IN

IPv6
TE
R
N
AL
U
SE
O
N
LY
IPv6

LY
N
O
SE
U
AL

What Is IPv6?
N

IPv6 is a next-generation protocol designed to eventually replace IPv4, which is used primarily in
networks today. Defined by the Internet Engineering Task Force (IETF), IPv6 is seen as a resdesign of
R

the IPv4 framework, primarily due to the depletion of available IP addresses. In fact, as early as the
late 1980s. An Internet standard was defined in 1998 as RFC 2460.
TE

There was an experimental protocol named Internet Stream Protocol (ST) that was considered by
some to be Internet Protocol version 5, but ST was never officially known as IPv5 and never passed
experimental stages.
IN

2 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

IPv4 Versus IPv6

N

Although address exhaustion was a major reason for the development of IPv6, several others issues
exist that IPv6 attempts to resolve. The slide describes some of the differences between IPv4 and
R

IPv6. We discuss many of these differences in detail on the following slides.

Some of the additional benefits of IPv6 include the following:
TE

• More efficient routing;

• Quality of service (QoS);
• Elimination of the NAT requirement;
IN

• Network Layer security with end-to-end IPsec;

• Ease of management using stateless address autoconfiguration; and
• Improved header format to reduce header overhead.

www.juniper.net 3
IPv6

LY
N
O
SE
U
AL

IPv6 Structure
N

IPv6 headers include improvements over IPv4 headers that provide more efficient processing. Where
IPv4 has a 40-byte field set aside for special options, IPv6 supports extension headers that can be
R

appended to the IPv6 header to support additional options.

The IPv6 header has a fixed length of 40 bytes and includes the following fields:
TE

• Version: 4-bit field containing the number 6, indicating IPv6;

• Traffic class: 8-bit field that determines the traffic priority;
• Flow label: 20-bit field used for QoS management;
IN

• Payload length: 16-bit field indicates the size of the payload in octets;
• Next header: 8-bit field indicating the next encapsulated protocol;
• Hop limit: 8-bit field replaces the time-to-live (TTL) field in IPv4;
• Source address: 128 bits; and
• Destination address: 128 bits.

4 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

IPv4 Header Versus IPv6 Header

N

IPv4 headers and IPv6 headers share several characteristics. For example, the version, source, and
destination fields from IPv4 were carried over to IPv6.
R

One of the biggest differences between an IPv4 packet and an IPv6 packet is that if IPv6 needs to
fragment a packet, it uses extension headers to do so.
TE

Several fields from the IPv4 header were dropped in favor of a more streamlined, efficient header.
Because the IPv6 header is always a fixed size, the header length is no longer necessary. If a packet
requires fragmentation, extension headers will take over the process using path MTU discovery. We
discuss extension headers in more detail later in this material.
IN

Some fields in the IPv6 header moved from their previous locations in IPv4. The type of service (ToS)
field was replaced by the traffic class (TC) field. The TTL and protocol fields also were renamed and
moved in IPv6.

www.juniper.net 5
IPv6

LY
N
O
SE
U
AL

IPv6 Extension Headers

N

As mentioned previously, the IPv6 header was improved with faster packet processing in mind.
Because the IPv6 header is a fixed size of 40 bytes, the options that were once included inside the
R

IPv4 header are now appended to the IPv6 packet using extension headers.
TE

IPv6 Defines Six Extension Headers

Six extension headers can be used in IPv6, and can be described as follows:
• Hop-by-hop options: Signifies that the options need to be examined by each node along
the path of a packet;
IN

• Routing: Provides a list of intermediate nodes that should be visited on the path to the
packet’s destination;
• Fragment: Signals when a packet has been fragmented by the source;
• Destination options: Options examined only by the destination node, and capable of
appearing twice in a packet;
• Authentication header: Used with IPsec to verify authenticity of a packet; and
• Encrypted security payload: Used with IPsec and carries encrypted data for secure
communication.

