IPv6 Configuration

This chapter covers the following exam topics:

1.0 Network Fundamentals

1.9 Compare and contrast IPv6 address types

1.9.a Global unicast

1.9.b Unique local

1.9.c Link local

1.9.d Anycast

1.9.e Multicast

1.9.f Modified EUI 64

Configuring the Full 128-Bit Address

To statically configure the full 128-bit unicast address—either global unicast or unique local—the router needs an ipv6 address address/prefix-length interface subcommand on each interface. The address can be an abbreviated IPv6 address or the full 32-digit hex address. The command includes the prefix length value, at the end, with no space between the address and prefix length.

ubnet RI GO/O/O Subnet GO/O Subnet Figure 24-3 Sample 128-bit IPv6 Addresses to Be Configured on Cisco Router Interfaces “>

lick here to view code image ipv6 unicast-routing interface GigabitEthernete/e interface GigabitEthernete/e/0 “>

lick here to view code image ipv6 unicast-routing interface GigabitEthernete/e interface GigabitEthernete/1/0 “>

both abbreviated and unabbreviated addresses, and both lowercase and uppercase hex digits, showing that all are allowed.

Enabling IPv6 Routing

IPv6 routing is not enabled by default. The solution takes only a single command—ipv6 unicast-routing—which enables IPv6 routing on the router.

A router must enable IPv6 globally (ipv6 unicast-routing) and enable IPv6 on the interface (ipv6 address) before the router will attempt to route IPv6 packets in and out an interface. If you omit the ipv6 unicast-routing command but configure interface IPv6 addresses, the router will not route any received IPv6 packets, but the router will act as an IPv6 host. If you include the ipv6 unicast-routing command but omit all the interface IPv6 addresses, the router will be ready to route IPv6 packets but have no interfaces that have IPv6 enabled, effectively disabling IPv6 routing

Verifying the IPv6 Address Configuration

The show ipv6 interface brief command gives you interface IPv6 address info, but not prefix length info, similar to the IPv4 show ip interface brief command.

this command lists IPv6 addresses, but not the prefix length or prefixes.

The show ipv6 interface command gives the details of IPv6 interface settings, much like the show ip interface command does for IPv4.

the show interfaces command still lists the IPv4 address and mask but tells us nothing about IPv6. So, to see IPv6 interface addresses, use commands that begin with show ipv6

Generating a Unique Interface ID Using Modified EUI-64

The router then uses EUI-64 rules to create the interface ID part of the address, as follows:

Key Topic.

Split the 6-byte (12-hex-digit) MAC address in two halves (6 hex digits each).

Insert FFFE in between the two, making the interface ID now have a total of 16 hex digits (64 bits).

Invert the seventh bit of the interface ID.

ey Topic Defined by Configuration Subnet Prefix Calculated by Router Using EUl-64 1st Half of MAC Invert 7th Bit, 1st Byte (Reading Left to Right) FFFE 2nd Half of MAC Figure 24-4 IPv6 Address Format with Interface ID and EUI-64 “>

0000 oo o 0000 oo» 02 First 2 Hex Digits Convert to Binary Invert 7th Bit @ Convert to Hex Example 2 16 0001 Olio 0001 0100 14 Binary Binary Figure 24-6 Inverting the Seventh Bit of an EUI-64 Interface ID Field “>

tep 2: Little Space A c B A Little Space Figure 24-7 A Mnemonic Device to Help Memorize Bit Inversion Shortcut “>

Table 24-2 lists some practice problems,

ipv6 address address/prefix-length eui-64 interface subcommand.

pv6 unicast-routing ! The ipv6 address command now lists a prefix, interface GigabitEthernetø,‘0 mac-address €201. aaeø. interface GigabitEthernetø,‘0/Ø RI* show ipv6 interface brief GigabitEthernete/e [up/up] not the full address GigabitEthernete/1 unassigned [administratively down/down] GigabitEthernete/0/e [up/up] FE8e: GigabitEthernete/e/1 [administratively down/down] unassigned “>

mac-address command under R1’s G0/0 interface, which causes IOS to use the configured MAC address instead of the universal (burned-in) MAC address

for interfaces that do not have a MAC address, like serial interfaces, the router uses the MAC of the lowest-numbered router interface that does have a MAC.

if you mistakenly type the full address and still use the eui-64 keyword, IOS accepts the command and converts the address to the matching prefix before putting the command into the running config file. For example, IOS converts ipv6 address 2000:1:1:1::1/64 eui-64 to ipv6 address 2000:1:1:1::/64 eui-64.

