ipv6 unicast-routing - Enables the forwarding of IPv6 unicast datagrams. (by default not enabled)
RFC4291 - IP Version 6 Addressing Architecture
::/0 - default route
::/128 or 0:0:0:0:0:0:0:0 - UNSPECIFIED - is used only to indicate the absence of an address. It is equivalent to the IPv4 unspecified address of 0.0.0.0. The unspecified address is typically used as a source address when a unique address has not yet been determined. The unspecified address is never assigned to an interface or used as a destination address.
0:0:0:0:0:0:0:1 or ::1 - LOOPBACK - is assigned to a loopback interface, enabling a node to send packets to itself. It is equivalent to the IPv4 loopback address of 127.0.0.1. Packets addressed to the loopback address must never be sent on a link or forwarded by an IPv6 router.
Link-local addresses - FE80::/64
Multicast Addresses - FF00::/8
FF01::1 — All Nodes Address - are used to send multicasts packets to the same node (for example, as a form of interprocess communication within the router/any device)
FF01::2 — All Routers Address
FF02::1 — All Nodes Address - Represents all nodes and routers on the link-local
FF02::2 — All Routers Address - Represents all routers on the link-local
FF02::5 — OSPF Routers
FF02::6 — OSPF DR/BDR Routers
FF02::9 — RIP Routers
FF02::A — EIGRP Routers
FF02::1:FF00:0000/104 — IPv6 solicited-node address within the link-local scope (replace ARP), also used by DAD.
One solicited-node multicast address is enabled for each unicast address configured on the interface.
(sample if IPv6 is FE80::201 - > solicited-node will be FF02:1:FF:201)
FF02::1:FFE4:4C00 — Solicited-node multicast address related to the unicast address 2001:410:0:1:250:3EFF:FEE4:4C00.
FF02::1:2 - All_DHCP_Relay_Agents_and_Servers
FF05::1:3 - A site-scoped multicast address used by a relay agent to communicate with servers, either because the relay agent wants to send messages to all servers or because it does not know the unicast addresses of the servers.
Stateful NAT64 Terminology
The whole concept of global unicast addressing does have many similarities as compared with IPv4.
- both IPv4 and IPv6 global unicast addresses have two parts: subnet plus host for IPv4 and prefix plus interface ID for IPv6.
- the format of the addresses commonly list a slash followed by the prefix length–a convention sometimes referred to as CIDR notation,
- subnetting works much the same, with a public prefix assigned by some numbering authority, and the Enterprise choosing subnet numbers.
IPv6 addressing, however, includes several other types of unicast IPv6 addresses beside the global unicast address.
IPv6 general categories of addresses:
- Unicast: Like IPv4, hosts and routers assign these IP addresses to a single interface for the purpose of allowing that one host or interface to send and receive IP packets.
- Multicast:Like IPv4, these addresses represent a dynamic group of hosts, allowing a host to send one packet that is then delivered to every host in the multicast group. IPv6 defines some special-purpose multicast addresses for overhead functions (such as NDP). IPv6 also defines ranges of multicast addresses for application use.
- Anycast:This address type allows the implementation of a nearest server among duplicate servers concept. This design choice allows servers that support the exact same function to use the exact same unicast IP address. The routers then forward a packet destined for such an address to the nearest server that is using the address.
Differences comparing IPv4 and IPv6:
- IPv6 adds the formal concept of Anycast IPv6 addresses. (IPv4 does not formally define an Anycast IP address concept),
- IPv6 simply has no Layer 3 broadcast addresses,
- IPv6 simply allows the configuration of multiple IPv6 addresses with no need for or concept of secondary IP addressing.
(an IPv6 an interface can have multiple addresses; the new IPv6 address is addedto the interface and did not overwrite the original IPv6 address.)
IPv6 hosts and router interfaces typically have at least two IPv6 addresses and may well have more (Link Local + global unicast address, and may well have multiple).
Unicast IPv6 Addresses
IPv6 supports three main types of unicast addresses: link local, global unicast, and unique local.
Unique Local IPv6 Addresses FC00::/7
- RFC 4193 states that these addresses should be used inside a private organization, and should not be advertised into the Internet.
- They are not routable in the global IPv6 Internet.
- Same function as IPv4 RFC 1918.
|Unique Local Address Format|
- The block fc00::/8 has not been defined yet. It has been proposed to be managed by an allocation authority, but this has not gained acceptance in the IETF.
- The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string. This results in the format fdxx:xxxx:xxxx:: for a prefix in this range. RFC 4193 offers a suggestion for generating the random identifier to obtain a minimum-quality result if the user does not have access to a good source of random numbers.
Link Local Unicast Addresses FE80::/10
The term link localscope means exactly that–the packet should not leave the local link
IPv6 uses link local addresses for sending and receiving IPv6 packets on a single subnet:
- Used as the source address for RS and RA messages for router discovery,
- Used by Neighbor discovery (the equivalent of ARP for IPv6),
- As the next-hop IPv6 address for IP routes.
