CCATP #475 Bart Busschots Explains IPv6

World IPv6 launch badgeI made a deal with Bart when he started his two podcasts Let’s Talk Apple and Let’s Talk Photography that he would never have to be on more than every other week. But this week I tricked him by asking him if he’d come on and explain IPv6 to me. His first answer was that he didn’t understand it well enough to explain it. But of course Bart being Bart, that ear worm I so carefully placed caused him to go out and study it and now he’s here to explain it to us. And of course below you’ll find his excellent show notes.

itunes
mp3 download

Intro to IPv6

Revision

As we learned on TTT, the TCP/IP networking model has 4 layers:

  1. the data link layer (e.g. ethernet over copper & ethernet over wifi)
  2. the internetwork layer (all versions of the IP protocol live here)
  3. the transport layer (TCP and UDP live here)
  4. the application layer (e.g. HTTP, FTP, SMTP, IMAP, POP, SSH …..)

Back-story

  • IPv4 dates back to 1980 – it uses 32bit addresses generally written as for 8-bit chunks in decimal four separated by dots (e.g. 192.168.0.1)
  • Initially, IPv4 only supported three sizes of subnet – Class A (e.g. 10.*.*.*), class B (e.g. 192.168.*.*), and class C (e.g. 192.160.10.*). This was very wasteful of IP addresses.
  • In 1993 the CIDR (Classless Inter-Domain Routing) spec added variable length subnets to IPv4. This made routing easier, and, reduced the wastage of IPv4 addresses
  • As early as 1990, it was clear that IPv4’s days were numbered. There were too few IPv4 addresses, and, there were some inefficiencies in the design of the protocol that network engineers would like a do-over on.
  • The bulk of the RFCs (the specs) that make up what is now IPv6 were released between 1994 and 1996 – it’s a lot older than you might think!

Big-Picture Stuff

  • IPv6 and IPv4 are not designed to interoperate – they are separate universes, though the can co-exist on the same physical networks (like Apple Talk and NetBIOS back in the day)
  • The expectation is that IPv4 and IPv6 will be in simultaneous use for a long time to come – when a single network card is being use for both IPv4 and IPv6 at the same time it is said to be dual stacked
  • While IPv4 and IPv6 don’t interoperate, data can be transferred from one protocol to the other (like a transhipment terminal where freight is moved between road and rail or rail and ship)
  • It is envisioned that IPv6 will return us to a one-to-one mapping between IP addresses and devices – in other words, no more putting all the devices in your home behind a single IP, i.e., no more NAT.

IPv6 Overview

  • 128 bit addresses – four times as long as IPv4 addresses. That means there are about 3.4×1038 IPv6 addresses!
  • IPv6 addresses are generally written as eight groups of four hexadecimal digits separated by colons, e.g. google.com is 2a00:1450:400b:0c03:0000:0000:0000:008b. Thankfully there are rules for shortening the representation:
    • within each group, up to three Leading zeros can be left out, so the above example becomes 2a00:1450:400b:c03:0:0:0:8b
    • multiple consecutive groups of only zeros can be replaced with a double-colon, but only once in any given address (or it would become indeterminate), so our above example becomes: 2a00:1450:400b:c03::8b
  • In IPv4 the host part of an IP address is determined by the size of the netmask. In IPv6, the host part is always 64bits long. This is conveniently the length of a MAC address.
  • There are three kinds of IPv6 address – loopback, link-local, and global:
    • The Loopback address – equivalent to 127.0.0.1 in IPv4, an internal address that exists only within the local OS
      • The IPv6 loopback address is 0000:0000:0000:0000:0000:0000:0000:0001, which, using the above rules, can be written as simply ::1
    • Link-local addresses – these are IPv6 addresses that exist only on the local LAN (ethernet network). They can only be used for communicating with other devices within the LAN.
      • Link-Local addresses are derived form the network card’s MAC address, and all start with fe80.
      • The rule for constructing a link-local address is that you place fe80 at the extreme left of the address, the MAC address at the extreme right, and fill the gap in between with zeros, e.g. fe80::1cec:88ee:49c9:6844.
      • You will often see the link-local address written with the name of the interface appended to the end of the address, separated from it by a percentage sign, e.g. fe80::1cec:88ee:49c9:6844%en0
    • Global IPv6 addresses are used to communication between networks, i.e. to communicate over the internet.
      • Just like link-local addresses, global IPv6 addresses usually end in the MAC address. The difference is that the pre-fix that comes before the host part of the address is not defined like it is for link-local addresses, but rather, supplied by the router.
      • Routers play a much more active role in configuring IPv6 devices than they did in IPv4. It is the router’s job to tell all devices on the network what prefix they should use, and, whether or not they should also make a DHCP6 request to pick up additional configuration information. If a router advertises multiple prefixes, then all clients will get multiple global IPv6 addresses, one for every prefix, each ending with the same 64 bits.
      • You don’t have to use the MAC address as the last 64 bits, you could use a DHCP6 server to assign specific host addresses, or, manually assign specific host addresses. The practice of using the MAC address is part of a specification called SLAAC (for Stateless address autoconfiguration).
  • Now that we know all this, the three standard options for configuring IPv6 make sense:
    • link-local only – only set up the link-local address for the network card, do not add any global IPv6 addresses (my preferred setting because I know I do not have IPv6 to the world)
    • Automatic Configuration – use SLAAC to configure the global IPv6 address(es) for the network card, i.e. broadcast to the router asking what prefixes to use, and combine the returned prefix(es) with your MAC address (the default in most modern OSes, but can cause problems)
    • Manual – manually specify the 64bit host address, and the prefix (an insane thing to do in IPv6 IMO)
  • On macOS, Linux & Unix you can see all your configured IPv6 addresses with the command: ifconfig | egrep '\binet6'
  • Brian Coleman explains a method to test mobile apps by connecting your phone to an IPv6 network created by your Mac brianjcoleman.com/…

