IPv6 Address Space
If you have read my other blogs related to IPv6 then you will know by now the size of the address space provided by Internet protocol version 6. If not then, IPv6 address space is 128-bits long. If you do the calculation it comes to 3.40282366921e+38. In other words this equals to 340,282,366,920,938,463,463,374,607,431,768,211,456. It is pronounced as 340 undecillion, spell check gives an error here because it doesn’t even have this word added to its database of words. This is a lot of address. This address space is very carefully split into different types depending upon the multiple use case scenario’s. We have enough experience with IPv4 which made us understand what is needed in the future. With IoT picking up its pace and talk about storing all data on cloud increasing all day IPv6 is going to the backbone to achieve it.
More fun facts on this address space is available in the internet. Check it out for yourself.
Certain things discussed below may take sometime to sink in but if you read it a couple of more times and see things that happens practically in your machine it is not that much difficult to understand. As always use any Linux based distro as some of the commands which i have used/discussed below are available in them only.
If want to know why we need IPv6 in the first place pls read this post.
All IPv6 addresses are represented in Hexadecimal. An IPv6 address can be classified into one of three categories:
- Unicast Address.
- Anycast Address.
- Multicast Address.
The above diagram gives a complete picture of the IPv6 address types with its default assigned address ranges which is currently in use. Just a thought, where is the broadcast address in IPv6 and why it is specified in the above picture?. Read below to know more.
A unicast IPv6 address uniquely identifies an interface. A packet sent to a unicast address is delivered to that particular interface identified by that address. Unicast addresses are composed of two parts, a 64-bit network prefix used for routing and a 64-bit interface identifier used to identify a host’s network interface.
The 64-bit interface identifier is either automatically generated from the interface’s MAC address using the modified EUI-64 format or obtained from a DHCPv6 server, It can also be assigned automatically using some random values or assigned manually. Different types of unicast addresses are there in IPv6 and we shall discuss about that in a separate section (see below).
An anycast address is assigned to multiple interfaces usually on multiple hosts/nodes.
A packet sent to an anycast address is delivered to only one of these interfaces which is usually the nearest one. Any unicast address can be used as an anycast address as they have the same format as unicast addresses but they are present in multiple interfaces and in multiple hosts/nodes.
Different Types of Unicast address
As the name suggests, address of this type are local to the current link. A link-local address is also based on the interface identifier, but uses a different format for the network prefix. These addresses have a prefix of fe80::/10. This address is mandatory for all the interfaces which support IPv6.
As discussed above the interface ID is either automatically generated from the interface’s MAC address using the modified EUI-64 format (this is not advisable due to security issues), obtained from a DHCPv6 server, automatically established randomly, or assigned manually. For sample address look into the Why IPv6 page auto-configuration section for some screenshots of the sample IPv6 addreses from different machines.
Below is an example on how a link local address is configured automatically by an Ethernet interface using its MAC address, the 64-bit interface identifier has to be created from the 48-bit (6-byte) Ethernet MAC address.
Lets assume the MAC address of the Ethernet interface is :00:0a:95:9d:68:16. First, the hex digits 0xff-fe (2 bytes) are inserted between the third and fourth bytes of the MAC address. The address now looks like this : 00:0a:95:ff:fe:9d:68:16. Then the universal/local bit, the second low order bit of 0x00 (the first byte) of the MAC address is complemented. The second low-order bit of 0x00 is 0 which when complemented becomes 1. So the first byte MAC address now becomes 0x02. Again the modified address now looks like this 02:0a:95:ff:fe:9d:68:16. To get the exact link local address for that Ethernet interface now we just need to add this value to the link local prefix of fe80. The link local address 0f the Ethernet address now looks like this: fe80::02:0a:95:ff:fe:9d:68:16/64.
Clearly generating interface ID using interface MAC address is not one of the safest methods to generate the IP address. This address is not globally routable.
RFC 4941, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6,” introduces another type of address available only in IPv6 that contains a random number in place of the hardware address.With this recommendation interface ID can change over time as it is a temporary address. It is generated in addition to the EUI-64 interface ID. The temporary address is then used for outgoing communications. The main reason for an approach like this is that a host talking to a web server or FTP server doesn’t need to have permanent address if so we are easily traceable.
The unspecified address has a value of 0:0:0:0:0:0:0:0 and is therefore it also called
the all-zeros address. It is comparable to 0.0.0.0 in IPv4. It indicates the absence
of a valid address. It is used as a Source address by a host during the boot process when it sends out a request for address configuration. It should never be statically or dynamically assigned to an interface and it should not appear as a destination IP address.
