Introducing Basic IPv6

Introduction
As the global internet continues to grow, its overall architecture needs to evolve to
accommodate the new technologies that support the increasing numbers of users,
applications, appliances, and services. This evolution also includes Enterprise networks
and communication providers, which provide services to home users. Internet protocol
(IP) version 6 (IPv6) was proposed when it became clear that the 32-bit addressing
scheme of Internet Protocol version 4 (IPv4) cannot keep up with the demands of
internet growth. IPv6 quadruples the number of network address bits from 32 bits (in
IPv4) to 128 bits. This means that the address pool for IPv6 is around 340 undecillion,
or 340 trillion trillion trillion, which is an unimaginably large number.

The larger IPv6 address space allows networks to scale and provide global reachability.
The simplified IPv6 packet header format handles packets more efficiently. The IPv6
network is designed to embrace encryption and favor targeted multicast over often
problematic broadcast communication.

IPv6 as a protocol has been known for a while, but enterprises are beginning to
understand the ways in which it can help them achieve their goals, improve efficiency
and gain functionality.

Cisco Enterprise Architecture Model

As a network engineer, you will need to get familiar with IPv6 including:
Describing IPv6 features and advantages and comparing them to IPv4.
Configuring basic IPv6 addressing and testing IPv6 connectivity in the network.
IPv4 Address Exhaustion Workarounds
IPv4 provides approximately 4 billion unique addresses. Although 4 billion is a lot of
addresses, it is not enough to keep up with the growth of the internet.

To extend the lifetime and usefulness of IPv4 and to circumvent the address shortage,
several mechanisms were created:
Classless interdomain routing (CIDR)
Variable-length subnet masking (VLSM)
Network Address Translation (NAT)
Private IPv4 addresses space (Request for Comments [RFC] 1918)

Over the years, hardware support has been added to devices to support IPv4
enhancements.

To allocate IPv4 addresses efficiently, CIDR was developed. CIDR allows the address
space to be divided into smaller blocks, varying in size depending on the number of
hosts needed in individual blocks. These blocks are no longer associated with pre-
defined IPv4 addresses classes, such as class A, B, and C. Instead, the allocation
includes a subnet mask or prefix length which defines the size of the block.

VLSMs allow more efficient use of IPv4 addresses, specifically on small segments,
such as point-to-point serial links. VLSM usage was recommended in RFC 1817. CIDR
and VLSM support was a prerequisite for Internet service providers (ISPs) to improve
scalability of the routing on the internet.

NAT introduced a model in which a device that is facing outward to the internet has a
globally routable IPv4 address, while the internal network is configured with private
RFC 1918 addresses. These private addresses can never be routed outside the site, as
they can be identical in many different enterprise networks. In this way, even large
enterprises with thousands of systems can hide behind a few routable public networks.

Dynamic Host Configuration Protocol (DHCP) is used extensively in IPv4 networks, to

dynamically allocate addresses, which are typically from private IPv4 addresses space
(RFC 1918) that are then translated to public addresses using NAT.

One of the arguments against deploying IPv6 is that NAT will solve the problems of
limited address space in IPv4. The use of NAT merely delays the exhaustion of the IPv4
address space. Many large organizations and ISPs are moving to IPv6 because they
are running out of IPv4 private addresses, for example, as Internet of Things (IoT)
devices are added to their networks.

Negative implications of using NAT, some of which are identified in RFC 2775 and RFC
2993 include:
NAT breaks the end-to-end model of IP, in which only the endpoints, not the
intermediary devices, should process the packets.
NAT inhibits end-to-end network security. To protect the integrity of the IP header by
some cryptographic functions, the IP header cannot be changed between the origin
of the packet (to protect the integrity of the header) and the final destination (to
check the integrity of the received packet). Any translation of parts of a header on
the path will break the integrity check.
 When applications are not NAT-friendly, which means that, for a specific application,
more than just the port and address mapping are necessary to forward the packet
through the NAT device, NAT has to embed complete knowledge of the applications
to perform correctly. This fact is especially true for dynamically allocated ports,
embedded IP addresses in application protocols, security associations, and so on.
Therefore, the NAT device needs to be upgraded each time that a new non-NAT-
friendly application is deployed (for example, peer-to-peer).
When different networks use the same private address space and they have to
merge or connect, an address space collision occurs. Hosts that are different but
have the same address cannot communicate with each other. There are NAT
techniques available to help with this issue, but they increase NAT complications.

In which mechanism can a device be configured with a private IPv4 address but
communicate on the internet using a globally routable IPv4 address?

NAT

VLSM

ARP

multihoming
IPv6 Features
Although VLSM, NAT, and other workarounds (for avoiding the transition to IPv6) are
available, networks with internet connectivity must begin the transition to IPv6 as soon
as possible. For IPv4 networks that provide goods and services to internet users, it is
especially important because the transition by the internet community is already under
way. New networks may be unable to acquire IPv4 addresses, and networks that are
running IPv6 exclusively will not be able to communicate with IPv4-only networks
unless you configure an intermediary gateway or another transition mechanism. IPv6
and IPv4 are completely separate protocols, and IPv6 is not backward-compatible with
IPv4. As the internet evolves, organizations must adopt IPv6 to support future business
continuity, growth, and global expansion. Furthermore, some ISPs and Regional
Internet Registries (RIRs) are administratively out of IPv4 address which means that
their supply of IPv4 addresses is now limited and organizations have to migrate to and
support IPv6 networks.

IPv4 32 bits

192.168.201.113

4,294,467,295 IPv4 Addresses

IPv6 128 bits

2001:0db8:2c80:dd02:0029:ec7a:002b:ea73

340,282,366,920,938,463,463,374,607,431,768,211,456 IPv6 Addresses

IPv6 includes several features that make it attractive for building global-scale, highly
effective networks:
Larger address space: The expanded address space includes several IP
addressing enhancements:

It provides improved global reachability and flexibility.

A better aggregation of IP prefixes is announced in the routing tables. The
aggregation of routing prefixes limits the number of routing table entries, which
creates efficient and scalable routing tables.
Multihoming increases the reliability of the internet connection of an IP network.
With IPv6, a host can have multiple IP addresses over one physical upstream
link. For example, a host can connect to several ISPs.
Autoconfiguration is available.
There are more "plug-and-play" options for more devices.
Simplified mechanisms are available for address renumbering and modification.

Simpler header: Streamlined fixed header structures make the processing of IPv6
packets faster and more efficient for intermediate routers within the network. This
fact is especially true when large numbers of packets are routed in the core of the
IPv6 internet.
Security and mobility: Features that were not part of the original IPv4
specification, such as security and mobility, are now built into IPv6. IP Security
(IPsec) is available in IPv6, allowing the IPv6 networks to be secure. Mobility
enables mobile network devices to move around in networks without breaks in
established network connections.
 Transition richness: IPv6 also includes a rich set of tools to aid in transitioning
networks from IPv4, to allow an easy, nondisruptive transition over time to IPv6-
dominant networks. An example is dual stacking, in which devices run both IPv4
and IPv6.

Which feature does IPv6 support for securely connecting to networks?

NAT

VLSM

IPsec

multihoming
IPv6 Addresses and Address Types
IPv6 addresses consist of 128 bits and are represented as a series of eight 16-bit
hexadecimal fields that are separated by colons. Although upper and lower case are
permitted, it is best practice to use lower case for IPv6 representation:

Address representation:
Format is x:x:x:x:x:x:x:x, where x is a 16-bit hexadecimal field:

Example: 2001:0db8:010f:0001:0000:0000:0000:0acd

Leading zeros in a field can be omitted:

Example: 2001:db8:10f:1:0:0:0:acd

Successive fields of 0 are represented as "::" but only once in an address:

Example: 2001:db8:10f:1::acd

The a, b, c, d, e, and f in hexadecimal fields can be either uppercase or

lowercase, but it is best practice to use lower case for IPv6 representation.

Although Cisco IOS accepts both lowercase and uppercase representation of

an IPv6 address, RFC 5952 recommends that IPv6 addresses be represented
in lowercase, to ensure compatibility with case-sensitive applications.

