Archive for July, 2014

My journey into the land of IPv6: Addressing

There has been much talk about needing to move to IPv6 for a while now. With the last IPv4 allocations being handed out, reality is now sinking in that moving forward, IPv6 will be the way we start addressing our networks. Yes, IPv4 will undoubtedly be around for a while as carriers use CGN to work around the limited address space they have, but moving forward, IPv6 will see more use.

I have had the good fortune to be able to turn up and test IPv6 on a new core network that sits alongside the current network. In this network I am running MPLS L3 VPNs so the actual core is IPv4 only due to LDP not having support for IPv6 currently but that has no impact on running IPv6 within each VRF. Running IPv6 within a L3 VPN will be for another blog post though. In the next few posts, I will talk about how we can easily get IPv6 up and running. Assuming the infrastructure supports it of course!  First stop, addressing.

Once you have recieved your prefix from ARIN (most likely a /48) what in the world are we supposed to do with it?  The most visible difference between IPv6 and IPv4 is the larger addresses: IPv4 addresses are 32 bits long and written in ‘dotted decimal’ format  i.e. IPv6 uses 128 bit addresses, written in 8 groups of 16 bit blocks (words)  written in hex and separated by colons – i.e. 2620:0000:691:1001:0000:0000.000a:0001.

When writing addresses, within each block of 4 hex digits the leading zeroes may be omitted. In addition, once per address (and no more) a contiguous set of one or more blocks which are all 0000 may be replaced by a double colon. So the above address can be rewritten as: 2620:0:691:1001::a:1.

Netmasks are written in the same mask length format as IPv4, with /length after the address. For example, a /126 subnet has 126 bits of network address, leaving 2 bits for host addresses . The bottom address being the network anycast address, although this is not required. There is no top address for a directed broadcast).

When subnetting, always remember to subnet on nibble (every 4 bits ) boundaries so as not to have a subnet end in weird places,  i.e. having a subnet end on 2620:0:691:7:: and the host portion begin on 2620:0:691:8::

Also, unless you have special circumstances, always use /64’s as end host networks.  Not using /64 as your network will break things such as Neighbor discovery, privacy extensions etc. Click has a good post on why using /64 networks is the way to go.

There are several different addressing methods for IPv6 as well:

Stateless Autoconfiguration (SLAAC)

In this scenario, a host will address itself based off of a network prefix learned from an advertising router via periodic router advertisements (RA’s). The host will append its MAC address (with FF:FE inserted in the middle) and this will form the 128 bit host address. This could be a security concern as the hosts MAC address is easily obtained from this address so most operating systems replace the MAC with a randomized unique identifier.

Lets talk about the RA for a second. If you only configure SLAAC on your router you aren’t manually specifying a DHCP pool with default gateway etc as with IPv4 for end hosts.  So how does your PC know how to send traffic off net? The RA specifies several different parameters to end hosts including:

  • IP prefix (or multiple prefixes)
  • Flags (such as used DHCP to obtain DNS info)
  • Default gateway


In this scenario, no config flags are set in the RA messages.  What about DNS?  This is either handled manually on each end host or you can do SLAAC with DHCPv6.

SLAAC with Stateless DHCPv6

In this scenario, the Other-Config-Flag is set in the RA to tell the host to use SLAAC to get an address and use DHCPv6 to obtain other parameters such as DNS.  The DHCPv6 server is stateless in that it does not keep track of what IPv6 address each end host has.

Stateful DHCPv6

In this scenario the Managed-Config-Flag is set in the RA and tells the end host to use DHCPv6 only to obtain an address, DNS etc.

Static Addressing

This option is really only useful for server farms etc where you don’t want to have these addresses randomly assigned.  This can be accomplished using the no-autoconfig flag enabled.  This sets the A bit to zero in RA’s so that autoconfig is not used by the end host to assign itself an address.

In my next post I’ll go over the configurations to make it work within a SLAAC and Stateless DHCPv6 environment.

Categories: IPv6