::1 (0:0:0:0:0:0:0:1) is how IPv6 loopback address is represented. Mostly this address is used for troubleshooting and testing the IP stack because it can be used to send a packet to the protocol stack without sending it out on the subnet. It should also never be statically or dynamically assigned to an interface.
Global unicast address has been assigned a prefix of 2000::/3. In binary they are identified by the prefix 001. This is similar to public IP addresses in IPv4. This IP address can be routed across the internet.
The global routing prefix identifies the address range allocated to a site. This part of the
address is assigned by the international registry services and the Internet Service Providers (ISPs) and it has a clear hierarchical structure. The subnet ID identifies a link within a site. A link can be assigned multiple subnet IDs. A local administrator of a site assigns this part of the address. The interface ID identifies an interface belonging to particular host/node on a subnet and must be unique within that subnet. The interface ID is always 64 bits, so therefore an IPv6 subnet is always a /64 subnet. No more NAT and subnet mask issues with IPv6.
How big is the routable address space ? With the above address format picture we have 2^45 network addresses (this is the recommended allocation block) which the regional Internet registries provides to the ISP and within that each network can have 2^16 subnets and within each subnet we can have 2^64 valid IPv6 addresses. Let me do this calculation and take a break for the rest of the day (pls help yourself while this thing really sinks in).
If you have an android handset with marshmallow or above version and if you are using 4G connection check your IP address provided by your service provider. Chances are that you might be assigned a public IPv6 address. In India one of the mobile service providers (IDEA) is actually providing public IPv6 address when you access their 4G networks. The below screenshot is taken from my Samsung A9 Pro mobile.
Unique local IPv6 address
These are also called ULA. The address of this type belongs to fc00::/7 prefix. ULA’s are available for use in private networks (organisation or sites). They are similar to IPv4 private addresses. They addresses are not routable across the Internet.
The global ID (40 bits) is generated randomly. So with the global ID generated randomly we get a /48 prefix and 2^16 subnets and 2^64 hosts/nodes can be assigned addresses per subnet. As of now the 8 bit is set to one which specifies that the address is locally administrated and as of this writing this has only been standardised. So for locally administered addresses, we currently have a hexadecimal prefix of fd00::/8. ULA is actually a replacement to site local addresses who use is deprecated now. Site local addresses were allocated the fec0::/10 prefix. Some of older applications still support site-local addresses but newer ones doesn’t need to support.
Look into the Why IPv6 page’s auto-configuration section for some screenshots of the sample IPv6 addresses from different machines.
A multicast address identifies a group of IPv6 interfaces. Interfaces become part of the mutlicast groups whose data which it wants to access. As with IPv4, in IPv6 there are a lot of predefined IPv6 Mulitcast addresses.A packet sent to a multicast address is processed by all members of the multicast group. All IPv6 multicast addresses have the ff as prefix i.e there the higher order byte (first byte) is all ones in binary.They are represented using the ff00::/8 prefix. In IPv6 multicast addresses play a very important role. The below diagram shows the format of IPv6 multicast addresses.
Scope bits define the boundary within which these addresses can be used. For example, ff01 means interface local, ff02 means link local, ff08 site local and ff0e means global. As mentioned before many IPv6 Multicast addresses are predefined. If your familiar with IPv4 multicast addresses then it will be much similar to that.
Link-local scope multicast addresses
ff02::1 All-nodes address
ff02::2 All-routers address
ff02::9 RIP routers
ff02::a EIGRP routers
ff02::16 All MLDv2-capable routers
ff02::1:2 All DHCP agents
ff02::1:3 Link-local Multicast Name Resolution
The above list is very small when compared to the whole list of predefined IPv6 multicast addresses. I have kept is simple as we wont be looking into that much detail here. Of these addresses few have a very important role to play when the interface gets addresses assigned. When a hosts joins the network and wants an IPv6 address it sends a router solicitation message to all routers address ff02::2 (link local scope). All routers who received the router solicitation packet will now respond to the host which send the router solicitation message with a router advertisement packet. This response can be either sent directly to the particular host which sent the router solicitation message in the first place or to the all nodes multicast address ff02::1. Pls note, Router advertisement messages are sent periodically by routers to the all nodes multicast address ff02::1. The router advertisement message can contain a lot of details like the prefix notation, DNS servers address lifetime, MTU and many more. This information is then used by the host to assign an IPv6 address for the interface. We shall discuss about this in detail in a another blog itself as this is very much important.