Here are two ways to shorten the writing of IPv6 addresses:

The leading zeros in a field can be omitted, so 010f can be written as 10f. A field
that contains all zeros (0000) can be written as 0.
Successive fields of zeros can be represented as a double colon (::) but only once in
an address. An address parser can identify the number of missing zeros by
separating the two parts and filling in zeros until the 128 bits are completed.
However, if two double colons are placed in the address, there is no way to identify
the size of each block of zeros. Therefore, only one double colon is possible in a
valid IPv6 address.

The use of the double-colon technique makes many addresses very small; for example,
ff01:0:0:0:0:0:0:1 becomes ff01::1. The all zeros address are written as a double colon;
this type of address representation is known as the unspecified address.

IPv6 Address Types

IPv6 supports three basic types of addresses. Each address type has specific rules
regarding its construction and use. These types of addresses are:
Unicast: Unicast addresses are used in a one-to-one context.
Multicast: A multicast address identifies a group of interfaces. Traffic that is sent to
a multicast address is sent to multiple destinations at the same time. An interface
may belong to any number of multicast groups.
Anycast: An IPv6 anycast address is assigned to an interface on more than one
node. When a packet is sent to an anycast address, it is routed to the nearest
 interface that has this address. The nearest interface is found according to the
measure of metric of the particular routing protocol that is running. All nodes that
share the same address should behave the same way so that the service is offered
similarly, regardless of the node that services the request.

IPv6 does not support broadcast addresses in the way that they are used in IPv4.
Instead, specific multicast addresses (such as the all-nodes multicast address) are
used.

IPv6 unicast addresses are assigned to each node (interface). Their uses are
discussed in RFC 4291. The unicast addresses are listed below.

An IPv6 address prefix, in the format ipv6-prefix/prefix-length, can be used to

represent bitwise contiguous blocks of the entire address space. The prefix
length is a decimal value that indicates how many of the high-order contiguous
bits of the address compose the prefix. An IPv6 address network prefix is
represented in the same way as the network prefix (as in 10.1.1.0/24) in IPv4.
For example, 2001:db8:8086:6502::/32 is a valid IPv6 prefix.

Address Value Description

Assigned by Internet Assigned Numbers Authority (IANA) and used on public

Global
2000::/3 networks. They are equivalent to IPv4 global (public) addresses. ISPs
Unicast
summarize these to provide scalability on the internet.

Link- An automatically configured IPv6 address on an interface, the scope is only on

fe80::/10
local the physical link, and is required.

Unique- Unique local unicast addresses are analogous to private IPv4 addresses in that
fc00::/7
Local they are used for local communications. The scope is entire site or organization.

Address Value Description

Like the 127.0.0.1 address in IPv4, 0:0:0:0:0:0:0:1, or ::1, is used for local testing
Loopback ::1 functions. Unlike IPv4, which dedicates a complete A class block of addresses
for local testing, IPv6 uses only one.
Address Value Description

0.0.0.0 in IPv4 means "unknown" address. In IPv6, this address is represented

by 0:0:0:0:0:0:0:0 or ::, and it is typically used in the source address field of the
Unspecified ::
packet when an interface does not have an address and is trying to acquire one
dynamically.

IPv6 Address Scopes and Prefixes

To fully understand IPv6 addressing, it is important to have a solid understanding of
IPv6 scopes and prefixes. An IPv6 address scope specifies the region of the network in
which the address is valid. For example, the link-local address has a scope that is
called "link-local," which means that it is valid and should be used on a directly attached
network (link). Scopes can apply to both unicast and multicast addresses. There are
several different scopes or regions: the link scope, site scope, organization scope, and
global network scope.

Addresses in the link scope are called link-local addresses, and routers will not forward
these addresses to other links or networks. Addresses that are valid within a single site
are called site-local addresses. Addresses intended to span multiple sites belonging to
one organization are called organization-local addresses, and addresses in the global
network scope are called global unicast addresses.

Multiple IPv6 Addresses on an Interface

As with IPv4, IPv6 addresses are assigned to interfaces; however, unlike IPv4, an IPv6
interface is expected to have multiple addresses. The IPv6 addresses that are assigned
to an interface can be any of the basic types: unicast, multicast, or anycast.

IPv6 Unicast Addresses

An IPv6 unicast address generally uses 64 bits for the network ID and 64 bits for the
interface ID. The network ID is administratively assigned, and the interface ID can be
configured manually or autoconfigured.

When you use the Stateless Address AutoConfiguration (SLAAC) IPv6

address assignment method, a 64-bit interface ID is required.
Use of EUI-64 Format Interface ID in IPv6 Addresses
The interface ID in an IPv6 address is analogous to the host portion of an IPv4 address;
it uniquely identifies an interface on a link. A 64-bit interface ID is not required but is
highly recommended. However, a 64-bit interface ID is required when an IPv6 address
is autoconfigured. One way to guarantee that the interface ID is unique is to base it on
the Media Access Control (MAC) address of the interface.

The Extended Universal Identifier 64-bit format (EUI-64) defines the method to create
an interface identifier from an IEEE 48-bit MAC address. Since the EUI-64 format is
based on unique MAC addresses, using this format, a device can automatically assign
itself a unique 64-bit IPv6 interface ID, without the need for manual configuration or
DHCP. The following figure illustrates this process:

The EUI-64 format interface ID is derived from the 48-bit MAC address by inserting the
hexadecimal number fffe between the upper 3 bytes (OUI field) and the lower 3 vendor
assigned bytes of the MAC address. Then, the seventh bit of the first octet is inverted.
(In a MAC address, this bit indicates the scope and has a value of 0 for global scope
and 1 for local scope; it will be 0 for globally unique MAC addresses. In the EUI-64
format, the meaning of this bit is opposite, so the bit is inverted.)

IPv6 Global Unicast Address

Both IPv4 and IPv6 addresses are generally assigned in a hierarchical manner. Users
are assigned IP addresses by ISPs. ISPs obtain allocations of IP addresses from a
local Internet registry (LIR) or National Internet Registry (NIR), or from their appropriate
RIR. The RIR in turn obtains IP addresses from The Internet Corporation for Assigned
Names and Numbers (ICANN), the operator for IANA.
RFC 4291 specifies the 2000::/3 prefix to be the global unicast address space that the
IANA may allocate to the RIRs. A global unicast address (GUA) is an IPv6 address that
is created from the global unicast prefix. The structure of global unicast addresses
enables the aggregation of routing prefixes, which limits the number of routing table
entries in the global routing table. Global unicast addresses that are used on links are
aggregated upward through organizations and eventually to the ISPs.

The figure shows how address space can be allocated to the RIR and ISP. These
values are minimum allocations, which means that an RIR will get a /23 or shorter, an
ISP will get a /32 or shorter, and a site will get a /48 or shorter. A shorter prefix length
allows more available address space. For example, a site could get a /40 instead of a
/48, giving it more addresses if it can justify it to its ISP. The figure shows a provider
aggregatable model where the end customer obtains its IPv6 address from the ISP. The
end customer can also choose a provider-independent address space by going straight
to the RIR. In this case, it is not uncommon for an end customer to be able to justify a
/32 prefix. The example in the figure uses common and recommended size of the
network with 64 bits used as interface ID.

Global unicast addresses are routable and reachable across the internet. They are
intended for widespread generic use. A global unicast address is structured
hierarchically to allow address aggregation. In the 2000::/3 prefix, the /3 prefix length
states that only the first 3 bits are significant in matching the prefix 2000. The first 3 bits
of the first hexadecimal value, 2, are 001. The fourth bit is insignificant and can be
either a 0 or a 1. Therefore, the first hex digit is either 2 (0010) or 3 (0011). The
remaining 12 bits in the hextet (16-bit segment) can be a 0 or a 1. This results in a
range of global unicast addresses of 2000::/3 through 3fff::/3.

A global routing prefix is assigned to a service provider by IANA. The fixed first three
bits plus the following 45 bits identify the organization´s site within the public domain.
A subnet ID can be used by an individual organization to create its own local
addressing hierarchy and to identify subnets. A subnet ID is similar to a subnet in IPv4,
except that an organization with an IPv6 subnet ID can support many more individual
subnets (the actual number depends on the global routing prefix). An organization with
a 16-bit IPv6 subnet ID can support up to 65,535 individual subnets.

