Understanding IPv6 Addressing

This topic gives an overview of IP version 6 (IPv6). Then it covers the IPv6 address, including use of its header fields.

This topic includes the following sections:

IPv6 and the Cloud

The ongoing expansive growth of the Internet and the need to provide IP addresses to accommodate it—including addresses for virtualized machines and resources in the cloud—is accelerating the emergent use of IPv6. IPv6 with its robust architecture was designed to support increasing numbers of new users, computer networks, Internet-enabled devices, applications for collaboration and communication, and virtualized resources. As they increase in number, applications and services within clouds render the need for transition to IPv6 even more immediate. In this and other regards, the cloud and IPv6 are intrinsic affiliates.

Whether physical or virtual, every machine requires an IP address. Because of its address size, IPv6 allows for infrastructure scalability, and the cloud allows for agility. vGW Series secures virtualized environments in the cloud and it allows for IPv6 communication. Without the scalability that IPv6 gives it, the cloud cannot extend to enable the plans and goals that are being generated for its use by companies and service providers.

As enterprise data centers and service providers undergo the transition to cloud computing, they are also evolving to support IPv6, and the two transitions are deeply related. In some cases, organizations are making the transition to the cloud and IPv6 concurrently. As they transition to the cloud, organizations and companies want to know that their data is secure. vGW Series meets these requirements in its ability to secure the virtualized network and its support of IPv6, including support for IPv4 and IPv6 dual stack, which is commonly used by companies to manage their IP transition.

IPv6 and IPv4

The number of available IPv4 addresses is limited by the IPv4 32-bit address size. IPv6, which was designed in part to fix the address limitations of IPv4, is defined by a 128-bit address size. IPv4 is widely used throughout the world today for the Internet, intranets, and private networks, but it is nearing the point where its addresses are becoming scarce and it could run out of them. IPv4 has been extended using techniques such as Network Address Translation (NAT), which allows for ranges of private addresses to be represented by a single public address, and temporary address assignment. Although useful, these techniques fall short of the requirements of environments such as virtualized networks and cloud applications, Internet-based consumer appliances, always-on systems, and continuously emerging wireless technologies.

IPv6 Address Space, Addressing, and Address Types

This section covers IPv6 addressing, and it identifies its three types of addresses. Addressing is the area where most of the differences between IPv4 and IPv6 exist, but the changes are largely about the ways in which addresses are implemented and used. IPv6 has a vastly larger address space than the impending exhausted IPv4 address space. IPv6 increases the size of the IP address from the 32 bits that compose an IPv4 address to 128 bits. Each extra bit given to an address doubles the size of the address space.

In addition to the increased address space, IPv6 differs from IPv4 in regard to addresses in the following ways. IPv6:

The IPv6 Basic Packet Header

This section identifies the IPv6 basic packet header fields including their bit lengths and uses. See Table 1.

Table 1: IPv6 Basic Packet Header Fields

Header Name

Bit Length

Purpose

Version

4

IPv6 version field that specifies a value of 6 indicating that IPv6 is used, as opposed to 4 for IPv4.

Traffic Class

8

Allows source nodes or routers to identify different classes (or priorities for quality of service) for IPv6 packets. (This field replaces the IPv4 Type of Service field.)

Flow Label

20

Identifies the flow to which the packet belongs. Packets in a flow share a common purpose, or belong to a common category, as interpreted by external devices such as routers or destination hosts.

Payload Length

16

Specifies the length of the IPv6 packet payload, or contents, expressed in octets.

Next Header

8

Identifies the type of Internet Protocol for the header that immediately follows the IPv6 header.

The Next Header field replaces the IPv4 Protocol field. It is an optional field. It can contain:

  • an IPv6 extension header type. For example, when security is performed on exchanged packets, the Next Header value is probably 50 (ESP extension header) or 51 (AH extension header).
  • an upper-layer Protocol Data Unit (PDU). For example, the Next Header value could be 6 (for TCP), 17 (for UDP), or 58 (for ICMPv6).
  • unknown

Hop Limit

8

Specifies the maximum number of hops the packet can make.