In the beginning of this blog i asked a question, where is broadcast address in IPv6. The answer is simple, in IPv6 we don’t have broadcast address at all. This is replaced by ffo2::1 which is all nodes link local multicast address.
Types of Multicast IPv6 address
Solicited-Node Multicast Address
Every node must join solicited-node multicast address for every unicast and anycast address it is assigned.This address has a prefix of ff02::1:ff00:0/104. It is used in Neighbour Discovery. It is used for identifying layer 2 addresses of neighbours. Neighbour solicitation messages are sent to this address to get the particular interface layer2 address. This makes a lot of senses as only the host/node registered to this multicast address will process this packet. This is an optimisation when compared to IPv4 where ARP requests are send to the layer 2 broadcast address which every host/node needs to process.
This address is formed by taking the low-order 24 bits of an IPv6 address and appending those bits to the prefix ff02::1:ff00:0:/104. For example, if a host has the IPv6 address fe80::979f:148c:a6c5:307d. Then the corresponding solicited-node multicast address is ff02::1:ffc5:307d. If this host has other IPv6 unicast or anycast addresses, each one will have a corresponding solicited node multicast address for which the host must be registering. We can see the list of multicast addresses to which the interfaces has registered using ip -6 maddr command.
Vostro ~ # ip -6 maddr
inet6 ff02::fb users 2
Vostro ~ #
From the above output we can see that each interface has joined few multicast address group. The interface enp7s0 is not even up (i have not plugged in the ethernet cable) but yet it has joined all nodes multicast group with interface local and link local scopes. Interface wlp6s0 has joined a few more groups other than joining the all nodes link local multicast group it has joined the solicited node multicast group of it own interface address ff02::1:ffc5:307d. Other than discovering the layer2 address of the hosts/nodes solicited node multicast addresses are used in duplicate address detection also. It makes sure that two interfaces does not have the same IPv6 address in the same link.
How to represent or write IPv6 addresses
- Use small case letters for hexadecimal digits like a.b.c.d.e.f.
- Suppress the leading zeros and largest group of zeros.
- Shorten as much as possible.
- While accessing IPv6 addresses through browser which is not globally routable use http://%5BIPv6 address] notation on the browser. This is much helpful when you are building an in house embedded device which has IPv6 support over HTTP.
- Link-local address.
- All-nodes multicast address — ff02::1.
- Solicited-node multicast address for each of its assigned link local, unicast and anycast addresses.
- Multicast addresses of all other groups to which the host belongs.
States of IPv6 addresses
This is an address that has been assigned to an interface and can be used without
any restrictions for the preferred lifetime assigned. If you are using a Linux machine then ip -6 a command shows the lifetime of the IPv6 addresses. Mostly it is set to “forever”. But it is always good to know the lifetime. This is a valid address.
The address becomes deprecated after its preferred lifetime has elapsed and there has been no renewal. This address can used but it is not encouraged. It can still be used to continue a communication that has already been established and ongoing as it would disrupt a service if the address changes. Pls note it can no longer be used as a source address for establishing new connections.This also a valid address but can’t be used for establishing new connections.
This is an address that has not yet been assigned to the interface. It is the state prior to the assignment, when uniqueness is being verified (during DAD). We can check this by continuously running ip -6 a command, while disabling and then enabling the network interface which has IPv6 capability. This addresses gets assigned for a fraction amount of time while the DAD process gets completed. Hosts/node cannot communicate in the network using a tentative address. This address is only used for sending neighbour discovery messages only.
A valid address becomes invalid when its lifetime expires, particularly when the valid lifetime expires.An invalid address is not assigned to an interface. These lifetime values can be set on the routers if you have good enough one. The ones which am using TP-Link and D-Link doesn’t have this feature in it but we always have Linux and dnsmasq to try this. DNSMASQ is an open source package providing DHCPv6 server capabilities (it has a plethora of other features) which can be used in embedded systems where the memory foot print should be the minimum.
You can go through the below RFC’s for more detailed information. These are absolute gems.
RFC 4291 — IP Version 6 Addressing Architecture.
RFC 4193 — Unique Local IPv6 Unicast Addresses.
RFC 5952 — A Recommendation for IPv6 Address Text Representation.
RFC 2464 — Transmission of IPv6 Packets over Ethernet Networks.
In a future blog let me share how IPv6 Addresses are used along with IPv4 Addresses.
One thing that is common in IPv6 addressing is that any kind of address you take it so large and it has so many options that can be customised to our needs. That’s the way to the future.