IPv6
Addresses
IPv6 (Internet Protocol version 6 ) is
the next generation of the Internet Protocol after IPv4. It provides an
expanded address space, a simplified header format, improved support for
extensions and options, flow labeling capability, and authentication and
privacy capabilities. IPv6 is described in RFC 2460. The IPv6 addressing architecture
is described in RFC 3513.
Note
:This
section describes the IPv6 address format, the types, and prefixes. For
information about configuring the adaptive security appliance to use IPv6
IPv6
addresses are represented as a series of eight 16-bit hexadecimal fields
separated by colons (:) in the format: x:x:x:x:x:x:x:x. The following are two
examples of IPv6 addresses:
It
is not necessary to include the leading zeros in an individual field of the
address. But each field must contain at least one digit. So the example address
2001:0DB8:0000:0000:0008:0800:200C:417A can be shortened to
2001:0DB8:0:0:8:800:200C:417A by removing the leading zeros from the third
through sixth fields from the left. The fields that contained all zeros (the
third and fourth fields from the left) were shortened to a single zero. The
fifth field from the left had the three leading zeros removed, leaving a single
8 in that field, and the sixth field from the left had the one leading zero
removed, leaving 800 in that field.
It
is common for IPv6 addresses to contain several consecutive hexadecimal fields
of zeros. You can use two colons (::) to compress consecutive fields of zeros
at the beginning, middle, or end of an IPv6 address (the colons represent the
successive hexadecimal fields of zeros). Table D-2
shows several examples of address compression for different types of IPv6
address.
Address
Type
|
||
Note
Two colons (::) can be used only
once in an IPv6 address to represent successive fields of zeros.
An
alternative form of the IPv6 format is often used when dealing with an
environment that contains both IPv4 and IPv6 addresses. This alternative has
the format x:x:x:x:x:x:y.y.y.y, where x represent the hexadecimal values for
the six high-order parts of the IPv6 address and y represent decimal values for
the 32-bit IPv4 part of the address (which takes the place of the remaining two
16-bit parts of the IPv6 address). For example, the IPv4 address 192.168.1.1
could be represented as the IPv6 address 0:0:0:0:0:0:FFFF:192.168.1.1, or
::FFFF:192.168.1.1.
•
Unicast—A unicast address is an identifier for a single
interface. A packet sent to a unicast address is delivered to the interface
identified by that address. An interface may have more than one unicast address
assigned to it.
•
Multicast—A multicast address is an identifier for a
set of interfaces. A packet sent to a multicast address is delivered to all
addresses identified by that address.
•
Anycast—An anycast address is an identifier for a set
of interfaces. Unlike a multicast address, a packet sent to an anycast address
is only delivered to the "nearest" interface, as determined by the
measure of distances for the routing protocol.
This
section describes IPv6 unicast addresses. Unicast addresses identify an
interface on a network node.
The
general format of an IPv6 global unicast address is a global routing prefix
followed by a subnet ID followed by an interface ID. The global routing prefix
can be any prefix not reserved by another IPv6 address type (see IPv6 Address Prefixes, for information about the IPv6 address type prefixes).
All
global unicast addresses, other than those that start with binary 000, have a
64-bit interface ID in the Modified EUI-64 format. See Interface Identifiers, for more information about the Modified EUI-64 format for
interface identifiers.
Global
unicast address that start with the binary 000 do not have any constraints on
the size or structure of the interface ID portion of the address. One example
of this type of address is an IPv6 address with an embedded IPv4 address (see IPv4-Compatible IPv6 Addresses).
Site-local
addresses are used for addressing within a site. They can be use to address an
entire site without using a globally unique prefix. Site-local addresses have
the prefix FEC0::/10, followed by a 54-bit subnet ID, and end with a 64-bit
interface ID in the modified EUI-64 format.
Site-local
Routers do not forward any packets that have a site-local address for a source
or destination outside of the site. Therefore, site-local addresses can be
considered private addresses.
All
interfaces are required to have at least one link-local address. You can
configure multiple IPv6 addresses per interfaces, but only one link-local
address.
A
link-local address is an IPv6 unicast address that can be automatically
configured on any interface using the link-local prefix FE80::/10 and the
interface identifier in modified EUI-64 format. Link-local addresses are used
in the neighbor discovery protocol and the stateless autoconfiguration process.
Nodes with a link-local address can communicate; they do not need a site-local
or globally unique address to communicate.