Dynamic Unicast Address Configuration

routers can be configured to use dynamically learned IPv6 addresses. These can be useful for routers connecting to the Internet through some types of Internet access technologies, like DSL and cable modems.

two ways for the router interface to dynamically learn an IPv6 address to use:

Stateful DHCP

Stateless Address Autoconfiguration (SLAAC)

Special Addresses Used by Routers

After you configure the ipv6 unicast-routing global configuration command, to enable the function of IPv6 routing, the addition of a unicast IPv6 address on an interface causes the router to do the following:

Gives the interface a unicast IPv6 address

Enables the routing of IPv6 packets in/out that interface

Defines the IPv6 prefix (subnet) that exists off that interface

Tells the router to add a connected IPv6 route for that prefix, to the IPv6 routing table, when that interface is up/up

the same ideas happen for IPv4 when you configure an IPv4 address on a router interface.

Link-Local Addresses

a special kind of unicast IPv6 address.

not used for normal IPv6 packet flows that contain data for applications

used by some overhead protocols and for routing.

Link-Local Address Concepts

packets sent to any link-local address should not be forwarded by any router to another subnet.

For example, Neighbor Discovery Protocol (NDP), which replaces the functions of IPv4’s ARP, uses link-local addresses.

Routers also use link-local addresses as the next-hop IP addresses in IPv6 routes,

IPv6 hosts also use a default router (default gateway) concept, like IPv4, but instead of the router address being in the same subnet, hosts refer to the router’s link-local address. The show ipv6 route command lists the link-local address of the neighboring router, rather than the global unicast or unique local unicast address.

2 Link Local Gw=R1 Link Local PCI Subnet 2 Subnet 2 PC2 Figure 24-8 IPv6 Using Link-Local Addresses as the Next-Hop Address “>

key facts about link-local addresse

Unicast (not multicast): Link-local addresses represent a single host,

Forwarding scope is the local link only: Packets sent to a link-local address do not leave the local data link because routers do not forward packets with link-local destination addresses.

Automatically generated: Every IPv6 host interface (and router interface) can create its own link-local address automatically,

Creating Link-Local Addresses on Routers

all link-local addresses start with the same prefix,(FE80,FE90,FEA0,FEB0) as shown on the left side of Figure 24-9.

E80 : 0000 : 0000 : 0000 Figure 24-9 Link-Local Address Format 64 Bits Interface ID: EUl-64 “>

the first 10 bits must match prefix FE80::/10, meaning that the first three hex digits will be either FE8, FE9, FEA, or FEB.

the next 54 bits should be binary 0, so the link-local address should always start with FE80:0000:0000:0000 as the first four unabbreviated quartets.

The second half of the link-local address, in practice, can be formed using EUI-64 rules, can be randomly generated, or even configured.

IOS creates a link-local address for any interface that has configured at least one other unicast address using the ipv6 address command (global unicast or unique local). To see the link-local address, just use the usual commands that also list the unicast IPv6 address: show ipv6 interface and show ipv6 interface brief.

ddresses Click here to view code image RI* show ipv6 interface brief GigabitEthernet0/e [up/ up] GigabitEthernete/1 unassigned GigabitEthernete,/0/e [administratively down/down] [up/ up] FE8e: GigabitEthernet0/0/1 [administratively down/down] unassigned “>

both addresses have the same interface ID value

IOS chooses the link-local address for the interface based on the following rules:

If configured, the router uses the value in the ipv6 address address link-local interface subcommand. Note that the configured link-local address must be from the correct address range for link-local addresses; that is, an address from prefix FE80::/10. In other words, the address must begin with FE8, FE9, FEA, or FEB.

If not configured, the IOS calculates the link-local address using EUI-64 rules, as discussed and demonstrated in and around Example 24-7. The calculation uses EUI-64 rules even if the interface unicast address does not use EUI-64.

