30 IPv6 Addressing – Introduction
Sawyer Hansen; Dante Rocca; and Mathew J. Heath Van Horn, PhD
A standard IPv4 address is comprised of 32 bits of information, resulting in 4,294,967,296 possible permutations. That’s a lot of unique identifiers!… until you realize that a significant number of these IP’s are reserved for special purposes and the estimated number of connected internet devices today ranges in the magnitude of tens of billions. If it were not for technologies such as NAT, our available address pool would have been depleted many years ago. However, the increasing number of internet devices has yet to show signs of slowing down any time soon, and we may reach a point where IP supply cannot keep up with demand. Fortunately, researchers from the Internet Engineering Task Force developed IPv6, the sixth version of the Internet Protocol.
Estimated time for completion: 25 minutes
Learning Objectives
- Understand the properties of an IPv6 address
- How to create an IPv6 Host ID from a MAC address
- How to create IPv6 address from IPv4 addresses
Prerequisites
Deliverables
resources
- IPv6 Compression Tool – https://findipv6.com/ipv6-compress
- IPv6 Calculator – https://www.calculator.net/ip-subnet-calculator.html
- IPv6 Address Generator – https://www.ipvoid.com/random-ipv6/
Contributors and testers
- Berkley Rocca, 11th-Grader, Grand Rapids Christian High School
- Jacob M. Christensen, Cybersecurity Student, ERAU-Prescott
Phase I – A very brief review
Generally, when you ask someone what a device’s IP address is, they provide you with an IPv4 address. That’s fine and dandy, but there’s more to that picture. Devices also have an IPv6 address. Like IPv4 addresses, these addresses represent the routing prefix and the host identifier. However, IPv6 addresses are structured differently than IPv4 addresses.
Learning IPv4 required knowledge of binary and decimal. IPv6 requires knowledge of hexadecimal. IPv6 addresses use hexadecimal values, or base-16 values, meaning there are 16 possible values in each digit, 0-9, a-f.
Here’s a translation table:
| Decimal | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| Binary | 0000 | 0001 | 0010 | 0011 | 0100 | 0101 | 0110 | 0111 |
| Hex | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| Decimal | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| Binary | 1000 | 1001 | 1010 | 1011 | 1100 | 1101 | 1110 | 1111 |
| Hex | 8 | 9 | a | b | c | d | e | f |
As you can see, using the hexadecimal term ‘f’ is a much more abbreviated representative symbol of the decimal number ’15’. At least much easier on us humans than the binary term ‘1111’. This is helpful as the binary digits grow in size. Look at the difference between an IPv4 address in decimal vs binary.
| IPv4 address represented by decimal | 192.168.1.1 |
| IPv4 address represented by binary | 11000000.10101000.00000001.00000001 |
You can count the 1s and 0s if you want, but trust us when we say there are 32 bits there. To prevent us from running out of IP space again, IPv6 uses 128 bits! To put it in perspective, there are 100 times more usable IPv6 addresses than the number of atoms on the surface of the Earth. If we look at the different representations of an IPv6 address, we get the following:
| IPv6 Decimal | 43962 : 40734 : 51742 : 51400 : 33428 : 48204 : 11497 : 4970 |
| IPv6 Binary | 1010101110111010 : 1001111100011110 : 1100101000011110 : 1100100011001000 : 1000001010010100 : 1011110001001100 : 0010110011101001 : 0001001101101010 |
| IPv6 Hexidecimal | abba:9f1e:ca1e:c8c8:8294:bc4c:2ce9:136a |
As you can see, hexadecimal notation is MUCH easier for us humans to handle than binary. However, IPv6 addresses can still be pretty long. The average person can only recall lists of 7 items. Thankfully, there are conventions to shorten them such as omitting any redundant zeros.
Let’s look at a sample IPv6 address such as 2001:ef48:64a3:0000:0000:0000:32ad:0792
- Let’s look at the leading zeros. Look at the last octet (last 4 characters) in our example address. Like how we don’t write the number 8 as 008, we don’t want to write 792 as 0792, so we remove the leading zero.
