IPv6
IPv6
IPv4 using 4 bytes(48 bits) address notation: x.x.x.x
IPv6 using 8 x 2 bytes(128 bits) address notation: xx:xx:xx:xx:xx:xx:xx:xx
Each 16-bits hexdecimal value is separated by a colon.
One sequence of zero values separated by colons may be removed in the notation.
An IPv6 address can be represented as xx:xx:xx:xx:xx:xx:x.x.x.x
IPv6 uses prefix instead of netmask.
IPv6 prefixes have the following format:
prefix/length in bits
- The site prefix of an IPv6 address occupies up to 48 of the leftmost bits of the IPv6 address. For example, the site prefix of the IPv6 address
2001:db8:3c4d:0015:0000:0000:1a2f:1a2b/48is contained in the leftmost 48 bits, 2001:db8:3c4d. You use the following representation, with zeros compressed, to represent this prefix:
2001:db8:3c4d::/48
2001:db8:31:1::/64
The subnet prefix always contains 64 bits. These bits include 48 bits for the site prefix, in addition to 16 bits for the subnet ID.
All functions that were performed by broadcasts in IPv4 are performed by using multicasts in IPv6.
128-bit IPv6 address space is divided into 6 parts.
The type of an IPv6 address is identified by the high-order bits of the address, as follows:
Address type Binary prefix IPv6 notation Section ------------ ------------- ------------- ------- Unspecified 00...0 (128 bits) ::/128 2.5.2 Loopback 00...1 (128 bits) ::1/128 2.5.3 Multicast 11111111 FF00::/8 2.7 Link-local unicast 1111111010 FE80::/10 2.5.6 Site-local unicast 1111111011 FEC0::/10 2.5.6 Global unicast (everything else)For ex.,
lo: inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10The following prefixes have been reserved for special use:wlp2s0: inet 192.168.0.105 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 2001:b011:5003:19d7:13f:bd22:e3fb:74c1 prefixlen 64 scopeid 0x0 inet6 fe80::8205:ef53:5b3b:7756 prefixlen 64 scopeid 0x20 inet6 2001:b011:5003:19d7:104:d207:4396:bd41 prefixlen 64 scopeid 0x0 ether a4:4e:31:a6:78:64 txqueuelen 1000 (Ethernet)
2002::/16Any IPv6 address that begins with the 2002::/16 prefix is known as a 6to4 address.
6to4 is an Internet transition mechanism that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. A 6to4 router will know to send an encapsulated packet directly over IPv4 if the first 16 bits are 2002, using the next 32 as the destination, or otherwise send the packet to a well-known relay server, which has access to native IPv6. For example, the global IPv4 address 192.0.2.4 has the corresponding 6to4 prefix 2002:c000:0204::/48.
一項重要特性即藉由Neighbor Discovery 與Auto-configuration機制來簡化使用者IP位址的設定。IPv6網路上的主機可自動取得IP不需透過手動設定。
自動定址(Auto-configuration)機制包括全狀態自動配置(Stateful Auto-configuration)及無狀態自動配置(Stateless Auto-configuration)。
- 全狀態自動配置 IPv6 繼承了IPv4的DHCP服務,並將其稱為全狀態自動配置 ( Stateful Auto-configuration )。
- 無狀態自動配置 在無狀態自動配置過程中,
- 主機首先啟動IPv6 協定,產生一個Link-local IPv6位址
- 接著主機向該位址發出一個被稱為芳鄰找尋(Neighbor Discovery)的請求,以驗證位址的唯一性。 如果請求沒有得到回應,則表明主機自我設置的鏈接本地單點播送位址是唯一的。
- 位址若有衝突,主機將使用一個隨機產生的interface ID組成一個新的Link-local unicast位址。然後,以該位址為來源位址,主機向本地鏈接中所有路由器multicast一個被稱為路由器徵求(Router Solicitation)的配置信息請求 Router Advertisement messages are sent by the router's Router Advertisement Daemon periodically and in response to solicitations. A host uses the information to learn the prefixes and parameters for the local network. 主機用它從路由器得到的全局位址prefix加上自己的Interface ID,自動配置IPv6位址,然後就可以與Internet中的其它主機通信了。Router Advertisement messages are sent to all interfaces in the multicast group,因此企業網路中所有主機都將通過router advertisement收到新的位址prefix,此後它們就會自動產生新的IP位址並覆蓋舊的IP位址。
To generate a Link-local IPv6 address:
- An interface identifier is usually derived from a hardware MAC address All unicast addresses( except addresses with prefix ::/3 ) are supposed to use a 64-bit interface identifier in the lower 64 bits of the IPv6 address. The IEEE-defined 64-bit Extended Unique Identifier (EUI-64) is an identifier used to address hardware interfaces within existing IEEE 802 or IEEE 802- like networking applications.The EUI-64 has 3 forms:
- 24 bit OUI + 40 bit extension identifier
- 28 bit + 36 bit extension identifier
- 36 bit OUI + 28 bit extension identifier
- Merge the address prefix and the Modified EUI-64 interface modifier By flipping bit 6 and adding a 64-bit prefix, for example, 2001:db8:31:1::/64, this makes for a full address: 2001:db8:31:1:20a:95ff:fef5:e96e in this case.
IPv6 address = 64-bits prefix + the Modified EUI-64
2.5 Unicast Addresses
| 128 bits |
+-----------------------------------------------------------------+
| node address |
+-----------------------------------------------------------------+
| n bits | 128-n bits |
+------------------------------------------------+----------------+
| subnet prefix | interface ID |
+------------------------------------------------+----------------+
2.5.1 Interface Identifiers
Interface identifiers in IPv6 unicast addresses are used to identify interfaces on a link.