The interface ID has the same meaning for all unicast addresses. It is used to identify
the interfaces that are on a link and that must be unique to the link. The interface ID is
64 bits long and, depending on the device operating system, can be created by using
the EUI-64 format or by using a randomly generated number. An example of a global
unicast address is 2001:0db8:bbbb:cccc:0987:65ff:fe01:2345.

IPv6 Link-Local Unicast Address

Link-local addresses (LLAs): have a smaller scope than site-local addresses—they
refer only to a particular physical link (physical network). The concept of the link-local
scope is not new to IPv6. RFC 3927 defined 169.254.x.x block as link-local for IPv4.
These addresses have a smaller scope than site-local addresses—they refer only to a
particular physical link (physical network). Routers do not forward packets using link-
local addresses, not even within the organization; they are only for local communication
on a particular physical network segment.

A link-local address is an IPv6 unicast address that is automatically configured on any

interface. This address is the first IPv6 address that will be enabled on the interface. A
device does not have to have any other address but must have a link-local address. A
link-local address consists of the link-local prefix fe80::/10 (1111 1110 10) and the
interface identifier that can be modified in EUI-64 format or randomly generated value
depending on operating system installed on networking device.

It is a common practice to statically configure link-local addresses on the router

interfaces, to make troubleshooting easier. Nodes on a local link can use link-local
addresses to communicate; the nodes do not need globally unique addresses to
communicate.

Link-local addresses are used for link communications such as automatic address
configuration, neighbor discovery, and router discovery. Many IPv6 routing protocols
also use link-local addresses. For static routing, the address of the next-hop device
should be specified using the link-local address of the device; for dynamic routing, all
IPv6 routing protocols must exchange the link-local addresses of neighboring devices.

An example of a link-local unicast address is fe80:0000:0000:0000:0987:65ff:

fe01:2345, which would generally be represented in shorthand notation as
fe80::987:65ff:fe01:2345.

Note The prefix fe80::/10 for link-local addresses includes addresses

beginning with fe80 through febf. In common practice though, link-local
addresses typically begin with fe80.
IPv6 Unique Local Unicast Address

Unique local unicast addresses are analogous to private IPv4 addresses in that they
are used for local communications, intersite virtual private networks (VPNs), and so on,
except for one important difference – these addresses are not intended to be translated
to a global unicast address. They are not routable on the internet without IPv6 NAT, but
they are routable inside a limited area, such as a site. They may also be routed
between a limited set of sites. A unique local unicast address has these characteristics:
It has a globally unique prefix—it has a high probability of uniqueness.
It has a well-known prefix to enable easy filtering at site boundaries.
It allows combining or privately interconnecting sites without creating any address
conflicts or requiring a renumbering of interfaces that use these prefixes.
It is ISP-independent and can be used for communications inside a site without
having any permanent or intermittent internet connectivity.
If it is accidentally leaked outside of a site via routing or the Domain Name System
(DNS), there is no conflict with any other addresses.
Applications may treat unique local addresses like global scoped addresses.

In unique local unicast addresses, global IDs are defined by the administrator of the
local domain. Subnet IDs are also defined by the administrator of the local domain.
Subnet IDs are typically defined using a hierarchical addressing plan, allowing routes to
be summarized and, therefore, reducing the size of routing updates and routing tables.
An example of a unique local unicast address is
fc00:aaaa:bbbb:cccc:0987:65ff:fe01:2345.

Loopback Addresses
Just as with IPv4, a provision has been made for a special loopback IPv6 address for
testing. Packets that are sent to this address "loop back" to the sending device.
However, in IPv6, there is just one address, not a whole block, for this function. The
loopback address is 0:0:0:0:0:0:0:1, which is normally expressed as "::1."

Unspecified Addresses
In IPv4, an IPv4 address containing all zeroes has a special meaning—it refers to the
host itself and is used as a source address to indicate the absence of an address. In
IPv6, this concept has been formalized, and the all-zeros address is named the
unspecified address. It is typically used in the source field of a packet sent by a device
requesting to have its IPv6 address configured. You can apply address compression to
this address. Because the address is all zeroes, the address is simply expressed by
two colons (::).

IPv6 Multicast Addresses

The following figure illustrates the format of an IPv6 multicast address. An IPv6
multicast address defines a group of devices known as a multicast group. IPv6
multicast addresses use the prefix ff00::/8, which is equivalent to the IPv4 multicast
address 224.0.0.0/4. A packet sent to a multicast group always has a unicast source
address. A multicast address can never be the source address. Unlike IPv4, there is no
broadcast address in IPv6. Instead, IPv6 uses multicast, including an all-IPv6 devices
well-known multicast address and a solicited-node multicast address.

The first 8 bits are ff, followed by 4 bits allocated for flags and a 4-bit Scope field. The
Scope field defines the range to which routers can forward the multicast packet. The
next 112 bits represent the group ID.

The first three flags bits are 0 (reserved), R (rendezvous point), and P (network prefix)
are beyond the scope of this course. The fourth flag, the least significant bit (LSB), or
rightmost bit, is the transient flag (T flag). The T flag denotes the two types of multicast
addresses:
Permanent (0): These addresses, known as predefined multicast addresses, are
assigned by IANA and include both well-known and solicited multicast.
Nonpermanent (1): These are "transient" or "dynamically" assigned multicast
addresses. They are assigned by multicast applications.

The scope bits define the scope of the multicast group. For example, a scope value 1
means interface-local scope or node-local scope, which spans only a single interface
on a node. It is used for loopback transmission of multicast. Link-local scope is defined
with the value 2. It spans the topology area of a single link. Admin-local scope is not
automatically defined from the physical topology or another non-multicast related
configuration and should be defined by administrator. Admin-local scope is the smallest
administratively defined multicast scope. A site-local scope spans a single site,
whereas organization-local scope spans several sites in one organization.

The following table shows a few examples of well-known IPv6 multicast addresses that
have different scopes:

IPv6 Multicast
Description Scope
Address

Node-local
ff01::1 All nodes address
scope

Node-local
ff01::2 All routers address
scope

ff02::1 All nodes address Link-local scope

IPv6 Multicast
Description Scope
Address

ff02::2 All routers address Link-local scope

ff02::5 Open Shortest Path First (OSPF) routers Link-local scope

ff02::6 OSPF designated routers Link-local scope

ff02::9 Routing Information Protocol (RIP) routers Link-local scope

Enhanced Interior Gateway Routing Protocol (EIGRP)

ff02::A Link-local scope
routers

ff05::2 All routers address Site-local scope

ff05::1:3 All Dynamic Host Configuration Protocol (DHCP) servers Site-local scope

IPv6 Anycast Addresses

An IPv6 anycast address is an address that can be assigned to more than one interface
(typically on different devices). In other words, multiple devices can have the same
anycast address. A packet sent to an anycast address is routed to the "nearest"
interface having that address, according to the router’s routing table.

Anycast addresses are available for both IPv4 and IPv6, initially defined in RFC 1546,
Host Anycasting Service. Anycast was meant to be used for services such as DNS and
Hypertext Transfer Protocol (HTTP) but was never really implemented as designed.

Anycast addresses are syntactically indistinguishable from unicast addresses, because

anycast addresses are allocated from the unicast address space. Assigning a unicast
address to more than one interface makes a unicast address an anycast address. The
nodes to which the anycast address is assigned must be explicitly configured to
recognize that the address is an anycast address.

There are some reserved anycast address formats such as the subnet-router anycast
address defined in RFC 4291 and RFC 2526. Such anycast address has the following
format:

The subnet-router anycast address has a prefix that is followed by a series of zeros (as
the interface ID). For example, if the prefix for the subnet is 2001:db8:10f:1::/64 then
the subnet router anycast address for that subnet is 2001:db8:10f:1::. If you send a
packet to the subnet-router anycast address, it will be delivered to one router, which
has an interface in that subnet. All routers must have subnet-router anycast addresses
for the subnets that are configured on their interfaces.

