This chapter covers the following exam topics:
1.0 Network Fundamentals
1.9 Compare and contrast IPv6 address types
1.9.a Global unicast
1.9.b Unique local
1.9.c Link local
1.9.d Anycast
1.9.e Multicast
1.9.f Modified EUI 64
With IPv4 addressing, some devices, like servers and routers, typically use static predefined IPv4 addresses. End-user devices do not mind if their address changes from time to time, and they typically learn an IPv4 address dynamically using DHCP. IPv6 uses the same approach, with servers, routers, and other devices in the control of the IT group often using predefined IPv6 addresses, and with end-user devices using dynamically learned IPv6 addresses.
This chapter focuses on IPv6 address configuration on routers. The chapter begins with the more obvious IPv6 addressing configuration, with features that mirror IPv4 features, showing how to configure interfaces with IPv6 addresses and view that configuration with show commands. The second half of the chapter introduces new IPv6 addressing concepts, showing some other addresses used by routers when doing different tasks.
Take the quiz (either here or use the PTP software) if you want to use the score to help you decide how much time to spend on this chapter. The letter answers are listed at the bottom of the page following the quiz. Appendix C, found both at the end of the book as well as on the companion website, includes both the answers and explanations. You can also find both answers and explanations in the PTP testing software.
Table 24-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundation Topics Section |
Questions |
---|---|
Implementing Unicast IPv6 Addresses on Routers |
1–3 |
Special Addresses Used by Routers |
4–5 |
1. Router R1 has an interface named Gigabit Ethernet 0/1, whose MAC address has been set to 0200.0001.000A. Which of the following commands, added in R1’s Gigabit Ethernet 0/1 configuration mode, gives this router’s G0/1 interface a unicast IPv6 address of 2001:1:1:1:1:200:1:A, with a /64 prefix length?
a. ipv6 address 2001:1:1:1:1:200:1:A/64
b. ipv6 address 2001:1:1:1:1:200:1:A/64 eui-64
c. ipv6 address 2001:1:1:1:1:200:1:A /64 eui-64
d. ipv6 address 2001:1:1:1:1:200:1:A /64
e. None of the other answers are correct.
2. Router R1 has an interface named Gigabit Ethernet 0/1, whose MAC address has been set to 5055.4444.3333. This interface has been configured with the ipv6 address 2000:1:1:1::/64 eui-64 subcommand. What unicast address will this interface use?
a. 2000:1:1:1:52FF:FE55:4444:3333
b. 2000:1:1:1:5255:44FF:FE44:3333
c. 2000:1:1:1:5255:4444:33FF:FE33
d. 2000:1:1:1:200:FF:FE00:0
3. Router R1 currently supports IPv4, routing packets in and out all its interfaces. R1’s configuration needs to be migrated to support dual-stack operation, routing both IPv4 and IPv6. Which of the following tasks must be performed before the router can also support routing IPv6 packets? (Choose two answers.)
a. Enable IPv6 on each interface using an ipv6 address interface subcommand.
b. Enable support for both versions with the ip versions 4 6 global command.
c. Additionally enable IPv6 routing using the ipv6 unicast-routing global command.
d. Migrate to dual-stack routing using the ip routing dual-stack global command.
4. Router R1 has an interface named Gigabit Ethernet 0/1, whose MAC address has been set to 0200.0001.000A. The interface is then configured with the ipv6 address 2001:1:1:1:200:FF:FE01:B/64 interface subcommand; no other ipv6 address commands are configured on the interface. Which of the following answers lists the link-local address used on the interface?
a. FE80::FF:FE01:A
b. FE80::FF:FE01:B
c. FE80::200:FF:FE01:A
d. FE80::200:FF:FE01:B
5. Which of the following multicast addresses is defined as the address for sending packets to only the IPv6 routers on the local link?
a. FF02::1
b. FF02::2
c. FF02::5
d. FF02::A
Answers to the “Do I Know This Already?” quiz:
1 A
2 B
3 A, C
4 A
5 B
Every company bases its enterprise network on one or more protocol models, or protocol stacks. In the earlier days of networking, enterprise networks used one or more protocol stacks from different vendors, as shown on the left of Figure 24-1. Over time, companies added TCP/IP (based on IPv4) to the mix. Eventually, companies migrated fully to TCP/IP as the only protocol stack in use.
The emergence of IPv6 requires that IPv6 be implemented in end-user hosts, servers, routers, and other devices. However, corporations cannot just migrate all devices from IPv4 to IPv6 over one weekend. Instead, what will likely occur is some kind of long-term migration and coexistence, in which for a large number of years, most corporate networks again use multiple protocol stacks—one based on IPv4 and one based on IPv6.
Eventually, over time, we might all see the day when enterprise networks run only IPv6, without any IPv4 remaining, but that day might take awhile. Figure 24-2 shows the progression, just to make the point, but who knows how long it will take?
One way to add IPv6 support to an established IPv4-based enterprise internetwork is to implement a dual-stack strategy. To do so, the routers can be configured to route IPv6 packets, with IPv6 addresses on their interfaces, with a similar model to how routers support IPv4. Then hosts can implement IPv6 when ready, running both IPv4 and IPv6 (dual stacks). The first major section of this chapter shows how to configure and verify unicast IPv6 addresses on routers.
Cisco routers give us two options for static configuration of IPv6 addresses. In one case, you configure the full 128-bit address, while in the other, you configure a 64-bit prefix and let the router derive the second half of the address (the interface ID). The next few pages show how to configure both options and how the router chooses the second half of the IPv6 address.
