IPv6 replaces the 32-bit IPv4 address with a 128-bit address.128-bit IPv6 addresses are represented by breaking them up into eight 16-bit segments. Each segment is written in hexadecimal between 0x0000 and 0xFFFF, separated by colons. An example of a written IPv6 address is 3ffe:1944:0100:000a:0000:00bc:2500:0d0b.
IPv6 Header:
IPv6 types:
- Unicast:
- Global Unicast address: A global unicast address is a unicast address that is globally unique.It is globally unique and can therefore be routed globally with no modification. It usually starts with 2xxx::/4 or 3xxx::/4
- Local Unicast address: an address whose scope is confined to a single link. Its uniqueness is assured only on one link, and an identical address might exist on another link, so the address is not routable off its link.starts with FE80::/10
- Anycast: An anycast address represents a service rather than a device, and the same address can reside on one or more devices providing the same service
- Multicast: A multicast address identifies not one device but a set of devices—a multicast group.
Link Local address: starts with FE80::/10
take the Mac address of the link:
- Flip the 7th bit of the Mac address
- inject FFFE in the middle of the Mac address: <24-bit Mac address with flipped 7th bit> <FFFE> <24-bit of the Mac address>
show interfaces Et49/1
Ethernet49/1 is up, line protocol is up (connected)
Hardware is Ethernet, address is 606b.5b91.6389
Internet address is 100.89.184.48/31
Broadcast address is 255.255.255.255
IPv6 link-local address is fe80::626b:5bff:fe91:6389/64we can also hard-code link local address.
ICMPv6:
There is no ARP and Broadcast in IPv6.
Used for various purpose.
The Path MTU Discovery mechanism sends packets of increasing size to a destination. When the smallest MTU of the links on the path to the destination is exceeded by a given packet size, the packet is dropped and a Packet Too Big message is sent to the source address; the source then knows the smallest MTU on the path.
Neighbor discovery protocol(NDP):
https://www.youtube.com/watch?v=O1JMdjnn0ao&list=PL7FBD333BAB233A44
- There is no ARP or Layer 3 Broadcast in IPv6
So, how we can get MAC of the destination if we know the IPv6 of the destination?
- Sender will send neighbour solicitation message using ICMPv6 with below fields:
- sender will send multicast ICMPv6 message with its Mac address in the ICMPv6 header
- sender will have its source IP as the outgoing interface link local or global address
- sender will send to the destination called as solicited node multicast address:
- Every time we add a IPv6 on the interface, it will join a multicast group based on the last 24-bits of the interface link local
- the multicast group will always start from FF
- the multicast-group would be ff02::1:ff:<last 24-bits of the IPv6>
- Every time we add a IPv6 on the interface, it will join a multicast group based on the last 24-bits of the interface link local
- Receiver of the NS message will respond using ICMPv6 as neighbor advertisement
- it will be layer 2 unicast
the IPv6 interface also joins a special multicast group ff02::1 which we can use to send message to all the nodes. Keep in mind, the layer 2 multicast Mac will be 33:33:00:00:00:01
In below example, we can see NDP learned neighbours:
show ipv6 neighbors vlan1000 | grep e8eb.d3f8.72ee
fdbd:dc71:1:1::29 0:00:09 e8eb.d3f8.72ee REACH Vl1000, Ethernet20
fe80::eaeb:d3ff:fef8:72ee 2:33:56 e8eb.d3f8.72ee REACH Vl1000, Ethernet20show running-config interfaces vlan1000
interface Vlan1000
mtu 9000
no autostate
ipv6 dhcp relay all-subnets
ipv6 dhcp relay destination fdbd:dc00::10:8:8:36
ipv6 address fdbd:dc71:1:1::1/64
ipv6 nd managed-config-flag
ipv6 nd prefix fdbd:dc71:1:1::/64 no-advertise
ipv6 access-group BMC_SEC_V6 out
show ipv6 interface vlan1000
Vlan1000 is up, line protocol is up (connected)
IPv6 is enabled, link-local is fe80::2ae7:1dff:fe98:e6fb/64
Global unicast address(es):
fdbd:dc71:1:1::1, subnet is fdbd:dc71:1:1::/64
Joined group address(es):
ff02::1
ff02::2
ff02::1:ff00:1 --> multicast group for global-unicast
ff02::1:ff98:e6fb --> multicast group for link-local
ff02::1:2
ND DAD is enabled, number of DAD attempts: 1
ND Reachable time is 2147483000 milliseconds
ND retransmit interval is 1000 milliseconds
ND enhanced duplicate address detection enabled
ND advertised reachable time is 1 milliseconds (using 1)
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
ND advertised maximum hop count limit is 64
Hosts use stateless autoconfig for addresses.Duplicate Address detection:
When a new IPv6 is assigned to a interface, before the interface can use that IP, below will happen:
- Send Neighbor solicitation(NS) from source IP as all 0 and destination as solicited node multicast address from the IPv6(use last 24-bits of the IPv6 to create multicast group).
- if any other device has above multicast address, it means no other device has the IPv6.
- Device will also does neighbour advertisement to tell everyone about the IPv6 device has recently configured to multicast address ff02::1
IPv6 Stateless Address auto configuration(SLAAC):
- servers can configure IPv6 addresses
- all router will have ff02::2 as multicast group can to send NDP router advertisement(RA)
- Once a router’s interface has IPv6 address, it will send ND RA periodically to tell everyone about itself
- ND RA by routers are send every 200 seconds
- server can listen to RA and use EUI64 to assign IPv6 address automatically
- Server can trigger RA by sending router solicitation. server will send it to FF02::2 all routers multicast group address. We will advertise the prefix configured on the interface
Stateless DHCP
- We can send option flag in RA when router sends RA
- Once RA is received by the server, server will send DHCPv6 to get more info about the options
- server can get more information like DNS IP