Internet Protocol Version 6 (IPv6)

What is IPv6? It is the latest (not really new at this point lol) version of the IP Protocol. The main reason that this version was developed is to alleviate the IPv4 Address Exhaustion happening across the internet. It boasts a longer address of 128 bit vs the 32 bit of IPv4. It also has fundamentally changed the way some communication happens as compared to IPv4. These details will be discussed below. Without further ado, let’s get into it!

IPv6 Structure

IPv6 is a 128-bit address represented in Hexadecimal. Each character in an IPv6 address represents 4 bits of data. That 4 bits is presented by a hexadecimal character (0-F). When we think of IPv4 and the whole idea of Subnet Masks and CIDR notation – that still holds true in IPv6 the exact same way. The whole point of a Subnet Mask is to define what is the Network portion and what is the Host portion in a particular address. A IPv6 address with a /64 mask tells you that the first 64-bits is the network portion and the latter 64-bits is the host portion. In IPv4, the mask could be represented using CIDR (/24) or subnet mask ( In IPv6, the only way that it is represented is by using CIDR notation (which makes sense considering how long the address actually is).

Above, you will see an example of the structure of an IPv6 address. This has been defined in RFC 4291 as a global unicast address. More on the different types of IPv6 addresses later*. The take away from this chart is to get familiar with the the full-length format of IPv6. You have eight (8) sixteen (16) bit sections, and they are all separated by a colon. Again, each character represents a hexadecimal character (0-F) of 4 bits.

How to Write IPv6

Since IPv6 is very long, it can be a pain to write sometimes. Luckily, IPv6 addresses can be shortened/abbreviated. Take for Example the address in the previous diagram:


This address can be shortened to the following:


Let’s start by specifying what are the rules for shortening IPv6 Addresses. (BTW, the shortened version of IPv6 can also be used in configuration)

  1. Leading Zeroes in a 16 bit block (aka within a semi-colon) can be ommited. So in our example, I shortened the IPv6 address: 0db8 turned into db8. 0015 was shortened to just 15.
  2. A double semi-colon can be used in place of an all zeroes 16-bit block. The double semi-colon can be used not just for one 16-bit block that has all 0s, but also two blocks, that are adjacent to each other. A double semi-colon cannot be used two times in one address. So in our example, I could essentially “skip” block 15 all the way to block 1a2f just by putting a double semi-colon.

IPv6 L3 Header vs IPv4 L3 Header

There are a few key differences in the headers for IPv6 compared to the IPv4 :

  1. Fragmentation is dealt with at the host level for IPv6. If a router receives a packet that is too big to be put on another link (aka MTU is smaller for whatever reason), then the Router running IPv6 will send back a ‘too big’ ICMPv6 packet back to the host. The too big ICMPv6 packet essentially tells the host: “hey your packet is too big, chop it up into something smaller than x”. If you compare this to IPv4, routers running IPv4 actually perform the fragmentation of packets instead of the host. Since IPv6 routers pushes the fragmentation to the host, the following headers are not in IPv6: Identification, Flags, and Fragment offset
  2. The flow label is used to uniquely identify a flow of packets. For example, if a certain host sends 100 packets to, a unique flow number will be generated to identify the unique flow. This is not in IPv4 header.
  3. TTL Field is renamed to Hop Limit.
  4. Checksum is removed completely. The reason for this is that all upper level protocols already have an implementation for error-checking, so having it in the L3 header is redundant.

IPv6 Address Types

There are lots of different IPv6 Address types. They all have a unique purpose and function for the operation of IPv6. Similarly, the same could be said for IPv4.

Global unicast:

A global unicast address is a globally unique address (aka routable through the internet). Currently IANA has assigned only 2000::/3 addresses to the global pool (as of this writing).

Unique Local:

A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the approximate counterpart of the IPv4 private address space.

Link Local:

The link-local address can be used only on the local network link (aka unique to a VLAN). Link-local addresses are not valid nor recognized outside the subnet. FE80:/10 is a Hexadecimal representation of the 10-bit binary prefix 1111111010. This prefix identifies the type of IPv6 address as link local. Link local addresses use the EUI-64 method to identify its interface id.


