IPv6 Addressing
by Chris Leiter, MCT, MCSE, MCDST, MCSA
The current version of TCP/IP is reaching its limits. Technologies such as classless inter-domain routing (CIDR) and Network Address Translation have helped extend the life of IPv4, but these extensions sometimes create bottlenecks, increase administrative overhead, and eventually, the public IP address space will be depleted.
IPv6 is designed to resolve many of the issues surrounding IPv4. With a 128-bit address space, versus IPv4's 32-bits, networks are given more options for scalability and ease of deployment. The IPv4 addressing scheme allows for a maximum of over 4 billion (4 x 109) possible addresses, whereas IPv6 allows for 340 undecillion (3.4 x 1038) addresses.
Scope of this Article
The purpose of this article is to facilitate understanding of the addressing mechanisms used by the next generation IP protocol, known as IPv6. This article assumes the reader has a thorough understanding of IPv4 addressing, and is experienced with decimal, binary, and hexadecimal numbering formats. This document focuses on the structure and format of IPv6 addresses, specifically with unicast addresses for individual interfaces.
Addressing Conventions
IPv6, unlike its predecessor, does not use decimal notation for addressing. This is because the address segments are broken up into 16-byte fields, as opposed to the 8-byte fields used in IPv4. Because of this, the addresses are better represented in hexadecimal format. The following are examples of the addresses from both IPv4 and IPv6.
IPv4: 192.168.48.14
IPv6: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
If we were to convert the above IPv6 address into decimal notation, it might look like the following:
65244:47768:30292:12816:65244:30292:12816
Although it might be easier to 10-key this value, the hex format allows for a cleaner display of the data, requiring fewer character fields for every 16-bit word. IPv6 also allows for the suppression of sequential zeros once in the address.
For example, with the address 1080:0:0:0:8:800:200C:417A, we could easily represent this as 1080::8:800:200C:4178. Even though we're suppressing three words, using the double-colon indicator, that identifies that everything between the first and fifth words have a value of zero. Because it's possible for an address to have multiple instances of sequential zeros, it is important to note that zero compression can only be used once in an address.
If we modify our earlier address to be 1080:0:0:0:8:0:0:417A, we could use 1080::8:0:0:417A to identify that 48 bits are being suppressed, or 1080:0:0:0:8::417A to identify 32 bits are being suppressed, but not 1080::8::417A. This is because it would be impossible to determine exactly how many bits are being suppressed in each instance.
Leading zeros can also be suppressed within each 16-bit word. Note that in the preceding example, the fifth and sixth words are 8 and 800, respectively. If we were to type all 32 characters that represent the 128-bit address space, the address would be 1080:0000:0000:0000:0008:0800:200C:417A. Trailing zeros within a word can never be suppressed. This changes the value represented by that word. Trailing zeros for the address itself, however, can be suppressed, as in the case of a network ID. So the network ID of the preceding example can be represented as 1080::.
Similar to the convention used by CIDR notation, IPv6 uses address prefixes to identify a network range. Typically, this is used to identify address ranges that are subnetted. For example, using the notation FEDC:BA98:7654:3200::/56 represents all addresses in the range from FEDC:BA98:7654:3200:: through FEDC:BA98:7654:32FF:FFFF:FFFF:FFFF:FFFF.
Address Assignment
IPv6 is designed to provide more efficient and useful addressing. In IPv4, CIDR allowed us to "borrow" bits from the host portion of the address in order to create a greater number of networks, with fewer hosts per network. In most casesin IPv6, the host address portion is a fixed 64-bit field, and will never have bits borrowed from it to be able to create more networks.
IPv6 covers three main types of addresses: Unicast, Multicast, and Anycast.
Unicast addresses identify a single interface. Packets destined for unicast addresses are delivered to that interface.
Multicast addresses identify a group of interfaces that typically belong to different nodes. Multicast packets are delivered to all interfaces identified by that address.
Anycast addresses are also used to identify a set of interfaces, but the packets are sent to the node that has the "nearest" interface, rather than all interfaces that use that address. Syntactically, Anycast addresses are identical to Unicast addresses; however, the address must be specifically designated as an Anycast address on the interface.
Broadcast addresses are not used in IPv6. The functions of broadcast addresses have been superseded by multicast addresses.
Unicast Address Scopes
Typically, interfaces using IPv6 are configured with multiple addresses that identify the scope of the network traffic. Unicast addresses are divided into two main segments. The network IDs are identified in the first 64 bits of the address, and the interface IDs are identified using the second half of the address. This allows for 18.4 quintillion (1.84 x 1018) interface IDs per network!