6 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

IPv6 Addressing
N

The escalating demand for IP addresses was the driving factor for IPv6. IPv4 uses a 32-bit address
supporting approximately 4.29 billion addresses. Because of the demand of address space, as well
R

as early inefficient address implementation, IPv4 address allocation is expected to reach exhaustion
in the near future. In April of 2009, the American Registry for Internet Numbers (ARIN) sent a letter
TE

predicting complete IPv4 address exhaustion as early as 2011, and warned all organizations to
begin planning for IPv6 adoption. Other Regional Internet Registries (RIRs) have made similar
predictions.

In comparison, IPv6 uses a 128-bit address supporting approximately 2128 addresses. If 2128
IN

doesn’t sound like a big number, think of the number of available addresses in another way. Enough
IPv6 addresses exist to supply about 295 addresses for each person on Earth or about 252
addresses for each observable star in the known universe!

www.juniper.net 7
IPv6

LY
N
O
SE
U
AL

IPv6 Address Types

N

Three types of IPv6 address exist with which you should be familiar:
R

• Unicast: The unicast address is a unique address that identifies an interface or node. A
packet with a unicast address travels only to the interface identified.
TE

• Multicast: A multicast address is an identifier for a group of IPv6 interfaces that might
belong to different nodes. An IPv6 packet with the multicast address as the destination
travels to all interfaces in the group.
• Anycast: An anycast address is an identifier for a group of IPv6 interfaces that might
IN

belong to different nodes. However, unlike multicast addresses, an IPv6 packet with the
anycast address as the destination travels to only one of the nodes identified in the
group—typically the nearest node.

8 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Address Notation
N

At first glance, an IPv6 address can look alarmingly complicated. IPv6 presents a 128-bit address in
eight 16-bit hexadecimal blocks separated by colons. However, IPv6 does allow for abbreviation.
R

Consider the example in the slide. You might think that you are looking at three different IP
addresses, but in fact, you are looking at the same address in all three examples. Four consecutive
TE

zeros in an address can be identified as a single zero. You can omit leading zeros from the notation.
A double colon can replace consecutive zeros, leading zeros, or trailing zeros; however, you can not
use a double colon twice in an address notation. Doing so will result in the misinterpretation of the IP
address.
IN

www.juniper.net 9
IPv6

LY
N
O
SE
U
AL

Prefix Notation
N

IPv6 has some similarities to IPv4 in text presentation. The prefix determines the network address or
subnet. The example on the slide shows a 64-bit prefix. The prefix on the slide would be noted as
R

follows:
2bfc:0000:0000:0000:0/64
TE

2bfc:0:0:0:0/64
2bfc::0/64
Just like with IPv4, certain prefixes are reserved and should be used for specific types of traffic. RFC
4291 defines the latest rules regarding prefix notation. The following are a few examples:
IN

• ::/128: The prefix notation is unspecified;

• ::1/128: This prefix notation should be used for the loopback;
• FF00::/8: This prefix notation should be used for multicast; and
• FE80::/10: This prefix notation should be used for the local link.

10 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Address Allocation
N

Similar to IPv4, IPv6 nodes must receive IP address assignments from their ISP. ISPs find information
about their regional registries to verify if an IP address is in use. Address allocation is a work in
R

progress, but RFC 3177 specifies a few rules that you should follow, which are shown on the slide.
TE
IN

www.juniper.net 11
IPv6

LY
N
O
SE
U
AL

Special Addresses
N

The ::/16 prefix is reserved for special addressing. The unspecified address is similar to the
0.0.0.0 address in IPv4, and you should never assign it to an interface.
R

The loopback address is a string of 127 binary zeros followed by a binary one. It is denoted as “::1”.
A host uses the loopback address to send an IPv6 packet to itself. The IPv6 loopback address is
TE

functionally similar to the IPv4 loopback address. Like the unspecified address, the loopback
address is not directly assigned to an interface.
IN

