An Introduction to IPv6
Published: 19 October 2020
Internet Protocol Versions
IPv6 is not new, RFC1883 discussed the protocol back in 1995. However, it has been updated several times, becoming a Draft Standard with RFC2460 in 1998, and an Internet Standard with RFC8200 in 2017!
If you’re wondering if there was an IPv5 the answer is sort of, in the Experimental Internet Stream Protocol, Version 2 (ST-II) which used the IP version number 5 within its packet header, that’s RFC1190. IPv7 was sort of RFC1475, IPv8 was sort of RFC1162, and for an April fools joke we go IPv9 in RFC1606.
Internet Protocol version 6
This article will presume that you’re experienced with IPv4 concepts and addressing, it will therefore compare several features of IPv6 to IPv4.
Once of the main aspects of IPv6 is that it was designed to deal with address exhaustion expected with IPv4. IPv4 uses a 32-bit address space, allowing for 4,294,967,296 addresses – or about 4.3 billion. Whereas IPv6 uses a 128-bit address space, allowing for 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses – or just over 340 undecillion.
The two protocols are not interoperable meaning that it is not possible to directly communicate from an IPv4 to an IPv6 node without a transition mechanism – such as tunneling or IPv4-mapped addresses which will be discussed further down.
IPv6 addresses are 128-bit addresses, but these are represented as eight groups of four hexadecimal digits that are colon-separated. For example: fe80:0000:0000:0000:20b9:04b4:058a:0004.
However there are ways to abbreviate these addresses, the first is where there are consecutive groups of 0s these can be replaced with two colons (::). This abbreviation can only be used once within an address (to prevent ambiguity). The above address can therefore be abbreviated as: fe80::20b9:04b4:058a:0004.
If a group begins with one or more 0s, the leading 0s can be omitted, this can be done several times within a single address and can be used where the double-colon abbreviation is used. Therefore the previous address could be further abbreviated to: fe80::20b9:4b4:58a:4
The address space isn’t the only change with IPv6 though, RFC4291 defines the concep tof anycast, which were not a feature of IPv4. Plus features that simplify address configuration, router advertisements, and routing. IPv6 does not implement a “broadcast” feature as seen in version 4. Although a similar effect can be achieved with the “all nodes” multicast group (address ff02::1). IPv6 has no direct equivalent to RFC1918 (Private) IP addresses.
There are several types of IPv6 addresses:
Unicast addresses are used for sending messages to a specific address.
Link-Local are used for communications that do not need to leave the network segment, and begin fe80::/10.
Multicast are for sending a message to a group, such as a device type (e.g. all routers), these addresses begin ff00:/8, examples include ff02::1 (All hosts) and ff02::2 (All routers).
Anycast addresses are used were it is desirable to have a pool of servers providing redundancy, these are taken from the unicast range and are therefore not distinguishable – if they are used for anycast purposes then the are an anycast address; although RFC2526 does recommend a range to be used.
A device can use autoconfiguration to set its IPv6 address:
Stateful Autoconfiguration makes use of DHCPv6 where devices are assigned a full 128-bit address.
Stateless Autoconfiguration makes use of Router Advertisements (RA) messages which contain 64-bit prefixes and the latter part is defined using EUI-64. (Router Advertisements will be discussed in more detail later).
EUI-64 is the process of using the MAC address of a device to set the interface ID of an address. This involves splitting the MAC Address in half, placing FF FE between the address and setting the 7th bit in the ID. For example a MAC Address of 00:01:80:70:71:b8 would give an interface ID of 0201:80ff:fe70:71b8. With stateless autoconfiguration this interface ID would be appended to a prefix given within a Router Advertisement (RA).
IPv6 has many similar functions to IPv4 such as ICMP and DHCP plus a few more such as Neighbor Discovery.
One significant difference with IPv6 is how devices discover their own, and their neighbors, IP addresses. Neighbor Discovery Protocol (RFC 2461) uses ICMPv6 messages and multicast messages, and allows for features such as Stateless Autoconfiguration, duplicate address discovery, router discovery, and neighbor address resolution (which replaces Address Resolution Protocol used with IPv4).
Key messages are: “Router Advertisements” used by routers to advertise their presence and link prefixes. “Router Solicitation” used by hosts to query for the presence of routers on the link. “Redirect” used by routers to inform nodes of better next-hop routers. “Neighbor Solicitation” and “Neighbor Advertisements” which are used for duplicate address detection as well as Layer 3 to Layer 2 address resolution (to replace ARP).
To allow for interoperability between IPv6 and IPv4 there are several features, for example it is possible to manually configure tunnels to allow communication between two IPv4 subnets over an IPv6 network, where dual-stack routers are in use.
It is also possible to use ISATAP tunnels (Intra-Site automatic Tunnel Addressing Protocol) can be used to tunnel IPv6 over IPv4. This scheme uses the 64-bit link-local prefix followed by an ISATAP interface identifier “0000:5efe” followed by the IPv4 address of the ISATAP like (represented in hexadecimal of course). For example say an IPv6 prefix of 2001:0db8:0abc:def0 and an IPv4 tunnel destination of 172.16.1.1 this would become 2001:db8:abc:def0::5efe:ac10:101.
Another common method is 6to4 tunnels, which use addresses beginning with 2002::/16 followed by the border router IPv4 address (in hexadecimal). This leaves 16 bits within the 64-prefix for numbering networks within a site. For example: 2002:0a01:0101:1::/64.
Posts broken down by category
Articles concentrating on network and operating system level attacks.
Articles covering attacks against web applications and their associated APIS.
Articles concentrating on past data breaches, looking for lessons learned.
Articles covering breaking into wireless networks and how to keep them safe.