Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding IPv4 and IPv6 Protocol Family

IPv4 addresses are 32-bit numbers that are typically displayed in dotted decimal notation and contains two primary parts: the network prefix and the host number. The topics below describes the IPv4 Classful Addressing, IPv4 Dotted Decimal Notation, IPv4 Subnetting, IPv4 Variable-Length Subnet Masks, understanding IP Version 6, IPv6 address types and use of them in Junos OS RX Series Services Gateway, and configuration of inet6 IPv6 Protocol Family.

Understanding IPv4 Addressing

IPv4 addresses are 32-bit numbers that are typically displayed in dotted decimal notation. A 32-bit address contains two primary parts: the network prefix and the host number.

All hosts within a single network share the same network address. Each host also has an address that uniquely identifies it. Depending on the scope of the network and the type of device, the address is either globally or locally unique. Devices that are visible to users outside the network (webservers, for example) must have a globally unique IP address. Devices that are visible only within the network must have locally unique IP addresses.

IP addresses are assigned by a central numbering authority called the Internet Assigned Numbers Authority (IANA). IANA ensures that addresses are globally unique where needed and has a large address space reserved for use by devices not visible outside their own networks.

This topic contains the following sections:

IPv4 Classful Addressing

To provide flexibility in the number of addresses distributed to networks of different sizes, 4-octet (32-bit) IP addresses were originally divided into three different categories or classes: class A, class B, and class C. Each address class specifies a different number of bits for its network prefix and host number:

  • Class A addresses use only the first byte (octet) to specify the network prefix, leaving 3 bytes to define individual host numbers.

  • Class B addresses use the first 2 bytes to specify the network prefix, leaving 2 bytes to define host addresses.

  • Class C addresses use the first 3 bytes to specify the network prefix, leaving only the last byte to identify hosts.

In binary format, with an x representing each bit in the host number, the three address classes can be represented as follows:

Because each bit (x) in a host number can have a 0 or 1 value, each represents a power of 2. For example, if only 3 bits are available for specifying the host number, only the following host numbers are possible:

In each IP address class, the number of host-number bits raised to the power of 2 indicates how many host numbers can be created for a particular network prefix. Class A addresses have 224 (or 16,777,216) possible host numbers, class B addresses have 216 (or 65,536) host numbers, and class C addresses have 28 (or 256) possible host numbers.

IPv4 Dotted Decimal Notation

The 32-bit IPv4 addresses are most often expressed in dotted decimal notation, in which each octet (or byte) is treated as a separate number. Within an octet, the rightmost bit represents 20 (or 1), increasing to the left until the first bit in the octet is 27 (or 128). Following are IP addresses in binary format and their dotted decimal equivalents:

IPv4 Subnetting

Because of the physical and architectural limitations on the size of networks, you often must break large networks into smaller subnetworks. Within a such a subnetted network, each interface requires its own network number and identifying subnet address.


The IP routing world has shifted to Classless Inter-Domain Routing (CIDR). As its name implies, CIDR eliminates the notion of address classes and simply conveys a network prefix along with a mask. The mask indicates which bits in the address identify the network (the prefix). This document discusses subnetting in the traditional context of classfull IP addresses.

Figure 1 shows a network comprised of three subnets.

Figure 1: Subnets in a Network Subnets in a Network

Figure 1 shows three devices connected to the Alpha subnet on the left, three devices connected to the Beta subnet on the right, and a third subnet named Gamma that interconnects the left and right subnets over a WAN link. Collectively, the six devices and three subnets are contained within the larger class B network prefix. In this example, the organization is assigned the network prefix 172.16/16, which is a class B address. Each subnet is assigned an IP address that falls within this class B network prefix.

In addition to sharing the class B network prefix (the first two octets), each subnet shares the third octet. Because we are using a /24 network mask in conjunction with a class B address, the third octet identifies the subnet. All devices on a subnet must have the same subnet address. In this case, the alpha subnet has the IP address, the beta subnet has the IP address, and the Gamma subnet is assigned

Taking one of these subnets as an example, the Beta subnet address is represented in binary notation as:

Because the first 24 bits in the 32-bit address identify the subnet, the last 8 bits are available to assign to hosts attachments on each subnet. To reference a subnet, the address is written as (or just 172.16.10/24). The /24 indicates the length of the subnet mask (sometimes written as This network mask indicates that the first 24 bits identify the network and subnetwork while the last 8 bits identify hosts on the respective subnetwork.

