Ipv6:

IPv6 addresses are 128 bits in length and written as a string of hexadecimal values.

• Every 4 bits is represented by a single hexadecimal digit;
• For a total of 32 hexadecimal values been grouped into 8 octets;
• IPv6 addresses are not case sensitive and can be written in either lowercase or uppercase.
• IPsec is a mandatory component for IPv6, and therefore, the IPsec security model is required to be supported for all IPv6 implementations in near future.

Types of IPv6 addresses:

• Unicast – An IPv6 unicast address uniquely identifies an interface on an IPv6-enabled device. A source IPv6 address must be a unicast address. But for load-balancing purpose, multiple interfaces on a device can share the same IPv6 unicast address.
• Multicast – An IPv6 multicast address is used to send a single IPv6 packet to multiple destinations.
• Anycast – An IPv6 anycast address is any IPv6 unicast address that can be assigned to multiple devices. A packet sent to an anycast address is routed to the nearest device having that address.

6 types of Unicast:

1. Unique Local address(site addresses) FD00:: /8:

A unique local address (ULA) is an IPv6 address in the block FC00::/7 to FDFF::/7, defined in RFC 4193. It is the approximate IPv6 counterpart of the IPv4 private address. Unique local addresses are available for use in private networks, e.g. inside a single site or organization or spanning a limited number of sites or organizations. They are not routable in the global IPv6 Internet.

• Used within enterprise networks to identify the boundary of their networks
• The first 7 bits are always 1111110, the 8th bits 0 is reserved for future use, currently the 8th bit is locally assigned as 1.  So, the site addresses begin with FD00::/8.

2. Link-local address FE80:: /10

A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format.  It is IPv6 counterpart of the IPv4 special block 169.254.0.0/16(For more,see here). Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format).   Link-local addresses can also be manually configured in the FE80::/10 format using the ipv6 address link-local command.

Link-local addresses are usually not guaranteed to be unique beyond a single network segment. Routers therefore do not forward packets with link-local addresses.

These addresses refer only to a particular physical link and are used for addressing on a single link for purposes such as automatic address configuration and neighbor discovery protocol. Link-local addresses can be used to reach the neighboring nodes attached to the same link. IPv6 routers must not forward packets that have link-local source or destination addresses to other links. All IPv6 enabled interfaces have a link-local unicast address.

3. Global unicast 2000::/3

A global unicast address is similar to a public IPv4 address. These are globally unique, Internet routable addresses. Global unicast addresses can be configured statically or assigned dynamically. There are some important differences in how a device receives its IPv6 address dynamically compared to DHCP for IPv4.

Currently, only global unicast addresses with the first three bits of 001 or 2000::/3 are being assigned. This is only 1/8th of the total available IPv6 address space, excluding only a very small portion for other types of unicast and multicast addresses.

Note: The 2001:0DB8::/32 address has been reserved for documentation purposes, including use in examples.

4. Loopback ::1

The loopback address is used by a host to send a packet to itself and cannot be assigned to a physical interface. Similar to an IPv4 loopback address, you can ping an IPv6 loopback address to test the configuration of TCP/IP on the local host. The IPv6 loopback address is all-0s except for the last bit, represented as ::1/128 or just ::1 in the compressed format.

5. Unspecified address

An unspecified address is an all-0s address represented in the compressed format as ::/128 or just :: in the compressed format. It cannot be assigned to an interface and is only used as a source address in an IPv6 packet. An unspecified address is used as a source address when the device does not yet have a permanent IPv6 address or when the source of the packet is irrelevant to the destination(such as DHCP).

6. IPv4 embedded

The last type of unicast address type is the IPv4 embedded address. These addresses are used to help transition from IPv4 to IPv6.

Multicast address(ff00::/8)

Multicast addresses in IPv6 have the prefix ff00::/8. IPv6 multicast addresses are generally formed from four bit groups, illustrated as follows:

The prefix holds the binary value 11111111 for any multicast address. Currently, 3 of the 4 flag bits in the flags field are defined;the most-significant flag bit is reserved for future use. The other three flags are known as R, P and T.

Similar to unicast addresses, the prefix of IPv6 multicast addresses specifies their scope, however, the set of possible scopes is different. The 4-bit sc (or scope) field (bits 12 to 15) is used to indicate where the address is valid and unique.

The service is identified in the 112-bit Group ID field. For example, if ff02::101 refers to all Network Time Protocol (NTP) servers on the local network segment, then ff08::101 refers to all NTP servers in an organization’s networks. The Group ID field may be further divided for special multicast address types.

Well-known IPv6 multicast addresses

Well-known multicast addresses have the prefix ff00::/12. This means that the third hexadecimal digit, the Flag field, is always set to 0. Well-known multicast addresses are predefined or reserved multicast addresses for assigned groups of devices. These addresses are equivalent to IPv4 well-known multicast addresses in the range 224.0.0.0 to 239.255.255.255. Some examples of IPv6 well-known multicast addresses include the following:

Prefix terminology

Key requirements outlined in RFC 5952:

• leading zeros must be suppressed.
• The use of the symbol”::”must be used to its maximum capability.
• The characters “a”, “b”, “c”, “d”,”e” and “f” must be represented in lowercase.
• The symbol “::” must not be used to shorten just one “16-bit” field:

So 2001:db8:0000:1:1:1:1:1       Incorrect

2001:db8::1:1:1:1:1                Incorrect

2001:db8:0:1:1:1:1:1              correct

• When an alternative choice exists in the placement of a “::”, the longest run of consecutive 16-bit 0 fields must be shortened.  If the length are equal, the first sequence of zero bits must be shortened.

eg: 664a:0000:0000:fc02:0000:0000:0000:4b74         incorrect

664a:0:0:fc02::4b74                                                          correct

664a:0000:0000:fc02:00b2:0000:0000:4b74          incorrect

664a::fc02:00b2:0:0:4b74                                               incorrect(there are two 0 block)

ipv6 header

The IPv6 simplified header offers several advantages over IPv4:

• Better routing efficiency for performance and forwarding-rate scalability

• No requirement for processing checksums

• Simplified and more efficient extension header mechanisms (as opposed to the IPv4 Options field)

• A Flow Label field for per-flow processing with no need to open the transport inner packet to identify the various traffic flows

Dynamic configure Ipv6

A device may receive all or some of its IPv6 addressing information from a DHCPv6 server depending upon whether option 2 (SLAAC and DHCPv6) or option 3 (DHCPv6 only) is specified in the ICMPv6 RA message.

If option 1 (SLAAC only) or option 2 (SLAAC with DHCPv6) is used, the client does not obtain the actual Interface ID portion of the address from this processes. The client device must determine its own 64-bit Interface ID, either by using the EUI-64 process or by generating a random 64-bit number.

EUI-64 process:

Ethernet MAC addresses are usually represented in hexadecimal and are made up of two parts:

• Organizationally Unique Identifier (OUI) – The OUI is a 24-bit (6 hexadecimal digits) vendor code assigned by IEEE.

• Device Identifier – The device identifier is a unique 24-bit (6 hexadecimal digits) value within a common OUI.

An EUI-64 Interface ID is represented in binary and is made up of three parts:

• 24-bit OUI from the client MAC address, but the 7th bit (the Universally/Locally (U/L) bit) is reversed. This means that if the 7th bit is a 0 it becomes a 1, and vice versa.

• The inserted 16-bit value FFFE (in hexadecimal)

• 24-bit Device Identifier from the client MAC address

eg. R1’s GigabitEthernet MAC address of FC99:4775:CEE0.

EUI for Serial Interface

whenever Cisco IOS needs a MAC address for an interface, and that interface does not have a built-in MAC address (such as serial interface), the router uses the MAC address of the lowest-numbered LAN interface on the router.

e.g. 

R2(config) # interface F0/0
R2(config-if)# ipv6 address 2000:0:0:1::/64  eui-64
R2(config-if)#exit
R2(config) # interface Serial0/0/1
R2(config-if)# ipv6 address 2000:0:0:1::/64  eui-64

R2# show interfaces fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 0013.197b.5004 (bia 0013.197b.5004)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255

R2# show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::213:19FF:FE7B:5004
2000::4:213:19FF:FE7B:5004
Serial0/0/1 [up/up]
FE80::213:19FF:FE7B:5004
2000::1:213:19FF:FE7B:5004

The following list shows the derivation of the last 64 bits (16 hexadecimal digits) of R2’s IPv6 interface IDs for its global unicast IPv6 addresses on Fa0/0 and S0/0/1:

Step 1. Use Fa0/0’s MAC address: 0013.197B.5004.
Step 2. Split and insert FFFE: 0013:19FF:FE7B:5004.
Step 3. Invert bit 7: Hex 00 = 00000000 binary, flip for 00000010, and convert back to hex 02, resulting in 0213:19FF:FE7B:5004.

 Transition technologies to work with IPv4:

•Dual-layer IP stack

•IPv6 over IPv4 : adding an IPv4 header to the IPv6 packet. This works similar to virtual private network (VPN)

•Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) : allows IPv6 routers and hosts to communicate across IPv4 networks. ISATAP is designed for private intranets.

The interface ID is separated intotwo parts as follows:
•The first 32 bits are either 0:5efe for a private address or 200:5efe for a public address.
•The last 32 bits are the IPv4 address.

•6to4:  uses tunneling of IPv6 packets over an IPv4 network. The technologies differ in how they store the IPv4 address in the IPv6 packet. Where ISATAP stores the IPv4 address as a decimal in the last 32 bits of the address, 6to4 stores the IPv4 address of the ISATAP router in bits 17 to 48.

6to4 is designed for communicating across the public IPv4 Internet.

•Teredo:  Teredo allows IPv6 hosts to communicate over IPv4 networks that use NAT, which is a mechanism used in IPv4 networks for hiding a private IP network behind a public IP address.

Teredo’s address is based on the 2001::/32 prefix. It is structured as follows:
→The first 32 bits of the address are 2001.
→The next 32 bits are the IPv4 address in hexadecimal to complete the network ID.
→The host ID begins with 16 bits used for Teredo flags.
→The next 16 bits represent the external IPV4 UDP port number being used by the NAT.
→The remaining 32 bits are the IPv4 address of the NAT in hexadecimal.

Inverse Neighbor Discovery

The ND protocol discussed in this section starts with a known neighbor’s IPv6 address and seeks to discover the link-layer address used by that IPv6 address. On Frame Relay networks, and with some other WAN data-link protocols, the order of discovery is reversed. A router begins with knowledge of the neighbor’s data link layer address and instead needs to dynamically learn the IPv6 address used by that neighbor.

IPv4 solves this discovery problem on LANs using ARP and the reverse problem over Frame Relay using Inverse ARP (InARP). IPv6 solves the problem on LANs using ND, and now for Frame Relay, IPv6 solves this problem using Inverse Neighbor Discovery (IND). IND, also part of the ICMPv6 protocol suite, defines an Inverse NS (INS) and Inverse NA (INA) message. The INS message lists the known neighbor link-layer address (Data-Link Connection Identifier [DLCI] for Frame Relay), and the INS asks for that neighboring device’s IPv6 addresses. The details inside the INS message include the following:

■ Source IPv6: IPv6 unicast of sender
■ Destination IPv6: FF02::1 (all IPv6 hosts multicast)
■ Link-layer addresses
■ Request: Please reply with your IPv6 address(es)

IPv6 configuration (Cisco IOS)

Reference

http://www.ciscopress.com/articles/article.asp?p=2803866&seqNum=5