12 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Address Scope
N

IPv6 addresses have scope, which identifies the application suitable for the address. Unicast and
multicast addresses support scoping. Unicast addresses support two types of scope: global scope
R

and local scope. There are two types of local scope: link-local addresses and site-local addresses.
Link-local unicast addresses are used within a single network link. The first 10 bits of the prefix
TE

identify the address as a link-local address. Link-local addresses cannot be used outside a network
link. Site-local unicast addresses are used within a site or intranet. A site consists of multiple
network links, and site-local addresses identify nodes inside the intranet. Site-local addresses
cannot be used outside the site.
IN

Multicast addresses support 16 different types of scope, including node, link, site, organization, and
global scope. A 4-bit field in the prefix identifies the scope.

www.juniper.net 13
IPv6

LY
N
O
SE
U
AL

Link-Local Unicast Addresses

N

The link-local unicast address is identified with the binary prefix 1111111010 followed by a string of
54 binary zeros, the host-generated Interface ID, and a 64-bit mask. Any host can automatically
R

generate this address and does so on all its IPv6 interfaces.

Because the first 64 bits are the same for every link-local address, this address is guaranteed to be
TE

unique only on an individual link, and could be duplicated by hosts on other subnets. Link-local
addresses are never routable.
Interfaces configured for IPv6 automatically generate a link-local address. This address is often used
for neighbor discovery, autoconfiguration, and routing protocol traffic. Link-local addresses were
IN

designed to provide automatic address configuration for small networks with a single subnet.

14 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Site-Local Unicast Addresses

N

Site-local unicast addresses are identified with the binary prefix 1111111011 followed by 54 bits for
the subnet ID, and the host-generated interface ID. Site-local unicast addresses are designed as a
R

direct replacement for the RFC 1918 private addresses in IPv4, and should not be routable on the
Internet.
TE

The prefix for site-local unicast addresses is the same in all organizations. Site-local addresses are
duplicated worldwide. The IPv6 designers expect that most, if not all, organizations will assign
site-local addresses to their interfaces.
IN

www.juniper.net 15
IPv6

LY
N
O
SE
U
AL

Global Unicast Addresses

N

Global unicast addresses are globally unique and are used to connect to and route through the
Internet. These addresses are identified by the following six different fields:
R

• Format prefix (FP): The binary prefix 001 is present in the first 3 bits, as this identifies
the aggregatable global unicast address space. Currently, this range is the only range
TE

currently assigned by IANA for address allocation.

• Global routing prefix: The next 45 bits are reserved hierarchical address allocation.
These bits are used to provide the highest level of address summarization typically
applied at Tier 1 ISPs, regional address allocation entities, or possibly large peering
IN

points. It is extremely important that these bits be allocated wisely, because they will
have a large impact on how the Internet is routed.
• Subnet identifier (SID): The next 16 bits are reserved for local assignment to a link. The
local administrator uses the SID to provide subnetting capability within a site.
• Interface identifier (interface ID): The last 64 bits are reserved for the interface ID,
allowing for easy autoconfiguration of a host on a network. We discuss the interface ID
in more detail on a subsequent slide.

16 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Interface ID
N

The interface ID is a 64-bit field that uniquely identifies a host on a subnet. On Ethernet interfaces, it
is a permutation of the MAC address associated with the interface to which the address is assigned.
R

The interface ID is expressed in the IEEE EUI-64 format.

Because the host can determine the subnet to which it is connected by router advertisements, and
TE

can generate its own interface ID, IPv6 addresses are easy to configure automatically on any host.
Because Ethernet MAC addresses are only 48 bits long, the address needs additional bits to widen it
to the specified 64-bit length. To obtain an Ethernet interface ID, concatenate the first 24 bits of the
MAC address (company ID) with binary value 1111111111111110 (0xFFFE) and the remaining 24
IN

bits of the MAC address (manufacturer extension ID).

