1.8 Configure and verify IPv6 addressing and prefix
We invented IPv6 (Internet Protocol Version 6) because we ran out of IPv4 addresses. There was never an IPv5 – it was invented but never made it past the design stage.
A few protocols were upgraded so that they could be compatible with IPv6. We will learn more about these protocols later on.
- OSPF was updated to OSPFv3
- ICMP was upgraded to ICMPv6
- ARP does not work on IPv6. IPv6 uses Neighbor Discovery Protocol instead.
IPv6 uses hexadecimal (not decimal) and an IPv6 address is 128 bits long.
I mentioned hexadecimal earlier when I talked about MAC addresses. Hexadecimal means “base 16”. Imagine, from basic elementary school math that you can count from 0 to 9. When you reach “9”, you get to add another digit to your number, and you get 10. Notice 10 has two digits and 9 has one digit? Now, if you get to “99” and you add one, you reach “100”. Notice that “100” has an extra digit. So, we have ten different numbers (0, 1, 2, 3, 4, 5, 6, 7, 8, 9). We call this system “base 10”.
What if we could count to 16 without adding another digit? We would need to invent six more numbers.
How do we do that? We didn’t invent six more numbers, but we did use the first six letters of the alphabet. The hexadecimal digits are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. So, if we add 9 + 1, then answer isn’t 10, it’s A. If we add A + 1, we get B. See what I’m saying? We can fit more numbers into a smaller space. It adds up quickly.
How many numbers can I fit in a two-digit number? Up to 100 (10 x 10 = 100). How many numbers can I fit into a two-digit hexadecimal number? Up to 256 (16 x 16 = 256).
The IPv6 header is larger than the IVv4 header
|Version||Class||Flow Label||Payload Length||Next Header||Hop Limit||Source Address||Destination Address|
For a device to be able to send IPv6 packets to another IPv6 device, it must have an IPv6 address. It must also know the IPv6 address of a router. The router must have an IPv6 address on its interface. That means along the entire route from sender to recipient, all devices must have an IPv6 address. The router encapsulates and deencapsulates IPv6 packets just like it would with an IPv4 packet.
The router will maintain an IPv6 routing table, which works in parallel with IPv4. A router can manage both IPv4 and IPv6 traffic at the same time. End user devices can send traffic through this router regardless of whether they support both IPv4 and IPv6 or only IPv4. IPv6 was designed to work in parallel with IPv4 devices because its inventors knew that the internet couldn’t just switch over to IPv6 overnight. In fact, although it has been many years since IPv6 was made available, many networks still use IPv4. We call this a dual stack configuration.
We can write an IPv6 address as a1b2:c3d4:a1b2:c3d4:a1b2:c3d4:a1b2:c3d4. It is 32 characters long. A character can be a number from 0 to 9 or a letter from a to f (not case sensitive). We separate every four characters with a colon. There are ways to shorten the IPv6 address, which we will learn later.
In the IPv6 scheme, we can have subnets, sub-subnets, and sub-sub-subnets. How does it work? An IPv6 address has two parts. The first part is called the prefix. A /48 prefix is common.
For example, an organization would be assigned a 2001:0db8:1234:/48 prefix. That means that all of their IP addresses must start with 2001:0db8:1234:.
This prefix is 48 bits long (it’s not 24 bits long because each character is 4 bits, not two). The organization has 80 bits left, since an IPv6 address is 128 bits long.
If we were to make subnets out of it, we could
- 2001:0db8:1234:1000: might be our first subnet. That means that all IP addresses in this subnet start with 2001:0db8:1234:1000
- 2001:0db8:1234:2000: might be our second subnet. That means that all IP addresses in this subnet start with 2001:0db8:1234:2000
- 2001:0db8:1234:f000: might be our sixteenth subnet. That means that all IP addresses in this subnet start with 2001:0db8:1234:f000
That makes for 16 subnets. Each subnet is 64 bits long (48 bit network size and 16 bit subnet), which contains 264 IP addresses. Since each subnet is massive and since there is a massive number of subnets, there’s no point in getting more complicated and picking subnets like 2001:0db8:1234:f001:, etc.
The number of available IPv6 addresses is massive. There are 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses. Enough so that each person on earth could have trillions of them.
We can break each subnet down further. Let’s say our organization operates worldwide. We can assign one subnet to each part of the world.
We could break down 2001:0db8:1234:1000: into 16 more sub-subnets, such as
- 2001:0db8:1234:1000:2000:, etc.