In some cases an interface's identifier will be derived directly from that interface's link-layer address.
Interface IDs are required to be 64 bits long and to be constructed in Modified EUI-64 format.
2.5.2 The Unspecified Address
The address 0:0:0:0:0:0:0:0 is called the unspecified address.
One example of its use is in the Source Address field of any IPv6 packets sent by an initializing host before it has learned its own address.
2.5.3 The Loopback Address
The unicast address 0:0:0:0:0:0:0:1 is called the loopback address.
It may be used by a node to send an IPv6 packet to itself.
2.5.4 Global Unicast Addresses
The general format for IPv6 global unicast addresses is as follows:
| n bits | m bits | 128-n-m bits |
+------------------------+-----------+----------------------------+
| global routing prefix | subnet ID | interface ID |
+------------------------+-----------+----------------------------+
where the global routing prefix is a value assigned to a site (a cluster of subnets/links), the subnet ID is an identifier of a link within the site.2.5.5 IPv6 Addresses with Embedded IPv4 Addresses
The IPv6 transition mechanisms include a technique for hosts and routers to dynamically tunnel IPv6 packets over IPv4 routing infrastructure.
IPv6 nodes that use this technique are assigned special IPv6 unicast addresses that carry a global IPv4 address in the low-order 32 bits. This type of address is termed an "IPv4 compatible IPv6 address" and has the format:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|0000| IPv4 address |
+--------------------------------------+----+---------------------+
Note: The IPv4 address used in the "IPv4-compatible IPv6 address" must be a globally-unique IPv4 unicast address.A second type of address is termed an "IPv4-mapped IPv6 address" and has the format:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+
2.5.6 Local-Use IPv6 Unicast Addresses
There are two types of local-use unicast addresses
- Link-Local
| 10 |
| bits | 54 bits | 64 bits |
+----------+-------------------------+----------------------------+
|1111111010| 0 | interface ID |
+----------+-------------------------+----------------------------+
Unlike site-local addresses, link-local addresses are never forwarded by routers and therefore can only be reached on the link.
| 10 |
| bits | 54 bits | 64 bits |
+----------+-------------------------+----------------------------+
|1111111011| subnet ID | interface ID |
+----------+-------------------------+----------------------------+
Site-local addresses are equivalent to private IP addresses in IPv4. The address space reserved for these addresses, which are only routed within an organization and not on the public Internet 2.6 Anycast Addresses
An IPv6 anycast address is an address that is assigned to more than one interface (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface having that address, according to the routing protocols' measure of distance.
Anycast addresses are allocated from the unicast address space. Thus, anycast addresses are syntactically indistinguishable from unicast addresses.
When a unicast address is assigned to more than one interface, thus turning it into an anycast address, the nodes to which the address is assigned must be explicitly configured to know that it is an anycast address.
2.7 Multicast Addresses
An IPv6 multicast address is an identifier for a group of interfaces (typically on different nodes).
| 8 | 4 | 4 | 112 bits |
+------ -+----+----+---------------------------------------------+
|11111111|flgs|scop| group ID |
+--------+----+----+---------------------------------------------+
- flgs is a set of 4 flags
+-+-+-+-+
|0|0|0|T|
+-+-+-+-+
T = 0 indicates a permanently-assigned ("well-known") multicast address, assigned by the Internet Assigned Number Authority (IANA). T = 1 indicates a non-permanently-assigned ("transient") multicast address.
0 reserved
1 interface-local scope
2 link-local scope
3 reserved
4 admin-local scope
5 site-local scope
6 (unassigned)
7 (unassigned)
8 organization-local scope
9 (unassigned)
A (unassigned)
B (unassigned)
C (unassigned)
D (unassigned)
E global scope
F reserved
[rfc4291]Pre-Defined Multicast Addresses
The following well-known multicast addresses are pre-defined.
- Reserved Multicast Addresses
FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0
FF0A:0:0:0:0:0:0:0
FF0B:0:0:0:0:0:0:0
FF0C:0:0:0:0:0:0:0
FF0D:0:0:0:0:0:0:0
FF0E:0:0:0:0:0:0:0
FF0F:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:1
FF02:0:0:0:0:0:0:1
FF01:0:0:0:0:0:0:2
FF02:0:0:0:0:0:0:2
FF05:0:0:0:0:0:0:2
FF02:0:0:0:0:1:FF00:0000
FF02:0:0:0:0:1:FFFF:FFFF
This address is required for IPv6 Neighbor Discovery which we use for layer two address discovery.One of the differences between IPv4 and IPv6 is that we don’t use ARP (Address Resolution Protocol) anymore. ND (Neighbor Discovery Protocol) will replace the functionality of ARP.
ND uses ICMP and solicited node multicast addresses to discover the layer 2 address of other IPv6 hosts the same network (local link). It uses two messages to accomplish this:
- Neighbor solicitation message The neighbor solicitation message is used primarily to find the layer two address of another IPv6 address on the local link, it’s also used for DAD (Duplicated Address Detection). In this packet the source address will be the source address of the host that is sending the neighbor solicitation, the destination address will be the solicited node multicast address of the remote host. Every IPV6 device will compute a solicited node multicast address by taking the multicast group address (FF02::1:FF /104) and adding the last 6 hexadecimal characters from its IPv6 address. It will then join this multicast group address and “listens” to it. When one host wants to find the layer two address of another host, it will send the neighbor solicitation to the remote host’s solicited node multicast address. It can calculate the solicited node multicast address of the remote host since it knows about the multicast group address and it knows the IPv6 address that it wants to reach. Neighbor solicitation messages are also used to check if a remote host is reachable. In this case, the destination address will be the unicast address of the remote host.