DHCP & DNS for IPv6

  • DHCP servers are not needed for basic network setup on IPv6 networks – routers tell clients what prefix to use, and what gateway address to use for packets destined for addresses outside the LAN
  • DHCP servers are still useful on IPv6 networks though, because they can give clients extra information configuration information like DNS servers, DNS search suffixes, WINS servers, proxy auto configuration URLs, and so on and so forth. DHCP is used for IPv4 setup, a different version of the protocol is used for IPv6, and known as DHCP6.
  • In DNS, domain names are converted to IPv4 addresses with A records. The equivalent record for converting names to IPv6 addresses are AAAA addresses (said as ‘quad A’ or ‘quadruple A’).
  • Modern OSes prefer IPv6 over IPv4 when available, so, if a modern computer has a global IPv6 address, and, if the destination domain name resolves to an IPv6 address in DNS (has a AAAA DNS record), then IPv6 will be tried first, and only if that fails will IPv4 be attempted. This is why misconfigured IPv6 leads to slow internet browsing.
  • You can check if a given domain name has an IPv6 address with the following commands:
    • On macOS/Linux/Unix you can see the A, AAAA and MX records for any DNS name with the following command: host domain.name (you can see only AAAA records with host -t AAAA domain.name)
    • On Windows (and many versions of macOS, Linux & Unix) you can see AAAA records for a DNS name with the following command: nslookup -q=aaaa domain.name

IPv4 over IPv6

To make it easier for IPv4 traffic to pass over IPv6 networks, a prefix has been reserved for IPv4 address onto IPv6 addresses. You start with 80 bits of zeros, then 16bits of ones, then the 32 bits of the IPv4 address. In other words, the prefix is ::ffff:. For convenience, the last 32bits are usually not written groups of 4 hexadecimal digits, but as a dotted quad.

E.g. the IPv4 address 192.168.0.1 maps to the IPv6 address ::ffff:192.168.0.1.

IPv6 over IPv4

To send IPv6 traffic over IPv4, you need to set up a tunnel. Think of this as being analogous to VPNing.

If you want an IPv6 connection from your home to the internet, and your ISP does not support IPv6, you will need a tunnel end-point on your LAN which will act as your LAN’s IPv6 router, and you need to connect that tunnel end-point to the IPv4 address of another end-point on another network that does have IPv6 connectivity to the internet.

5 thoughts on “CCATP #475 Bart Busschots Explains IPv6

  1. DJ - February 14, 2017

    “In IPv6, the host part is always 64bits long. This is conveniently the length of a MAC address.”

    MAC addresses are 48 bits, not 64.

  2. DJ - February 14, 2017

    “The rule for constructing a link-local address is that you place fe80 at the extreme left of the address, the MAC address at the extreme right, and fill the gap in between with zeros, e.g. fe80::1cec:88ee:49c9:6844.”

    This is not correct. Since MAC addresses are 48 bits, not 64 (see above comment), you insert into the middle the bytes FF:FE. Also, the 2nd bit in the address is inverted.
    See
    http://www.sput.nl/internet/ipv6/ll-mac.html
    for more information.

  3. podfeet - February 19, 2017

    DJ – I bet you think we were ignoring you, but we weren’t! We were working on a response. I hope you’ll enjoy the post I just did about your (correct) comment. IPv6 Link Local Addresses – 64 or 48-bit MAC Addresses? http://www.podfeet.com/blog/2017/02/mac-address-48-bit/

  4. Steve Davidson - February 19, 2017

    This is one of the best introductions to IPv6 I’ve ever seen/listened to.

    There was one thing that struck me as needing a tweak: In the section on moving IPv4 packets through IPv6 networks (such as the Internet core), Bart used this as an example of an IPv4 address embedded in IPv6:

    ::ffff:192.168.0.1

    However, 192.168.xxx.yyy are non-routing addresses (that’s why we can use them on our home networks without a care about duplication — routers don’t route them). It would never happen.

    A better (and practical) example would be

    ::ffff:69.163.225.97

    (which happens to be the IPv6 treatment of podfeet.com’s IPv4 address).

    This is a small quibble with an otherwise excellent treatment.

  5. Chris Trusch - February 28, 2017

    By the way, IPv6 has been built into Mac OS X for a long time, at least going back to 10.4 (Tiger), probably earlier. Here’s the network configuration panel from my 17 year-old G3 PowerBook connected via AirPort, running 10.4.

    https://s8.postimg.org/r3c8f8gmt/Picture_2.png

Leave a Reply

Your email address will not be published.