To statically configure the full 128-bit unicast address—either global unicast or unique local—the router needs an ipv6 address address/prefix-length interface subcommand on each interface. The address can be an abbreviated IPv6 address or the full 32-digit hex address. The command includes the prefix length value, at the end, with no space between the address and prefix length.
The configuration of the router interface IPv6 address really is that simple. Figure 24-3, along with Examples 24-1 and 24-2, shows a basic example. The figure shows the global unicast IPv6 address used by two different routers, on two interfaces each. As usual, all subnets use a /64 prefix length.
Example 24-1 Configuring Static IPv6 Addresses on R1
ipv6 unicast-routing ! interface GigabitEthernet0/0 ipv6 address 2001:DB8:1111:1::1/64 ! interface GigabitEthernet0/0/0 ipv6 address 2001:0db8:1111:0004:0000:0000:0000:0001/64
Example 24-2 Configuring Static IPv6 Addresses on R2
ipv6 unicast-routing ! interface GigabitEthernet0/0 ipv6 address 2001:DB8:1111:2::2/64 ! interface GigabitEthernet0/1/0 ipv6 address 2001:db8:1111:4::2/64
Note
The configuration on R1 in Example 24-1 uses both abbreviated and unabbreviated addresses, and both lowercase and uppercase hex digits, showing that all are allowed. Router show commands list the abbreviated value with uppercase hex digits.
While the configurations shown in Examples 24-1 and 24-2 focus on the IPv6 address configuration, they also include an important but often overlooked step when configuring IPv6 on Cisco routers: IPv6 routing needs to be enabled. On Cisco routers, IPv4 routing is enabled by default, but IPv6 routing is not enabled by default. The solution takes only a single command—ipv6 unicast-routing—which enables IPv6 routing on the router.
A router must enable IPv6 globally (ipv6 unicast-routing) and enable IPv6 on the interface (ipv6 address) before the router will attempt to route IPv6 packets in and out an interface. If you omit the ipv6 unicast-routing command but configure interface IPv6 addresses, the router will not route any received IPv6 packets, but the router will act as an IPv6 host. If you include the ipv6 unicast-routing command but omit all the interface IPv6 addresses, the router will be ready to route IPv6 packets but have no interfaces that have IPv6 enabled, effectively disabling IPv6 routing.
IPv6 uses many show commands that mimic the syntax of IPv4 show commands. For example:
The show ipv6 interface brief command gives you interface IPv6 address info, but not prefix length info, similar to the IPv4 show ip interface brief command.
The show ipv6 interface command gives the details of IPv6 interface settings, much like the show ip interface command does for IPv4.
The one notable difference in the most common commands is that the show interfaces command still lists the IPv4 address and mask but tells us nothing about IPv6. So, to see IPv6 interface addresses, use commands that begin with show ipv6. Example 24-3 lists a few samples from Router R1, with the explanations following.
Example 24-3 Verifying Static IPv6 Addresses on Router R1
! The first interface is in subnet 1 R1# show ipv6 interface GigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1:AAFF:FE00:1 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:1111:1::1, subnet is 2001:DB8:1111:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses. R1# show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::1:AAFF:FE00:1 2001:DB8:1111:1::1 GigabitEthernet0/1 [administratively down/down] unassigned GigabitEthernet0/0/0 [up/up] FE80::32F7:DFF:FE29:8568 2001:DB8:1111:4::1 GigabitEthernet0/1/0 [administratively down/down] unassigned
First, focus on the output of the two show ipv6 interface commands at the top of the example, which lists interface G0/0, showing output about that interface only. Note that the output lists the configured IPv6 address and prefix length, as well as the IPv6 subnet (2001:DB8:1111:1::/64), which the router calculated based on the IPv6 address.
The end of the example lists the output of the show ipv6 interface brief command. Similar to the IPv4-focused show ip interface brief command, this command lists IPv6 addresses, but not the prefix length or prefixes. This command also lists all interfaces on the router, whether or not IPv6 is enabled on the interfaces. For example, in this case, the only two interfaces on R1 that have an IPv6 address are G0/0 and G0/0/0, as configured earlier in Example 24-1.
Beyond the IPv6 addresses on the interfaces, the router also adds IPv6 connected routes to the IPv6 routing table off each interface. Just as with IPv4, the router keeps these connected routes in the IPv6 routing table only when the interface is in a working (up/up) state. But if the interface has an IPv6 unicast address configured, and the interface is working, the router adds the connected routes. Example 24-4 shows the connected IPv6 on Router R1 from Figure 24-3.
Example 24-4 Displaying Connected IPv6 Routes on Router R1
R1# show ipv6 route connected IPv6 Routing Table - default - 5 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid lA - LISP away, a - Application C 2001:DB8:1111:1::/64 [0/0] via GigabitEthernet0/0, directly connected C 2001:DB8:1111:4::/64 [0/0] via GigabitEthernet0/0/0, directly connected
IPv6 follows the same general model as IPv4 regarding which types of devices typically use static, predefined addresses and which use dynamically learned address. For example, routers inside an enterprise use static IPv4 addresses, while end-user devices typically learn their IPv4 address using DHCP. With IPv6, routers also typically use static IPv6 addresses, while user devices use DHCP or Stateless Address Auto Configuration (SLAAC) to dynamically learn their IPv6 address.
Even though engineers typically choose to use stable and predictable IPv6 interface addresses, IOS supports two different methods to configure a stable address. One method uses the ipv6 address command to define the entire 128-bit address, as shown in Examples 24-1 and 24-2. The other method uses this same ipv6 address command, but the command configures only the 64-bit IPv6 prefix for the interface and lets the router automatically generate a unique interface ID.