Reserved Addresses
The Internet Engineering Task Force (IETF) reserved a portion of the IPv6 address
space for various uses, both present and future. Reserved addresses represent 1/256th
of the total IPv6 address space. The lowest address within each subnet prefix (the
interface identifier set to all zeroes) is reserved as the subnet-router anycast address.
The 128 highest addresses within each /64 subnet prefix are reserved for use as
anycast addresses.
In which type of IPv6 address does the sender send the traffic to the nearest of
multiple nodes, all of which behave in the same way as other nodes that are
identified by the same destination address?

unicast

anycast

broadcast

multicast

loopback

You want to ping the loopback address of your IPv6 local host. Which command will
you enter?

ping 127.0.0.1

ping 0.0.0.0

ping ::1

ping fe80::1

Which two statements describe the characteristics of IPv6 unicast addressing?

(Choose two.)

Global addresses start with 2000::/3.

Link-local addresses start with ff00::/10.

Global addresses start with 2000::/.

Link-local addresses start with fe00:/12.

There is only one loopback address and it is ::1.

Which address bits uniquely identify a group ID in the IPv6 multicast address?

first 64 bits

first 8 bits

last 112 bits

last 64

last 48
last 116 bits
Comparison of IPv4 and IPv6 Headers
The IPv6 header differs significantly from the IPv4 header in several ways.

The figure illustrates the IPv4 header format:

The IPv4 header contains 12 fields. Following these fields is an Options field of variable
length that the figure shows in yellow and a padding field that is followed by the data
portion that is usually the transport layer segment. The basic IPv4 header has a size of
20 octets. The Options field increases the size of the IPv4 header.

Of the 12 IPv4 header fields, 6 are removed in IPv6; these fields are shown in green in
the figure. The main reasons for removing these fields in IPv6 are as follows:
The Internet Header Length field (shown as HD Len in the figure) was removed
because it is no longer required. Unlike the variable-length IPv4 header, the IPv6
header is fixed at 40 octets.
Fragmentation is processed differently in IPv6 and does not need the related fields
in the basic IPv4 header. In IPv6, routers no longer process fragmentation. IPv6
hosts are responsible for path maximum transmission unit (MTU) discovery. If the
host needs to send data that exceeds the MTU, the host is responsible for
fragmentation (this process is recommended but not required). The related Flags
field option appears in the Fragmentation Extension Header in IPv6. This header is
attached only to a packet that is fragmented.
The Header Checksum field at the IP layer was removed because most data link
layer technologies already perform checksum and error control. This change forces
formerly optional upper-layer checksums (such as User Datagram Protocol [UDP])
to become mandatory.

The Options field is not present in IPv6. In IPv6, a chain of extension headers
processes any additional services. Examples of extension headers include
Fragmentation, Authentication Header, and Encapsulating Security Payload (ESP).

Most other fields were either unchanged or changed only slightly.

This figure illustrates the IPv6 header format:

The IPv6 header has 40 octets, instead of 20 octets as in IPv4. The IPv6 header has
fewer fields, and the header is aligned on 64-bit boundaries to enable fast processing
by current and next-generation processors. The Source and Destination address fields
are four times larger than in IPv4.

The IPv6 header contains eight fields:

1. Version: This 4-bit field contains the number 6, instead of the number 4 as in IPv4.
2. Traffic Class: This 8-bit field is similar to the type of service (ToS) field in IPv4. The
source node uses this field to mark the priority of outbound packets.
3. Flow Label: This new field has a length of 20 bits and is used to mark individual
traffic flows with unique values. Routers are expected to apply an identical quality of
service (QoS) treatment to each packet in a flow.
4. Payload Length: This field is like the Total Length field for IPv4, but because the
IPv6 base header is a fixed size, this field describes the length of the payload only,
not of the entire packet.
5. Next Header: The value of this field determines the type of information that follows
the basic IPv6 header.
6. Hop Limit: This field specifies the maximum number of hops that an IPv6 packet
can take. Initial hop limit value is set by operating system (64 or 128 is common, but
up to the operating system). The hop limit field is decremented by each IPv6 router
along the path to the destination. An IPv6 packet is dropped when hop limit field
reaches 0. The hop limit is designed to prevent packets from circulating forever if
there is a routing error. In normal routing, this limit should never be reached.
7. Source Address: This field of 16 octets, or 128 bits, identifies the source of the
packet.
8. Destination Address: This field of 16 octets, or 128 bits, identifies the destination
of the packet.

The extension headers, if there are any, follow these eight fields. The number of
extension headers is not fixed, so the total length of the extension header chain is
variable.

For further exploration of IPv6 header fields and their functions, see RFC 8200, Internet
Protocol, Version 6 (IPv6) Specification.

Connecting IPv6 and IPv4 Networks

Devices running different protocols - IPv4 and IPv6 - cannot communicate unless some
translation mechanism is implemented.
Three main options are available for transitioning to IPv6 from the existing IPv4 network
infrastructure: dual-stack network, tunneling, and translation. It is important to note
though that the IPv4 and IPv6 devices cannot communicate with each other unless
translation is configured.

In a dual-stack network, both IPv4 and IPv6 are fully deployed across the infrastructure,
so that configuration and routing protocols handle both IPv4 and IPv6 addressing and
adjacencies separately.

Using the tunneling option, organizations build an overlay network that tunnels one
protocol over the other by encapsulating IPv6 packets within IPv4 packets over the IPv4
network, and IPv4 packets within IPv6 packets over the IPv6 network.

Translation facilitates communication between IPv6-only and IPv4-only hosts and

networks by performing IP header and address translation between the two address
families.

Which new field has a length of 20 bits and is used to mark individual traffic flows
with unique values?

Flow Label

Version

Traffic Class

Payload Length
Internet Control Message Protocol Version 6
Internet Control Message Protocol Version 6 (ICMPv6) provides the same diagnostic
services as Internet Control Message Protocol Version 4 (ICMPv4), and it extends the
functionality for some specific IPv6 functions that did not exist in IPv4.

ICMPv6 enables nodes to perform diagnostic tests and report problems. Like ICMPv4,
ICMPv6 implements two kinds of messages—error messages (such as Destination
Unreachable, Packet Too Big, or Time Exceeded) and informational messages (such as
Echo Request and Echo Reply).

ICMPv6 Type Field Descriptions

ICMPv6 Type Field Description

1 Destination Unreachable

128 Echo Request

129 Echo Reply

133 Router Solicitation

134 Router Advertisement

135 Neighbor Solicitation

136 Neighbor Advertisement

The ICMPv6 packet is identified as 58 in the Next Header field. Inside the ICMPv6
packet, the Type field identifies the type of ICMP message. The Code field further
details the specifics of this type of message. The Data field contains information that is
sent to the receiver for diagnostics or information purposes.

ICMPv6 is used on-link for router solicitation and advertisement, for neighbor
solicitation and advertisement, and for the redirection of nodes to the best gateway.

Neighbor solicitation messages are sent on the local link when a node wants to
determine the data link layer address of another node on the same local link. After
receiving the neighbor solicitation message, the destination node replies by sending a
neighbor advertisement message which includes the data link layer address of the node
sending the neighbor advertisement message. Hosts send router Solicitation messages
to locate the routers on the local link and routers respond with router advertisements
which enable autoconfiguration of the hosts.

Which two ICMPv6 types are used for neighbor discovery? (Choose two.)

ICMPv6 Type 135

ICMPv6 Type 136

ICMPv6 Type 129

ICMPv6 Type 133

ICMPv6 Type 134

Neighbor Discovery
Neighbor discovery uses ICMPv6 neighbor solicitation and neighbor advertisement
messages. The figure depicts the neighbor discovery process, where host A wants to
communicate with host B using IPv6. Since it does not know the data link layer address
(MAC address) of host B, it sends a neighbor solicitation message, and host B replies
with a neighbor advertisement message.

Neighbor discovery is a process that enables these functions:

Determining the data link layer address of a neighbor on the same link, like Address
Resolution Protocol (ARP) does in IPv4
Finding neighbor routers on a link
Keeping track of neighbors
Querying for duplicate addresses

The neighbor discovery process uses solicited-node multicast addresses.

Solicited-Node Multicast Address

The solicited-node address is a multicast address which has a link-local scope. All
nodes must join the solicited-node multicast group that corresponds to each of its
unicast and anycast addresses. The solicited-node address is composed of the
ff02:0:0:0:0:1:ff/104 prefix, which is concatenated with the right-most 24 bits of the
corresponding unicast or anycast address.

The source node creates a solicited-node multicast address using the right-most 24 bits
of the IPv6 address of the destination node, and sends a Neighbor Solicitation message
to this multicast address. The corresponding node responds with its data link layer
address in a Neighbor Advertisement message.

Multicast Mapping over Ethernet

A packet destined to a solicited-node multicast address is put in a frame destined to an
associated multicast MAC address.

If an IPv6 address is known, then the associated IPv6 solicited-node multicast address
is known. The example in the figure gives the IPv6 address
2001:db8:1001:f:2c0:10ff:fe17:fc0f. The associated solicited-node multicast address is
ff02::1:ff17:fc0f.

If an IPv6 solicited-node multicast address is known, then the associated MAC address
is known, formed by concatenating the last 32 bits of the IPv6 solicited node multicast
address to 33:33

As the figure shows, the IPv6 solicited-node multicast address is ff02::1:ff17:fc0f. The
associated Ethernet MAC address is 33.33.ff.17.fc.0f.

You must understand that the resulting MAC address is a virtual MAC address: It is not
burned into any Ethernet card. Depending on the IPv6 unicast address, which
determines the IPv6 solicited-node multicast address, any Ethernet card may be
instructed to listen to any of the 224 possible virtual MAC addresses that begin with
33.33.ff. In IPv6, Ethernet cards often listen to multiple virtual multicast MAC addresses
and their own burned-in unicast MAC addresses.

A solicited node multicast is more efficient than an Ethernet broadcast used by IPv4
ARP. With ARP all nodes receive and must therefore process the broadcast requests.
By using IPv6 solicited-node multicast addresses fewer devices receive the request and
therefore fewer frames need to be passed to an upper layer to make the determination
whether they are intended for that specific host.

Which protocol in IPv4 performs the same functions as neighbor discovery in IPv6?

ARP

ICMP

DHCP

RIP
IPv6 Address Allocation
Interface identifiers in IPv6 addresses are used to identify interfaces on a link. They can
also be thought of as the "host portion" of an IPv6 address. Interface identifiers need to
be unique on a specific link. Interface IDs are typically 64 bits and can be configured in
multiple ways.

There are several ways to assign an IPv6 address to a device:

Static assignment using a manual interface ID: One way to statically assign an
IPv6 address to a device is to manually assign both the prefix (network) and
interface ID (host) portions of the IPv6 address. To configure an IPv6 address on a
Cisco router interface and enable IPv6 processing on that interface, use the ipv6
address ipv6-address/prefix-length command in the interface configuration mode.
The following example shows how to statically configure a global unicast address
and a link-local address on a router's interface.

Router(config)# interface Ethernet0/0

Router(config-if)# ipv6 address 2001:db8:2222:7272::72/64
Router(config-if)# ipv6 address fe80::1 link-local

Static assignment using an EUI-64 interface ID: Another way to statically assign
an IPv6 address is to configure the prefix (network) portion of the IPv6 address and
derive the interface ID (host) portion from the MAC address of the device, which is
known as the EUI-64 interface ID.
To configure an IPv6 address for an interface and enable IPv6 processing on the
interface using an EUI-64 interface ID in the low order 64 bits of the address (host),
use the ipv6 address ipv6-prefix/prefix-length eui-64 command in the interface
configuration mode. The following example shows how to statically assign IPv6
address on a router's interface using an EUI-64 interface ID.

Router(config)# interface Ethernet0/0

Router(config-if)# ipv6 address 2001:0db8:0:1::/64 eui-64

Static assignment, using an EUI-64 interface ID, is used in Cisco IOS

Software but not in all operating systems. For example, Windows operating
systems take advantage of some additional privacy extensions that were
defined in RFC 4941, allowing IPv6 address interface identifier to be
generated randomly.
Stateless Address Autoconfiguration (SLAAC): As the name implies,
autoconfiguration is a mechanism that automatically configures the IPv6 address of
a node. SLAAC means that the client picks their own address based on the prefix
being advertised on their connected interface. As defined in RFC 4862, the
autoconfiguration process includes generating a link-local address, generating
global addresses through SLAAC, and the duplicate address detection procedure to
verify the uniqueness of the addresses on a link. Some clients may choose to use
EUI-64 or a randomized value for the Interface ID. SLAAC uses neighbor discovery
mechanisms to find routers and dynamically assign IPv6 addresses based on the
prefix advertised by the routers. The autoconfiguration mechanism was introduced
 to enable plug-and-play networking of devices to help reduce administration
overhead.
Stateful DHCPv6: DHCP for IPv6 enables DHCP servers to pass configuration
parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability
of automatic allocation of reusable network addresses and additional configuration
flexibility. Stateful DHCP means that the DHCP server is responsible for assigning
the IPv6 address to the client. The DHCP server keeps a record of all clients and
the IPv6 address assigned to them.
Stateless DHCPv6: Stateless DHCP works in combination with SLAAC. The device
gets its IPv6 address and default gateway using SLAAC. The device then sends a
query to a DHCPv6 server for other information such as domain-names, DNS
servers and other client relevant information. This is termed stateless DHCPv6
because the server does not track IPv6 address bindings per client.

IPv6 supports DNS record types that are supported in the DNS name-to-address and
address-to-name lookup processes. The DNS record types support IPv6 addresses.
IPv6 also supports the reverse mapping of IPv6 addresses to DNS names. The
Dynamic DNS support for Cisco IOS Software feature enables Cisco IOS software
devices to perform Dynamic Domain Name System (DDNS) updates to ensure that an
IPv6 host DNS name is correctly associated with its IPv6 address.

Router Advertisements
Routers periodically send router advertisements on all their configured interfaces. The
router sends a router advertisement to the all-nodes multicast address, ff02::1, to all
IPv6 nodes in the same link.

This figure depicts the router advertisements send by the router.

Router advertisement packet:

ICMP type: 134
Source: Router link-local address
Destination: ff02::1 (all-nodes multicast address)
Data: Options, prefix, lifetime, autoconfiguration flag

The default gateway is received by the hosts only through router

advertisement; the concept of DHCP in IPv6 has changed from IPv4, and the
DHCP server no longer supplies the default gateway

Here are examples for the information that the message might contain:
Prefixes that can be used on the link: This information enables stateless
autoconfiguration of the hosts. These prefixes must be /64 for stateless
 autoconfiguration.
Lifetime of the prefixes: The default valid lifetime is 30 days, and the default
preferred lifetime is 7 days.
Flags: Flags indicate the kind of autoconfiguration that the hosts can perform.
Unlike IPv4, the router advertisement message suggests to the host how to obtain
its addressing dynamically. There are three options:

SLAAC
SLAAC and stateless DHCPv6
Stateful DHCPv6

Default preference field: Provides coarse preference metric (low, medium, or high)
for default devices. For example, two devices on a link may provide equivalent but
not equal-cost routing, and the policy may dictate that one of the devices is
preferred.
Other types of information for hosts: This information can include the default
MTU and hop count.

By sending prefixes, router advertisements allow host autoconfiguration. You can

configure other advertisement timing and other parameters on routers.

Router Solicitation
A router sends router advertisements every 200 seconds or immediately after a router
solicitation. Router solicitations ask routers that are connected to the local link to send
an immediate router advertisement so that the host can receive the autoconfiguration
information without waiting for the next scheduled router advertisement.

The router solicitation message is defined as follows:

The ICMP type is 133.
The source address is usually the unspecified address (the reason for an
unspecified address is because the router advertisement is not sent back as a
unicast but as an all-nodes multicast, so the source address of the router solicitation
is not important.) The source address can also be the link-local address of the
device.
The destination address is the all-routers multicast address (ff02::2) with the link-
local scope.

When a router sends an answer to a router solicitation, the destination address of the
router advertisement is the all-nodes multicast (ff02::1). The router could be configured
to send solicited router advertisements as a unicast.

A host should send a router solicitation only at the host boot time and only three times.
This practice avoids flooding of router solicitation packets if there is no router on the
local network.

Configuring Stateless Autoconfiguration

The ipv6 address autoconfig command enables stateless autoconfiguration on
routers on an interface-by-interface basis.

RouterB(config-if)# ipv6 address autoconfig [default]

Command Description

ipv6 address Configures stateless autoconfiguration on the interface. If you add the default
autoconfig [default] keyword, the router will install a default route.

Which three statements about assigning IPv6 addresses to hosts are accurate?
(Choose three.)

The entire IPv6 address cannot be manually configured.

The host identifier portion of the address cannot be computed

automatically.

The host identifier portion of the address can be computed automatically

using the EUI-64 interface ID.

A node on a link can automatically configure its entire global IPv6 address
by appending its interface identifier to a prefix that it learns from a router
advertisement message.

Stateless DHCPv6 keeps a record of which addresses are assigned to

which hosts.

Stateful DHCPv6 keeps a record of which addresses are assigned to

which hosts.
Discovery 11: Configure Basic IPv6 Connectivity
Introduction
In this discovery lab, you will explore the configuration of IPv6 in a small network that
contains three routers and three end hosts. Study the topology diagram and Device
Information Table to understand the network connectivity and addressing. All systems
currently are configured with IPv4 addresses and Routing Information Protocol (RIP)
routing. During migration, IPv4 and IPv6 are commonly implemented in parallel with
dual stacks on IPv6-capable systems. You will leave the IPv4 configuration in place
during this exercise. Initially, IPv6 is also fully configured on R2 and PC2. This
discovery lab will guide you through configuring IPv6 on the rest of the network devices.

First, you will configure static IPv6 addresses on R1 and R3. Note that, for simplicity, all
static IPv6 addresses in the topology differ in only four hexadecimal fields (an IPv6
address has 32 hexadecimal fields, including leading zeros and successive fields of
zeros). The first 14 hexadecimal fields are same and are 2001:0db8:0000:00. The
following 2 fields completes the 64-bit prefix and represents the network (01, 02, 03, 04,
05, or 06) within the topology. The next 14 hexadecimal fields are all 00. The final 2
fields specify the host on the network; in this example, the byte is either 01 or 02.

After configuring the IPv6 addresses on R1 and R3, you will configure PC1 and SRV1
for IPv6 stateless autoconfiguration. Then, you will verify the connectivity between PC1
and R1 and between SRV1 and R3.

Servers usually have manually configured IPv6 addresses, but for lab
purposes you are going to use autoconfiguration. Similarly, routers should
have manually configured link-local addresses, but in the lab activity you are
going to use automatic address configuration.

Topology

Job Aid
Device Information
 In the virtual lab environment, all interfaces are Ethernet interfaces and not
FastEthernet or GigabitEthernet interfaces, which you are likely to encounter in
networks today. Personal computers (PCs) in the virtual lab environment are
simulated by routers, so you should use Cisco IOS commands to configure
them or verify the configuration.

Device Information Table

Device Characteristic Value

PC1 IPv6 address 2001:db8:0:1::/64 Auto

PC2 IPv6 address 2001:db8:0:2::/64 Auto

SRV1 IPv6 address 2001:db8:0:3::/64 Auto

R1 Ethernet0/0 IPv6 address 2001:db8:0:1::1/64

R1 Serial1/1 IPv6 address 2001:db8:0:4::1/64

R1 Serial1/2 IPv6 address 2001:db8:0:5::1/64

R2 Ethernet0/0 IPv6 address 2001:db8:0:2::1/64

R2 Serial1/2 IPv6 address 2001:db8:0:5::2/64

R2 Serial1/3 IPv6 address 2001:db8:0:6::1/64

R3 Ethernet0/0 IPv6 address 2001:db8:0:3::1/64

R3 Serial1/1 IPv6 address 2001:db8:0:4::2/64

R3 Serial1/3 IPv6 address 2001:db8:0:6::2/64

Task 1: Configure IPv6 Addresses

Activity
Step 1
On R1, enable IPv6 routing.

By default, routing for IPv6 is not enabled on a Cisco router. To enable IPv6 routing,
use the ipv6 unicast-routing command in global configuration mode. If IPv6 routing
is not enabled, the router still plays a role of IPv6 host, once it has an IPv6 address.

The ipv6 unicast-routing command is required for forwarding and

configuring routing protocol, but not required to configure IPv6 addresses on
interfaces.

On R1, enter the following commands:

R1# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ipv6 unicast-routing

You can use abbreviated commands during configuration. For example, you can use
conf t for configure terminal. If there is any confusion, you can attempt tab
 completion to expand the full command syntax. For example, conf <tab> t <tab>
would expand to configure terminal.

Step 2
On R1, configure the IPv6 address 2001:db8:0:5::1/64 on the Serial1/2 interface.
On R1, enter the following commands:

R1(config)# interface Serial1/2

R1(config-if)# ipv6 address 2001:db8:0:5::1/64

Step 3
R2 is fully IPv6-configured, and Serial1/2 is the link to R1. If you have correctly
configured the address of R1, you should be able to ping the R2 IPv6 address
(2001:db8:0:5::2). Enter the do command to execute an EXEC mode ping to verify
the connectivity from R1 to R2.
On R1, enter the following command:

R1(config-if)# do ping 2001:db8:0:5::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:5::2, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/8/9 ms

Step 4
Configure the R1 IPv6 addresses on Ethernet0/0 (2001:db8:0:1::1/64) and Serial1/1
(2001:db8:0:4::1/64). Remember to take advantage of the Cisco IOS command
recall. The IPv6 addresses in the topology are very similar. Currently, there are no
configured IPv6 peers on Ethernet0/0 or Serial1/1, so you cannot use the ping
command for verification. Leave the configuration mode when the addressing is
complete.
On R1, enter the following commands:

R1(config-if)# interface Ethernet0/0

R1(config-if)# ipv6 address 2001:db8:0:1::1/64
R1(config-if)# interface Serial1/1
R1(config-if)# ipv6 address 2001:db8:0:4::1/64
R1(config-if)# end
R1#

Step 5
On R1, display the full IPv6 information that is associated with Ethernet0/0 using the
show ipv6 interface command. It is similar to the show ip interface command,
except that it is IPv6-specific.
On R1, enter the following command:

R1# show ipv6 interface Ethernet0/0

Ethernet0/0 is up, line protocol is up
 IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:100
No Virtual link-local address(es):
Description: Link to SW1
Global unicast address(es):
2001:DB8:0:1::1, subnet is 2001:DB8:0:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF00:100
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.

The output displays both the global unicast address and the link-local address.

IPv6 automatically joins several required multicast groups. All addresses starting with
FF are IPv6 multicast addresses. The third hexadecimal digit "0" means it is a
permanent or well-known multicast address. The fourth hexadecimal digit indicates
this multicast address has link-local scope and is not to be routed.

ff02::1 is all node address to reach out all IPv6 nodes in the same link, ff02::2 is used
to reach all IPv6 routers on the same link, while ff02::1:FF00:1 is IPv6 solicited-node
multicast group for the global unicast address 2001:db8:0:1::1 and ff02::1:ff00:100 for
the link-local address fe80::a8bb:ccff:fe00:100.

The solicited-node address is composed of the ff02:0:0:0:0:1:ff/104 prefix,

which is concatenated with the right-most 24 bits of the corresponding
unicast or anycast address.

IPv6 neighbor discovery is automatically enabled when the interface has an IPv6
address. R1 will send neighbor discovery router advertisements containing the global
unicast prefix on Ethernet0/0 when the ipv6 unicast-routing command is configured.
The hosts on this network can use these advertisements for stateless
autoconfiguration.

Step 6
On R3, enable IPv6 routing.
On R3, enter the following commands:

R3# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
R3(config)# ipv6 unicast-routing

Step 7
 Configure the R3 IPv6 address (2001:db8:0:4::2/64) on Serial1/1, then verify that you
can ping R1 (2001:db8:0:4::1) from R3.
On R3, enter the following commands:

R3(config)# interface Serial1/1

R3(config-if)# ipv6 address 2001:db8:0:4::2/64
R3(config-if)# do ping 2001:db8:0:4::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms

Step 8
Configure the R3 IPv6 address (2001:db8:0:6::2/64) on Serial1/3, then verify that you
can ping R2 (2001:db8:0:6::1) from R3. Remember to take advantage of the Cisco
IOS command recall feature.
On R3, enter the following commands:

R3(config-if)# interface Serial1/3

R3(config-if)# ipv6 address 2001:db8:0:6::2/64
R3(config-if)# do ping 2001:db8:0:6::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:6::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms

Step 9
Configure the R3 IPv6 address (2001:db8:0:3::1/64) on Ethernet0/0. There are
currently no IPv6 peers on Ethernet0/0, so you cannot use the ping command for
verification. Leave the configuration mode when you are done configuring
Ethernet0/0.
On R3, enter the following commands:

R3(config-if)# interface Ethernet 0/0

R3(config-if)# ipv6 address 2001:db8:0:3::1/64
R3(config-if)# end
R3#

Step 10
On R3, display the Ethernet0/0 MAC address using the show interfaces command.
The output can be run through the include filter using address as the filter string to
reduce the amount of command output.
On R3, enter the following command:

R3# show interfaces Ethernet0/0 | include address

Hardware is AmdP2, address is aabb.cc00.0300 (bia aabb.cc00.0300)
Internet address is 10.10.3.1/24
 The MAC address in your output may differ.

Step 11
On R3, use the show ipv6 interface brief command to display the IPv6 addresses
that are assigned to the R3 interfaces. It is similar to the show ip interface brief
command, except that it is IPv6-specific.
On R3, enter the following command:

R3# show ipv6 interface brief

Ethernet0/0 [up/up]
FE80::A8BB:CCFF:FE00:300
2001:DB8:0:3::1
Ethernet0/1 [administratively down/down]
unassigned
Ethernet0/2 [administratively down/down]
unassigned
Ethernet0/3 [administratively down/down]
unassigned
Serial1/0 [administratively down/down]
unassigned
Serial1/1 [up/up]
FE80::A8BB:CCFF:FE00:300
2001:DB8:0:4::2
Serial1/2 [administratively down/down]
unassigned
Serial1/3 [up/up]
FE80::A8BB:CCFF:FE00:300
2001:DB8:0:6::2

There are two IPv6 addresses on each of the three configured interfaces. There is a
link-local address that was statelessly autoconfigured. There is also the global
unicast address that you configured.

To statelessly autoconfigure link-local address, Cisco IOS Software uses the EUI-64
interface ID with the fe80::/10 prefix. The algorithm that the EUI-64 standard uses to
stretch the 48-bit MAC address to 64 bits is to invert the seventh bit of the MAC
address and to insert fffe into the middle of the MAC address and invert the 7th bit of
the first octet. So, aa:bb:cc:00:03:00 becomes a8bb:ccff:fe00:300.

The serial interfaces, being point-to-point links, do not use MAC addresses. IPv6
"borrows" the MAC address from an Ethernet interface to compute the link-local
address for serial interfaces. The result is that R3 is using the same link-local
address on multiple interfaces. This situation is acceptable because the link-local
address only needs to be unique on the “link”, meaning data link.

Task 2: Configure IPv6 Stateless Autoconfiguration

Activity
Step 1
With R3 sending neighbor discovery router advertisements on its Ethernet0/0
interface, SRV1 can use stateless autoconfiguration for IPv6. On SRV1, display its
MAC address.
On SRV1, enter the following command:
 SRV1# show interfaces Ethernet0/0 | include address
Hardware is AmdP2, address is aabb.cc00.0e00 (bia aabb.cc00.0e00)
Internet address is 10.10.3.30/24

You can see the MAC address; you will see how it is used with the EUI-64 process to
generate the SRV1 IPv6 address with stateless autoconfiguration.

The MAC address in your output may be different.

Step 2
On SRV1, configure Ethernet0/0 to use stateless autoconfiguration for the IPv6
address assignment and for the IPv6 default route assignment.

PCs (for example, Windows) are typically enabled for SLAAC by default.

Microsoft Windows operating systems do not use EUI-64 by default. They

use a randomly generated Interface ID for privacy reasons. The MAC
address has no influence on this.

On SRV1, enter the following commands:

SRV1# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
SRV1(config)# interface Ethernet0/0
SRV1(config-if)# ipv6 address autoconfig default
SRV1(config-if)# end
SRV1#

Step 3
On SRV1, display the IPv6 addresses that are assigned to Ethernet0/0.
On SRV1, enter the following command:

SRV1# show ipv6 interface brief Ethernet0/0

Ethernet0/0 [up/up]
FE80::A8BB:CCFF:FE00:E00
2001:DB8:0:3:A8BB:CCFF:FE00:E00

There are two addresses: the link-local address using the standard fe80::/10 prefix,
and the global unicast address using the 2001:db8:0:3::/64 prefix that SRV1 received
from the R3 router advertisement. Both use the EUI-64 standard to incorporate the
Ethernet0/0 MAC address into the IPv6 address.

Step 4
Display the IPv6 routing table on SRV1.
On SRV1, enter the following command:

SRV1# show ipv6 route

IPv6 Routing Table - default - 4 entries
 Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr -
Redirect
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF
ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
ND ::/0 [2/0]
via FE80::A8BB:CCFF:FE00:300, Ethernet0/0
NDp 2001:DB8:0:3::/64 [2/0]
via Ethernet0/0, directly connected
L 2001:DB8:0:3:A8BB:CCFF:FE00:E00/128 [0/0]
via Ethernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive

The default route (to prefix ::/0) is pointing to the R3 link-local address, as you saw
earlier, that was created by a default option in the ipv6 address autoconfig
command. The ND code indicates that this default route was learned as part of the
neighbor discovery (ND) process.

The NDp entry describes the prefix that has been learned by R3 router advertisement
message.

Step 5
At this point, SRV1 should be able to ping the R3 global unicast addresses on
Ethernet0/0 (2001:db8:0:3::1), on Serial1/1 (2001:db8:0:4::2), and Serial1/3
(2001:db8:0:6::2). Confirm this connectivity using the ping command. Again, be sure
to take advantage of the Cisco IOS command recall feature.
On SRV1, enter the following commands:

SRV1# ping 2001:db8:0:3::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:3::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/20 ms
SRV1# ping 2001:db8:0:4::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::2, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SRV1# ping 2001:db8:0:6::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:6::2, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Step 6
However, you cannot ping addresses on R1 or R2. Attempt to ping the R1 Serial1/1
interface (2001:db8:0:4::1).
On SRV1, enter the following command:
 SRV1# ping 2001:db8:0:4::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::1, timeout is 2
seconds:
.....
Success rate is 0 percent (0/5)

Because R3 is directly connected to the 2001:db8:0:4::/64 subnet, it can successfully

send the probe to R1. The ping fails because R1 does not have a route back to the
2001:db8:0:3/64 network where SRV1 is connected.

Step 7
On PC1, configure Ethernet0/0 to use stateless autoconfiguration and the default
route assignment.
On PC1, enter the following commands:

PC1# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
PC1(config)# interface Ethernet0/0
PC1(config-if)# ipv6 address autoconfig default
PC1(config-if)# end
PC1#

Step 8
On PC1, display the IPv6 addresses that are assigned to Ethernet0/0.
On PC1, enter the following command:

PC1# show ipv6 interface brief e0/0

Ethernet0/0 [up/up]
FE80::A8BB:CCFF:FE00:C00
2001:DB8:0:1:A8BB:CCFF:FE00:C00

Step 9
Display the IPv6 routing table on PC1 to verify that it has an IPv6 default route.
On PC1, enter the following command:

PC1# show ipv6 route

IPv6 Routing Table - default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr -
Redirect
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF
ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
ND ::/0 [2/0]
via FE80::A8BB:CCFF:FE00:100, Ethernet0/0
NDp 2001:DB8:0:1::/64 [2/0]
via Ethernet0/0, directly connected
 L 2001:DB8:0:1:A8BB:CCFF:FE00:C00/128 [0/0]
via Ethernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive

fe80::a8bb:ccff:fe00:100 is the Ethernet0/0 link-local address on R1 in this

example. Your display may be different because the MAC address used to
create the address may be different.

Step 10
From PC1, verify that you can ping the R1 Ethernet0/0 (2001:db8:0:1::1), Serial1/1
(2001:db8:0:4::1), and Serial1/2 (2001:db8:0:5::1) interfaces.
On PC1, enter the following commands:

PC1# ping 2001:db8:0:1::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/15 ms
PC1# ping 2001:db8:0:4::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:4::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PC1# ping 2001:db8:0:5::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:5::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Verification of End-To-End IPv6 Connectivity
You can use several verification tools to verify end-to-end IP version 6 (IPv6)
connectivity:
ping: A successful ping means that the device endpoints are able to communicate.
This result does not mean that there are no problems, it simply proves that the basic
IPv6 connectivity is working.
traceroute: The results of traceroute can help you determine how far along the path
data can successfully travel. Knowing at what point the data fails can help you
determine the location of the issue. Cisco devices use UDP protocol when running
traceroute. The Windows operating system uses ICMP when running the similar
command tracert.
Telnet: Used to test the transport layer connectivity for any TCP port over IPv6.

In the following scenario, PC1 wants to access applications on the server. The figure
shows the desirable path.

You can use the ping utility to test end-to-end IPv6 connectivity by providing the IPv6
address as the destination address. The utility recognizes the IPv6 address when one
is provided and uses IPv6 as a protocol to test connectivity.

Use the ping utility on the Windows PC to test IPv6 connectivity:

C:\Windows\system32> ping 2001:db8:100::100

Pinging 2001:db8:100::100 with 32 bytes of data:

Reply from 2001:db8:100::100: time=19ms
Reply from 2001:db8:100::100: time=1ms
Reply from 2001:db8:100::100: time=1ms
Reply from 2001:db8:100::100: time=1ms

Ping statistics for 2001:db8:100::100:

 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 19ms, Average = 5ms

You can also use the ping utility on the router to test IPv6 connectivity:

Branch# ping 2001:db8:100::100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:db8:100::100, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

Traceroute is a utility that allows observation of the path between two hosts and
supports IPv6. Use the traceroute Cisco IOS command or tracert Windows command,
followed by the IPv6 destination address, to observe the path between two hosts. The
trace generates a list of IPv6 hops that are successfully reached along the path. This
list provides important verification and troubleshooting information.

The tracert utility on the Windows PC allows you to observe the IPv6 path:

C:\Windows\system32> tracert 2001:db8:100::100

Tracing route to 2001:db8:100::100 over a maximum of 30 hops

1 1 ms 1 ms <1 ms 2001:db8:101::1
2 10 ms 1 ms 1 ms 2001:db8:102::2
3 10 ms 1 ms 1 ms 2001:db8:100::100

Trace complete.
You can also use the traceroute utility on the router to observe the IPv6 path:

Branch# traceroute 2001:db8:100::100

Type escape sequence to abort.
Tracing the route to 2001:db8:100::100

1 2001:db8:102::2 0 msec 0 msec 0 msec

2 2001:db8:100::100 0 msec 0 msec 0 msec

Similar to IPv4, you can use Telnet to test end-to-end transport layer connectivity over
IPv6 using the telnet command from a PC, router, or a switch. When you provide the
IPv6 destination address, the protocol stack determines that the IPv6 protocol has to be
used. If you omit the port number, the client will connect to port 23. You can specify a
specific port number on the client and connect to any TCP port that you want to test.

Although telnet can be used as a troubleshooting tool to check transport layer

functionality, it should not be used in a production environment to administer network
devices. Nowadays a secure access method is used for that purpose using Secure
Shell protocol (SSH).

You can use the telnet command to test the transport layer connectivity for any TCP
port over IPv6.
Use Telnet to connect to the standard Telnet TCP port from a Windows PC.

C:\Windows\system32> telnet 2001:db8:100::100

Server~

Use Telnet to connect to the TCP port 80, which tests the availability of the HTTP
service.

C:\Windows\system32> telnet 2001:db8:100::100 80

HTTP/1.1 400 Bad Request

Date: Wed, 26 Sep 2019 07:27:10 GMT
Server: Server
Accept-Ranges: none
400 Bad Request
Connection to host lost.

In the example, you can see two connections from a PC to the Server. The first one
connects to port 23 and tests Telnet over IPv6. The second connects to port 80 and
tests Hypertext Transfer Protocol (HTTP) over IPv6.

The telnet command in the output tests if HTTP, which listens on TCP port 80, is open.

The telnet command can also be used from a Cisco router. In this case, to exit the
established connection you must enter a control+C hotkey. The hotkey that closes the
connection on a Cisco device is "ctrl+shift+6 and x."

When troubleshooting end-to-end connectivity, it is useful to verify mappings between

destination IP addresses and MAC addresses on individual segments. In IPv4, ARP
provides this functionality. In IPv6, the Neighbor Discovery process and ICMPv6
replace the ARP functionality. The neighbor discovery table caches IPv6 addresses and
their resolved MAC addresses. As shown in the figure, the netsh interface ipv6 show
neighbors Windows command lists all devices that are currently in the IPv6 neighbor
discovery table cache. The information that is displayed for each device includes the
IPv6 address, physical (MAC) address, and the neighbor cache state, similar to an ARP
table in IPv4. By examining the neighbor discovery table, you can verify that the
destination IPv6 addresses map to the correct Ethernet addresses

Neighbor discovery table on a PC:

C:\Windows\system32> netsh interface ipv6 show neighbors

Interface 13: LAB
Internet Address Physical Address Type
------------------------------------ ----------------- ---------
fe80::9c5a:e957:a865:bde9 00-0c-29-36-fd-f7 Stale
fe80::fa66:f2ff:fe31:7250 f8-66-f2-31-72-50 Reachable
(Router)
ff02::2 33-33-00-00-00-02 Permanent
ff02::16 33-33-00-00-00-16 Permanent
ff02::1:2 33-33-00-01-00-02 Permanent
ff02::1:ff05:f9fb 33-33-ff-05-f9-fb Permanent
ff02::1:ff31:7250 33-33-ff-31-72-50 Permanent
ff02::1:ff65:bde9 33-33-ff-65-bd-e9 Permanent
ff02::1:ff67:bae4 33-33-ff-67-ba-e4 Permanent

Neighbor discovery table on a router:

Branch# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State
Interface
FE80::21E:7AFF:FE79:7A81 8 001e.7a79.7a81 STALE Gi0/1
2001:DB8:101:1:A083:AEE4:E7C5:2CCA 46 000c.2936.fdf7 STALE Gi0/0
2001:DB8:209:165::2 0 001e.7a79.7a81 REACH Gi0/1
2001:DB8:101:1:C31:CD87:7505:F9FB 0 000c.2952.51fd REACH Gi0/0

The figure also shows an example of the neighbor discovery table on the Cisco IOS
router, using the show ipv6 neighbors command. The table includes the IPv6 address
of the neighbor, age in minutes, the MAC address, the state and the interface through
which the neighbor is reachable. The states are explained in the table:

State Description
State Description

Address resolution is being performed on the entry. The source has sent a neighbor
INCMP
solicitation message to the solicited-node multicast address of the target, but it has not
(Incomplete)
received the corresponding neighbor advertisement message.

The source has received positive confirmation within the last ReachableTime
REACH milliseconds that the forward path to the neighbor was functioning correctly, since the
(Reachable) packets have been recently received. While in the REACH state, the device takes no
special action because it is sending packets.

More than ReachableTime milliseconds have elapsed since the device received the
last positive confirmation that the forward path was functioning properly. While in the
STALE
STALE state, the device takes no action until a packet is sent. STALE state is the
normal state of the neighbor.

More than ReachableTime milliseconds have elapsed since the device received the
last positive confirmation that the forward path was functioning properly. A packet was
DELAY sent within the last DELAY_FIRST_PROBE_TIME seconds. If the device receives no
reachability confirmation within DELAY_FIRST_PROBE_TIME seconds of entering the
DELAY state, send a neighbor solicitation message and change the state to PROBE.

The device actively seeks a reachability confirmation by resending neighbor solicitation

PROBE
messages in RetransTimer milliseconds until a reachability confirmation is received.

You can use other commands to verify that IPv6 is configured correctly on Cisco
routers:
Verify that IPv6 routing has been enabled on the router. In the show running-
config command output look for the ipv6 unicast-routing command.
Verify that the interfaces have been configured with the correct IPv6 addresses. You
can use the show ipv6 interface command to display the statuses and
configurations for all IPv6 interfaces.

Which two commands can you use on Cisco network device to test and troubleshoot
IPv6 connectivity? (Choose two.)

ping

traceroute

show arp

show ip arp

arp -a