Routing IPv6 with Only Link-Local Addresses on an Interface

ipv6 address address/prefix-length: Static configuration of a specific address

ipv6 address prefix/prefix-length eui-64: Static configuration of a specific prefix and prefix length, with the router calculating the interface ID using EUI-64 rules

ipv6 address dhcp: Dynamic learning on the address and prefix length using DHCP

ipv6 address autoconfig: Dynamic learning of the prefix and prefix length, with the router calculating the interface ID using EUI-64 rules (SLAAC)

ipv6 enable: Enables IPv6 processing and adds a link-local address, but adds no other unicast IPv6 addresses.

some links, particularly WAN links, do not need a global unicast address

the routers do not need to have global unicast (or unique local) addresses on the WAN links for routing to work. IPv6 routing protocols use link-local addresses as the next-hop address when dynamically building IPv6 routes.

static routes, as discussed in Chapter 25, “Implementing IPv6 Routing,” can use link-local addresses for the next-hop address.

creating a WAN link with no global unicast (or unique local) addresses works. As a result, you would not even need to assign an IPv6 subnet to each WAN link. Then to configure the WAN interfaces, use the ipv6 enable command, enabling IPv6 and giving each interface a generated link-local IPv6 address.

To use the command, just configure the ipv6 enable command on the interfaces on both ends of the WAN link.

IPv6 Multicast Addresses

IANA defines the range FF30::/12 (all IPv6 addresses that begin with FF3) as the range of addresses to be used for some types of multicast applications.

different IPv6 RFCs reserve multicast addresses for specific purposes. For instance, OSPFv3 uses FF02::5 and FF02::6 as the all-OSPF-routers and all-DR-Routers multicast addresses,

OSPFv2 uses IPv4 addresses 224.0.0.5 and 224.0.0.6 for the equivalent purposes.

Reserved Multicast Addresses

IPv6, instead of using Layer 3 and Layer 2 broadcasts, instead uses Layer 3 multicast addresses, which in turn cause Ethernet frames to use Ethernet multicast addresses. As a result:

All the hosts that should receive the message receive the message, which is necessary for the protocols to work. However…

…Hosts that do not need to process the message can make that choice with much less processing as compared to IPv4.

OSPFv3 uses IPv6 multicast addresses FF02::5 and FF02::6. In a subnet, the OSPFv3 routers will listen for packets sent to those addresses. However, all the endpoint hosts do not use OSPFv3 and should ignore those OSPFv3 messages

the most common reserved IPv6 multicast addresses.

ll-nodes All-routers All-OSPF, All- OSPF-DR RIPng Routers EIGRPv6 Routers DHCP Relay Agent Multicast Address Meaning All-nodes (all interfaces that use IPv6 that are on the link) All-routers (all IPv6 router interfaces on the link) All OSPF routers and all OSPF-designated routers, respectively All RIPng routers All routers using EIGRP for IPv6 (EIGRPv6) All routers acting as a DHCPv6 relay agent IPv4 Equivalent 224.0.0.1 224.0.0.2 224.0.0.5, 224.0.0.6 224.0.0.9 224.0.0.10 None “>

show ipv6 interface command to show the multicast addresses used by Router R1 on its G0/0 interface.

lick here to view code image RI* show ipv6 interface GigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80: : 1 No Virtual link-local address(es): Global 2ee1. Joined Lines unicast address(es): group address(es): omitted for brevity “>

Multicast Address Scopes

Each scope defines a different set of rules about whether routers should or should not forward a packet, and how far routers should forward packets, based on those scopes.

cope Name Inter- face- Local Local Site- Local Organiz- ation- Local Global Quar- tet FFOI FF02 FF05 FF08 FFOE Scope Defined by… Derived by Device Derived by Device Configura- tion on Routers Configura- tion on Routers No Boundar- les Meaning Packet remains within the device. Use- ful for internally sending packets to services running on that same host. Host that creates the packet can send it onto the link, but no routers forward the packet. Intended to be more than Link-Local, so routers forward, but must be less than Organization-Local; generally meant to limit packets so they do not cross WAN links. Intended to be broad, probably for an entire company or organization. Must be broader than Site-Local. No boundaries. “>

routers can predict the boundaries of some scopes, like link-local, but they need configuration to know the boundaries of other scopes, for instance, organization-local.)

ite-local Link-local Internet 2 Figure 24-11 IPv6 Multicast Scopes “>

Link-local address: An IPv6 address that begins FE80. This serves as a unicast address for an interface to which devices apply a link-local scope. Devices often create their own link-local addresses using EUI-64 rules. A more complete term for comparison would be link-local unicast address.

Link-local multicast address: An IPv6 address that begins with FF02. This serves as a reserved multicast address to which devices apply a link-local scope.

Link-local scope: A reference to the scope itself, rather than an address. This scope defines that routers should not forward packets sent to an address in this scope.