This second method uses rules called modified EUI-64 (extended unique identifier). Often, in the context of IPv6 addressing, people refer to modified EUI-64 as just EUI-64; there is no other term or concept about EUI-64 that you need to know for IPv6. The configuration that uses EUI-64 includes a keyword to tell the router to use EUI-64 rules, along with the 64-bit prefix. The router then uses EUI-64 rules to create the interface ID part of the address, as follows:
Split the 6-byte (12-hex-digit) MAC address in two halves (6 hex digits each).
Insert FFFE in between the two, making the interface ID now have a total of 16 hex digits (64 bits).
Invert the seventh bit of the interface ID.
Figure 24-4 shows the major pieces of how the address is formed.
Note
You can find a video about the EUI-64 process on the companion website, in the Chapter Review section for this chapter.
Although this process might seem a bit convoluted, it works. Also, with a little practice, you can look at an IPv6 address and quickly notice the FFFE in the middle of the interface ID and then easily find the two halves of the corresponding interface’s MAC address. But you need to be ready to do the same math, in this case to predict the EUI-64 formatted IPv6 address on an interface.
For example, if you ignore the final step of inverting the seventh bit, the rest of the steps just require that you move the pieces around. Figure 24-5 shows two examples, just so you see the process.
Both examples follow the same process. Each starts with the MAC address, breaking it into two halves (Step 2). The third step inserts FFFE in the middle, and the fourth step inserts a colon every four hex digits, keeping with IPv6 conventions.
While the examples in Figure 24-5 show most of the steps, they omit the final step. The final step requires that you convert the first byte (first two hex digits) from hex to binary, invert the seventh of the 8 bits, and convert the bits back to hex. Inverting a bit means that if the bit is a 0, make it a 1; if it is a 1, make it a 0. Most of the time, with IPv6 addresses, the original bit will be 0 and will be inverted to a 1.
For example, Figure 24-6 completes the two examples from Figure 24-5, focusing only on the first two hex digits. The examples show each pair of hex digits (Step 1) and the binary equivalent (Step 2). Step 3 shows a copy of those same 8 bits, except the seventh bit is inverted; the example on the left inverts from 0 to 1, and the example on the right inverts from 1 to 0. Finally, the bits are converted back to hex at Step 4.
Note
If you do not remember how to do hex-to-binary conversions, take a few moments to review the process. If you memorize the 16 hex values for digits 0 through F, with the corresponding binary values, the conversion can be easy. If you do not have those handy in your memory, take a few moments to look at Table A-2 in Appendix A, “Numeric Reference Tables.”
For those of you who prefer the decimal shortcuts, with a little memorization you can do the bit-flip math without doing any hex-binary conversions. First, note that the process to invert the seventh bit, when working with a hexadecimal IPv6 address, flips the third of 4 bits in a single hex digit. With only 16 single hex digits, you could memorize what each hex digit becomes if its third bit is inverted, and you can easily memorize those values with a visual process.
If you want to try to memorize the values, it helps to work through the following process a few times, so grab a piece of scratch paper. Then write the 16 single hex digits as shown on the left side of Figure 24-7. That is, write them in eight rows of two numbers each, with the spacing as directed in the figure.
Next, start at the top of the lists and draw arrow lines between two numbers in the same column on the top left (0 and 2). Then move down the left-side column, connecting the next two digits (4 and 6) with an arrow line, then 8 and A, and then C and E. Repeat the process on the right, re-creating the right side of Figure 24-7.
The figure you drew (and the right side of Figure 24-7) shows the hex digits which, when you invert their third bit, convert to the other. That is, 0 converts to 2; 2 converts to 0; 1 converts to 3; 3 converts to 1; 4 converts to 6; 6 converts to 4; and so on. So, on the exam, if you can remember the pattern to redraw Figure 24-7, you could avoid doing binary/hexadecimal conversion. Use whichever approach makes you more comfortable.
As usual, the best way to get comfortable with forming these EUI-64 interface IDs is to calculate some yourself. Table 24-2 lists some practice problems, with an IPv6 64-bit prefix in the first column and the MAC address in the second column. Your job is to calculate the full (unabbreviated) IPv6 address using EUI-64 rules. The answers are at the end of the chapter, in the section “Answers to Earlier Practice Problems.”
Table 24-2 IPv6 EUI-64 Address Creation Practice
Prefix |
MAC Address |
Unabbreviated IPv6 Address |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configuring a router interface to use the EUI-64 format uses the ipv6 address address/prefix-length eui-64 interface subcommand. The eui-64 keyword tells the router to find the interface MAC address and do the EUI-64 conversion math to find the interface ID.
Example 24-5 shows a revised configuration on Router R1, as compared to the earlier Example 24-1. In this case, R1 uses EUI-64 formatting for its IPv6 addresses.