Link-Local Addresses
The first type of unicast address, the link-local address, operates within a network segment, and will not originate from, or be destined, to an interface that requires a router to direct traffic. In this case, link-local addresses operate similarly to layer-2 MAC addresses, allowing for quicker and more direct communication to interfaces on the same segment.
Link-local addresses are identified by using the value "1111111010" in the first ten bits of the IP address. The next 54 bits have a zero value, completing the "network id" portion of the address. The remaining 64 bits represent the interface ID. The network ID of a link-local address is always FE80::.
The interface ID is typically derived from the IEEE 802 addresses. Typically, this is a 48-bit MAC address. Some newer equipment may support a 64-bit IEEE EUI-64 address. The 48-bit MAC address is broken up into two sections. The leftmost 24 bits, known as the Company ID, are used to identify a manufacturer or organization, with the second or rightmost 24 bits, or Extension ID, used as a unique identifier for the device. Combined, these bits create a globally unique address. With EUI-64 addresses, 24 bits are used for the Company ID, and 40 bits for the extension ID, allowing a company to create more devices under a single Company ID.
If the hardware address is based on the IEEE 802 address, 16 additional bits are added between the Company ID and the Extension ID. The value of this 16-bit word is FFFE. So an interface with the MAC address 00-0D-56-98-7E-70 would have an interface ID of 000D:56FF:FE98:7E70.
The link-local address for this interface is FE80::D:56FF:FE98:7E70.
For newer hardware which uses the IEEE EUI-64 addresses, the addresses can be globally or locally administered. The address designation appears in the first byte of the address, by the next-to-the low-order bit. This is known as the Universal/Local (U/L) bit. If the value is 0, then the address was globally administered. A value of 1 indicates a locally administered address.
The lowest-order bit in the first byte indicated whether the address is a unicast (0) address or multicast (1) address. This is referred to as the Individual/Group (I/G) bit. Here are some examples:
| IEEE EUI-64 Address |
First Byte Hex Value |
First Byte Binary Value |
Address Config |
| 00-0D-56-A1-2B-98-7E-70 |
00 |
00000000 |
Global; Unicast |
| 01-0D-56-A1-2B-98-7E-70 |
01 |
00000001 |
Global; Multicast |
| 02-0D-56-A1-2B-98-7E-70 |
02 |
00000010 |
Local; Unicast |
| 01-0D-56-A1-2B-98-7E-70 |
03 |
00000011 |
Local; Multicast |
If the Interface ID is based on an IEEE EUI-64 address, then the U/L bit is complimented, or flipped. This means that if my EUI-64 address is 00-0D-56-A1-2B-98-7E-70, then the Interface ID becomes 020D:56A1:2B98:7E70.
The complete link-local address for this interface then becomes FE80::20D:56A1:2B98:7E70.
Site-Local Addresses
The next type of address is the Site-local address. Site-local addresses serve the same purpose as the 10.x.y.z, 172.16.y.x - 172.31.y.z, and 192.168.y.z address ranges. They are designed to be private, internally routable addresses that do not route outside the site. Site local addresses use the same conventions for interface addresses as described above, but use the binary value of "1111111011" in the first 10 bits. This means that site-local addresses will always begin with FEC0. The next 38 bits in a site-local address are always zero. The last 16 bits of the network portion of the address are used for subnetting. Having 16 bits available for subnetting allows for up to 65,536 subnets to be created for a site, without having to reduce the number of Interface IDs for each subnet.
Using the same interface from the link-local example, the site-local example for the same interface will be: FEC0::20D:56A1:2B98:7E70.
Because the site-local address can be subnetted, our example could include the subnet ID, 3D91, making our site-local address: FEC0::3D91:20D:56A1:2B98:7E70.
Aggregatable Global Unicast Addresses
Finally, the last unicast address we'll examine is the Aggregatable Global Unicast Address. Aggregatable Global Unicast Addresses are essentially publicly accessible addresses. The Network ID portion of the address is broken up into different areas, allowing for hierarchical design and allocation.