Routers
do not forward any packets that have a link-local address for a source or
destination. Therefore, link-local addresses can be considered private
addresses.
The
first type is the "IPv4-compatibly IPv6 address." The IPv6 transition
mechanisms include a technique for hosts and routers to dynamically tunnel IPv6
packets over IPv4 routing infrastructure. IPv6 nodes that use this technique
are assigned special IPv6 unicast addresses that carry a global IPv4 address in
the low-order 32 bits. This type of address is termed an "IPv4-compatible
IPv6 address" and has the format ::y.y.y.y, where y.y.y.y is an IPv4
unicast address.
The
second type of IPv6 address which holds an embedded IPv4 address is called the
"IPv4-mapped IPv6 address." This address type is used to represent
the addresses of IPv4 nodes as IPv6 addresses. This type of address has the
format ::FFFF:y.y.y.y, where y.y.y.y is an IPv4 unicast address.
The
unspecified address, 0:0:0:0:0:0:0:0, indicates the absence of an IPv6 address.
For example, a newly initialized node on an IPv6 network may use the
unspecified address as the source address in its packets until it receives its
IPv6 address.
The
loopback address, 0:0:0:0:0:0:0:1, may be used by a node to send an IPv6 packet
to itself. The loopback address in IPv6 functions the same as the loopback
address in IPv4 (127.0.0.1).
Interface
identifiers in IPv6 unicast addresses are used to identify the interfaces on a
link. They need to be unique within a subnet prefix. In many cases, the
interface identifier is derived from the interface link-layer address. The same
interface identifier may be used on multiple interfaces of a single node, as
long as those interfaces are attached to different subnets.
For
all unicast addresses, except those that start with the binary 000, the
interface identifier is required to be 64 bits long and to be constructed in
the Modified EUI-64 format. The Modified EUI-64 format is created from the
48-bit MAC address by inverting the universal/local bit in the address and by
inserting the hexadecimal number FFFE between the upper three bytes and lower
three bytes of the of the MAC address.
For
example, and interface with the MAC address of 00E0.b601.3B7A would have a
64-bit interface ID of 02E0:B6FF:FE01:3B7A.
An
IPv6 multicast address is an identifier for a group of interfaces, typically on
different nodes. A packet sent to a multicast address is delivered to all
interfaces identified by the multicast address. An interface may belong to any
number of multicast groups.
An
IPv6 multicast address has a prefix of FF00::/8 (1111 1111). The octet
following the prefix defines the type and scope of the multicast address. A
permanently assigned ("well known") multicast address has a flag
parameter equal to 0; a temporary ("transient") multicast address has
a flag parameter equal to 1. A multicast address that has the scope of a node,
link, site, or organization, or a global scope has a scope parameter of 1, 2,
5, 8, or E, respectively. For example, a multicast address with the prefix
FF02::/16 is a permanent multicast address with a link scope. Figure D-1
shows the format of the IPv6 multicast address.
•
The Solicited-Node Address for each IPv6 unicast and anycast
address on the node: FF02:0:0:0:0:1:FFXX:XXXX/104, where XX:XXXX is the
low-order 24-bits of the unicast or anycast address.
The
IPv6 anycast address is a unicast address that is assigned to more than one
interface (typically belonging to different nodes). A packet that is routed to
an anycast address is routed to the nearest interface having that address, the
nearness being determined by the routing protocol in effect.
Anycast
addresses are allocated from the unicast address space. An anycast address is
simply a unicast address that has been assigned to more than one interface, and
the interfaces must be configured to recognize the address as an anycast
address.
IPv6
hosts must, at a minimum, be configured with the following addresses (either
automatically or manually):
IPv6
routers must, at a minimum, be configured with the following addresses (either
automatically or manually):
•
The Subnet-Router anycast addresses for all interfaces for
which it is configured to act as a router.
An
IPv6 address prefix, in the format ipv6-prefix/prefix-length, can be used to
represent bit-wise contiguous blocks of the entire address space. The
IPv6-prefix must be in the form documented in RFC 2373 where the address is
specified in hexadecimal using 16-bit values between colons. The prefix length
is a decimal value that indicates how many of the high-order contiguous bits of
the address comprise the prefix (the network portion of the address). For
example, 2001:0DB8:8086:6502::/32 is a valid IPv6 prefix.
The
IPv6 prefix identifies the type of IPv6 address. Table D-3
shows the prefixes for each IPv6 address type.
Difference Between IPV4 & IPV6
.jpg)