Example 24-5 Configuring R1’s IPv6 Interfaces Using EUI-64
ipv6 unicast-routing ! ! The ipv6 address command now lists a prefix, not the full address interface GigabitEthernet0/0 mac-address 0201.aa00.0001 ipv6 address 2001:DB8:1111:1::/64 eui-64 ! interface GigabitEthernet0/0/0 ipv6 address 2001:DB8:1111:4::/64 eui-64 R1# show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::1:AAFF:FE00:1 2001:DB8:1111:1:1:AAFF:FE00:1 GigabitEthernet0/1 [administratively down/down] unassigned GigabitEthernet0/0/0 [up/up] FE80::32F7:DFF:FE29:8568 2001:DB8:1111:4:32F7:DFF:FE29:8568 GigabitEthernet0/0/1 [administratively down/down] unassigned
The example uses only Ethernet interfaces, all of which have a universal MAC address to use to create their EUI-64 interface IDs. However, in this case, the configuration includes the mac-address command under R1’s G0/0 interface, which causes IOS to use the configured MAC address instead of the universal (burned-in) MAC address. Interface G0/0/0 defaults to use its universal MAC address. Following that math:
G0/0 – MAC 0201.AA00.0001
– Interface ID 0001.AAFF.FE00.0001
G0/0 – MAC 30F7.0D29.8568
– Interface ID 32F7.0DFF.FE29.8568
Also, be aware that for interfaces that do not have a MAC address, like serial interfaces, the router uses the MAC of the lowest-numbered router interface that does have a MAC.
Note
When you use EUI-64, the address value in the ipv6 address command should be the prefix, not the full 128-bit IPv6 address. However, if you mistakenly type the full address and still use the eui-64 keyword, IOS accepts the command and converts the address to the matching prefix before putting the command into the running config file. For example, IOS converts ipv6 address 2000:1:1:1::1/64 eui-64 to ipv6 address 2000:1:1:1::/64 eui-64.
In most cases, network engineers will configure the IPv6 addresses of router interfaces so that the addresses do not change until the engineer changes the router configuration. However, routers can be configured to use dynamically learned IPv6 addresses. These can be useful for routers connecting to the Internet through some types of Internet access technologies, like DSL and cable modems.
Cisco routers support two ways for the router interface to dynamically learn an IPv6 address to use:
Stateful DHCP
Stateless Address Autoconfiguration (SLAAC)
Both methods use the familiar ipv6 address command. Of course, neither option configures the actual IPv6 address; instead, the commands configure a keyword that tells the router which method to use to learn its IPv6 address. Example 24-6 shows the configuration, with one interface using stateful DHCP and one using SLAAC.
Example 24-6 Router Configuration to Learn IPv6 Addresses with DHCP and SLAAC
! This interface uses DHCP to learn its IPv6 address interface FastEthernet0/0 ipv6 address dhcp ! ! This interface uses SLAAC to learn its IPv6 address interface FastEthernet0/1 ipv6 address autoconfig
IPv6 configuration on a router begins with the simple steps discussed in the first part of this chapter. After you configure the ipv6 unicast-routing global configuration command, to enable the function of IPv6 routing, the addition of a unicast IPv6 address on an interface causes the router to do the following:
Gives the interface a unicast IPv6 address
Enables the routing of IPv6 packets in/out that interface
Defines the IPv6 prefix (subnet) that exists off that interface
Tells the router to add a connected IPv6 route for that prefix, to the IPv6 routing table, when that interface is up/up
Note
In fact, if you pause and look at the list again, the same ideas happen for IPv4 when you configure an IPv4 address on a router interface.
While all the IPv6 features in this list work much like similar features in IPv4, IPv6 also has a number of additional functions not seen in IPv4. Often, these additional functions use other IPv6 addresses, many of which are multicast addresses. This second major section of the chapter examines the additional IPv6 addresses seen on routers, with a brief description of how they are used.
IPv6 uses link-local addresses as a special kind of unicast IPv6 address. These addresses are not used for normal IPv6 packet flows that contain data for applications. Instead, these addresses are used by some overhead protocols and for routing. This next topic first looks at how IPv6 uses link-local addresses and then how routers create link-local addresses.
IPv6 defines rules so that packets sent to any link-local address should not be forwarded by any router to another subnet. As a result, several IPv6 protocols make use of link-local addresses when the protocol’s messages need to stay within the local LAN. For example, Neighbor Discovery Protocol (NDP), which replaces the functions of IPv4’s ARP, uses link-local addresses.
Routers also use link-local addresses as the next-hop IP addresses in IPv6 routes, as shown in Figure 24-8. IPv6 hosts also use a default router (default gateway) concept, like IPv4, but instead of the router address being in the same subnet, hosts refer to the router’s link-local address. The show ipv6 route command lists the link-local address of the neighboring router, rather than the global unicast or unique local unicast address.
Following are some key facts about link-local addresses:
Unicast (not multicast): Link-local addresses represent a single host, and packets sent to a link-local address should be processed by only that one IPv6 host.
Forwarding scope is the local link only: Packets sent to a link-local address do not leave the local data link because routers do not forward packets with link-local destination addresses.
Automatically generated: Every IPv6 host interface (and router interface) can create its own link-local address automatically, solving some initialization problems for hosts before they learn a dynamically learned global unicast address.
Common uses: Link-local addresses are used for some overhead protocols that stay local to one subnet and as the next-hop address for IPv6 routes.
IPv6 hosts and routers can calculate their own link-local address, for each interface, using some basic rules. First, all link-local addresses start with the same prefix, as shown on the left side of Figure 24-9. By definition, the first 10 bits must match prefix FE80::/10, meaning that the first three hex digits will be either FE8, FE9, FEA, or FEB. However, when following the RFC, the next 54 bits should be binary 0, so the link-local address should always start with FE80:0000:0000:0000 as the first four unabbreviated quartets.
The second half of the link-local address, in practice, can be formed using EUI-64 rules, can be randomly generated, or even configured. Cisco routers use the EUI-64 format to create the interface ID (see the earlier section “Generating a Unique Interface ID Using Modified EUI-64”). As a result, a router’s complete link-local address should be unique because the MAC address that feeds into the EUI-64 process should be unique.
Alternately, some OSs create their link-local addresses by randomly generating the interface ID. For example, Microsoft OSs use a somewhat random process to choose the interface ID and change it over time in an attempt to prevent some forms of attacks.
IOS creates a link-local address for any interface that has configured at least one other unicast address using the ipv6 address command (global unicast or unique local). To see the link-local address, just use the usual commands that also list the unicast IPv6 address: show ipv6 interface and show ipv6 interface brief. Note that Example 24-7 shows an example from Router R1 just after it was configured as shown in Example 24-5 (with the eui-64 keyword on the ipv6 address commands).
Example 24-7 Comparing Link-Local Addresses with EUI-Generated Unicast Addresses
R1# show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::1:AAFF:FE00:1 2001:DB8:1111:1:1:AAFF:FE00:1 GigabitEthernet0/1 [administratively down/down] unassigned GigabitEthernet0/0/0 [up/up] FE80::32F7:DFF:FE29:8568 2001:DB8:1111:4:32F7:DFF:FE29:8568 GigabitEthernet0/0/1 [administratively down/down] unassigned
First, examine the two pairs of highlighted entries in the example. For each of the two interfaces that have a global unicast address (G0/0 and G0/0/0), the output lists the global unicast, which happens to begin with 2001 in this case. At the same time, the output also lists the link-local address for each interface, beginning with FE80.
Next, focus on the two addresses listed under interface G0/0. If you look closely at the second half of the two addresses listed for interface G0/0, you will see that both addresses have the same interface ID value. The global unicast address was configured in this case with the ipv6 address 2001:DB8:1111:1::/64 eui-64 command, so the router used EUI-64 logic to form both the global unicast address and the link-local address. The interface MAC address in this case is 0201.AA00.0001, so the router calculates an interface ID portion of both addresses as 0001:AAFF:FE00:0001 (unabbreviated). After abbreviation, Router R1’s link-local address on interface G0/0 becomes FE80::AAFF:FE00:1.
IOS can either automatically create the link-local address, or it can be configured. IOS chooses the link-local address for the interface based on the following rules:
If configured, the router uses the value in the ipv6 address address link-local interface subcommand. Note that the configured link-local address must be from the correct address range for link-local addresses; that is, an address from prefix FE80::/10. In other words, the address must begin with FE8, FE9, FEA, or FEB.
If not configured, the IOS calculates the link-local address using EUI-64 rules, as discussed and demonstrated in and around Example 24-7. The calculation uses EUI-64 rules even if the interface unicast address does not use EUI-64.
This chapter has shown four variations on the ipv6 address command so far. To review:
ipv6 address address/prefix-length: Static configuration of a specific address
ipv6 address prefix/prefix-length eui-64: Static configuration of a specific prefix and prefix length, with the router calculating the interface ID using EUI-64 rules
ipv6 address dhcp: Dynamic learning on the address and prefix length using DHCP
ipv6 address autoconfig: Dynamic learning of the prefix and prefix length, with the router calculating the interface ID using EUI-64 rules (SLAAC)
This next short topic completes the list with the following command:
ipv6 enable: Enables IPv6 processing and adds a link-local address, but adds no other unicast IPv6 addresses.
The purpose of the ipv6 enable command will not make sense until you realize that some links, particularly WAN links, do not need a global unicast address. Using the backdrop of Figure 24-10, think about the destination of packets sent by hosts like PC1 and PC2. When PC1 sends PC2 an IPv6 packet, the packet holds PC1’s and PC2’s IPv6 addresses and never contains the WAN link’s IPv6 addresses. PC1 and PC2 may need to know the routers’ LAN IPv6 addresses, to use as their default gateway, but the hosts do not need to know the routers’ WAN interface addresses.
Additionally, the routers do not need to have global unicast (or unique local) addresses on the WAN links for routing to work. IPv6 routing protocols use link-local addresses as the next-hop address when dynamically building IPv6 routes. Additionally, static routes, as discussed in Chapter 25, “Implementing IPv6 Routing,” can use link-local addresses for the next-hop address.
In short, creating a WAN link with no global unicast (or unique local) addresses works. As a result, you would not even need to assign an IPv6 subnet to each WAN link. Then to configure the WAN interfaces, use the ipv6 enable command, enabling IPv6 and giving each interface a generated link-local IPv6 address.
To use the command, just configure the ipv6 enable command on the interfaces on both ends of the WAN link.
IPv6 uses multicast IPv6 addresses for several purposes. Like IPv4, IPv6 includes a range of multicast addresses that can be used by multicast applications, with many of the same fundamental concepts as IPv4 multicasts. For instance, IANA defines the range FF30::/12 (all IPv6 addresses that begin with FF3) as the range of addresses to be used for some types of multicast applications.
Additionally, different IPv6 RFCs reserve multicast addresses for specific purposes. For instance, OSPFv3 uses FF02::5 and FF02::6 as the all-OSPF-routers and all-DR-Routers multicast addresses, respectively, similar to how OSPFv2 uses IPv4 addresses 224.0.0.5 and 224.0.0.6 for the equivalent purposes.
This next section focuses on IPv6 multicast addresses reserved for use with different protocols. The first, link-local multicast addresses, are multicast addresses useful for communicating over a single link. The other type is a special overhead multicast address calculated for each host, called the solicited-node multicast address.
Stop for a moment and think about some of the control plane protocols discussed throughout this book so far. Some of those IPv4 control plane protocols used IPv4 broadcasts, meaning that the packet destination address was either 255.255.255.255 (the address for all hosts in the local LAN) or the subnet broadcast address (the address for all hosts in that specific subnet). Those broadcast packets were then sent as Ethernet broadcast frames, destined to the Ethernet broadcast address of FFFF.FFFF.FFFF.