IPv4 Variable-Length Subnet Masks

Traditionally, subnets were divided by address class. Subnets had either 8, 16, or 24 significant bits, corresponding to 224, 216, or 28 possible hosts. As a result, an entire /16 subnet had to be allocated for a network that required only 400 addresses, wasting 65,136 (216 – 400 = 65,136) addresses.

To help allocate address spaces more efficiently, variable-length subnet masks (VLSMs) were introduced. Using VLSM, network architects can allocate more precisely the number of addresses required for a particular subnet.

For example, suppose a network with the prefix 192.14.17/24 is divided into two smaller subnets, one consisting of 18 devices and the other of 46 devices.

To accommodate 18 devices, the first subnet must have 25 (32) host numbers. Having 5 bits assigned to the host number leaves 27 bits of the 32-bit address for the subnet. The IP address of the first subnet is therefore, or the following in binary notation:

The subnet mask includes 27 significant digits.

To create the second subnet of 46 devices, the network must accommodate 26 (64) host numbers. The IP address of the second subnet is, or

By assigning address bits within the larger /24 subnet mask, you create two smaller subnets that use the allocated address space more efficiently.

Understanding IPv6 Address Space, Addressing, Address Format, and Address Types

Understanding IP Version 6 (IPv6)

The ongoing expansive growth of the Internet and the need to provide IP addresses to accommodate it—to support increasing numbers of new users, computer networks, Internet-enabled devices, and new and improved applications for collaboration and communication—is escalating the emergent use of a new IP protocol. IPv6, with its robust architecture, was designed to satisfy these current and anticipated near future requirements.

IP version 4 (IPv4) is widely used throughout the world today for the Internet, intranets, and private networks. IPv6 builds upon the functionality and structure of IPv4 in the following ways:

  • Provides a simplified and enhanced packet header to allow for more efficient routing.

  • Improves support for mobile phones and other mobile computing devices.

  • Enforces increased, mandatory data security through IPsec (which was originally designed for it).

  • Provides more extensive quality-of-service (QoS) support.

IPv6 addresses consist of 128 bits, instead of 32 bits, and include a scope field that identifies the type of application suitable for the address. IPv6 does not support broadcast addresses, but instead uses multicast addresses for broadcast. In addition, IPv6 defines a new type of address called anycast.

Understanding IPv6 Address Types and How Junos OS for SRX Series Services Gateway Uses Them

IP version 6 (IPv6) includes the following types of addresses:

  • Unicast

    A unicast address specifies an identifier for a single interface to which packets are delivered. Under IPv6, the vast majority of Internet traffic is foreseen to be unicast, and it is for this reason that the largest assigned block of the IPv6 address space is dedicated to unicast addressing. Unicast addresses include all addresses other than loopback, multicast, link-local-unicast, and unspecified.

    For SRX Series devices, the flow module supports the following kinds of IPv6 unicast packets:

    • Pass-through unicast traffic, including traffic from and to virtual routers. The device transmits pass-through traffic according to its routing table.

    • Host-inbound traffic from and to devices directly connected to SRX Series interfaces. For example, host-inbound traffic includes logging, routing protocol, and management types of traffic. The flow module sends these unicast packets to the Routing Engine and receives them from it. Traffic is processed by the Routing Engine instead of by the flow module, based on routing protocols defined for the Routing Engine.

      The flow module supports all routing and management protocols that run on the Routing Engine. Some examples are OSPFv3, RIPng, TELNET, and SSH.

  • Multicast

    A multicast address specifies an identifier for a set of interfaces that typically belong to different nodes. It is identified by a value of 0xFF. IPv6 multicast addresses are distinguished from unicast addresses by the value of the high-order octet of the addresses.

    The devices support only host-inbound and host-outbound multicast traffic. Host inbound traffic includes logging, routing protocols, management traffic, and so on.

  • Anycast

    An anycast address specifies an identifier for a set of interfaces that typically belong to different nodes. A packet with an anycast address is delivered to the nearest node, according to routing protocol rules.

    There is no difference between anycast addresses and unicast addresses except for the subnet-router address. For an anycast subnet-router address, the low order bits, typically 64 or more, are zero. Anycast addresses are taken from the unicast address space.

    The flow module treats anycast packets in the same way as it handles unicast packets. If an anycast packet is intended for the device, it is treated as host-inbound traffic, and it delivers it to the protocol stack which continues processing it.

IPv6 Address Scope

Unicast and multicast IPv6 addresses support address scoping, which identifies the application suitable for the address.

