IPv6 Intro

Refresher

TheFor besta informationquick I'vecrash foundcourse that explainsinto IPv6 incheckout detail was on free online training frommy omnisecu.comIPv6 Quick Explainer. guide.

Why Did I readSetup throughIPv6?

Beyond just being good to know because it'll be what we're all theirusing lessonssooner tothan get a good understanding of IPv6. However I'm going to briefly go over come key concepts below.

Addresses

IPv6 addresses are 128-bit and represented in 32 hexadecimal characters broken down into 8 groups seprated by a colon and look like 2001:db8:2458:a2b2:cd47:8abb:8844:1. These groups are sometimes called hextets.

Address Types

Name	Description
unicast	Identifies an interface of an individual node.
multicast	Identifies a group of interfaces, usually on different nodes. Packets that are sent to the multicast address go to all members of the multicast group.
anycast	Identifies a group of interfaces, usually on different nodes. Packets that are sent to the anycast address go to the anycast group member node that is physically closest to the sender.

Address Components

Example: 2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b

Component	Value	Description
site prefix	2001:0db8:3c4d	The prefix describes the public topology that is usually allocated to your site by an ISP or Regional Internet Registry (RIR).
subnet ID	0015	The subnet ID describes the private topology, also known as the site topology, because it is internal to your site.
interface ID	0000:0000:1a2f:1a2b	The interface ID is either automatically configured from the interface's MAC address or manually configured in EUI-64 format.

Abbreviating Addresses

IPv6 addresses can be a little scary to look at butlater there are twoa tricksfew whenpractical writingadvantages themof IPv6 over IPv4. Most important to me though is being able to have IP addresses that doesn't have to be masqueraded by the router. This has several knock-on effects I appreciate.

No Need for Hairpin NAT

I don't have to masquerade IP addresses which means that when I access a littledevice morefrom readable.

my

LAN
• Leading zeros in any hextetI can be dropped. So 0db8 could be written as just db8
• If there are contiguous hextets that are all zeros like 2001:db8:0000:0000:0000:0000:abcd:1 they can be shortened with a syntax of ::. So that address could be abbreviated as 2001:db8::1. The only gotcha is that you can only do this once in an address, so if there are two stretches with hextets of 0000 you can only shorten one of them. I thought this would be annoying but I literally haven't run into a situation where that would have been needed.

Prefixes

The leftmost fields ofuse the IPv6same address contain the prefix, which is used for routing IPv6 packets. IPv6 prefixes have the following format:

<prefix> / <length in bits>

Prefix length is stated in classless inter-domain routing (CIDR) notation. CIDR notation is a slash at the end of theIP address that is followedused bywhen thepeople prefix length in bits. For information on CIDR format IP addresses, refer to Designing Your CIDR IPv4 Addressing Scheme.

The site prefix of an IPv6 address occupies up to 48 of the leftmost bits of the IPv6 address. For example, the site prefix of the IPv6 address 2001:db8:3c4d:0015:0000:0000:1a2f:1a2b/48 is contained in the leftmost 48 bits, 2001:db8:3c4d. You use the following representation, with zeros compressed, to represent this prefix:

2001:db8:3c4d::/48

You can also specifyaccess a subnet prefix, which defines the internal topology of the network to a router. The example IPv6 address has the following subnet prefix.

2001:db8:3c4d:15::/64

The subnet prefix always contains 64 bits. These bits include 48 bits for the site prefix, in addition to 16 bits for the subnet ID.

Source: IPv6 Addressing Overview (oracle.com)

The prefix 2001:db8::/32 is a special IPv6 prefix that is used specifically for documentation examples.

Features

Prefix Delegation

Since it would not be practical to manually provision networks at scale, in IPv6 networking, DHCPv6 prefix delegation is used to assign a network address prefix and automate configuration and provisioning of the public routable addresses for the network. The way this works for example in case of a home network is that the home router uses DHCPv6 protocol to request a network prefixdevice from the ISP'sWAN. DHCPv6I server.don't Oncehave assigned,to setup a hacky Hairpin NAT or necessarily use Split-horizen DNS to just have everything work. The less janky configurations I have to create and maintain to paper over problems of IPv4 the ISPbetter.

routes

Fine-grained thisDNS networkControl

Because each device can have a publically routable address I can setup subdomains to theactually customer'spoint hometo different addresses. As an example I can have wireguard.swigg.net point to my router andIP theaddress homefor VPN access while *.swigg.net can point to my server IP address I am running in my DMZ. With IPv4 I had to have them both point to my router startspublic advertisingIP theaddress newand addressesthen use some sort of proxy to hostsforward based on thehostname network,plus eitherdo viasomething SLAACjanky orlike using DHCPv6.above.

Source: Prefix Delegation (wikipedia.com)

Neighbor Discover Protocol (NDP)

The Neighbor Discovery Protocol (NDP, ND) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the link layer of the Internet model, and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems.

The protocol defines five different ICMPv6 packet types to perform functions for IPv6 similar to the Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP) Router Discovery and Router Redirect protocols for IPv4. However, it provides many improvements over its IPv4 counterparts (RFC 4861, section 3.1). For example, it includes Neighbor Unreachability Detection (NUD), thus improving robustness of packet delivery in the presence of failing routers or links, or mobile nodes.

Source: Neighbor Discovery Protocol (wikipedia.com)

Stateless address autoconfiguration (SLAAC)

IPv6 hosts configure themselves automatically. Every interface has a self-generated link-local address and, when connected to a network, conflict resolution is performed and routers provide network prefixes via router advertisements. Stateless configuration of routers can be achieved with a special router renumbering protocol. When necessary, hosts may configure additional stateful addresses via Dynamic Host Configuration Protocol version 6 (DHCPv6) or static addresses manually.

Source: Stateless address autoconfiguration (SLAAC) (wikipedia.com)