While useful, the IPv4 approach of IPv4 broadcast and LAN broadcast requires every host in the VLAN to process the broadcast frame, even if only one other device needed to think about the message. Also, each host has to process the frame, then packet, read the type of message, and so on, before ignoring the task. For example, an IPv4 ARP Request—an IPv4 and LAN broadcast—requires a host to process the Ethernet, IP, and ARP details of the message before deciding whether to reply or not.
IPv6, instead of using Layer 3 and Layer 2 broadcasts, instead uses Layer 3 multicast addresses, which in turn cause Ethernet frames to use Ethernet multicast addresses. As a result:
All the hosts that should receive the message receive the message, which is necessary for the protocols to work. However…
…Hosts that do not need to process the message can make that choice with much less processing as compared to IPv4.
For instance, OSPFv3 uses IPv6 multicast addresses FF02::5 and FF02::6. In a subnet, the OSPFv3 routers will listen for packets sent to those addresses. However, all the endpoint hosts do not use OSPFv3 and should ignore those OSPFv3 messages. If a host receives a packet with FF02::5 as the destination IPv6 address, the host can ignore the packet because the host knows it does not care about packets sent to that multicast address. That check takes much less time than the equivalent checks with IPv4.
Table 24-3 lists the most common reserved IPv6 multicast addresses.
Table 24-3 Key IPv6 Local-Scope Multicast Addresses
Short Name |
Multicast Address |
Meaning |
IPv4 Equivalent |
---|---|---|---|
All-nodes |
FF02::1 |
All-nodes (all interfaces that use IPv6 that are on the link) |
224.0.0.1 |
All-routers |
FF02::2 |
All-routers (all IPv6 router interfaces on the link) |
224.0.0.2 |
All-OSPF, All-OSPF-DR |
FF02::5, FF02::6 |
All OSPF routers and all OSPF-designated routers, respectively |
224.0.0.5, 224.0.0.6 |
RIPng Routers |
FF02::9 |
All RIPng routers |
224.0.0.9 |
EIGRPv6 Routers |
FF02::A |
All routers using EIGRP for IPv6 (EIGRPv6) |
224.0.0.10 |
DHCP Relay Agent |
FF02::1:2 |
All routers acting as a DHCPv6 relay agent |
None |
Note
An Internet search of “IPv6 Multicast Address Space Registry” will show the IANA page that lists all the reserved values and the RFC that defines the use of each address.
Example 24-8 repeats the output of the show ipv6 interface command to show the multicast addresses used by Router R1 on its G0/0 interface. In this case, the highlighted lines show the all-nodes address (FF02::1), all-routers (FF02::2), and two for OSPFv3 (FF02::5 and FF02::6). Note that the IPv6 multicast addresses that the router interface is listening for and processing are listed under the heading “Joined group address(es):” at the top of the highlighted section of the output.
Example 24-8 Verifying Static IPv6 Addresses on Router R1
R1# show ipv6 interface GigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:1111:1::1, subnet is 2001:DB8:1111:1::/64 [EUI] Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:FF00:1 ! Lines omitted for brevity
IPv6 RFC 4291 defines IPv6 addressing including the ideas of IPv6 address scope. Each scope defines a different set of rules about whether routers should or should not forward a packet, and how far routers should forward packets, based on those scopes.
For instance, you read earlier in this chapter about the link-local address on an interface—a unicast IPv6 address—but with a link-local scope. The scope definition called “link-local” dictates that packets sent to a link-local unicast address should remain on the link and not be forwarded by any router.
Most of the scope discussion in RFC 4291 applies to multicast addresses, using the term multicast scope. Per that RFC, the fourth digit of the multicast address identifies the scope, as noted in Table 24-4.
Table 24-4 IPv6 Multicast Scope Terms
Scope Name |
First Quartet |
Scope Defined by… |
Meaning |
---|---|---|---|
Interface-Local |
FF01 |
Derived by Device |
Packet remains within the device. Useful for internally sending packets to services running on that same host. |
Link-Local |
FF02 |
Derived by Device |
Host that creates the packet can send it onto the link, but no routers forward the packet. |
Site-Local |
FF05 |
Configuration on Routers |
Intended to be more than Link-Local, so routers forward, but must be less than Organization-Local; generally meant to limit packets so they do not cross WAN links. |
Organization-Local |
FF08 |
Configuration on Routers |
Intended to be broad, probably for an entire company or organization. Must be broader than Site-Local. |
Global |
FF0E |
No Boundaries |
No boundaries. |
Breaking down the concepts a little further, packets sent to a multicast address with a link-local scope should stay on the local link, that is, the local subnet. Hosts know they can process a link-local packet if received, as do routers. However, routers know to not route the packet to other subnets because of the scope. Packets with an organization-local scope should be routed inside the organization but not out to the Internet or over a link to another company. (Note that routers can predict the boundaries of some scopes, like link-local, but they need configuration to know the boundaries of other scopes, for instance, organization-local.)
Comparing a few of the scopes in terms of where the packets can flow, the higher the value in the fourth hex digit, the further away from the sending host the scope allows the packet to be forwarded. Table 24-4 shows that progression top to bottom, while Figure 24-11 shows an example with three scopes: link-local, site-local, and organization-local. In the figure, site-local messages do not cross the WAN, and organization-local messages do not leave the organization over the link to the Internet.
Finally, the term link-local has a couple of common uses in IPv6 and can be confusing as a result. The following descriptions should clarify the different uses of the term:
Link-local address: An IPv6 address that begins FE80. This serves as a unicast address for an interface to which devices apply a link-local scope. Devices often create their own link-local addresses using EUI-64 rules. A more complete term for comparison would be link-local unicast address.