- Neighbor advertisement message Once the remote host receives the neighbor solicitation it will reply with the neighbor advertisement message. The source address is the IPv6 address of the host and the destination address is the IPv6 address of the remote host that sent the neighbor solicitation. The most important part is that this message includes the layer two address of the host.
Enabling IPv6
Linux
Modern Linux distributions already contain IPv6-ready kernels, the IPv6 capability is generally compiled as a module, but it's possible that this module is not loaded automatically on startup.Check for IPv6 support in the current running kernel
Following entry must exists:# ls /proc/net/if_inet6If this fails, it is quite likely, that the IPv6 module is not loaded.
Try to load IPv6 module
# modprobe ipv6 modprobe: FATAL: Module ipv6 not found in directory /lib/modules/5.4.61If this is successful, this module should be listed, testable with following auto-magically line:
# lsmod |grep -w 'ipv6' && echo "IPv6 module successfully loaded"
Compile kernel with IPv6 capabilities
CONFIG_IPV6=yOptions for the ipv6 module(CONFIG_IPV6=m) are supplied as parameters at load time.
Module options may be given as command line arguments to the insmod or modprobe command, but are usually specified in either /etc/modules.d/*.conf configuration files, or in a distro-specific configuration file.
The available ipv6 module parameters:
- disable Specifies whether to load the IPv6 module, but disable all its functionality.
- 0 IPv6 is enabled.
- 1 IPv6 is disabled.
- autoconf Specifies whether to enable IPv6 address autoconfiguration on all interfaces.
- 0 IPv6 address autoconfiguration is disabled on all interfaces.
- 1 IPv6 address autoconfiguration is enabled on all interfaces.
- disable_ipv6 Specifies whether to disable IPv6 on all interfaces.
- 0 IPv6 is enabled on all interfaces.
- 1 IPv6 is disabled on all interfaces.
This is the default value.
No IPv6 addresses will be added to interfaces, and it will not be possible to open an IPv6 socket.
A reboot is required to enable IPv6.
This might be used when one does not wish for addresses to be automatically generated from prefixes received in Router Advertisements.
Only the IPv6 loopback address (::1) and link-local addresses will be added to interfaces.
This is the default value.
This is the default value.
No IPv6 addresses will be added to interfaces.
Windows
Monitoring IPv6 Addresses with the netsh Command
C:\>netsh
netsh>interface ipv6
netsh interface ipv6>show addres
Microsoft Windows [版本 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\jay>netsh
netsh>interface ipv6
netsh interface ipv6>show addres
...
netsh interface ipv6>
netsh interface ipv6>h;exit
The difference between IPv4 and IPv6
The fields in the IPv4 header that aren’t present in the IPv6 header have gray text; the field that’s present in IPv6 but not in IPv4 is shown in bold.
The changes from IPv4 to IPv6 are
- Version 6 rather than 4
- Internet Header Length (IHL) the length of the IPv4 header is no longer needed because the IPv6 header is always 40 bytes long.
- Type of Service Traffic Class in IPv6, enerally the RFC 2474 diffserv interpretation is assumed
- Flow Label new in IPv6.
- Total Length the length of the IPv4 packet including the header, but in IPv6, the Payload Length doesn’t include the 40-byte IPv6 header.
- Identification, Flags, and Fragment Offset Fragmentation in IPv6 works very differently
- Time to Live now called Hop Limit
- Protocol Next Header in IPv6. It indicates the type of header that follows the IPv4 or IPv6 header.(6 for TCP or 17 for UDP)
- Header Checksum Checksums removed in IPv6. However, higher-layer protocols should be able to detect these problems so they’re not fatal.
- Source Address and Destination Address they are now four times as long at 128 bits
Instead, they’re put in a header of their own that sits between the IPv6 header and the TCP or UDP (or other higher level protocol) header.
- Hop-by-Hop Options
- Routing Similar to the Source Route option in IPv4
- Fragment
- Authentication
- Encapsulating Security Payload (ESP)
- Destination Options
ICMPv6
In IPv4, when a router or the destination host can’t process the packet properly, it sends back an ICMP error message along with the original IP header and the first eight bytes of the higher-layer header.
Because IPv6 supports an arbitrary number of extension headers between the IPv6 header and the higher-layer header, ICMPv6 returns as much of the original packet.
The Internet Protocol version 6 (IPv6) uses the Internet Control Message Protocol (ICMP) as defined for IPv4 [RFC-792], with a number of changes.
The resulting protocol is called ICMPv6 and has an IPv6 Next Header value of 58.
Every ICMPv6 message is preceded by an IPv6 header and zero or more IPv6 extension headers.
The ICMPv6 messages have the following general format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Message Body +
| |
- The type field indicates the type of the message. Its value determines the format of the remaining data.
- The code field depends on the message type. It is used to create an additional level of message granularity.
- The checksum field is used to detect data corruption in the ICMPv6 message and parts of the IPv6 header.
- 1 Destination unreachable. The destination IP address, protocol, or port number is unreachable, or communication is “administratively prohibited.”
- 2 Packet too big. The packet is too large to be transmitted to the next hop.
- 3 Time exceeded. The Hop Count field reached zero.
- 4 Parameter problem. This message is sent when a router or host encounters an invalid value in a header field or an unknown extension header or option.
- 128 Echo request. These are the packets sent by the ping6 utility.
- 129 Echo reply. These are the ping replies.
- 130 Multicast listener query. Routers use this query to ask hosts for their multicast group memberships.
- 131 Multicast listener report. Hosts use this message to report their multicast group memberships.
- 132 Multicast listener done. Hosts use this message to report that it leaves a multicast group.
- 133 Router solicitation. Hosts send this message to trigger a router advertisement.
- 134 Router advertisement. Routers send this message to allow hosts to perform stateless autoconfiguration.
- 135 Neighbor solicitation. Routers and hosts use this message to ask for a neighbor’s MAC address.
- 136 Neighbor advertisement. Routers and hosts send this message in reply to a neighbor solicitation.
- 137 Redirect message. Routers use these messages to tell hosts to use a different next hop address for a certain destination.
Neighbor Discovery
The "link" is a communication facility or medium over which nodes can communicate at the link layer, i.e., the layer immediately below IP.
MAC address is called “link address” in the new IPv6 terminology.
Nodes (hosts and routers) use Neighbor Discovery to determine the link-layer addresses for neighbors known to reside on attached links and to quickly purge cached values that become invalid.
Hosts also use Neighbor Discovery to find neighboring routers that are willing to forward packets on their behalf.
Finally, nodes use the protocol to actively keep track of which neighbors are reachable and which are not, and to detect changed link-layer addresses.
When a router or the path to a router fails, a host actively searches for functioning alternates.
Neighbor Discovery makes use of a number of different addresses defined in [ADDR-ARCH], including:
- all-nodes multicast address the link-local scope address to reach all nodes. FF02::1
- all-routers multicast address the link-local scope address to reach all routers. FF02::2
- solicited-node multicast address A link-local scope multicast address that is computed as a function of the solicited target's address. A solicited-node multicast address is formed by taking the low-order 24 bits of an address (unicast or anycast) and appending those bits to the prefix FF02:0:0:0:0:1:FF00::/104 resulting in a multicast address in the range FF02:0:0:0:0:1:FF00:0000 to FF02:0:0:0:0:1:FFFF:FFFF . For example, the solicited-node multicast address corresponding to the IPv6 address 4037::01:800:200E:8C6C is FF02::1:FF0E:8C6C. IPv6 addresses that differ only in the high-order bits will map to the same solicited-node address, thereby reducing the number of multicast addresses a node must join.
- link-local address a unicast address having link-only scope that can be used to reach neighbors. All interfaces on routers MUST have a link-local address. Also, [ADDRCONF] requires that interfaces on hosts have a link-local address.
A node is required to compute and join (on the appropriate interface) the associated solicited-node multicast addresses for all unicast and anycast addresses that have been configured for the node's interfaces (manually or automatically).
Whenever a system needs to find out the link address for another system residing on
the same link, it sends a neighbor solicitation to the solicited node multicast address that the IPv6 address of the remote system maps to.
Solicited-node multicast addresses are used with IPv6 neighbor discovery to provide the same function as the Address Resolution Protocol (ARP) in IPv4.
ARP uses broadcasts to send an ARP request to the broadcast MAC address ff:ff:ff:ff:ff:ff, which is received by all stations on the local link, although only one station—the one being queried—would need to respond. The other stations still have to process and discard the request. This interruption can cause problems on networks if the amount of broadcast traffic becomes excessive.
Neighbor Discovery defines five different ICMP packet types:
- A pair of Router Solicitation and Router Advertisement messages
- A pair of Neighbor Solicitation and Neighbor Advertisements messages
- A Redirect message
- Router Solicitation When an interface becomes enabled, hosts may send out Router Solicitations that request routers to generate Router Advertisements immediately rather than at their next scheduled time.
- Router Advertisement Routers advertise their presence together with various link and Internet parameters either periodically, or in response to a Router Solicitation message. Router Advertisements contain prefixes that are used for on-link determination and/or address configuration, a suggested hop limit value, etc.
- Neighbor Solicitation Sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection(DAD).
- Neighbor Advertisement A response to a Neighbor Solicitation message. A node may also send unsolicited Neighbor Advertisements to announce a link-layer address change.
- Redirect Used by routers to inform hosts of a better first hop for a destination.
Router Advertisements (and per-prefix flags) allow routers to inform hosts how to perform Address Autoconfiguration.
For example, routers can specify whether hosts should use stateful (DHCPv6) and/or autonomous (stateless) address configuration.
The exact semantics and usage of the address configuration-related information is specified in [ADDRCONF].
IPv6 defines both a stateful and stateless address autoconfiguration mechanism.
- stateful autoconfiguration Hosts obtain interface addresses and/or configuration information and parameters from a server. The stateful autoconfiguration protocol allows hosts to obtain addresses, other configuration information or both from a server.
- stateless approach
The typical steps that take place when an interface autoconfigures itself:
- Nodes (both hosts and routers) begin the autoconfiguration process by generating a link-local address for the interface.
- Verify that this "tentative" address is not already in use by another node on the link by sending a Neighbor Solicitation message containing the tentative address as the target.
- Once a node ascertains that its tentative link-local address is unique, it assigns it to the interface. At this point, the node has IP-level connectivity with neighboring nodes.
- Hosts obtain a Router Advertisement or determining that no routers are present
Working Example:
Assume a host needs to make a local delivery to another host on the local network, and the target host has an IPv6 address of fe80::2aa:ff:fe28:9c5a .
In order to make a Layer-2 (e.g. Ethernet) delivery, it needs to know the target host's hardware address.
To do this, an IPv6 host will construct the Solicited-node Multicast Address related to the target address.
fe80::2aa:ff:fe28:9c5a Target address (compressed notation)
fe80:0000:0000:0000:02aa:00ff:fe28:9c5a Target address (uncompressed notation)
-- ---- the last 24-bits
ff02::1:ff00:0/104 Solicited-node Multicast Address prefix
ff02:0000:0000:0000:0000:0001:ff00:0000/104 (uncompressed)
---- ---- ---- ---- ---- ---- -- The first 104 bits
ff02:0000:0000:0000:0000:0001:ff28:9c5a Result
ff02::1:ff28:9c5a Result (compressed notation)
The result is the IPv6 link-local solicited node multicast address that the Neighbor Solicitation packet is sent to.Solicited-node multicast addresses are used with IPv6 neighbor discovery to provide the same function as the Address Resolution Protocol (ARP) in IPv4.