Each host, router interface, or other device can calculate its own link local IPv6 address without needing to communicate with any other device.
So, before sending the first packets, the host can calculate its own link local address, so the host has an IPv6 address to use when doing its first overhead messages.
FE80::/10 range, meaning the first 10 bits must be 1111 1110 10. (FE8, FE9, FEA, or FEB)
|Link Local Address Format|
Used for software testing, like IPv4’s 127.0.0.1
An address used when a host has no usable IPv6 address
Site local FECO::/10
Deprecated; originally meant to be used like private IPv4 addresses
Multicast and Other Special IPv6 Addresses
All IPv6 multicast addresses begin with FF::/8 – in other words, with FF as the first two digits.
Multicasts with a link local scope - begin with FF02::/16; the 2 in the fourth hex digit identifies the scope as link local.
A fourth digit of hex 5 identifies the broadcast as site local scope, with those multicasts beginning with FF05::/16.
IPv6 Name (IPv4 equivalent)
FF02::1 - All IPv6 nodes on the link (subnet broadcast address)
FF02::2 - All IPv6 routers on the link (N/A)
FF02::5, FF02::6 - OSPF messages (22.214.171.124, 126.96.36.199)
FF02::9 - RIP-2 messages 188.8.131.52
FF02::A - EIGRP messages 184.108.40.206
FF02::1:2 - DHCP relay agents -routers that forward to the DHCP server (N/A)
FF05::1:3 - DHCP servers (site scope) N/A
FF05::101 - All NTP servers (site scope) N/A
Layer 2 Addressing Mapping and Duplicate Address Detection
As with IPv4, any device running IPv6 needs to determine the data link layer address used by devices on the same link. IPv4 uses Address Resolution Protocol (ARP) on LANs and Inverse ARP (InARP) on Frame Relay.
IPv6 defines a couple of new protocols that perform the same function. These new functions use ICMPv6 messages and avoid the use of broadcasts, in keeping with IPv6’s avoidance of broadcasts.
Neighbor Discovery Protocol for Layer 2 Mapping
When an IPv6 host or router needs to send a packet to another host or router on the same LAN, the host/router first looks in its neighbor database. This database contains a list of all neighboring IPv6 addresses (addresses in connected links) and their corresponding MAC addresses. If not found, the host or router uses the Neighbor Discovery Protocol (NDP) to dynamically discover the MAC address.
The process acts like the IPv4 ARP process, just with different details. In this case, PC1 sends a multicast message called a Neighbor Solicitation (NS) ICMP message, asking R1 to reply with R1’s MAC address. R1 sends a Neighbor Advertisement (NA) ICMP message, unicast back to PC1, listing B’s MAC address. Now PC1 can build a data link frame with R1’s MAC listed as the destination address and send encapsulated packets to R1.
Before IP communication can occur, an IPv6 host will construct the Solicited-node Multicast Address related to the destination address.
Destination Address is Unicast (Link-local in this case)The NS message uses a special multicast destination address called a solicited node multicastaddress. On any given link, the solicited node multicast address represents all hosts with the same last 24 bits of their IPv6 addresses. By sending packets to the solicited node multicast address, the packet reaches the correct host, but it may also reach a few other hosts–which is fine.
fe80::2aa:ff:fe28:9c5a Destination address (compressed notation)
fe80:0000:0000:0000:02aa:00ff:fe28:9c5a Destination address (uncompressed notation)
-- ---- the last 24-bits
Solicited-node Multicast Address prefix
---- ---- ---- ---- ---- ---- -- The first 104 bits
ff02::1:ff28:9c5a Result (compressed notation)
PC1 --------------------[same link]------------------------ R1Duplicate Address Detection (DAD)
q: whats your datalink addr?
answ: my mac is 00ab:...
When an IPv6 interface first learns an IPv6 address, or when the interface begins working after being down for any reason, the interface performs duplicate address detection (DAD).
The purpose of this check is to prevent hosts from creating problems by trying to use the same IPv6 address already used by some other host on the link.
To check its own IPv6 address, a host sends the NS message to the solicited node multicast address based on its own IPv6 address. If some host sends a reply, listing the same IPv6 address as the source address, the original host has found that a duplicate address exists.
Inverse Neighbor Discovery
The ND protocol starts with a known neighbor’s IPv6 address and seeks to discover the link layer address.
On Frame Relay networks, and with some other WAN data link protocols, the order of discovery is reversed.
A router begins with knowledge of the neighbor’s link layer address and instead needs to dynamically learn the IPv6 address used by that neighbor.
IPv4 solves this discovery problem on LANs using ARP, and the reverse problem over Frame Relay using Inverse ARP (InARP). IPv6 solves the problem on LANs using ND, and now for Frame Relay, IPv6 solves this problem using Inverse Neighbor Discovery (IND).
