IPv6 deployment:addressing

From LQWiki
Jump to: navigation, search

IPv6 and IPv4 addressing compared

For the networking professional, the most obvious change from IPv4 to IPv6 is the vast increase in IP address space.

In IPv6, the expression of an address as a "dotted-quad," or dotted decimal has been replaced by a different representation. As you may recall, IPv4 addresses are typically represented as a sequence of four 8-bit values (bytes), each byte separated by a period. Thus, the following IPv4 address (in binary):

    10111101001000001100111101100001

would be divided into four bytes:

    10111101.00100000.11001111.01100001

which in turn would be translated into decimal equivalents as:

    189.32.207.97

With IPv6 addresses, the notation is slightly different. Each address is broken into eight 2-byte pieces which are delimited by a colon. Thus, the following IPv6 address (in binary):

11111110 11000000 00000000 00000000 00000000 00000000 00000000 00000000 00000010 00100000 11101101 11111111 11111110 01101010 00001111 01110110

would be divided into eight 2-byte pieces (note that we insert extra spaces for readability, but they are not required in the notation):

1111111011000000: 0000000000000000: 0000000000000000: 0000000000000000: 0000001000100000: 1110110111111111: 1111111001101010: 0000111101110110

which in turn would be translated into hexadecimal equivalents as:

fec0:0000:0000:0000: 0220:edff:fe6a:0f76

With IPv6 addresses, some shorthand can be taken. For instance, leading "0"s within each 2-byte piece can be dropped:

    fec0:0:0:0:220:edff:fe6a:f76

Also, a single series of "0"s can be dropped and replaced with two adjacent colons to signify that "0"s can be added to make the address fit into 128 bits:

    fec0::220:edff:fe6a:f76

However, this reduction can only be used once in any address in order to not violate uniqueness. Imagine the trouble we would get into trying to represent the following addresses with more than one double colon:

8d:0:0:2d69:0:0:0:1234 can safely be represented as 8d:0:0:2d69::1234
8d:0:2d69:0:0:0:0:1234 can safely be represented as 8d:0:2d69::1234
8d:0:0:0:2d69:0:0:1234 can safely be represented as 8d::2d69:0:0:1234

This reduction can be used for the localhost interface in IPv6 (the equivalent of IPv4's 127.0.0.1). This localhost address is 0:0:0:0:0:0:0:1 or ::1. The reduction can also be applied to the default network (the equivalent of IPv4's 0.0.0.0) as simply ::.

Subnetting in IPv6 follows similar rules as in IPv4. The general idea is that a subnet mask can be applied to any address. Using this subnet mask, a router can determine which bits represent the network membership of an address and which bits represent the host's address. In the IPv4 world, the network address 192.168.1.4/24 (or alternative notation of subnet mask 255.255.255.0) means that the network address is represented by the first 24 bits of the address and that the host address is represented by the remaining 8 bits (32 bit address space minus 24 bit network address = 8 bits for host address). The notation 192.168.1.4/24 is usually referred to as a CIDR (Classless Interdomain Routing) address. We give an example of subnet masking in binary, which is easier to visualize:

The IPv4 address 192.168.1.4 would be represented in binary as:
         11000000.10101000.00000001.00000100
The subnet mask 255.255.255.0 would be represented in binary as:
         11111111.11111111.11111111.00000000
which shows that the first 24 bits of the subnet mask are "1". Then "bitwise AND" the 2 values together to get the network address:
         11000000.10101000.00000001.000000000
which indicates that the network portion of the address is 192.168.1.0 (24 bits of network address, plus a trailing zero byte). Then subtract the network address from the original address to get the host's address:
         00000000.00000000.00000000.00000100
which indicates that the host is 0.0.0.4, or, more simply, just 4.


In IPv6, the idea of subnet masks is similar, but the network addresses are much larger (explained later in this section). We illustrate with our previous IPv6 address example, assuming a network of /64 (meaning that the network address is the left-hand 64 bits of the total 128 bits). We will use hexadecimal arithmetic rather than binary arithmetic, because binary is just too cumbersome for IPv6 addresses.