IPv6 multicast operates the same as in IPv4. A packet sent to a multicast address is delivered to all interfaces identified by the multicast address (in a given scope). in IPv6, FF00:/8 is the pool for the multicast addresses.  In FFxy multicast addressing, the x will denote permanent (0) or temporary (1) addressing.  The y will denote the scope of the address:

  • y=1 means interface local (kinda like an interface-based loopback)
  • y=2 means link-local so they can’t be routed (within subnet)
  • y=4 means admin-local which is really a bit varying in scope
  • y=5 means site-local which should be your site’s physical infrastructure.  Routable yes, but not outside your site.
  • y=8 means organization-local which implies autonomous system number like in BGP (think Site prefix in 1.12 picture)
  • y=E fully routable/usable on the Internet.

Solicited Node Multicast:

When a IPv6 interface is enabled on any device, a solicited node multicast address is created too. For every IPv6 assigned on an interface, a matching solicited node multicast is created (for link local AND global unicast) . The solicited node multicast starts with ff02::1:ff/104. The last 24-bits of the interface id from the IPv6 address is used in the address.

The solicited multicast address purpose is to be able to eliminate ARP/broadcast that were originally used to find the MAC address of a particular host in IPv4. The solicited multicast address is also used for duplicate address detection on a subnet, more on that later*. However, in IPv6, the MAC address is found by initiating a Neighbor discovery process. This is where the solicited multicast address comes into play. The device sends a neighbor solicitation packet to the device with the address that start with ff02::1:ff/104. The reason it knows how to send it to a specific solicited node multicast address to that individual host is because it extracts the last 24 bits out of the interface-id of the original IPv6 address you’re trying to talk to and slaps the last 24-bits of interface-id on the end of it: ff02::1:ff[24bits]. The destination device is listening on that multicast address, so when it receives it, it responds back with its full MAC Address. This is similar to the operation of ARP for IPv4. However, instead now it uses multicast packets instead of broadcast. The multicast is also only going to that specific host because that host is the only one listening with that specific solicited node multicast address.

ICMPv6 Neighbor Discovery

The collection of ICMPv6 features makes up what is called Neighbor Discovery Protocol (NDP). NDP is used for MAC-finding, duplicate address detection and Stateless Auto Address Configuration (SLAAC)

ICMPv6 Message Types:

  • Neighbor Solicitation: During Duplicate address detection a device sends a ICMPv6 packet destined for the solicited node multicast address of itself and source is the link local address or :: (all 0s). If it receives a reply from that neighbor solicitation, then obviously that address is already used on the local area network. Duplicate address detection is used for link local and global ipv6 addresses. 
  • Neighbor Advertisement: Is the reply message to a Neighbor Solicitation message (either for duplicate address detection or to find a MAC address on a subnet)
  • Router Solicitation: A device that is configured for IPv6 Stateless Auto Configuration sends out a router solicitation with the destination as FF02::2. Only routers running IPv6 listen to this multicast address.
  • Router Advertisement: Routers then send back a router advertisement back to the accompanying router solicitation message (destination could be the link local address of the specific node or FF02::1). Located in this RA is the prefix for the routers interface. Router advertisements are sent periodically, they do not have to respond to a solicitation message. 

IPv6 Autoconfiguration

All interfaces on IPv6 nodes must have a link-local address, which is usually automatically configured from the identifier for an interface(EUI-64 + MAC) and the link-local prefix FE80::/10. A link-local address enables a node to communicate with other nodes on the link (aka subnet) and can be used to further configure the node.

Nodes can connect to a network and automatically generate global IPv6 addresses without the need for manual configuration or help of a server, such as a Dynamic Host Configuration Protocol (DHCP) server. With IPv6, a device (typically the default gateway / router) on the link advertises global prefix in Router Advertisement (RA) messages, as well as its willingness to function as a default device for the link. RA messages are sent periodically and in response to device solicitation messages.

A node on the link can automatically configure global IPv6 addresses by appending its interface identifier (64 bits) to the prefixes (64 bits) included in the RA messages. The resulting 128-bit IPv6 addresses configured by the node are then subjected to duplicate address detection to ensure their uniqueness on the link. If the prefixes advertised in the RA messages are globally unique, then the IPv6 addresses configured by the node are also guaranteed to be globally unique. Device solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled RA message. This is also referred to as Stateless Address Autoconfiguration (SLAAC)

EUI 64

With IPv6, you can manually set them just like IPv4. However, since IPv6 addresses are bigger than MAC Addresses (which are globally unique), why not convert those MAC addresses into the host portion of the address? That is exactly what EUI-64 does. It converts a 48-bit MAC Address into a 64-bit counterpart, and placing that into the Interface-ID of the address. This is how it is accomplished:

A 64-bit interface ID is created by inserting the hex number FFFE in the middle of the MAC address. Also, the 7th Bit in the first byte is flipped to a binary 1 (if the 7th bit is set to 0 it means that the MAC address is a burned-in MAC address.). When this is done, the interface ID is commonly called the modified extended unique identifier 64 (EUI-64).

