IPv4 and IPv6 Protocol Families

IPv4 Classful Addressing

To provide flexibility in the number of addresses distributed to networks of different sizes, 4-octet (32-bit) IP addresses were originally divided into three different categories or classes: class A, class B, and class C. Each address class specifies a different number of bits for its network prefix and host number:

• Class A addresses use only the first byte (octet) to specify the network prefix, leaving 3 bytes to define individual host numbers.

• Class B addresses use the first 2 bytes to specify the network prefix, leaving 2 bytes to define host addresses.

• Class C addresses use the first 3 bytes to specify the network prefix, leaving only the last byte to identify hosts.

In binary format, with an x representing each bit in the host number, the three address classes can be represented as follows:

Because each bit (x) in a host number can have a 0 or 1 value, each represents a power of 2. For example, if only 3 bits are available for specifying the host number, only the following host numbers are possible:

In each IP address class, the number of host-number bits raised to the power of 2 indicates how many host numbers can be created for a particular network prefix. Class A addresses have 2²⁴ (or 16,777,216) possible host numbers, class B addresses have 2¹⁶ (or 65,536) host numbers, and class C addresses have 2⁸ (or 256) possible host numbers.

IPv4 Dotted Decimal Notation

The 32-bit IPv4 addresses are most often expressed in dotted decimal notation, in which each octet (or byte) is treated as a separate number. Within an octet, the rightmost bit represents 2⁰ (or 1), increasing to the left until the first bit in the octet is 2⁷ (or 128). Following are IP addresses in binary format and their dotted decimal equivalents:

IPv4 Subnetting

Because of the physical and architectural limitations on the size of networks, you often must break large networks into smaller subnetworks. Within such a subnetted network, each interface requires its own network number and identifying subnet address.

Note:

The IP routing world has shifted to Classless Inter-Domain Routing (CIDR). As its name implies, CIDR eliminates the notion of address classes and simply conveys a network prefix along with a mask. The mask indicates which bits in the address identify the network (the prefix). This document discusses subnetting in the traditional context of classful IP addresses.

Figure 1 shows a network that comprises of three subnets.

Figure 1 shows three devices connected to the Alpha subnet on the left, three devices connected to the Beta subnet on the right, and a third subnet named Gamma that interconnects the left and right subnets over a WAN link. Collectively, the six devices and three subnets are contained within the larger class B network prefix. In this example, the organization is assigned the network prefix 172.16/16, which is a class B address. Each subnet is assigned an IP address that falls within this class B network prefix.

In addition to sharing the class B network prefix (the first two octets), each subnet shares the third octet. Because we are using a /24 network mask with a class B address, the third octet identifies the subnet. All devices on a subnet must have the same subnet address. In this case, the Alpha subnet has the IP address 172.16.1.0/24, the Beta subnet has the IP address 172.16.2.0/24, and the Gamma subnet is assigned 172.16.10.10/24.

Taking one of these subnets as an example, the Beta subnet address 172.16.2.0/24 is represented in binary notation as:

Because the first 24 bits in the 32-bit address identify the subnet, the last 8 bits are available to assign to hosts attachments on each subnet. To reference a subnet, the address is written as 172.16.10.0/24 (or just 172.16.10/24). The /24 indicates the length of the subnet mask (sometimes written as 255.255.255.0). This network mask indicates that the first 24 bits identify the network and subnetwork while the last 8 bits identify hosts on the respective subnetwork.

IPv4 Variable-Length Subnet Masks (VLSMs)

Traditionally, subnets were divided by address class. Subnets had 8, 16, or 24 significant bits, corresponding to 2²⁴, 2¹⁶, or 2⁸ possible hosts, respectively. As a result, an entire /16 subnet had to be allocated for a network that required only 400 addresses, wasting 65,136 (2¹⁶ – 400 = 65,136) addresses.

To help allocate address spaces more efficiently, VLSMs were introduced. Using VLSM, network architects can allocate more precisely the number of addresses required for a particular subnet.

For example, suppose a network with the prefix 192.14.17/24 is divided into two smaller subnets, one consisting of 18 devices and the other of 46 devices.

To accommodate 18 devices, the first subnet must have 2⁵ (32) host numbers. Having 5 bits assigned to the host number leaves 27 bits of the 32-bit address for the subnet. The IP address of the first subnet is therefore 192.14.17.128/27, or the following in binary notation:

The subnet mask includes 27 significant digits.

To create the second subnet of 46 devices, the network must accommodate 2⁶ (64) host numbers. The IP address of the second subnet is 192.14.17.64/26, or

By assigning address bits within the larger /24 subnet mask, you create two smaller subnets that use the allocated address space more efficiently.

What Is IPv6?

The ongoing expansive growth of the Internet and the need to provide IP addresses to accommodate it—to support increasing numbers of new users, computer networks, Internet-enabled devices, and new and improved applications for collaboration and communication—is escalating the emergent use of a new IP protocol. IPv6, with its robust architecture, was designed to satisfy these current and anticipated near future requirements.

IPv4 is widely used throughout the world today for the Internet, intranets, and private networks. IPv6 builds upon the functionality and structure of IPv4 in the following ways:

• Provides a simplified and enhanced packet header to allow for more efficient routing.

• Improves support for mobile phones and other mobile computing devices.

• Enforces increased, mandatory data security through IPsec (which was originally designed for it).

• Provides more extensive QoS support.

IPv6 addresses consist of 128 bits, instead of 32 bits, and include a scope field that identifies the type of application suitable for the address. IPv6 does not support broadcast addresses, but uses multicast addresses for broadcast. In addition, IPv6 defines a new type of address called anycast.