The IPv6 address fec0::220:edff:fe6a:f76 would be expanded to:
         fec0:0000:0000:0000:0220:edff:fe6a:0f76
The subnet mask for a /64 network would be:
         ffff:ffff:ffff:ffff:0000:0000:0000:0000 
Then "bitwise AND" the 2 values together to get the network address:
         fec0:0000:0000:0000:0000:0000:0000:0000 
(64 bits of network address, plus a 64 trailing zero bits). Then subtract the network address from the original address to get the host's address:
         0000:0000:0000:0000: 0220:edff:fe6a:0f76


In IPv4, there is a traditional classification of network, based on the first octet (leftmost byte) of the address. However, this classification is no longer formally part of the IP addressing architecture, and has been replaced by CIDR (Classless Interdomain Routing). In summary:

       Allocation       1st Octet       
       -----------      -------- 
       Class "A"        0 - 126  
       Reserved         127
     
       Class "B"        128 - 191
       Class "C"        192 - 223
       Class "D"        224 - 239
       Class "E"        240 - 254
       Reserved         255
       

Or, by using the "First Octet" Rule:

       Bit Pattern      Class of Address
       ------------     ----------------
       0                A  
       10               B
       110              C  
       1110             D  
       1111             E
Figure 1.2 IPv4 Network Allocations

However, in IPv6 we have 2 octets of information with which to divide our networks (also see RFC 3513).

 Allocation                      Prefix        Fraction of
                                 (binary)      Address Space
 ------------------------------  --------      -------------
 Reserved                        0000 0000     1/256
 Unassigned                      0000 0001     1/256
 Reserved for NSAP Allocation    0000 001      1/128
 Reserved for IPX Allocation     0000 010      1/128
 Unassigned                      0000 011      1/128
 Unassigned                      0000 1        1/32
 Unassigned                      0001          1/16
 Unassigned                      001           1/8
 Provider-Based Unicast Address  010           1/8
 Unassigned                      011           1/8
 Reserved for Geographic-
 Based Unicast Addresses         100           1/8
 Unassigned                      101           1/8
 Unassigned                      110           1/8
 Unassigned                      1110          1/16
 Unassigned                      1111 0        1/32
 Unassigned                      1111 10       1/64
 Unassigned                      1111 110      1/128
 Unassigned                      1111 1110 0   1/512
 Link-Local Use Addresses        1111 1110 10  1/1024
 Site-Local Use Addresses        1111 1110 11  1/1024
 Multicast Addresses             1111 1111     1/256

Figure 1-3 IPv6 Network Allocations

For the scope of our paper, we are interested in four types of addresses. These are link-local addresses, site-local addresses, global unicast addresses (basically anything marked "unassigned" above) and multicast addresses. The term "global unicast address" supersedes the IPv4 term "IP address." We will not discuss anycast addresses which are used by routers specifically for failover, redundancy, and broadcast in IPv6. In IPv6, link-local and site-local addresses represent private address space just as reserved addresses represent them in IPv4, (RFC 1918):

    10.0.0.0    - 10.255.255.255  (10/8 prefix)
    172.16.0.0  - 172.31.255.255  (172.16/12 prefix)
    192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

In IPv6, any network address fe80::/10 is a "link-local" address. The concept of link-local means that machines are physically located in the same data link layer broadcast domain. This would include machines attached via hubs, bridges, and layer 2 switches as well as any machines directly connected. The addresses in network address fec0::/10 are "site-local" addresses and should not be routed outside of your locally-controlled infrastructure (because of the possibility of address collisions with addresses defined at other sites). All other legal addresses are considered to be "global unicast addresses" and are validly used on any node whether connected to the Internet or not. Global unicast addresses must be globally unique, of course.

As with IPv4, IPv6 addresses can be either statically or dynamically assigned. However, the definition of dynamically assigned has changed somewhat with IPv6. There are two dynamic address mechanisms in IPv6. The first (and primary) mechanism for dynamic IP address assignment is called "stateless autoconfiguration"; and uses the hardware address of the machine's interface to negotiate the IP address. For stateless autoconfiguration on a link-local network, an example is:

1. If the node (host or router) has a 48-bit MAC interface identifier of:

    00:01:03:31:AA:DD

then the resulting 64-bit IPv6 interface ID will be:

    0201:03ff:fe31:aadd

or, in shorthand notation:

    201:3ff:fe31:aadd*
* Note: A 48-bit MAC address must be expanded to a 64-bit address for stateless autoconfiguration. To do so, the value fffe is inserted between the third and fourth bytes of the MAC address. Next, the second low-order bit of the first byte of the MAC address is complemented. In binary, our original MAC address looks like this, after expansion:

00000000: 00000001: 00000011: <fffe goes here>: 00110001: 10101010: 11011101

The binary string in italics represents the first byte. The "0" in boldface represents the second low order bit. More colloquially, we could call this the "next to last bit in the first byte". [Stateless Autoconfiguration: RFC 2462]

2. The node prepends this 64-bit interface identifier with the 64-bit link-local interface identifier fe80::0. This address becomes the "tentative address."

3. The node joins the "all-nodes" multicast group (ff02::1) and the solicited node multicast group (ff02:0:0:0:0:1:ffxx:xxxx, where xx:xxxx is the low-order 24 bits of the MAC address of the node's interface). (Multicast groups are explained later in this section.)

4. The node broadcasts a "neighbor solicitation" message to the "all-nodes" multicast group asking if the selected address is taken. If the address is taken, the node stops and manual configuration is required. Otherwise, the state of the address is set to "preferred."

5. The node then sends a "router solicitation request" to the "all routers" multicast group (ff02::2) to determine default routes. The drawback with stateless autoconfiguration is that wherever this mechanism is employed, the size of the host portion of the IP address must be no smaller than 64 bits. This causes quite a few wasted unicast addresses in a typical network address architecture.

The second form of autoconfiguration occurs through the use of the dynamic host configuration protocol (DHCP) and is called "stateful autoconfiguration". DHCP can also be used in conjunction with stateful autoconfiguration to broadcast information other than IP addresses, such as DNS servers, network names, and proxy-servers. This mechanism can subnet a network into much smaller segments than stateless autoconfiguration (creating less wasted network address space) but requires additional management of the DHCP server and the addition of a DHCP client on all machines that require stateful autoconfiguration. Both stateless and stateful autoconfiguration protocols can be used for networks other than site-local through various control protocol mechanisms.

Finally, in IPv6, multicast addresses are used quite frequently for control of network hosts and services. There are two types of multicast addresses; well known and temporary.

The second field, 000x, represents the flags field. The first 3 bits are reserved and must be set to "0". The last bit, x, represents the permanence of the address. 1 represents a temporary multicast address, while 0 represents a permanent (or termed "well-known") address.

The third field, yyyy, represents the "scope" field. The scope of the multicast address can be determined by looking at this table:


 Value      Description 
 -----      ----------- 
 0          Reserved   
 1          Interface-local (network interface card)    
 2          Link-local scope (same as link-local addr)   
 3,4        Unassigned   
 5          Site-Local scope (same as site-local addr)   
 6,7        Unassigned   
 8          Organizational scope   
 9,a,b,c,d  Unassigned   
 e          Global scope   
 f          Reserved

Figure 1-5 IPv6 Multicast Scope Diagram

And finally, the group identifier is used to determine the subscriber (or function) of the multicast listening nodes. For instance, a multicast address of ff01::1 represents the "all nodes" multicast address of scope "interface local," while ff02::1 and ff05::1 represent the "all nodes" multicast address of link-local and site-local scope, respectively. The group identifier of the addresses is the same, only the scope address is different.

Some well-known group identifiers are:

Group Identifier   Description
----------------   -----------  
::1                All nodes  
::2                All routers 
::9                RIP routers 
::1:3              DHCP servers
Figure 1-6 IPv6 Well-Known Multicast Group Identifiers

For more information on multicast addresses, please see RFC 2375.


Internal links

Next section: Maintenance protocols

Main article: IPv6 deployment