EUI-64 addresses set the universal/local bit to a value of 1 to signify that this address is globally
unique. The universal/local bit is the next-to-lowest significant bit of the first octet of the address. For
example, the Ethernet MAC address 00:10:A4:A6:69:D0 would generate an interface ID of
00:10:A4FF:FEA6:69:D0.

www.juniper.net 17
IPv6

LY
N
O
SE
U
AL

Stateless Autoconfiguration: Part 1

N

One of the great tasks of network management is assigning the many devices in your network an IP
address. In IPv4, address assignment is managed using two different methods. The first method is to
R

statically assign an IP address to each device. This method is efficient only if the network is small
and you do not plan to change IP addresses frequently. The second method is to configure IP
TE

addresses automatically using the Dynamic Host Configuration Protocol (DHCP). With DHCP, a device
that requires an IP address contacts the DHCP server and automatically receives an IP address.
Although DHCP is considered easier to manage than statically assigning an IP address to a node, you
must configure and maintain the DHCP servers. Static IP address assignment and DHCP are
considered stateful configuration methods.
IN

One of the enhancements to IPv6 is the implementation of stateless autoconfiguration. Stateless

autoconfiguration allows IPv6 nodes to automatically assign an IPv6 address to a neighbor,
effectively eliminating the need for static address assignment and DHCP. An administrator can still
use stateful configuration methods, if necessary. We cover DHCPv6 later in this material.
Stateless autoconfiguration consists of several elements:
• Extended unique identifier (EUI): This 64-bit hexadecimal value is used to identify an
interface. If you do not specify an EUI value explicitly, the security device autogenerates
it from the MAC address of the IPv6 interface.
Continued on next page.

18 www.juniper.net
 IPv6
Stateless Autoconfiguration: Part 1 (contd.)
• Router advertisement message: An IPv6 router sends this message to on-link hosts
periodically or in response to an RS request from another host. Information in an RA
message can include IPv6 prefixes from the router, MTU messages, specific routes to
the router, whether to perform IPv6 autoconfiguration, and a time period for how long
an address should remain valid.
• Router solicitation message: Hosts send this message to discover the presence and
properties of on-link routers. When an IPv6 router receives an RS request from a host, it
responds by transmitting an RA message back to the host. An RA announces the
existence of the router and provides the host with the information it needs to perform
autoconfiguration tasks.
• Prefix list: This table contains IPv6 prefixes. When entries are present in the list, the

LY
router includes the entries in the RAs the router sends to on-link hosts. Each time a host
receives an RA, the host can use the prefixes to perform address autoconfiguration.

Neighbor Discovery

N
Neighbor discovery (ND) is the process of tracking the reachability status for neighbors in a local link.
Defined in RFC 2461, several enhancements were made to neighbor discovery since IPv4. ND uses

O
the Address Resolution Protocol (ARP), and Internet Control Message Protocol (ICMP) router
discovery and redirect to detect whether neighbors are reachable.
A device views a neighbor as reachable when the device receives recent confirmation that the

SE
neighbor received and processed IP traffic or NS requests. Otherwise, the device considers the
neighbor unreachable. An IPv6 router with ND enabled can send ND information to downstream
nodes. ND is optional on IPv6 devices.
U
AL
N
R
TE
IN

www.juniper.net 19
IPv6

LY
N
O
SE
U
AL

Stateless Autoconfiguration: Part 2

N

Consider the example on the slide. The following steps must take place for address
autoconfiguration to occur:
R

1. On startup, IPv6 Hosts A and B generate link-local addresses from their MAC addresses.
TE

2. Each host broadcasts RS messages. Each message uses the host link-local address as
the source address for the RS packets.
3. The IPv6 router receives the RS messages.
4. The IPv6 router transmits confirming RA messages to the hosts. These messages
IN

contain a prefix list.

5. The hosts use the prefixes to perform autoconfiguration.

20 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Stateful Autoconfiguration
N

As mentioned previously, if stateless autoconfiguration is not desired, an administrator can manually

assign a static address to a node. DHCP is also available. In IPv6, DHCP is known as stateful
R

DHCPv6, and RFC 3315 defines it.