Link-local multicast address: An IPv6 address that begins with FF02. This serves as a reserved multicast address to which devices apply a link-local scope.
Link-local scope: A reference to the scope itself, rather than an address. This scope defines that routers should not forward packets sent to an address in this scope.
IPv6 Neighbor Discovery Protocol (NDP) replaces IPv4 ARP, as discussed in Chapter 25. NDP improves the MAC-discovery process by sending IPv6 multicast packets that can be processed by the correct host but discarded with less processing by the rest of the hosts in the subnet. The process uses the solicited-node multicast address associated with the unicast IPv6 address.
Figure 24-12 shows how to determine the solicited node multicast address associated with a unicast address. Start with the predefined /104 prefix (26 hex digits) shown in Figure 24-12. In other words, all the solicited-node multicast addresses begin with the abbreviated FF02::1:FF. In the last 24 bits (6 hex digits), copy the last 6 hex digits of the unicast address into the solicited-node address.
Note that a host or router calculates a matching solicited node multicast address for every unicast address on an interface. Example 24-9 shows an example, in which the router interface has a unicast address of 2001:DB8:1111:1::1/64, and a link-local address of FE80::AA:AAAA. As a result, the interface has two solicited node multicast addresses, shown at the end of the output.
Example 24-9 Verifying Static IPv6 Addresses on Router R1
R1# show ipv6 interface GigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::AA:AAAA No Virtual link-local address(es): Global unicast address(es): 2001:DB8:1111:1::1, subnet is 2001:DB8:1111:1::/64 [TEN] Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::1:FF00:1 FF02::1:FFAA:AAAA ! Lines omitted for brevity
Note that in this case, R1’s global unicast address ends with 00:0001 (unabbreviated), resulting in an unabbreviated solicited node multicast address of FF02:0000:0000:0000:0000: 0001:FF00:00001. This value begins with the 26-hex-digit prefix shown in Figure 24-12, followed by 00:0001. The solicited node multicast address corresponding to link-local address FE80::AA:AAAA ends in AA:AAAA and is shown in the last line of the example.
Together, this chapter and the preceding chapter have introduced most of the IPv6 addressing concepts included in this book. This short topic mentions a few remaining IPv6 addressing ideas and summarizes the topics for easy study.
First, all IPv6 hosts can use two additional special addresses:
The unknown (unspecified) IPv6 address, ::, or all 0s
The loopback IPv6 address, ::1, or 127 binary 0s with a single 1
A host can use the unknown address (::) when its own IPv6 address is not yet known or when the host wonders if its own IPv6 address might have problems. For example, hosts use the unknown address during the early stages of dynamically discovering their IPv6 address. When a host does not yet know what IPv6 address to use, it can use the :: address as its source IPv6 address.
The IPv6 loopback address gives each IPv6 host a way to test its own protocol stack. Just like the IPv4 127.0.0.1 loopback address, packets sent to ::1 do not leave the host but are instead simply delivered down the stack to IPv6 and back up the stack to the application on the local host.
Imagine that routers collectively need to implement some service. Rather than have one router supply that service, that service works best when implemented on several routers. But the hosts that use the service need to contact only the nearest such service, and the network wants to hide all these details from the hosts. Hosts can send just one packet to an IPv6 address, and the routers will forward the packet to the nearest router that supports that service by virtue of supporting that destination IPv6 address.
IPv6 anycast addresses provide that exact function. The any part of the name refers to the fact that any instances of the service can be used. Figure 24-13 shows this big concept, with two major steps:
Step 1. Two routers configure the exact same IPv6 address, designated as an anycast address, to support some service.
Step 2. In the future, when any router receives a packet for that anycast address, the other routers simply route the packet to the nearest router that supports the address.
To make this anycast process work, the routers implementing the anycast address must be configured and then advertise a route for the anycast address. The addresses do not come from a special reserved range of addresses; instead, they are from the unicast address range. Often, the address is configured with a /128 prefix so that the routers advertise a host route for that one anycast address. At that point, the routing protocol advertises the route just like any other IPv6 route; the other routers cannot tell the difference.
Example 24-10 shows a sample configuration on a router. Note that the actual address (2001:1:1:2::99) looks like any other unicast address; the value can be chosen like any other IPv6 unicast addresses. However, note the different anycast keyword on the ipv6 address command, telling the local router that the address has a special purpose as an anycast address. Finally, note that the show ipv6 interface command does identify the address as an anycast address, but the show ipv6 interface brief command does not.
Example 24-10 Configuring and Verifying IPv6 Anycast Addresses
R1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)# interface gigabitEthernet 0/0 R1(config-if)# ipv6 address 2001:1:1:1::1/64 R1(config-if)# ipv6 address 2001:1:1:2::99/128 anycast R1(config-if)# ^Z R1# R1# show ipv6 interface g0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::11FF:FE11:1111 No Virtual link-local address(es): Global unicast address(es): 2001:1:1:1::1, subnet is 2001:1:1:1::/64 2001:1:1:2::99, subnet is 2001:1:1:2::99/128 [ANY] ! Lines omitted for brevity R1# show ipv6 interface brief g0/0 GigabitEthernet0/0 [up/up] FE80::11FF:FE11:1111 2001:1:1:1::1 2001:1:1:2::99
Note
The subnet router anycast address is one special anycast address in each subnet. It is reserved for use by routers as a way to send a packet to any router on the subnet. The address’s value in each subnet is the same number as the subnet ID; that is, the address has the same prefix value as the other addresses and all binary 0s in the interface ID.