Source IP Address

128

Identifies the host device, or interface on a host, that generated the IPv6 packet.

Destination IP Address

128

Identifies the host device, or interface on a host, to which the IPv6 packet is to be sent.

vGW Series examines the header called next-header, and if it encounters one of the following extension headers, the software parses it, and it regards the packet as belonging to the corresponding protocol:

The IPv6 Packet Header Extensions

This section defines IP version 6 (IPv6) packet header extensions.

IPv6 extension headers contain supplementary information used by network devices (such as routers, switches, and endpoint hosts) to decide how to direct or process an IPv6 packet. The length of each extension header is an integer multiple of 8 octets. This allows subsequent extension headers to use 8-octet structures.

Any header followed by an extension header contains a Next Header value that identifies the extension header type. Extension headers always follow the basic IPv6 header in order as shown in Table 2:

Note: The destination IP address can appear twice, once after the hop-by-hop header and another after the last extension header.

Table 2: IPv6 Extension Headers

Header Name

Purpose

Hop-by-Hop Options

Specifies delivery parameters at each hop on the path to the destination host.

Note: A hop-by-hop option can appear only following the IPv6 basic header. If it is used, it should be the first extension header. It cannot appear after another extension header.

Destination Options

Specifies packet delivery parameters for either intermediate destination devices or the final destination host. When a packet uses this header, the Next Header value of the previous header must be 60.

Routing

Defines strict source routing and loose source routing for the packet. (With strict source routing, each intermediate destination device must be a single hop away. With loose source routing, intermediate destination devices can be one or more hops away.) When a packet uses this header, the Next Header value of the previous header must be 43.

Fragment

Specifies how to perform IPv6 fragmentation and reassembly services. When a packet uses this header, the Next Header value of the previous header must be 44.

A source host uses the fragment extension header to tell the destination host the size of the packet that was fragmented so that the destination host can reassemble the packet.

Authentication

Provides authentication, data integrity, and anti-replay protection. When a packet uses this header, the Next Header value of the previous header must be 51.

Encapsulating Security Payload

Provides data confidentiality, data authentication, and anti-replay protection for Encapsulated Security Payload (ESP) packets. When a packet uses this header, the Next Header value of the previous header must be 50.

Destination IP Address

Identifies the host device, or interface on a host, to which the IPv6 packet is to be sent.

Note: The destination address may appear twice, the first instance after the hop limit following the source IP address and the second instance after the final extension header.

The IPv6 Address Format

This section explains the format for IPv6 addresses, including how to compress them, and it gives some examples.

All IPv6 addresses are 128 bits long, written as 8 sections of 16 bits each. They are expressed in hexadecimal representation, so the sections range from 0 to ffff. Sections are delimited by colons, and leading zeroes in each section may be omitted. If two or more consecutive sections have all zeroes, they can be collapsed to a double colon.

Address Assignment and IPv6

The IPv6 stateless autoconfiguration feature allows network devices attached to an IPv6 network to automatically acquire IP addresses and connect to the Internet without intermediate interaction with a DHCPv6 server.

IPv6 requires that every network interface on which the protocol is enabled have a link-local address bound to it, even when a routable address is assigned to it. Link-local addresses are not routable. They are unique addresses in that only local traffic can be sent to them.

A link-local address is not assigned by DHCP. Consequently, IPv6 hosts often have more than one IPv6 address assigned to each of their IPv6-enabled network interfaces. Link-local addresses may be assigned statefully through mechanisms such as DHCP, but most often they are assigned using stateless autoconfiguration.

The link-local address is required for IPv6 sublayer operations of the Neighbor Discovery Protocol (NDP). NDP is an IP protocol used with IPv6 for address autoconfiguration of nodes, nodes discovery, location of routers and DNS servers, node reachability, identification of paths to active neighbor nodes, and other services related to address detection.

Note: You can create policies to restrict access to certain link-local addresses as required for your environment.

Related Documentation