Original 2001:ef48:64a3:0000:0000:0000:32ad:0792 Removed the leading zeros 2001:ef48:64a3:0000:0000:0000:32ad:792 - Next, we remove octets with 0000 as a value. We will refer to them as “gaps”. The convention for removing strings of gaps is to replace them with two colons (::).
Removed the leading Zeros 2001:ef48:64a3:0000:0000:0000:32ad:792 Removed ‘gaps” 2001:ef48:64a3::32ad:792 - Much better, right? Keep in mind that you can only remove one string of gaps. In other words, you cannot have two instances of double colons in your address. If there are multiple gaps not in a string, the left-most gap is reduced to double colons, and the remainder is reduced to a single zero. Except for in the case of double colons, there must always be at least one character per octet. For example:
| Original, with two sets of ‘gaps’ | 2001:ef48:64a3:0000:0000:32ad:0000:0792 |
| Removing the ‘gaps’ | 2001:ef48:64a3::32ad:0:0792 |
4. You can still remove the leading zeros if there are any. We only have 1 octet with a leading 0 now. The octet 0792. So seeing the process in its entirety would look like this:
| Original, with two sets of ‘gaps’ | 2001:ef48:64a3:0000:0000:32ad:0000:0792 |
| Remove the ‘gaps’ – left most string of zeros gets the :: and any other sting of zeros gets a single 0 | 2001:ef48:64a3::32ad:0:0792 |
| Remove any remaining leading 0s | 2001:ef48:64a3::32ad:0:792 |
IPv6 is very similar to IPv4 in its use. Recall that IPv4 addresses are broken up into a street and a house number. The street (routing prefix) is dictated by the subnet mask. If you have a mask of 255.255.255.0, or x.x.x.x/24 in CIDR, the first 24 bits of your address determine your routing prefix. In IPv6, it works similarly. Like IPv4, the routing prefix is determined by the mask. In IPv6, your subnet mask can be upwards of 64 bits. For instance, if our IPv6 address is 2001:ef48:64a3:0000:0000:0000:32ad:0792, then it would be broken into two parts:
| Routing Prefix | Host Identifier |
| 2001:ef48:64a3:0000: | 0000:0000:32ad:0792 |
Returning to the street address analogy, think of the routing prefix as a street name, and the host identifiers are the house numbers on that street. Just like how you would visit house 1234 on Elm Street, you would visit host 0000:0000:32ad:0792 at prefix 2001:ef48:64a3:0000
Now, with IPv6 we can be even more specific. Say you have a netmask of /48. Now only the first 48 bits represent the routing prefix. However, the 16 bits that were previously in the prefix are not allocated to the host identifier. These bits now identify the subnet your device is on.
Using the street address analogy, imagine the same road again. However, now imagine Elm Street has several alleys where people built houses after the neighborhood was constructed. If you want to find a house, in one of the alleys, you must first go down Elm Street and then the correct alley to get to the house. In order to get to house 1234, I must take Elm Street to Roadrunner Alley, then continue until I find house 1234. Returning to IPv6 land, if I want to find host 0000:0000:32ad:0792, I must first look on subnet 0000 on prefix 2001:ef48:64a3.
| We want to go to the house 2001:ef48:64a3:0000:0000:0000:32ad:0792/48 | |||||||
| 2001 | ef48 | 64a3 | 0000 | 0000 | 0000 | 32ad | 0792 |
| Street | Alley | House number | |||||
| Routing Prefix | Subnet | Host ID |
Now that we have covered routing prefixes and subnets, let’s look at the Host ID portion of the IPv6 address called the Extended Unique Identifier (EUI). The EUI consists of the MAC address of the interface. Recall from IPv4 that a MAC address is 48-bits long and consists of two parts, the manufacturer’s ID and the serial number. However, the IPv6 Host ID (EIU) is 64-bits long, so some conversion is necessary.
Uppercase or Lowercase when writing Hex digits
3c:27:be:56:1d:d0 vs. 3C:27:BE:56:1D:D0
- Officially
- In mathematics, any hexadecimal representation is done in lowercase.
- RFC 5952 says lowercase for cyber functions.