This chapter completes the discussion of various IPv6 address types, while showing how to enable IPv6 on interfaces. Many implementations will use the ipv6 address command on each router LAN interface, and either that same command or the ipv6 enable command on the WAN interfaces. For exam prep, Table 24-5 summarizes the various commands and the automatically generated IPv6 addresses in one place for review and study.
Table 24-5 Summary of IPv6 Address Types and the Commands That Create Them
Type |
Prefix/Address Notes |
Enabled with What Interface Subcommand |
---|---|---|
Global unicast |
Many prefixes |
ipv6 address address/prefix-length ipv6 address prefix/prefix-length eui-64 |
Unique Local |
FD00::/8 |
ipv6 address prefix/prefix-length eui-64 |
Link local |
FE80::/10 |
ipv6 address address link-local Autogenerated by all ipv6 address commands Autogenerated by the ipv6 enable command |
All hosts multicast |
FF02::1 |
Autogenerated by all ipv6 address commands |
All routers multicast |
FF02::2 |
Autogenerated by all ipv6 address commands |
Routing protocol multicasts |
Various |
Added to the interface when the corresponding routing protocol is enabled on the interface |
Solicited-node multicast |
FF02::1:FF /104 |
Autogenerated by all ipv6 address commands |
One key to doing well on the exams is to perform repetitive spaced review sessions. Review this chapter’s material using either the tools in the book or interactive tools for the same material found on the book’s companion website. Refer to the “Your Study Plan” element for more details. Table 24-6 outlines the key review elements and where you can find them. To better track your study progress, record when you completed these activities in the second column.
Table 24-6 Chapter Review Tracking
Review Element |
Review Date(s) |
Resource Used |
---|---|---|
Review key topics |
|
Book, website |
Review key terms |
|
Book, website |
Answer DIKTA questions |
|
Book, PTP |
Review command tables |
|
Book |
Review memory tables |
|
Website |
Do labs |
|
Blog |
Watch video |
|
Website |
Table 24-7 Key Topics for Chapter 24
Key Topic Element |
Description |
Page Number |
---|---|---|
Conceptual drawing about the need for dual stacks for the foreseeable future |
557 |
|
List |
Rules for creating an IPv6 address using EUI-64 rules |
561 |
IPv6 EUI-64 Address Format and Rules |
561 |
|
Conceptual drawing of how to create an IPv6 address using EUI-64 rules |
561 |
|
Example of performing the bit inversion when using EUI-64 |
562 |
|
List |
Functions IOS enables when an IPv6 is configured on a working interface |
565 |
List |
Key facts about IPv6 link-local addresses |
566 |
Link-local scope terms and meanings |
571 |
|
List |
Comparisons of the use of the term link-local |
572 |
Conceptual drawing of how to make a solicited-node multicast address |
573 |
|
List |
Other special IPv6 addresses |
574 |
IPv6 address summary with the commands that enable each address type |
576 |
For additional practice with IPv6 abbreviations, you may do the same set of practice problems using your choice of tools:
For additional practice with calculating IPv6 address using EUI-64 rules and finding the solicited-node multicast address based on a unicast address, use the exercises in Appendix H, “Practice for Chapter 24: Implementing IPv6 Addressing on Routers.” You have two options to use:
PDF: Navigate to the companion website and open the PDF for Appendix H.
Application: Navigate to the companion website and open the application “Practice Exercise: EUI-64 and Solicited Node Multicast Problems”
Additionally, you can create your own problems using any real router or simulator: Get into the router CLI, into configuration mode, and configure the mac-address address and ipv6 address prefix/64 eui-64 command. Then predict the IPv6 unicast address, link-local address, and solicited-node multicast address; finally, check your predictions against the show ipv6 interface command.
Tables 24-8 and 24-9 list configuration and verification commands used in this chapter. As an easy review exercise, cover the left column in a table, read the right column, and try to recall the command without looking. Then repeat the exercise, covering the right column, and try to recall what the command does.
Table 24-8 Chapter 24 Configuration Command Reference
Command |
Description |
---|---|
ipv6 unicast-routing |
Global command that enables IPv6 routing on the router. |
ipv6 address ipv6-address/prefix-length [eui-64] |
Interface subcommand that manually configures either the entire interface IP address or a /64 prefix with the router building the EUI-64 format interface ID automatically. |
ipv6 address ipv6-address/prefix-length [anycast] |
Interface subcommand that manually configures an address to be used as an anycast address. |
ipv6 enable |
Command that enables IPv6 on an interface and generates a link-local address. |
ipv6 address dhcp |
Interface subcommand that enables IPv6 on an interface, causes the router to use DHCP client processes to try to lease an IPv6 address, and creates a link-local address for the interface. |
Table 24-9 Chapter 24 EXEC Command Reference
Command |
Description |
---|---|
show ipv6 route [connected] [local] |
Lists IPv6 routes, or just the connected routes, or just the local routes. |
show ipv6 interface [type number] |
Lists IPv6 settings on an interface, including link-local and other unicast IP addresses (or for the listed interface). |
show ipv6 interface brief [type number] |
Lists interface status and IPv6 addresses for each interface (or for the listed interface). |
Table 24-2, earlier in this chapter, listed several practice problems in which you needed to calculate the IPv6 address based on EUI-64 rules. Table 24-10 lists the answers to those problems.
Table 24-10 Answers to IPv6 EUI-64 Address Creation Practice
Prefix |
MAC Address |
Unabbreviated IPv6 Address |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|