IPv6 Address Types

IPv6 includes the following types of addresses:

• Unicast

  A unicast address specifies an ID for a single interface to which packets are delivered. Under IPv6, the vast majority of Internet traffic is foreseen to be unicast. It is for this reason that the largest assigned block of the IPv6 address space is dedicated to unicast addressing. Unicast addresses include all addresses other than loopback, multicast, link-local-unicast, and unspecified.

  For SRX Series Firewalls, the flow module supports the following kinds of IPv6 unicast packets:

  • Pass-through unicast traffic, including traffic from and to virtual routers. The device transmits pass-through traffic according to its routing table.

  • Host-inbound traffic from and to devices directly connected to SRX Series Firewall interfaces. For example, host-inbound traffic includes logging, routing protocol, and management types of traffic. The flow module sends the unicast packets to the Routing Engine and receives the packets from it. Traffic is processed by the Routing Engine instead of by the flow module, based on routing protocols defined for the Routing Engine.

    The flow module supports all routing and management protocols that run on the Routing Engine. Some examples are:

    • OSPFv3,

    • RIPng

    • TELNET

    • SSH

• Multicast

  A multicast address specifies an ID for a set of interfaces that typically belong to different nodes. It is identified by a value of 0xFF. IPv6 multicast addresses are distinguished from unicast addresses by the high-order octet value of the addresses.

  The devices support only host-inbound and host-outbound multicast traffic. Host inbound traffic includes logging, routing protocols, management traffic, and so on.

• Anycast

  An anycast address specifies an ID for a set of interfaces that typically belong to different nodes. A packet with an anycast address is delivered to the nearest node, according to routing protocol rules.

  No difference between anycast addresses and unicast addresses except for the subnet-router address. For an anycast subnet-router address, the low order bits, typically 64 or more, are zeros. Anycast addresses are taken from the unicast address space.

  The flow module treats anycast packets in the same way as it handles unicast packets. If an anycast packet is intended for the device, it is treated as host-inbound traffic. It delivers it to the protocol stack which continues processing it.

IPv6 Address Scope

Unicast and multicast IPv6 addresses support address scoping, which identifies the application suitable for the address.

Unicast addresses support global address scope and two types of local address scope:

• Link–local unicast addresses—Used only on a single network link. The first 10 bits of the prefix identify the address as a link-local address. Link-local addresses cannot be used outside the link.

• Site-local unicast addresses—Used only within a site or intranet. A site consists of multiple network links. Site-local addresses identify nodes inside the intranet and cannot be used outside the site.

Multicast addresses support 16 different types of address scope, including the following:

• Node

• Link

• Site

• Organization

• Global scope

A 4-bit field in the prefix identifies the address scope.

IPv6 Address Structure

Unicast addresses identify a single interface. Each unicast address consists of n bits for the prefix, and 128 – n bits for the interface ID.

Multicast addresses identify a set of interfaces. Each multicast address consists of the first 8 bits of all 1s, a 4-bit flags field, a 4-bit scope field, and a 112-bit group ID:

The first octet of 1s identifies the address as a multicast address. The flags field identifies whether the multicast address is a well-known address or a transient multicast address. The scope field identifies the scope of the multicast address. The 112-bit group ID identifies the multicast group.

Similar to multicast addresses, anycast addresses identify a set of interfaces. However, packets are sent to only one of the interfaces, not to all interfaces. Anycast addresses are allocated from the normal unicast address space and cannot be distinguished from a unicast address in format. Therefore, each member of an anycast group must be configured to recognize certain addresses as anycast addresses.

IPv6 Address Space, Addressing, and Address Types

Addressing is the area where most of the differences between IPv4 and IPv6 exist, but the changes are largely about the ways in which addresses are implemented and used. IPv6 has a vastly larger address space than the impending exhausted IPv4 address space. IPv6 increases the size of the IP address from the 32 bits that compose an IPv4 address to 128 bits. Each extra bit given to an address doubles the size of the address space.

IPv4 has been extended using techniques such as NAT, which allows for ranges of private addresses to be represented by a single public address, and temporary address assignment. Although useful, these techniques fall short of the requirements of novel applications and environments such as emerging wireless technologies, always-on environments, and Internet-based consumer appliances.

In addition to the increased address space, IPv6 addresses differ from IPv4 addresses in the following ways:

• Include a scope field that identifies the type of application that the address pertains to.

• Do not support broadcast addresses, but instead uses multicast addresses to broadcast a packet.

• Define a new type of address, called anycast.

IPv6 Address Format

All IPv6 addresses are 128 bits long, written as 8 sections of 16 bits each. The addresses are expressed in a hexadecimal representation. So the sections range from 0 to FFFF. Sections are delimited by colons, and leading zeros in each section might be omitted. If two or more consecutive sections have all zeros, the sections can be collapsed to a double colon.

IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by colons (:). IPv6 addresses have the following format:

Each aaaa is a 16-bit hexadecimal value, and each a is a 4-bit hexadecimal value. Following is a sample IPv6 address:

You can omit the leading zeros of each 16-bit group, as follows:

You can compress 16-bit groups of zeros to double colons (::) as shown in the following example, but only once per address:

An IPv6 address prefix is a combination of an IPv6 prefix (address) and a prefix length. The prefix takes the form ipv6-prefix/prefix-length and represents a block of address space (or a network). The ipv6-prefix variable follows general IPv6 addressing rules. The prefix-length variable is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address. For example, 10FA:6604:8136:6502::/64 is a possible IPv6 prefix with zeros compressed. The site prefix of the IPv6 address 10FA:6604:8136:6502::/64 is contained in the left most 64 bits, 10FA:6604:8136:6502.

For more information about the text representation of IPv6 addresses and address prefixes, see RFC 4291, IP Version 6 Addressing Architecture.