IND, also part of the ICMPv6 protocol suite, defines an Inverse NS (INS) and Inverse NA (INA) message. The INS message lists the known neighbor link layer address (DLCI for Frame Relay), and the INS asks for that neighboring device’s IPv6 addresses.
As with IPv4, the show frame-relay mapcommand lists the mapping learned from this process.
Configuring IPv6 Addresses on Cisco Routers
unicast-routing (global configuration command) - needed to enables the router to route IPv6 traffic.
IPv6 addressing includes many more options than IPv4, and as a result, many more configuration options exist.
All the interface subcommands enable IPv6 on the interface, which means the router derives an IPv6 link local address for the interface:
! Static configuration of the entire IPv6 unicast address.Multicast Groups Joined by IPv6 Router Interfaces
ipv6 address <address>/<length>
ipv6 address 2000:0:0:2::2/64
! Static configuration of the first 64 address bits; the router derives the last 64 bits with EUI-64.
ipv6 address <address>/<length> eui-64
ipv6 address 2000:0:0:2::/64 (ipv6 will be generate from subnet-id)
! Router uses stateless autoconfig to find address.
ipv6 address autoconfig
! Router uses stateful DHCP to find address.
ipv6 address dhcp
! Uses the same IPv6 unicast address as the referenced interface.
ipv6 unnumbered <interface-type> <number>
! Enables IPv6 on the interface, but results in only a link local address.
! Overrides the automatically created link local address. The configured value must conform to the FE80::/10 prefix.
ipv6 address <address> link-local
! Designates that the unicast address is an anycast.
ipv6 address <address>/<length> anycast
R2# show ipv6 interface f0/0Connected Routes and Neighbors
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::213:19FF:FE7B:5004
No Virtual link-local address(es):
Global unicast address(es):
2000::4:213:19FF:FE7B:5004, subnet is 2000:0:0:4::/64 [EUI]
Joined group address(es):
FF02::1 - all IPv6 devices
FF02::2 - all IPv6 routers
FF02::1:FF7B:5004 - solicited node multicast address used for DAD and ND
First, the IPv6 routing table lists the expected connected routes, but a new type of route–a “local” route–designated by an L in the output of the show ipv6 route command
R2# show ipv6 routeThe connected routes occur for any unicast IPv6 addresses on the interface that happen to have more than link local scope.
IPv6 Routing Table
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
C 2000:0:0:2::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:0:0:2::2/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
So, R2 has routes for subnets 2000:0:0:1::/64, 2000:0:0:2::/64, and 2000:0:0:4::/64, but no connected subnets related to R2’s link local addresses.
The Local routes, all /128 routes, are essentially host routes for the router’s unicast IPv6 addresses.
These local routes allow the router to more efficiently process packets directed to the router itself, rather than for packets directed toward connected subnets.
The IPv6 Neighbor Table
The IPv6 neighbor table replaces the IPv4 ARP table, listing the MAC address of other devices that share the same link.
R2# debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
R2# show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
2000:0:0:2::3 0 0013.197b.6588 REACH Fa0/1
FE80::213:19FF:FE7B:6588 0 0013.197b.6588 REACH Fa0/1
! no ipv6 address - actually removes all configured IPv6 addresses from the interface and also disables IPv6 on interface
no ipv6 address
! enables IPv6 on interface and use stateless autoconfig
ipv6 address autoconfig
R2# show ipv6 interface briefIPv6 configuration commands
R2# show ipv6 router
Router FE80::213:19FF:FE7B:6588 on FastEthernet0/1, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2000:0:0:2::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
! enable IPv6 processing on router
R1(config)# ipv6 unicast-routing
! enable Cisco Express Forwarding (CEF) for IPv6 (CEFv6).
R1(config)# ipv6 cef
! enable IPv6 addresses using stateless autoconfiguration on an interface, and enable IPv6 processing
! If a default router is selected on this interface, the optional default keyword causes a default route to be installed
! using that default router. The default keyword can be specified only on one interface.
R1(config-if)# ipv6 address autoconfig [default]
! specify the number of milliseconds (from 0 to 3,600,000) that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred, such as the neighbor discovery process.
! The default is 0 milliseconds (indicating an unspecified time) in router advertisements and 30,000 (30 seconds) for the neighbor discovery activity of the router itself.
! Shorter configured times enable the router to detect unavailable neighbors more quickly
R1(config-if)# ipv6 nd reachable-time <milliseconds>
! display IPv6 neighbor discovery cache information for the specified neighbors (like ARP in IPv4)
R1(config)# show ipv6 neighbors [interface-type interface-number| ipv6-address| ipv6-hostname| statistics]
show ipv6 interface fa0/0
show ipv6 route
R1# debug ipv6 nd
! When an IPv6 access list is specified by using the ACL parameter, only packets permitted by the access list are displayed
R1# debug ipv6 packet [access-listaccess-list-name] [detail]