ARP uses broadcasts to send an ARP request to the broadcast MAC address ff:ff:ff:ff:ff:ff, which is received by all stations on the local link.
Because a solicited-node multicast address is a function of the last 24-bits of an IPv6 unicast (or anycast) address, the number of hosts that are subscribed to each solicited-node multicast address is very small.
Neighbor Unreachability Detection
IPv6 hosts and routers actively track whether their neighbors are reachable.
They do this by periodically sending neighbor discovery messages directly to the neighbor.
Stateless Address Autoconfiguration
IPv6 adds “stateless autoconfiguration” as a means for hosts to be configured with an address.
With stateless autoconfiguration in effect (and it usually is), a host listens for routers to tell it which 64 bits to use for the top half of the IPv6 address.
All hosts connected to the same network share these 64 bits.
Hosts then derive the bottom 64 bits from their Ethernet MAC address to arrive at a full 128-bit IPv6 address.
If there are several routers that advertise different 64-bit prefixes, hosts simply create multiple addresses by combining each of those prefixes with the MAC-derived 64-bit values.
With IPv6, manually configuring server addresses is no longer necessary, as there is no longer any “state” (configuration information) that can get lost or corrupted.
Hosts and routers always configure link-local addresses on every interface on which IPv6 is enabled.
The link-local address is nearly always derived from the interface’s MAC address, but to guarantee uniqueness, it’s necessary to perform Duplicate Address Detection (DAD).
Once a host has a link-local address, it can proceed to obtain one or more global IPv6 addresses by using RFC 2462 stateless address autoconfiguration.
IPv6 routers send out router advertisement (RA) packets (ICMPv6 type 134) periodically and in response to router solicitations.
When a dual-protocol host joins a network it sends an ICMPv6 (type 133) Router Solicitation (RS) message to inquire about the local IPv6-capable router on the network.
The local router is tuned into the ff02::2 (all-router’s multicast group address) and will receive the RS message.
In response to the RS, the router immediately sends an ICMPv6 (type 134) Routing Advertisement (RA) message to the all nodes on the network (ff02::1, the all nodes multicast group address).
The router also sends the RA messages periodically (typically every 200 seconds) to keep the nodes informed of any changes to the addressing information for the LAN.
The RA message contains important information for nodes as well as which method they should use to obtain their IPv6 address. The RA contains several flags that are set that the nodes watch for and use.
The information in RAs includes:
- A-bit Autonomous Address Autoconfiguration Flag tells the node it should perform stateless address assignment (SLAAC RFC 4862)
- L-bit On-Link Flag tells the node that the prefix listed in the RA is the local IPv6 address
- M-bit Managed Address Config Flag tells the host if it should use stateful DHCPv6 (RFC 3315) to acquire its address and other DHCPv6 options
- O-bit Other Config Flag tells the host that there is other information the router can provide (such as DNS information defined in Stateless DHCPv6 (RFC 3736))
ICMPv6 RAs are intended to help facilitate bootstrapping the connectivity of an IPv6 node on a network.
They tell the hosts on the LAN how they should go about acquiring their global unicast IPv6 address and become productive members of the network.
The RA also provides the end-node information about the local router and its ability to be the default gateway.
This process is well documented in Section 4 of the IETF RFC 4861 “Neighbor Discovery for IP version 6 (IPv6)”.
Working With IPv6 and Mac OS
How do I get an IPv6 Address on MAC OS
"System Preferences" - "Network" and click on the “Advance…” button on your Ethernet settings, you should see “Configure IPv6” and it’s set to automatic. You’re DONE!
Now, finding is your IPv6 address:
$ ifconfig en0
en0: flags=8863 mtu 1500
ether 04:0c:ce:d4:c2:34
inet6 fe80::60c:ceff:fed4:c234%en0 prefixlen 64 scopeid 0x4
inet 192.168.0.104 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=1
media: autoselect
status: active
How to test IPv6 on your local network
NAME
>ping6 -- send ICMPv6 ECHO_REQUEST packets to network hosts
SYNOPSIS
ping6 [-CDdfHmnNoqtvwW] [-a addrtype] [-b bufsiz] [-B boundif] [-c count] [-g gateway] [-h hoplimit]
[-I interface] [-i wait] [-k trafficclass] [-l preload] [-P policy] [-p pattern] [-S sourceaddr]
[-s packetsize] [-z tclass] [hops ...] host
DESCRIPTION
The ping6 utility uses the ICMPv6 protocol's mandatory ICMP6_ECHO_REQUEST datagram to elicit an ICMP6_ECHO_REPLY
from a host or gateway. ICMP6_ECHO_REQUEST datagrams (``pings'') have an IPv6 header, and ICMPv6 header format-
ted as documented in RFC2463. The options are as follows:
-a addrtype
Generate ICMPv6 Node Information Node Addresses query, rather than echo-request. addrtype must be a
string constructed of the following characters.
a requests unicast addresses from all of the responder's interfaces. If the character is omitted,
only those addresses which belong to the interface which has the responder's address are
requests.
c requests responder's IPv4-compatible and IPv4-mapped addresses.
g requests responder's global-scope addresses.
s requests responder's site-local addresses.
l requests responder's link-local addresses.
A requests responder's anycast addresses. Without this character, the responder will return uni-
cast addresses only. With this character, the responder will return anycast addresses only.
Note that the specification does not specify how to get responder's anycast addresses. This is
an experimental option.
-b bufsiz
Set socket buffer size.
-B boundif
Bind the socket to interface boundif for sending.
-C Prohibit the socket from using the cellular network interface.
-c count
Stop after sending (and receiving) count ECHO_RESPONSE packets.
-D Disable IPv6 fragmentation.
-d Set the SO_DEBUG option on the socket being used.
-f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is
more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a
backspace is printed. This provides a rapid display of how many packets are being dropped. Only the
super-user may use this option. This can be very hard on a network and should be used with caution.
-g gateway
Specifies to use gateway as the next hop to the destination. The gateway must be a neighbor of the
sending node.
-H Specifies to try reverse-lookup of IPv6 addresses. The ping6 utility does not try reverse-lookup unless
the option is specified.
-h hoplimit
Set the IPv6 hoplimit.
-I interface
Source packets with the given interface address. This flag applies if the ping destination is a multi-
cast address, or link-local/site-local unicast address.
-i wait
Wait wait seconds between sending each packet. The default is to wait for one second between each
packet. The wait time may be fractional, but only the super-user may specify values less than 0.1 sec-
ond. This option is incompatible with the -f option.
-k trafficlass
Specifies the traffic class to use for sending ICMPv6 packets. The supported traffic classes are
BK_SYS, BK, BE, RD, OAM, AV, RV, VI, VO and CTL. By default ping6 uses the control traffic class (CTL).
-l preload
If preload is specified, ping6 sends that many packets as fast as possible before falling into its nor-
mal mode of behavior. Only the super-user may use this option
-m By default, ping6 asks the kernel to fragment packets to fit into the minimum IPv6 MTU. The -m option
will suppress the behavior in the following two levels: when the option is specified once, the behavior
will be disabled for unicast packets. When the option is more than once, it will be disabled for both
unicast and multicast packets.
-n Numeric output only. No attempt will be made to lookup symbolic names from addresses in the reply.
-N Probe node information multicast group (ff02::2:xxxx:xxxx). host must be string hostname of the target
(must not be a numeric IPv6 address). Node information multicast group will be computed based on given
host, and will be used as the final destination. Since node information multicast group is a link-local
multicast group, outgoing interface needs to be specified by -I option.
-o Exit successfully after receiving one reply packet.
-p pattern
You may specify up to 16 ``pad'' bytes to fill out the packet you send. This is useful for diagnosing
data-dependent problems in a network. For example, ``-p ff'' will cause the sent packet to be filled
with all ones.
-P policy
policy specifies IPsec policy to be used for the probe.
-q Quiet output. Nothing is displayed except the summary lines at startup time and when finished.
-r Audible. Include a bell (ASCII 0x07) character in the output when any packet is received.
-R Audible. Output a bell (ASCII 0x07) character when no packet is received before the next packet is
transmitted. To cater for round-trip times that are longer than the interval between transmissions,
further missing packets cause a bell only if the maximum number of unreceived packets has increased.
-S sourceaddr
Specifies the source address of request packets. The source address must be one of the unicast
addresses of the sending node, and must be numeric.
-s packetsize
Specifies the number of data bytes to be sent. The default is 56, which translates into 64 ICMP data
bytes when combined with the 8 bytes of ICMP header data. You may need to specify -b as well to extend
socket buffer size.
-t Generate ICMPv6 Node Information supported query types query, rather than echo-request. -s has no
effect if -t is specified.
-v Verbose output. ICMP packets other than ECHO_RESPONSE that are received are listed.
-w Generate ICMPv6 Node Information DNS Name query, rather than echo-request. -s has no effect if -w is
specified.
-W Same as -w, but with old packet format based on 03 draft. This option is present for backward compati-
bility. -s has no effect if -w is specified.
-z tclass
Use the specified traffic class.
hops IPv6 addresses for intermediate nodes, which will be put into type 0 routing header.
host IPv6 address of the final destination node.
When using ping6 for fault isolation, it should first be run on the local host, to verify that the local network
interface is up and running. Then, hosts and gateways further and further away should be ``pinged''. Round-
trip times and packet loss statistics are computed. If duplicate packets are received, they are not included in
the packet loss calculation, although the round trip time of these packets is used in calculating the round-trip
time statistics. When the specified number of packets have been sent (and received) or if the program is termi-
nated with a SIGINT, a brief summary is displayed, showing the number of packets sent and received, and the min-
imum, mean, maximum, and standard deviation of the round-trip times.
If ping6 receives a SIGINFO (see the status argument for stty(1)) signal, the current number of packets sent and
received, and the minimum, mean, maximum, and standard deviation of the round-trip times will be written to the
standard output in the same format as the standard completion message.
This program is intended for use in network testing, measurement and management. Because of the load it can
impose on the network, it is unwise to use ping6 during normal operations or from automated scripts.
DUPLICATE AND DAMAGED PACKETS
The ping6 utility will report duplicate and damaged packets. Duplicate packets should never occur when pinging
a unicast address, and seem to be caused by inappropriate link-level retransmissions. Duplicates may occur in
many situations and are rarely (if ever) a good sign, although the presence of low levels of duplicates may not
always be cause for alarm. Duplicates are expected when pinging a broadcast or multicast address, since they
are not really duplicates but replies from different hosts to the same request.
Damaged packets are obviously serious cause for alarm and often indicate broken hardware somewhere in the ping6
packet's path (in the network or in the hosts).