The address space for a unicast address is broken up as follows:
| Example: 2AD3:6F7B:7694:3D91 |
20D:54A1:2B98:7E70 |
| 3 |
13 |
8 |
24 |
16 |
64 bits |
| FP |
TLA ID |
RES |
NLA ID |
SLA ID |
Interface ID |
Top-Level Aggregation ID
Aggregatable Global Unicast network IDs always begin with the prefix 001 in the first three bits of the address. This identifies the address as a public address to the protocol stack. The following 13 bits represent the Top Level Aggregation Identifier bits. These bits are controlled and assigned by IANA, and are made available to large-scale ISPs that will provide address ranges to lower-level organizations. These addresses make up the backbone of the IPv6 network space, and routers in these networks do not have a default gateway. The 13 bits allow for up to 8,192 different TLA IDs.
Next-Level Aggregation ID
The following 8 bits are reserved to allow expansion of either the preceding TLA ID or the following NLA ID. The NLA, or Next Level Aggregation ID, is available to non-core ISPs. Medium and smaller ISPs can be assigned these 24-bit network IDs, and within that address space, be able to allocate unique site IDs to clients. ISPs with an NLA ID can break down their NLA ID into multiple hierarchical levels to support smaller ISPs, or a larger number of sites.
An example of the breakdown of NLAs are as follows:
| n |
24-n bits |
16 |
64 bits |
| NLA1 |
Site ID |
SLA ID |
Interface ID |
|
|
m |
24-n-m |
16 |
64 bits |
|
NLA2 |
Site ID |
SLA ID |
Interface ID |
|
|
|
o |
24-n-m-o |
16 |
64 bits |
|
|
NLA3 |
Site ID |
SLA ID |
Interface ID |
Using the above chart, we can see how an organization such as an ISP can use the NLA to create additional networks for clients, by creating additional NLAs, and site IDs. For this example, the organization CompuGlobalHyperMegaNet is a backbone ISP, with the following TLA:
Hex: 2AD3::/16
Binary: 0010 1010 1101 0011
Because the next 24 bits can be used to create hierarchical NLAs, CompuGlobalHyperMegaNet chooses to support multiple types of clients. CGHMN allocates an NLA using ten bits of the NLA field to smaller ISPs. This allows them to support more than 1,000 smaller ISPs.
NationalTelCo is one of the ISPs supported by CompuGlobalHyperMegaNet. NTC is given an NLA of 2AD3:6F40/26. This gives NTC the ability to use any network IDs in the range of 2AD3:6F40:: through 2AD3:6F80::.
NTC's NLA in binary appears as: 0010 1010 1101 0011 0110 1111 01
With 10 bits used to create the individual NLA ID, NTC can either continue to use that one NLA ID, and use the remaining 14 bits for unique site IDs, giving them the ability to support over 16,000 individual sites, or NTC can break down the address space even further, to support smaller regional ISPs. NTC decides to use another six bits to create new NLAs for local ISPs, allowing them to support up to 64 smaller ISPs.
CollegeStudentISP.com is one of NTC's clients. CSI has obtained the NLA ID 2AD3:6F7B::/32, which in binary is equal to: 0010 1010 1101 0011 0110 1111 0111 1011. This gives CSI the ability to use 16 bits for creating unique Site IDs.
Site-Level Aggregation ID
Finally, ISPs will be able to allocate Site IDs to clients, allowing the sites to use the last 16 bits of the network ID for hierarchical routing within the organization. Expanding our earlier example, CollegeStudentISP.com has given the Site ID 2AD3:6F7B:7694::/48 to Major Corp. MajorCorp can now use the 16 bits reserved for the SLA ID, or Site Level Aggregation Identifier, to create up to 65,536 subnets within their organization.
Our interface from the example in section 4.1.1, would then have the address:
2AD3:6F7B:7694:3D91:20D:56A1:2B98:7E70
Summary
IPv6 is a robust protocol suite that addresses many of the problems experienced with the current version of the Internet Protocol. With the increase of global internet use, it is important to move forward to a more advanced addressing mechanism that can overcome the limitations of IPv4. The reader is encouraged to do additional research on advanced topics of IPv6, including address assignment, routing, and IPv4 to IPv6 compatibility tools. The following references may be helpful.
RFC 2373 - "IP Version 6 Addressing Architecture"
RFC 2374 - "An IPv6 Aggregatable Global Unicast Address Format"
RFC 2460 - Internet Protocol, Version 6 (IPv6) Specification
RFC 2461 - Neighbor Discovery for IP Version 6 (IPv6)
RFC 2462 - IPv6 Stateless address Autoconfiguration
Davies, Joseph. Understanding IPv6. Redmond, WA: Microsoft Press, 2003.