IPv6 Fundamentals
2. Add FFFE in between. This makes the address 64-bits long
3. Invert the 7th bit (for example, if the bit is 1, write 0, and vice versa).
Figure 1-73 shows an example of the EUI-64 method to calculate the interface ID portion of an IPv6
address. In this example, the MAC address of the interface is 0200.1111.1111. We first split the MAC address and add FFFE in the middle. We then flip the 7th bit from 1 to 0. This results in an interface ID of 0000.11FF.FE11.1111.
Figure 1-73 Calculating the Interface ID Portion of an IPv6 Address with EUI-64
The EUI-64 method is also used to calculate the interface ID for an LLA address, as explained in the previous section.
The third method, SLAAC, allows for automatic address assignment when the IPv6 network prefix and prefix length are not known (for example, if they are not manually configured). To understand how SLAAC works, we need to look at a new protocol that is specific for IPv6: the Neighbor Discovery Protocol (NDP).
NDP is used for several functionalities:
Router discovery: Used to discover routers within a subnet.
Prefix discovery: Used to find out the IPv6 network prefix in a given link.
Address auto-configuration: Supports SLAAC to provide automatic address configuration.
Address resolution: Similar to ARP for IPv4, address resolution is used to determine the link layer address, given an IPv6 address.
Next-hop determination: Used to determine the next hop for a specific destination.
Neighbor unreachability detection (NUD): Used to determine whether a neighbor is reachable.
It is useful, for example, to determine whether the next-hop router is still available or an
alternative router should be used.
Duplicate address detection (DAD): Used to determine whether the address a node decided to use is already in use by some other node.
Redirect: Used to inform nodes about a better first-hop node for a destination.
NDP uses ICMP version 6 (ICMPv6) to provide these functionalities. As part of the NDP specification, five new ICMPv6 messages are defined:
Router Solicitation (RS): This message is sent from hosts to routers and is used to request a Router Advertisement message. The source IP address of this message is either the host-assigned IP address or the unspecified address ::/128 if an IP address is not assigned yet. The destination IP address is the all-routers multicast address FF01::2/128.
Router Advertisement (RA): This message is sent from routers to all hosts, and it is used to communicate information such as the IP address of the router and information about network prefix and prefix length, or the allowed MTU. This can be sent at regular intervals or to respond to an RS message.
The source IP of this message is the link-local IPv6 address of the router interface, and the destination is either all-nodes multicast address FF01::1 or the address of the host that sent the RS message.
Neighbor Solicitation (NS): This message is used to request the link-layer address from a neighbor node. It is also used for NUD and DUD functionality. The source IP address would be the IPv6 address of the interface, if already assigned, or the unspecified address ::/128.
Neighbor Advertisement (NA): This message is sent in response to an NS or can be sent unsolicited to flag a change in the link-layer address. The source IP address is the interface IP, while the destination is either the IP address of the node that sent the NS or the all-nodes address FF01::1.
Redirect: This message is used to inform the hosts about a better first hop. The source IP address is the link-local IP of the router, and the destination IP address is the IP address of the packet that triggered the redirect.
Figure 1-74 shows an example of an RS/RA exchange to get information about the router. In this example, Host A sends a Router Solicitation to all routers in the subnet to get the network prefix and prefix length.
Figure 1-74 RS/RA Exchange
Figure 1-75 shows an example of an NS/NA exchange to get information about the link-layer address.
This process replaces the ARP process in IPv4. Host A needs to have the MAC address of Host B so it can send frames. It sends an NS asking who has 2345::2, and Host B responds with an NA,
indicating its MAC address.
Figure 1-75 NS/NA Exchange to Get Link-Layer Address Information
Due to the criticality of the NDP operation, RFC 3971 describes the Secure Neighbor Discovery (SeND) protocol to improve the security of NDP. SeND defines two ND messages—Certification Path Solicitation (CPS) and Certification Path Answer (CPA)—an additional ND option, and an additional auto-configuration mechanism.
Now that you know how NDP works, you can better understand the SLAAC process. In the following example, we assume the host uses the EUI-64 method to generate an LLA. At the start, the host
generates an LLA address. This provides link-local connectivity to neighbors.
At this point, the host can receive RAs from the neighbor’s routers, or, optionally, it can solicit an RA by sending an RS message. The RA message contains the network prefix and prefix length information that can be used by the host to create a global unicast IP address.
The prefix part of the address is provided by the information included in the RA. The interface ID, instead, is provided by using EUI-64 or other methods (for example, randomly). This depends on how the host has implemented SLAAC. For example, a host may implement a privacy extension (described in RFC 4941) or a cryptographically generated address (CGA) when SeND is used. Before the
address can be finally assigned to the interface, the host can use the DAD functionality of NDP to find out whether any other host is using the same IP.
The following steps detail address assignment via SLAAC. In Figure 1-76, Host A has a MAC address of 0200.2211.1111.
Figure 1-76 Address Assignment via SLAAC
Step 1. The SLAAC process starts by calculating the LLA. This is done by using the EUI-64 method. This will result in an LLA address of FF80::22FF:FE11:1111.
Step 2. At this point, Host A has link-local connectivity and can send an RS message to get