EXAMPLES
Normally, ping6 works just like ping(8) would work; the following will send ICMPv6 echo request to dst.foo.com.
ping6 -n dst.foo.com
The following will probe hostnames for all nodes on the network link attached to en0 interface. The address
ff02::1 is named the link-local all-node multicast address, and the packet would reach every node on the network
link.
ping6 -w ff02::1%en0
The following will probe addresses assigned to the destination node, dst.foo.com.
ping6 -a agl dst.foo.com
NAME
ndp -- control/diagnose IPv6 neighbor discovery protocol
SYNOPSIS
ndp -a [-lnt]
ndp -A wait [-nt]
ndp -c [-nt]
ndp -d [-nt] hostname
ndp -f [-nt] filename
ndp -H
ndp -I [delete | interface]
ndp -i interface [flags...]
ndp -p
ndp -P
ndp -r
ndp -R
ndp -s [-nt] nodename ether_addr [temp] [proxy]
DESCRIPTION
The ndp command manipulates the address mapping table used by Neighbor Discovery Protocol (NDP).
-a Dump the currently existing NDP entries.
-A wait
Repeat -a (dump NDP entries) every wait seconds.
-c Erase all the NDP entries.
-d Delete specified NDP entry.
-f Parse the file specified by filename.
-H Harmonize consistency between the routing table and the default router list; install the top entry of
the list into the kernel routing table.
-I [delete | interface]
Shows or specifies the default interface used as the default route when there is no default router. If
no argument is given to the option, the current default interface will be shown. If an interface is
specified, the interface will be used as the default. If a special keyword delete is specified, the
current default interface will be deleted from the kernel.
-i interface [flags...]
View ND information for the specified interface. If additional arguments flags are given, ndp sets or
clears the specified flags for the interface. Possible flags are as follows. All of the flags can
begin with the special character `-', which means the flag should be cleared.
nud turn on or off NUD (Neighbor Unreachability Detection) on the interface. NUD is usually turned
on by default.
disabled
IPv6 can be disabled separately from other network protocols. This flag can be turned on auto-
matically when Duplicate Address Detection (DAD) indicates that another device on the network is
using the same link-local address.
proxy_prefixes
the interface is enabled to proxy neighbor discovery for global scope prefixes matching those on
link at other interfaces.
ignore_na
ignore neighbor advertisements received on this interface.
insecure do not use cryptographically generated addresses (CGA) on this interface.
-l Show link-layer reachability information.
-n Do not try to resolve numeric address to hostname.
-p Show prefix list.
-P Flush all the entries in the prefix list.
-r Show default router list.
-R Flush all the entries in the default router list.
-s Register an NDP entry for a node. The entry will be permanent unless the word temp is given in the com-
mand. If the word proxy is given, this system will act as an proxy NDP server, responding to requests
for hostname even though the host address is not its own.
-t Print timestamp on each entries, to make it possible to merge output with tcpdump(1). Most useful when
the interface is enabled to proxy neighbor discovery for global scope prefixes matching those on
link at other interfaces.
ignore_na
ignore neighbor advertisements received on this interface.
insecure do not use cryptographically generated addresses (CGA) on this interface.
-x Show extended link-layer reachability information in addition to that shown by the -l flag.
-w Show the cryptographically generated address (CGA) parameters for the node.
EXAMPLES
Neighbour discovery (command for IPv4 was arp -a -n):
ndp -a -n
Network Troubleshooting Tools, IPv4 and IPv6
Address configuration is more complicated in IPv6 than IPv4 because there are different types of IPv6 address and IPv6 addresses can exist in different states.
The following types of addresses are defined for IPv6:
- Global addresses Like public IPv4 addresses, IPv6 global addresses are globally reachable on the IPv6 portion of the Internet. Global IPv6 addresses typically begin with a 2 or a 3.
- Link-local Like Automatic Private IP Addressing (APIPA) addresses (169.254.0.0/16), link-local addresses are used on a specific link. Link-local addresses always begin with fe80.
- Site-local Like private IPv4 addresses, site-local addresses are used within an organization's intranet and can be reused for different sites of an organization. Site-local addresses always begin with fec, fed, fee, or fef. Site-local addresses have been deprecated in RFC 3879, but can be used in current IPv6 implementations.
The interface ID (the last 64 bits of a unicast IPv6 address) can be:
- Based on the IEEE 802 address of an installed network adapter The IEEE 802 address, commonly referred to as a media access control (MAC) address, is 48 bits and assigned to each network adapter as it is manufactured. The Extended Unique Identifier (EUI)-64 address is a newer 64-bit MAC address. IEEE 802 addresses can be converted to EUI-64 addresses. Interface IDs for unicast IPv6 addresses can be based on the EUI-64 address of a network adapter.
- Randomly-generated RFC 3041 defines temporary IPv6 addresses, which use a randomly generated interface ID and a relatively short valid lifetime. Temporary IPv6 addresses are typically used by client applications when initiating communication, such as a Web browser, and are not registered in DNS. Public IPv6 addresses are typically used by server applications for incoming connections, such as a Web server, and are registered in DNS. Public IPv6 addresses can have randomly generated or EUI-64-based interface IDs.
IPv6 uses an additional identifier known as a zone identifier (ID) (also known as a scope ID). The zone ID specifies a zone, which is a connected portion of a network that has a specified scope.
The syntax specified in RFC 4007 for identifying the zone associated with a local-use address is the following:
Address%zone_ID
Address is a local-use address and zone_ID is an integer value representing the zone. The values of the zone ID are defined relative to the host.
For Windows-based IPv6 hosts, the zone IDs for local-use addresses are defined as follows:
- For link-local addresses the zone ID is typically the interface index< of the interface either assigned the address or to be used as the sending interface for a link-local destination. The interface index is an integer starting at 1 that is assigned to IPv6 interfaces, which include a loopback and one or multiple tunnel or LAN interfaces. You can view the list of interface indexes from the display of the command
netsh interface ipv6 show interface
netsh interface ipv6 show address level=verbose
IPv6 hosts typically automatically configure IPv6 addresses by interacting with a router and performing stateless IPv6 address autoconfiguration. After being verified as unique, autoconfigured addresses are in one or more of the following states:
- Valid An address for which uniqueness has been verified and from which unicast traffic can be sent and received. Autoconfigured addresses have a valid lifetime assigned by the router.