Solicited-Node Multicast Addresses

IPv6 Neighbor Discovery Protocol (NDP) replaces IPv4 ARP,

NDP improves the MAC-discovery process by sending IPv6 multicast packets that can be processed by the correct host but discarded with less processing by the rest of the hosts in the subnet

Figure 24-12 shows how to determine the solicited node multicast address associated with a unicast address. Start with the predefined /104 prefix (26 hex digits) shown in Figure 24-12. In other words, all the solicited-node multicast addresses begin with the abbreviated FF02::1:FF. In the last 24 bits (6 hex digits), copy the last 6 hex digits of the unicast address into the solicited-node address.

f Unicast Address

FF02

0000 Defined by RFC • 0000 : 0000 : 0000 Abbreviation:

0001 Figure 24-12 Solicited-Node Multicast Address Format “>

a host or router calculates a matching solicited node multicast address for every unicast address on an interface

the router interface has a unicast address of 2001:DB8:1111:1::1/64, and a link-local address of FE80::AA:AAAA. As a result, the interface has two solicited node multicast addresses, shown at the end of the output.

lick here to view code image

Rl# show ipv6 interface GigabitEthernet ø/e

GigabitEthernete/ø is up, line protocol is up

IPv6 is enabled, link-local address is FEW: :AA AAAA

No Virtual link-local address(es):

Global

2001

Joined

Lines

unicast address(es):

group address(es):

[TEN] omitted for brevity “>

Miscellaneous IPv6 Addresses

all IPv6 hosts can use two additional special addresses:

The unknown (unspecified) IPv6 address, ::, or all 0s

The loopback IPv6 address, ::1, or 127 binary 0s with a single 1

A host can use the unknown address (::) when its own IPv6 address is not yet known or when the host wonders if its own IPv6 address might have problems.

hosts use the unknown address during the early stages of dynamically discovering their IPv6 address. When a host does not yet know what IPv6 address to use, it can use the :: address as its source IPv6 address

IPv6 loopback address gives each IPv6 host a way to test its own protocol stack. Just like the IPv4 127.0.0.1 loopback address, packets sent to ::1 do not leave the host but are instead simply delivered down the stack to IPv6 and back up the stack to the application on the local host

Anycast Addresses

service works best when implemented on several routers

Hosts can send just one packet to an IPv6 address, and the routers will forward the packet to the nearest router that supports that service by virtue of supporting that destination IPv6 address.

Step 1. Two routers configure the exact same IPv6 address, designated as an anycast address, to support some service.

Step 2. In the future, when any router receives a packet for that anycast address, the other routers simply route the packet to the nearest router that supports the address.

the routers implementing the anycast address must be configured and then advertise a route for the anycast address. The addresses do not come from a special reserved range of addresses;

they are from the unicast address range. Often, the address is configured with a /128 prefix so that the routers advertise a host route for that one anycast address.

the routing protocol advertises the route just like any other IPv6 route; the other routers cannot tell the difference

the actual address (2001:1:1:2::99) looks like any other unicast address

note the different anycast keyword on the ipv6 address command, telling the local router that the address has a special purpose as an anycast address

the show ipv6 interface command does identify the address as an anycast address, but the show ipv6 interface brief command does not.

lick here to view code image Rl# configure terminal PV6 Anycast Addresses Enter configuration commands, one per line. End with CNTL/Z. Rl(config)# interface gigabitEthernet ø/ø iPV6 address Rl(config-if)# ipv6 address :99/128 anycast Rl(config-if)# AZ Rl# show ipv6 interface gø/ø GigabitEthernete/ø is up, line protocol is up IPv6 is enabled, link-local address is FE80 No Virtual link-local address(es): Global unicast address(es): 2001 subnet is 2001 2001 :gg, subnet is 2001 : .•99/128 [ANY] I Lines omitted for brevity Rl# show ipv6 interface brief gø/ø GigabitEthernete/ø Cup/up] FE80 2001 “>

IPv6 Addressing Configuration Summary

ype Global unicast Unique Local Link local All hosts multicast All routers multicast Routing pro- tocol multicasts Solicited- node multicast Prefix/Address Notes Many prefixes Various /104 Enabled with What Interface Subcommand ipv6 address address/prefix-length ipv6 address prefix/prefix-length eui-64 ipv6 address prefix/prefix-length eui-64 ipv6 address address link-local Autogenerated by all ipv6 address commands Autogenerated by the ipv6 enable command Autogenerated by all ipv6 address commands Autogenerated by all ipv6 address commands Added to the interface when the corres- ponding routing protocol is enabled on the interface Autogenerated by all ipv6 address commands “>