most common situations on a small network require little or no input from a human. You can still hard-wire addresses – but why?
The down side, of course, is that autoconfigured addresses are harder to associate with a particular host or role, which can make troubleshooting more difficult.
Stateless Address Autoconfiguration (SLAAC) is a plug-n-play method of allocating routable addresses without need of a central authority like DHCP. Periodic Router Advertisement (RA, see Neighbor Discovery Protocol) messages deliver a prefix to the host (along with router info), and the host then generates an address, which then undergoes Duplicate Address Detection via NDP on the local link before it is assigned.
The simplest way of generating an address is via modified EUI-64. Interface identifiers are derived from the MAC address by inserting FF:FE in the middle and inverting the 7th bit of the interface ID; e.g. the MAC address
00:e3:e1:c2:ea:d6
becomes
p:p:p:s:02E3:E1FF:FEC2:EAD6
where the p’s are the prefix and s the subnet.
There are many other documented ways to generate an address. to be supplied
There are several ways to allocate temporary addresses. Their purpose is to reduce the likelihood of associating a particular global IPv6 address with a particular user or host. They have a limited lifetime.
more to be added
Domain Name System
Transport is unchanged from IPv4, UDP first, falling back to TCP, both on port 53.
Address records for IPv6 use the AAAA in place of the A for IPv4. Format is as described above. Everything else is identical.
Reverse resolution is done in the ip6.arpa domain, in place of in-addr.arpa for IPv4. In the query, addresses are reversed as in IPv4, but with one hex digit per period!
Dynamic Host Configuration Protocol (DHCPv6)
Clients use UDP port 546, servers 547.
DHCP Unique Identifier (DUID) per client. 2-byte type, up to 128 byte ID. 4 types are implemented (RFCs 3315, 6355).
RFC 6939 defines Client Link-Layer Address Option, which is an alternative for DUID, derived from the MAC address. Not widely used.
Prefix Delegation (RFCs 3633, 6603, 7550) allows routers at the network edge to request a unique routable prefix from the upstream provider.
Many uses of DHCP in IPv4 are replaced by Neighbor Discovery Protocol and Router Advertisements, which leads us to…
Internet Control Message Protocol (ICMPv6)
ICMP takes on a bigger role in IPv6.
Neighbor Discovery Protocol (NDP, RFC 4861) replaces ARP and some functions of DHCP. RFCs 8106, 6106, 5006 add Recursive DNS Server Option and DNS Search List options to Router Advertisements. These extensions obviate most uses of DHCPv4; they are on a standards track but not yet officially standardized.
Secure Neighbor Discovery Protocol (SEND, RFCs 3971, 6494) is a variant using Cryptographically Generated Addresses (CGA) and Resource Public Key Infrastructure (RPKI).
Multicast Listener Discovery (MLD) replaces IGMP. (RFC 2710)
MLDv2 (RFC 3810)
more to be added
Stuff found in router logs
These are examples of blocked messages on my LAN, seen in the router log:
- [fe80::xxxx:xxxx:xxxx:xxxx]:50926 -> [ff02::1]:10001, UDP
(Link-local interface to link-local all-nodes multicast on an unassigned port)
This is our Ubiquiti access point looking for its controller every 10 seconds. It isn’t answered because there’s no controller running on our net most of the time. The router ignores it, as it should; what happens in FE80::/10 stays in FE80::/10. - [fe80::xxxx:xxxx:xxxx:xxxx]:546 -> [ff02::1:2]:547, UDP
(Link-local interface to link-local all-DHCP-agents multicast, DHCPv6)
Some host is trying to query a DHCPv6 server every 2 minutes. It’s not going anywhere because there isn’t one; we’re using SLAAC. Again, the router ignores it. - [2600:1700:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:51217 -> [2620:100:xxxx:x::xxxx:xxxx]:443, TCP:RA
(Public address on our LAN to external public address, HTTPS)
This looks like an attempt to reject data sent on a closed HTTPS connection (R-reset, A-ack). See RFC 793. Not sure why this particular message was dropped.
Feel free to send me more examples to dissect.
Revision history
2020-10-29 Minor formatting fixes
2018-09-20 Initial version