Using IPv6
This topic describes support for using IPv6.
Understanding IPv6
IP version 6 (IPv6) is an Internet Protocol designed to succeed IP version 4 (IPv4). This topic provides an overview of IPv6.
About IPv6
The ongoing expansive growth of the Internet and the need to provide IP addresses to accommodate it is escalating the emergent use of a new IP protocol. IPv6 was designed to satisfy the current and anticipated near future requirements.
IPv4 is widely used throughout the world today for the Internet, intranets, and private networks. IPv6 builds upon the functionality and structure of IPv4 in many aspects, including:
•Larger address space-IPv6 addresses are 128 bits long instead of 32 bits. This expands the address space from 4 billion addresses to over 300 trillion trillion trillion addresses.
•New datagram format-The packet header is both simplified and enhanced to enable more secure and efficient routing.
•Improved fragmentation and reassembly-The maximum transmission unit (MTU) has been increased to 1280 bytes, for example.
•Transition mechanisms-Various network address translation (NAT) and tunneling mechanisms have been developed to support the transition to IPv6.
On February 3, 2011 Internet Assigned Numbers Authority (IANA) allotted the last block of IPv4 addresses to Regional Internet Registries (RIR), so the free pool of IPv4 addresses is now fully depleted. It is expected that in the near future Internet service providers (ISPs) will start issuing IPv6 addresses to their customers.
About IPv6 Address Types
RFC 4291, IP Version 6 Addressing Architecture describes the following types of IPv6 addresses:
•Unicast. An identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address.
•Anycast. An identifier for a set of interfaces. A packet sent to an anycast address is delivered to one of the interfaces identified by that address.
•Multicast. An identifier for a set of interfaces. A packet sent to a multicast address is delivered to all interfaces identified by that address.
The link-local address is a special IPv6 unicast address that is used in self-traffic and essential network communication, like Neighbor Discovery Protocol (NDP). When you enable IPv6 on a Connect Secure interface, the system generates a link-local address that is derived from the interface MAC address.
When you configure IPv6 addresses for the system interfaces, you manually specify a routable address, such as global unicast address or an anycast address, depending on your routing implementation and your system deployment. A global unicast address must be globally unique so that it can be specified globally without need for modification. An anycast address represents a service rather than a specific device. An anycast address is not unique, but instead might be configured on each device in a cluster. You are not likely to use multicast addressing with Connect Secure.
About IPv6 Address Text Representation
All IPv6 addresses are 128 bits long, written as 8 sections of 16 bits each. They are expressed in hexadecimal representation, so the sections range from 0 to FFFF. Sections are delimited by colons, and leading zeroes in each section may be omitted. If two or more consecutive sections have all zeroes, they can be collapsed to a double colon.
IPv6 addresses consist of 8 groups of 16-bit hexadecimal values separated by colons (:). IPv6 addresses have the following format:
aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa:aaaa
Each aaaa is a 16-bit hexadecimal value, and each a is a 4-bit hexadecimal value. The following is a sample IPv6 address:
2001:0DB8:0000:0000:0008:0800:200C:417A
You can omit the leading zeros of each 16-bit group, as follows:
2001:DB8:0:0:8:800:200C:417A
You can compress 16-bit groups of zeros to double colons (::) as shown in the following example, but only once per address:
2001:DB8::8:800:200C:417A
About the IPv6 Unspecified Address
In the IPv6 address space, the special "unspecified address" is 0:0:0:0:0:0:0:0. The compressed representation of the unspecified address is the double-colon (::). The unspecified address must never be assigned to a physical or virtual interface.
About the IPv6 Loopback Address
The special loopback address is the unicast address 0:0:0:0:0:0:0:1. The compressed representation of the loopback address is ::1. The loopback address may be used by a node to send an IPv6 packet to itself. It must not be assigned to a physical or virtual interface.
About IPv6 Address Prefixes
An IPv6 address prefix is a combination of an IPv6 prefix address and a prefix length used to represent a block of address space (or a network), similar to the use of an IPv4 subnet address and netmask combination to specify a subnet. An IPv6 address prefix takes the form ipv6-prefix/prefix-length. The ipv6-prefix variable follows general IPv6 addressing rules. The /prefix-length variable is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address. For example, 2001:DB8::/32 is an IPv6 address prefix, indicating that the first 32 bits make up the network portion of the address.
System Normalization of IPv6 Addresses
The system validates and normalizes IPv6 addresses entered by administrators. The normalized address is the address processed by the system, and it is the address that appears in logs.
The following table gives examples of how the system normalizes IPv6 address entries.
| Example Entry | Normalized Address | Explanation |
| 2001:DB8:1:1::3 | 2001:DB8:1:1::3 | An address specified in compressed format is validated; the system uses the compressed form as the normalized form. |
| 0:0:0::122 | ::122 | Address is validated and normalized to compressed format. |
| FF01:0:0:0:0:0:0:101 | FF01::101 | Address is validated and normalized to compressed format. |
| 2001:DB8::10.204.50.122 | 2001:DB8::ACC:327A | Address is validated and normalized to hexadecimal representation. |
| ::FFFF:10.204.50.122 | ::FFFF:10.204.50.122 | An address specified in compressed format is validated; the system uses the compressed form as the normalized form. |
About Neighbor Discovery Protocol
Neighbor discovery protocol (NDP) allows different nodes on the same link to advertise their existence to their neighbors, and to learn about the existence of their neighbors.
Routers and hosts (nodes) use NDP messages to determine the linklayer addresses of neighbors that reside on attached links and to overwrite invalid cache entries. Hosts also use NDP to find neighboring routers that can forward packets on their behalf.
In addition, nodes use NDP to actively track the ability to reach neighbors. When a router (or the path to a router) fails, nodes actively search for alternatives to reach the destination.
IPv6 NDP corresponds to a number of the IPv4 protocols - ARP, ICMP Router Discovery, and ICMP Redirect. However, NDP provides many improvements over the IPv4 set of protocols. These improvements address the following:
•Router discovery-How a host locates routers residing on an attached link.
•Prefix discovery-How a host discovers address prefixes for destinations residing on an attached link. Nodes use prefixes to distinguish between destinations that reside on an attached link and those destinations that it can reach only through a router.
•Parameter discovery-How a node learns various parameters (link parameters or Internet parameters) that it places in outgoing packets.
•Address resolution-How a node uses only a destination IPv6 address to determine a link-layer address for destinations on an attached link.
•Next-hop determination-The algorithm that a node uses for mapping an IPv6 destination address into a neighbor IPv6 address (either the next router hop or the destination itself) to which it plans to send traffic for the destination.
•Neighbor unreachability detection-How a node determines that it can no longer reach a neighbor.
•Duplicate address detection-How a node determines whether an address is already in use by another node.
A router periodically multicasts a router advertisement from each of its multicast interfaces, announcing its availability. Hosts listen for these advertisements for address autoconfiguration and discovery of link-local addresses of the neighboring routers. When a host starts, it multicasts a router solicitation to ask for immediate advertisements.
The router discovery messages do not constitute a routing protocol. They enable hosts to discover the existence of neighboring routers, but they are not used to determine which router is best to reach a particular destination.
NDP uses the following Internet Control Message Protocol version 6 (ICMPv6) messages: router solicitation, router advertisement, neighbor solicitation, neighbor advertisement, and redirect.
NDP for IPv6 replaces the following IPv4 protocols: Router Discovery (RDISC), Address Resolution Protocol (ARP), and ICMPv4 redirect.