Several reasons exist to configure DHCPv6; for example, you might want to implement a specific IPv6
TE

addressing scheme across your network. You might desire dynamic assignment of IP addresses to
DNS servers. In some cases, you might require dynamic updates to your DNS servers. For security
reasons, you might want to exclude the MAC address as part of the IPv6 address.
IN

www.juniper.net 21
IPv6

LY
N
O
SE
U
AL

Interface Configuration Example

N

The slide illustrates two routers with a site-local IPv6 address assigned to their
ge-0/0/1.0 interface.
R
TE
IN

22 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Interface Verification Example

N

You use the show interface terse command to verify interface status. In the example on the
slide, we see the site-local address defined on the previous slide along with the link-local addresses
R

that the configured interfaces generated and assigned.

TE
IN

www.juniper.net 23
IPv6

LY
N
O
SE
U
AL

Displaying IPv6 Routing Information

N

You use the show route table inet6 command to verify the routing table contents. In the
example output on the slide, we have added the interface routes for both the site-local addresses
R

and link-local addresses.

TE
IN

24 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Determining the Data Link Layer Address Using Ping

N

Initially, all Data Link Layer addresses of any IPv6 neighbor are unknown. As shown on the slide, you
can use the ping utility not only to verify reachability but also to learn the Data Link Layer addresses
R

of IPv6 neighbors. After the ping operation succeeds, R1’s neighbor (R2) is listed along with its IPv6
and Data Link Layer address information.
TE
IN

www.juniper.net 25
IPv6

LY
N
O
SE
U
AL

IPv6 Multicast Address

N

A multicast address is an identifier for a group of nodes. Unlike with anycast addresses, when a
packet travels to a multicast address, all members of the multicast group process the packet. IPv4
R

defined multicast, but IPv6 has redefined and improved multicast.

Broadcast packets are not routable, and every node on a subnet must process them. Multicast
TE

packets, on the other hand, are processed only by nodes of the multicast group. Multicast packets
can also be forwarded over routers. In IPv6, ICMPv6 is used for multicast group management to
optimize multicast traffic. This process is referred to as Multicast Listener Discovery (MLD).
Multicast addresses are identified by the high order byte FF, or 1111 1111 in binary notation. The
IN

following three types of multicast addresses exist, as defined in RFC 4291:

• Solicited-node multicast addresses are for Neighbor Solicitation (NS) messages;
• All-nodes multicast addresses are for Router Advertisement (RA) messages; and
• All-routers multicast addresses are for Router Solicitation (RS) messages.

26 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

IPv6 Anycast Address

N

The anycast address is a new type of address in IPv6, and RFC 2526 defines it. You can assign an
anycast address to multiple interfaces in a group. Multiple nodes might be responding with the same
R

anycast address, but the packet will travel only to one of the nodes. An anycast packet travels to the
nearest node, based on the notion of distance determined by the routing protocols in use.
TE

Anycast addresses offer the potential for a number of important services. For example, you can use
an anycast address to allow nodes to access one of a collection of servers providing a well-known
service, without manual configuration in each node of the list of servers. You can also use an
anycast address in a source route to force routing through a specific Internet service provider (ISP),
IN

without limiting routing to a single specific router providing access to that ISP.

www.juniper.net 27
IPv6

LY
N
O
SE
U
AL

Static Route Configuration Example

N

The slide provides a sample default static IPv6 route configuration.

R
TE
IN

28 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Displaying Static Routes

N

The slide illustrates the operational mode command used to view static routes in the inet6.0 routing
table.
R
TE
IN

www.juniper.net 29
IPv6

LY
N
O
SE
U
AL

OSPFv3 Configuration Example

N

This slide shows a sample OSPFv3 configuration for two neighboring routers. Note that OSPFv3, like
OSPFv2, uses a 32-bit router ID (RID) which is defined under the [edit routing-options]
R

hierarchy. Although you can dynamically select the RID from IPv4 addresses defined on the router,
we recommend you always configure a RID.
TE
IN

30 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Monitoring OSPFv3 Operations