Each of these sub-subnets contains 248 IP addresses. We could break these down even further so that
- 2001:0db8:1234:1000:1000:1000: is a subnet
- 2001:0db8:1234:1000:1000:2000: is a subnet, etc.
Now each sub-sub-subnet contains 232 IP addresses.
The point is that there is a lot of IP addresses. More than you’ll ever use. You can pick the subnets however you want and not have to worry about selecting a too small subnet and running out of addresses.
There’s no such thing as a subnet mask in IPv6. There is just a prefix.
If 2001:0db8:1234:1000:1000:1000: is my prefix, then my first IP address is 2001:0db8:1234:1000:1000:1000:0000:0000, and my last IP address is 2001:0db8:1234:1000:1000:1000:ffff:ffff.
I just fill in the blanks for the missing portion remembering that every IPv6 address is 128 bits long, and complicated math is not required.
If I have a bigger subnet then that means I have a shorter prefix. If I have a smaller subnet that that means I have a longer prefix.
We can shorten some IPv6 addresses. If our IP address looked like this: 2002:0de8:0000:0000:0300:8b2e:0360:7234, we could shorten it to 2002:0de8::300:8b2e:0360:7234. See what we did there? We hid the sections with “0000”, and replaced them with ‘::’, or two colons.
In any IPv6 address, we can hide the longest string of 0’s, if they fill up an entire four-digit section, or more than one section in a row. We can only hide one string per IP address, otherwise it gets confusing.
If my address looked like this: 2002:0de8:0000:0000:0300:8b2e:0000:7234 and I shortened it to 2002:0de8::8b2e::7234, you now have two “::”, but you don’t know which one had four 0’s and which one had eight.
Also, we can get hide any 0’s that are before a “:”. That means 2002:0de8:1824:2383:0300:002e:4e4e:7234 can be shortened to 2002:de8:1824:2383:300:2e:4e4e:7234
IPv6 addresses are written as a hexadecimal number, and then a /#. The /# is the prefix length which is between 0 and 128. There is no subnet, but there is a prefix. If we have an address and a prefix length, we can find the prefix.
How do we calculate the prefix? If the prefix length is a multiple of 4, divide the prefix length by 4 (since an IPv6 address has 4 bytes per digit). We keep the IP address up to the prefix length (P). We change the rest of the bits in the IP address to 0.
For example, if 2002:0de8:1824:2383:0300:002e:4e4e:7234 /48 is our IP address, we divide 48 by 4. That gives us 12. We count the first 12 digits (2002:0de8:1824) as our prefix length. If we set the remainder of the IP address to 0, then 2002:0de8:1824:0000:0000:0000:0000:0000 is our network. Therefore our prefix is 2002:0de8:1824:: (notice the two colons at the end).
Since the IPv6 protocol is still being adopted, not all networks understand it yet. What happens when a router communicating over IPv6 reaches a router that only understands IPv4? Let’s say that you are trying to access google.com. You’re in Florida and google.com is in California. Both of you understand IPv6, but the routers in between understand IPv4 only. Your computer and google.com’s server create an IPv4 tunnel and send your IPv6 data through it. The most common tunneling protocol is called 6to4.
A better approach is for each device to obtain both an IPv4 address and an IPv6 address. This is known as dual stack. Most modern ISP’s assign both IPv4 and IPv6 addresses to their customers. A device will try to connect over IPv6, and if it can’t then it will try to connect over IPv4.
Remember that we talked about ARP earlier? Well, IPv6 doesn’t work with ARP. There is no broadcast IPv6 address, so a device can’t send out a message saying, “hey if this is your IP address, reply you’re your MAC address”. What happens if you want to discover a MAC address that belongs to a specific IPv6 address? You must use the Neighbor Discovery Protocol.
How does it work? When a device connects to a new network, it generates a random IP address, known as a link-local address. Then it sends a multicast message to all the routers. All IPv6-enabled routers listen for messages addressed to FF02::2. The long version is FF02:0000:0000:0000:0000:0000:0000:0002.
The device tells the router “hey look at me, I’m at this random IPv6 address”. If the device does not receive a reply, it assumes that there are no routers on the network and keeps the link-local address. If a router is on the network, it replies with some configuration information. The router tells the device what address it should have. The device starts using the address given to it by the router.
What do I mean when I say multicast? Multicast is like a mailing list with an IP address. A device can “subscribe” to a multicast and then it will receive messages addressed to that multicast’s IP address. If we want to send a message to all the devices belonging to a specific multicast, we send a message to the multicast address.
As I said, FF02::2 is a multicast address that all routers subscribe to. If I want to send a message to all the routers on my network, I address it to FF02::2.