- Preferred A valid address that can be used for new communications. Autoconfigured addresses also have a preferred lifetime assigned by the router.
- Deprecated A valid address that cannot be used for new communications. Existing communication sessions can still use a deprecated address.
- Invalid An address for which a node can no longer send or receive traffic. An address enters the invalid state after the valid lifetime expires.
In IPv6, the default routers are automatically configured through router discovery and the address of a default router is the link-local address of the IPv6 router's interface on the local subnet.
By default, Windows-based hosts send their DNS queries over IPv4 using the IPv4 address of the DNS server as configured by the Dynamic Host Configuration Protocol (DHCP).
Routes, which can be categorized as the following:
- Routes with a 128-bit prefix length (/128) are host routes for a specific IPv6 destination. By default, only host routes for locally configured IPv6 address are in the IPv6 route table.
- Routes with a 64-bit prefix length (/64) are subnet routes for locally attached subnets.
- The ::/0 routes are default routes.
- The ff00::/8 are routes for multicast traffic.
A summary of various troubleshooting commands for common client operating systems for both IPv4 and IPv6.
Apple OS X, *BSD
Ping for IPv4 | /sbin/ping |
Ping for IPv6 | /sbin/ping6 |
Traceroute for IPv4 | /usr/sbin/traceroute |
Traceroute for IPv6 | /usr/sbin/traceroute6 |
Interface Info | /sbin/ifconfig |
IPv4 Route table | /usr/sbin/netstat -f inet -rn |
IPv6 Route table | /usr/sbin/netstat -f inet6 -rn |
IPv4 arp table | /usr/sbin/arp -an |
IPv6 ndp table | /usr/sbin/ndp -an |
Windows: Vista, 7, Server 2008 and higher
Ping for IPv4 ping -4 Ping for IPv6 ping -6 Traceroute for IPv4 tracert -4 Traceroute for IPv6 tracert -6 Interface Info ipconfig /all IPv6 show address netsh interface ipv6 show address IPv6 show interface netsh interface ipv6 show interface IPv4 Route table netsh interface ipv4 show route IPv6 Route table netsh interface ipv6 show route IPv4 arp table arp -a IPv6 ndp table netsh interface ipv6 show neighbors Assign IPv6 address Netsh interface ipv6 add address adaptor_sname address=2001:f10:7001:6::101 store=persistent Configure DNS server netsh interface ipv6 add dns
Enable IPv6 in WindowsXP
On the DOS command window, enter:
- netsh
- interface
- ipv6
- install
Linux
Notes:
Ping for IPv4 ping Ping for IPv6 ping6 Traceroute for IPv4 traceroute -4 Traceroute for IPv6 traceroute -6 Interface Info ip address show IPv4 Route table netstat -A inet -rn IPv6 Route table netstat -A inet6 -rn IPv4 arp table arp -an IPv6 ndp table ip -6 neighbor show
- Paths differ between distributions.
- traceroute6 is usually installed as a hard link to traceroute and defaults to using the -6 flag. Forcing the -4 or -6 options is useful to make sure you are using the correct ip version during troubleshooting.
Solaris
Ping for IPv4/usr/sbin/ping -A inet | |
Ping for IPv6 | /usr/sbin/ping -A inet6 |
Traceroute for IPv4 | /usr/sbin/traceroute -A inet |
Traceroute for IPv6 | /usr/sbin/traceroute -A inet6 |
Interface Info | /bin/netstat -ain |
IPv4 Route table | /bin/netstat -f inet -rn |
IPv6 Route table | /bin/netstat -f inet6 -rn |
IPv4 arp table | /bin/netstat -pn -f inet |
IPv6 ndp table | /bin/netstat -pn -f inet6 |
How to test IPv6
Tested Web Site
If your network connection can not use the IPv6 protocol, it may be possible to enable IPv6 support in your router configuration or by asking your ISP. If your ISP doesn't support IPv6 yet, you may use a tunnel provider to access the IPv6 Internet through your IPv4-only connection.Netgear Nighthawk with "6to4 Tunnel"
ifconfig en0:
- before
en0: flags=8863 mtu 1500
ether 2c:f0:ee:2c:65:fc
inet6 fe80::2ef0:eeff:fe2c:65fc%en0 prefixlen 64 scopeid 0x4
inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
inet6 2002:c0a8:103::2ef0:eeff:fe2c:65fc prefixlen 64 autoconf
inet6 2002:c0a8:103::807d:8286:413:49d4 prefixlen 64 autoconf temporary
nd6 options=1
media: autoselect
status: active
en0: flags=8863 mtu 1500
ether 2c:f0:ee:2c:65:fc
inet6 fe80::2ef0:eeff:fe2c:65fc%en0 prefixlen 64 scopeid 0x4
inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
inet6 2002:c0a8:103::2ef0:eeff:fe2c:65fc prefixlen 64 deprecated autoconf
inet6 2002:c0a8:103::807d:8286:413:49d4 prefixlen 64 deprecated autoconf temporary
inet6 2002:24e1:2aa2::2ef0:eeff:fe2c:65fc prefixlen 64 autoconf
inet6 2002:24e1:2aa2::dca4:3bc2:a422:2146 prefixlen 64 autoconf temporary
nd6 options=1
media: autoselect
status: active
The DNS Problem
DHCPv6 is the only way that is defined(rfc-3315) for automatically configuring IPv6 DNS addresses.
留言