- Real-world
- It really depends on the interface being used. Sometimes it is easier to read the address if it uses all uppercase, other times, lowercase is easier to read.
- It doesn’t matter. We have more important things to care about.
- We split the MAC address into its constituent parts.
Given a MAC Address: 3c:27:be:56:1d:d0 3c:27:be 56:1d:d0 Manufacture’s ID (OUI – Organizationally Unique ID) Serial Number - Then we insert the MAC into the mold of an IPv6 host ID and add the reserved bits of FFFE to indicate an EUI-64 generated IPv6 address.
Given a MAC Address: 3c:27:be:56:1d:d0 3c 27 be add FF FE 56 1d d0 3c 27 be ff fe 56 1d d0 - Now we have to look at the first octet and change the universal/local bit. The bit is 7th from the left. The bit should be a 1, which indicates local, not a 0 which means universal.
Given a MAC Address: 3c:27:be:56:1d:d0 OUI IPv6 Reserve Serial Number 3c 27 be ff fe 56 1d d0 0011 1100 Convert to binary 0011 1100 Locate the universal/local (U/L) bit and check its setting. This is set to universal (0) 0011 1110 We flip this bit to local (1) 3e Convert the binary back to Hexidecmal which has now changed from 3c to 3e 3e 27 be ff fe 56 1d d0 Resulting IPv6 Host ID 3e27:beff:fe56:1dd0 - Practice your IPv6 knowledge with these questions:
Now we look at how an IPv4 address is converted to an IPv6 address. This occurs when a network is using IPv4, but the packets need to tunnel through an IPv6 network to another IPv4 network. This is called 6to4 notation. The 6to4 tunnel concatenates the IPv4 address to the IPv6 address 2002::/16
Let’s use the following IPv4 address as our example: 192.168.50.14
| Start with IPv4 address | 192 | 168 | 50 | 14 |
| Convert to binary | 1100 0000 | 1010 1000 | 0011 0010 | 0000 1110 |
| Convert to Hex | c0 | a8 | 32 | 0e |
| CAT 2002::/16 | 2002 | c0 a8 | 32 0e | ::1/64 |
| Result an IPv6 address | 2002:c0a8:320e::1/64 |
Phase II – IPv6 MiniLab
Here we’ll showcase IPv6 in action. It’s important to remember that IPv6 functions very similarly to IPv4 in practice.
- Open GNS3 and create a new project. Title the project appropriately
- Add a switch and two VPCs to the network
- Connect the VPCs to the switch
- Select a routing prefix through random generation. In our example we’ll be using 2001:db8::/32
- Select a host ID for each VPC. In our example the host IDs are ::2 and ::3
- Open the console for the first VPC and assign it the IPv6 address. Note that you can use the abbreviated address in the VPC
ip 2001:db8::2/32
- Now open a Wireshark capture on either of the connections. Then, use the ping command to ping the other host on the network
ping 2001:db8::3/32
- On Wireshark you should see that this operates exactly like an IPv4 address in practice. The only difference is the elimination of Network Address Translation and DHCP since we have enough IP addresses for every device to have one
Phase III – Prefix Designation
- On the same GNS3 project add a MikroTik router to the workspace and connect it to the switch
- Start the MikroTik router and open the console
- Use the following command to assign the router an IPv6 address
ipv6 address add address=2001:db8::1/32 interface=ether1
- Attach a Ubuntu Desktop machine to the switch but do not start it yet
- Open a Wireshark capture on the link between the router and the switch
- Start the Ubuntu Desktop machine and open a terminal. Utilize the command
ip add
- In Wireshark you should see a router solicitation and a router reply. In the terminal the machine should now have an IPv6 address assigned with the prefix 2001:db8
End of Lab
Deliverables
Complete this worksheet and turn it in to receive credit for this exercise: Worksheet
Homework
Assignment 1 – Create your own GNS3 IPv6 network
- Use a different IPv6 routing prefix
- Connect it to the router from the minilab and use it for prefix designation
- Make sure the new network can ping the old one
Suggested Grading Criteria:
- Screenshot of GNS3 network
- Screenshot of pinging the old network form the new network