Unicast addresses support global address scope and two types of local address scope:

  • Link-local unicast addresses—Used only on a single network link. The first 10 bits of the prefix identify the address as a link-local address. Link-local addresses cannot be used outside the link.

  • Site-local unicast addresses—Used only within a site or intranet. A site consists of multiple network links. Site-local addresses identify nodes inside the intranet and cannot be used outside the site.

Multicast addresses support 16 different types of address scope, including node, link, site, organization, and global scope. A 4-bit field in the prefix identifies the address scope.

IPv6 Address Structure

Unicast addresses identify a single interface. Each unicast address consists of n bits for the prefix, and 128 – n bits for the interface ID.

Multicast addresses identify a set of interfaces. Each multicast address consists of the first 8 bits of all 1s, a 4-bit flags field, a 4-bit scope field, and a 112-bit group ID:

The first octet of 1s identifies the address as a multicast address. The flags field identifies whether the multicast address is a well-known address or a transient multicast address. The scope field identifies the scope of the multicast address. The 112-bit group ID identifies the multicast group.

Similar to multicast addresses, anycast addresses identify a set of interfaces. However, packets are sent to only one of the interfaces, not to all interfaces. Anycast addresses are allocated from the normal unicast address space and cannot be distinguished from a unicast address in format. Therefore, each member of an anycast group must be configured to recognize certain addresses as anycast addresses.

Understanding IPv6 Address Space, Addressing, and Address Types

Addressing is the area where most of the differences between IP version 4 (IPv4) and IPv6 exist, but the changes are largely about the ways in which addresses are implemented and used. IPv6 has a vastly larger address space than the impending exhausted IPv4 address space. IPv6 increases the size of the IP address from the 32 bits that compose an IPv4 address to 128 bits. Each extra bit given to an address doubles the size of the address space.

IPv4 has been extended using techniques such as Network Address Translation (NAT), which allows for ranges of private addresses to be represented by a single public address, and temporary address assignment. Although useful, these techniques fall short of the requirements of novel applications and environments such as emerging wireless technologies, always-on environments, and Internet-based consumer appliances.

In addition to the increased address space, IPv6 addresses differ from IPv4 addresses in the following ways:

  • Includes a scope field that identifies the type of application that the address pertains to

  • Does not support broadcast addresses, but instead uses multicast addresses to broadcast a packet

  • Defines a new type of address, called anycast

Understanding IPv6 Address Format

All IPv6 addresses are 128 bits long, written as 8 sections of 16 bits each. They are expressed in hexadecimal representation, so the sections range from 0 to FFFF. Sections are delimited by colons, and leading zeroes in each section may be omitted. If two or more consecutive sections have all zeroes, they can be collapsed to a double colon.

IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by colons (:). IPv6 addresses have the following format:

Each aaaa is a 16-bit hexadecimal value, and each a is a 4-bit hexadecimal value. Following is a sample IPv6 address:

You can omit the leading zeros of each 16-bit group, as follows:

You can compress 16-bit groups of zeros to double colons (::) as shown in the following example, but only once per address:

An IPv6 address prefix is a combination of an IPv6 prefix (address) and a prefix length. The prefix takes the form ipv6-prefix/prefix-length and represents a block of address space (or a network). The ipv6-prefix variable follows general IPv6 addressing rules. The prefix-length variable is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address. For example, 10FA:6604:8136:6502::/64 is a possible IPv6 prefix with zeros compressed. The site prefix of the IPv6 address 10FA:6604:8136:6502::/64 is contained in the left most 64 bits, 10FA:6604:8136:6502.

For more information on the text representation of IPv6 addresses and address prefixes, see RFC 4291, IP Version 6 Addressing Architecture.


SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices have the following limitations:

  • Changes in source AS and destination AS are not immediately reflected in exported flows.

  • IPv6 traffic transiting over IPv4 based IP over IP tunnel (for example, IPv6-over-IPv4 using ip-x/x/x interface) is not supported.

Configuring the inet6 IPv6 Protocol Family

In configuration commands, the protocol family for IPv6 is named inet6. In the configuration hierarchy, instances of inet6 are parallel to instances of inet, the protocol family for IPv4. In general, you configure inet6 settings and specify IPv6 addresses in parallel to inet settings and IPv4 addresses.


On SRX Series devices, on configuring identical IPs on a single interface, you will not see a warning message; instead, you will see a syslog message.

The following example shows the CLI commands you use to configure an IPv6 address for an interface: