IPv6 has been around for a long time. According to Wikipedia, it became a draft standard in 1998 and was formalized in the Summer of 2017.
As you may know, IPv4 address space has proven to be quite limited. This is partly due to the increased global connectivity in our lives, but also largely due to the generous address block allocation performed by IANA in the early days of the internet. If you want to look at some of those large allocations, check out the list published by the IANA. You’ll see that AT&T, Ford Motor Company, Apple Computers, and PSINet are among the recipients of a full Class-A block of addresses - each receiving about 0.4% of the total addressable IPv4 space.
February of 2011 saw the exhaustion of the remaining free pool of IPv4 addresses as the last remaining blocks were allocated to Regional Internet Registries.
Over the years, NAT has been embraced heavily as a mitigation technique to reduce the number of globally accessible internet addresses. This presents some challenges with home users providing services to the internet and fundamentally divides the internet into the service provider tier and the consumer tier.
IPv6 solves the addressing problem and provides additional improvements such as hierarchical route aggregation, optimized multicast behavior, and use of IPSec.
Let’s look at some of the key concepts of IPv6:
- Addressing, link level addresses, privacy extensions
- DHCPv6, SLAAC, and prefix delegation
- Router Advertisements (RA)
- Routing Aggregation
- Typical prefix length
Addressing is the most noticeable difference in an IPv6 environment. Let’s take a look at one of Google’s addresses:
The IPv6 address record (type ‘AAAA’) returned by dig is
IPv6 addresses are 128 bits in length, with the first 64 bits representing the network identifier and the last 64 bits representing the host portion. The idea is that each network segment in all of the internet will have a unique first 64 bits, and each machine on that network segment will have a unique last 64 bits. Current implementations allow hosts to create and use many different host addresses to identify themselves on the network segment. This allows for some interested techniques like rotating addresses at a defined interval, or associating particular host addresses with particular servers, or even using “burner” addresses.
Contiguous runs of zeroes can be elided with
::, and leading zeroes can be omitted, leading
to more easily transcribed addresses.
For instance, if my local network segment is
2601:3325:8112:AC3F, then I can assign static
IP addresses to machines on the network allowing for addresses like:
2601:3325:8112:AC3F::1as my default gateway
2601:3325:8112:AC3F::2as my DNS server
2601:3325:8112:AC3F::4for the fileserver, etc
You will find a more complete treatment of IPv6 address representation here.
There are a couple of ranges of IPv6 addresses to be aware of:
- Link-local addresses: These start with the 10-bit prefix:
fe80::/10. Link local addresses identify an interface uniquely on the subnet and are generated using the MAC address. Most importantly, these are not globally addressable.
::1/128is the IPv6 version of
FF02::1is the all nodes multicast address. Ideally, you can ping this address to find out what nodes are listening on the local network segment.
FF02::2is the all routers multicast address. Any node identifying as a router should respond to this address.
DHCPv6, SLAAC, and Prefix Delegation
In the section above I mentioned setting static addresses for services on my local network. That’s fine for things like servers, but doesn’t work so well with roaming devices (like phones or laptops) or for networks that have client machines added or removed somewhat regularly.
By default IPv6 offers Stateless Address Autoconfiguration (SLAAC). This is a straightforward process
by which a link comes up and sends out a link-local router solicitation (remember
for the nearest router. Routers respond with a router advertisement packet containing the network
prefix and other required configuration.
In some cases this is inappropriate or undesireable. For myself, I chose to use a stateful approach with DHCPv6. This is essentially v4 DHCP, but with the added component of prefix delegation. In my home network, my ISP provides me with a 56-bit network prefix. Any subnet from that prefix is mine to do with as I please, and my ISP’s upstream router knows to send any traffic addressed to that prefix down to me. My router, in turn, chops that 56-bit prefix up into, at the time of this writing, 2 (of possibly 256) 64-bit subnets.
DHCPv6 additionally carries information on search domains and DNS servers. This information can also be communicated through neighbor discovery protocol if you’re using SLAAC.
Router advertisements are packets of information from nodes identifying as routers that contain info about the local network segment. This includes the network prefix and “other configuration flags”. Router advertisements are sent periodically and in response to router solicitation messages. One of the neat features of these is automatically propagating a network prefix change. If my local segment was moved for some reason, the upstream router could inform my home router, which would inform the local nodes and everyone would happily update their addresses.
Because of the hierarchical nature of prefix delegation, it is possible to consolidate routes rather than having a unique entry for each route.
Wikipedia summarizes this as:
CIDR provides fine-grained routing prefix aggregation. For example, sixteen contiguous /24 networks can be aggregated and advertised to a larger network as a single /20 routing table entry, if the first 20 bits of their network prefixes match. Two aligned contiguous /20 blocks may be aggregated as /19 network. This reduces the number of routes that have to be advertised.
Typical Prefix Length
Typically, ISPs seem to be providing /56 prefixes to residential customers. This allows for 256 /64 subnets. I have heard of other ISPs provided /48 prefixes (for 65536 /64 subnets!). Either way, for most applications you will have plenty of available subnets to use.
IPv6 was initially designed with the requirement that IPSec be used, but it has since been relaxed to an optional feature.
To Be Continued
This post is one of a series on adopting IPv6 on your home or small business network. Future installments will cover:
- Sample Network Description
- Guest subnet
- Trusted subnet
- DNS resolution
- Platform Specific Setup Details
- EdgeOS router configuration
- JunOS switch configuration
- Windows client configuration
- Linux client configuration
- OS X client configuration
- Android phone configuration
- Using IPv6 addresses in Chrome / Firefox / MS Edge
- Preferring DNS IPv6 records