N

Most operational show commands used to monitor OSPFv3 are nearly identical to the commands
used to monitor OSPFv2; the key difference is the you must replace the ospf portion of those
R

commands with ospf3. The slide illustrates a number of common operational commands for both
OSPFv2 and OSPFv3 for comparison.
TE
IN

www.juniper.net 31
IPv6

LY
N
O
SE
U
AL

IS-IS Configuration Example

N

The slide illustrates a sample IS-IS configuration using IPv6 addressing instead of IPv4 addressing.
Note that other than the IP addresses, the IS-IS configuration is the same for IPv6 and IPv4
R

environments.
TE
IN

32 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Monitoring IS-IS Operations

N

As shown on the slide, you use the same operational show commands for IS-IS in IPv4 and IPv6
environments.
R
TE
IN

www.juniper.net 33
IPv6

LY
N
O
SE
U
AL

BGP Configuration Example

N

The slide provides a sample BGP configuration. BGP configuration is almost identical for IPv6 as it is
for IPv4. The major difference is that you specify an IPv6 address for the local and peer addresses
R

rather than IPv4 addresses.

TE
IN

34 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Monitoring BGP Operations

N

You use the same operational show commands for BGP in IPv6 environments that you use in IPv4
environments. The slide illustrates the show bgp summary command for two IPv6 peers in
R

different BGP groups.

TE
IN

www.juniper.net 35
IPv6

LY
N
O
SE
U
AL

Tunneling IPv6 Traffic

N

The second broad transition method suggests using tunnels to span IPv4 networks until all the
intermediate routers have been upgraded to support IPv6.
R

Tunneling requires encapsulation of the IPv6 packet within an IPv4 header. The new IPv4 packet is
then forwarded across the IPv4 network to the other side, where the IPv4 header is removed and the
TE

IPv6 packet is either processed or forwarded.

Multitude of Tunneling Approaches

Many approaches to tunneling have been defined. The following four approaches currently show the
IN

most promise:
• IPv4-compatible addressing;
• Configured tunnels;
• 6to4; and
• 6over4.

36 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Objective and Topology

N

The slide provides the objective and topology used for this case study. In this case study, you focus
on IPv6-over-IPv4 tunneling, which is also known as configured tunnels. The subsequent slides
R

provide the configuration and monitoring tasks typically used when implementing an IPv6-over-IPv4
tunnel.
TE
IN

www.juniper.net 37
IPv6

LY
N
O
SE
U
AL

Defining the Tunnel Interface

N

The slide shows the tunnel interface configuration for the R1 and R2 devices.
R
TE
IN

38 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Defining the Required Routes

N

The slide shows the required routes for the R1 device. The IPv4 static route is used to establish the
GRE tunnel, and the IPv6 static route is used to direct traffic destined to the remote IPv6 network
R

through the GRE tunnel. The following output shows R2’s configuration:
[edit]
TE

user@R2# show routing-options

rib inet6.0 {
static {
route fec0:0:0:2000::/64 next-hop gr-0/0/0.0;
IN

}
}
static {
route 192.168.1.1/32 next-hop 172.18.2.1;
}
Although not shown in this example, all intermediary devices between the tunnel endpoints (R1 and
R2, in this example) must have a route to the IP addresses used for the tunnel (typically loopback
addresses).

www.juniper.net 39
IPv6

LY
N
O
SE
U
AL

Verifying Operations: Part 1

N

This slide and the next slides provide some verification tasks. This slide specifically illustrates the
show interfaces terse command, which you can use to quickly verify the tunnel interface is
R

up.
TE
IN

40 www.juniper.net
 IPv6

LY
N
O
SE
U
AL

Verifying Operations: Part 2

N

As shown on the slide, you use the show route command to ensure the required routes are
installed. You should perform this verification step on both tunnel endpoints.
R
TE
IN

www.juniper.net 41
IPv6

LY
N
O
SE
U
AL

Verifying Operations: Part 3

N

The final verification tasks we highlight include sending IPv6 traffic over the IPv4-based tunnel. Once
IPv6 traffic is sent and received over the tunnel, you can use the show interfaces command
R

shown on the slide to verify usage statistics on the GRE interface.

TE
IN

42 www.juniper.net