For example, if the MAC address of a network card is 00:BB:CC:DD:11:22, then the interface ID would be 02BB:CCFF:FEDD:1122.

Why is that so, you might ask?

Well, first we need to flip the seventh bit from 0 to 1.

MAC addresses are in hex format. The binary format of the MAC address looks like this:

hex 00BBCCDD1122 
binary 0000 0000 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010

We need to flip the seventh bit:

binary 0000 0010 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010

Now we have this address

hex 02BBCCDD1122

Next we need to insert FFFE in the middle of the addres:

hex 02BBCCFFFEDD1122

The resulting Interface ID is 02BB:CCFF:FEDD:1122.


Identifies a group of interfaces, usually on different physical nodes. Packets that are sent to the anycast address go to an anycast group member node that is physically closest to the sender.

IPv6 Configuration (Cisco)

! Enables the forwarding of ipv6 unicast datagrams globally on the router. This also permits the router to send ICMPv6 RAs. 

#ipv6 unicast-routing

! Automatically configures an ipv6 link local address and enables ipv6 processing

#ipv6 enable

! Configure a global ipv6 address

#ipv6 address 2001::[xxxx]

! Configures a global ipv6 address with eui-64 format set on the lower order bits

#ipv6 address 2001::db8:0:1::/64 eui-64

! configure specific link local address

#ipv6 address fe80::[xxxx]/64 link-local

! Configure default route in ipv6

#ipv6 route ::/0 [next hop ipv6 address]

! verify/tshoot

#sh ipv6 int brie

#sh ipv6 routers

#sh ipv6 route

#debug ipv6 nd

! See which ipv6 devices have been mapped to which MAC address

#sh ipv6 neighbors

Under the state section of this command the following output can appear:

  • Incomplete – INCP -Process of being established
  • Reachable – REACH – Confirmed and established
  • Stale – STALE – Mapping was successfully established but has since been expired and has not been successfully re established
  • Delay – DELAY – Mapping was successfully established but has since been expired and has not been successfully re established
  • Probe – PROBE – Neighbor confirmation messages are being re sent to remote interface on an ongoing basis in attemt to reestablish mapping

! Configures the interface to use stateless auto configuration. When this command is initiated a link local address is created automatically, and the interface listens to RAs for global-multicast assignment.

#ipv6 address autoconfig

! Verify that address was configured on the interface

#show ipv6 interface FastEthernet 0/10

IPv6 Subnetting – How the hell do you do it?

It’s actually really easy. It’s the same concept as IPv4 subnetting, except your dealing with hexadecimal not dotted decimal.

Let’s look at a few interesting examples:

IANA will be using 2000::/3 for all global unicast routable addresses. But a /3 doesn’t line up so well. What does a /3 even mean? Well again, it’s bits to bit comparison. It means that the first 3 bits in this address, if they match then that means that every other bit to the ‘left’ of that will be considered a globally routable address.

2000 in binary is 0010 0000 0000 0000

IANA will be using the first 3 bits of this address for all globally routed addresses. So essentially, anything starting with a 2 or a 3.

Let’s look at another example: FC00::/7 (private address space for IPv6)

FC00 in binary is 1111 1100 0000 0000

So any address where the first 7 bits are those binary bits, mean that it is a private address. Say for example, I assigned a IPv6 private address to the following: FD00::1/7 – this is still technically in the range of FC00::/7 even though it actually doesn’t start with FC. The reason is because aslong as the first 7 bits match, then it is still in the range. I flipped the 8th bit. By flipping the 8th bit, I changed the hexadecimal character to a D. But that is still a perfectly valid private address space assignment.

In most scenarios, You will be given a /48 block (aka site-prefix in the above diagrams). From there, you can use the next 16 bit block to create different subnets. The last 64-bits can either be implemented manually for servers, or some variation of DHCPv6 / SLAAC. But that does not mean you cannot make smaller subnets. You can still assign a /100, or even a /127 for point to point links. The same concepts of subnetting apply from IPv4 to IPv6, it’s just getting used to Hex.

2 thoughts on “Internet Protocol Version 6 (IPv6)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s