Manual:IPv6/Address

From MikroTik Wiki
Jump to navigation Jump to search

Applies to RouterOS: v3, v4 +

Summary

Sub-menu: /ipv6 address
Standards: RFC 4291


IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4. IPv6 address syntax and types are described in RFC 4291.

There are multiple IPv6 address types, that can be recognized by their prefix. RouterOS distinguishes the following:

  • multicast (with prefix ff00::/8)
  • link-local (with prefix fe80::/10)
  • loopback (the address ::1/128)
  • unspecified (the address ::/128)
  • other (all other addresses, including the obsoleted site-local addresses, and RFC 4193 unique local addresses; they all are treated as global unicast).

One difference between IPv6 and IPv4 addressing is that IPv6 automatically generates a link-local IPv6 address for each active interface that has IPv6 support.

Address Expression

IPv6 addresses are represented a little bit different than IPv4 addresses. For IPv6, the 128-bit address is divided in eight 16-bit blocks, and each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The resulting representation is called colon-hexadecimal.

In example above IPv6 address in binary format is converted to colon-hexadecimal representation

0010000000000001 0000010001110000 0001111100001001 0000000100110001
0000000000000000 0000000000000000 0000000000000000 0000000000001001

2001:0470:1f09:0131:0000:0000:0000:0009

IPv6 address can be further simplified by removing leading zeros in each block:

2001:470:1f09:131:0:0:0:9

As you can see IPv6 addresses can have long sequences of zeros. These contiguous sequence can be compressed to ::

2001:470:1f09:131::9

Note: Zero compression can only be used once. Otherwise, you could not determine the number of 0 bits represented by each instance of a double-colon


Prefix

IPv6 prefix is written in address/prefix-length format. Compared to IPv4 decimal representation of network mask cannot be used. Prefix examples:

2001:470:1f09:131::/64
2001:db8:1234::/48
2607:f580::/32
2000::/3


Address Types

Several IPv6 address types exist:

  • Unicast
  • Anycast
  • Multicast

As you can see there are no Broadcast addresses in ipv6 network, compared to IPv4 broadcast functionality was completely replaced with multicast.

Unicast Addresses

Packets addressed to a unicast address are delivered only to a single interface. To this group belong:

  • globally unique addresses and can be used to connect to addresses with global scope anywhere.
  • link-local addresses
  • site-local addresses (FEC0::/48) - deprecated
  • special purpose addresses
  • compatibility addresses

Link-local address

Link-local addresses are used to communicate between nodes on the same link. A link-local address is required on every IPv6-enabled interface, applications may rely on the existence of a link-local address even when there is no IPv6 routing, that is why link-local address is generated automatically for every active interface using it's interface identifier (MAC address if present). Address prefix is always FE80::/64 and IPv6 router never forwards link-local traffic beyond the link.

These addresses are comparable to the auto-configuration addresses 169.254.0.0/16 of IPv4.

A link-local address is also required for Neighbor Discovery processes.

Special purpose address

  • Unspecified address (::/128) - never assigned to an interface or used as a destination address, used only to indicate the absence of an address. Equivalent to IPv4 0.0.0.0 address.
  • loopback address (::1/128) - used to identify a loopback interface, enabling a node to send packets to itself. It is equivalent to the IPv4 loopback address of 127.0.0.1.

Compatibility address

  • IPv4 compatible address - used by dual-stack nodes that are communicating with IPv6 over an IPv4 infrastructure. When the IPv4-compatible address is used as an IPv6 destination, IPv6 traffic is automatically encapsulated with an IPv4 header and sent to the destination by using the IPv4 infrastructure. Address is written in following format ::w.x.y.z, where w.x.y.z is the dotted decimal representation of a public IPv4 address.
  • IPv4 mapped address - used to represent an IPv4-only node to an IPv6 node. It is used only for internal representation. The IPv4-mapped address is never used as a source or destination address for an IPv6 packet. The IPv6 protocol does not support the use of IPv4-mapped addresses. Address is written in following format: ::ffff:w.x.y.z, where w.x.y.z is the dotted decimal representation of a public IPv4 address.
  • 2002::/16 — this prefix is used for 6to4 addressing. Here, an address from the IPv4 network 192.88.99.0/24 is also used.

Multicast address

Anycast address

Interface Identifier

The last 64 bits of an IPv6 address are the interface identifier that is unique to the 64-bit prefix of the IPv6 address. There are several ways how to determine interface identifier:

  • EUI-64;
  • randomly generated to provide a level of anonymity;
  • manually configured.

EUI-64

Traditional interface identifiers for network adapters are 48-bit MAC address. This address consists of a 24-bit manufacturer ID and a 24-bit board ID.

IEEE EUI-64 is a new standard for network interface addressing. The company ID is still 24-bits in length, but the extension ID is 40 bits, creating a much larger address space for a network adapters.

To create an EUI-64 address from the interface MAC address:

  • 0xFFFE is inserted into the MAC address between the manufacturer ID and the board ID.
  • seventh bit of the first byte is reversed.


The 64 bit unique ID is generated from hardware serial numbers or MAC addresses. In case of a 48 bit MAC address, this so called EUI-64 (Extended Unique Identifier) is generated by the following algorithm:

  1. use the first 3 bytes of the MAC address (OUI) as the first 3 bytes for the EUI-64, except that the second-least significant bit of the most significant byte is inverted;
  2. insert 0xFF and 0xFE as 4th and 5th bytes respectively for the EUI-64;
  3. use the last 3 bytes of the MAC address as the last 3 bytes for the EUI-64;

In RouterOS, if the eui-64 parameter of an address is configured, the last 64 bits of that address will be automatically generated and updated using interface's MAC address. These last bits must be configured to be zero for this case. Example:

[admin@MikroTik] > ipv6 address add address=fc00:3::/64 interface=ether3 eui-64=yes
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                                     INTERFACE                  ADVERTISE
 ...
 5  G fc00:3::20c:42ff:fe1d:3d4/64                ether3                     yes
[admin@MikroTik] > interface ethernet set ether3 mac-address=10:00:00:00:00:01
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                                     INTERFACE                  ADVERTISE
 ...
 5  G fc00:3::1200:ff:fe00:1/64                   ether3                     yes

Stateless address autoconfiguration

RouterOS supports stateless address auto-configuration. Prefixes of all addresses with 64 bit netmask are advertised by default.

 [admin@MikroTik] > ipv6 address print
 Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
  #    ADDRESS                                     INTERFACE         ADVERTISE
  0  G fc00:1::1/64                                ether1            yes

As in example above advertise flag is enabled which indicates that dynamic /ipv6 nd prefix entry is added.

 [admin@MikroTik] > ipv6 nd prefix print
 Flags: X - disabled, I - invalid, D - dynamic
  0 D prefix=fc00:1::/64 interface=ether1 on-link=yes autoconfig=yes
       valid-lifetime=4w2d preferred-lifetime=1w

On a host that is directly attached to the router we see that an address was added. The address consists of prefix part (first 64 bits) that takes prefix from the prefix advertisement, and host part (last 64 bits) that is automatically generated from local MAC address:

atis@atis-desktop:~$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fc00:1::21a:4dff:fe56:1f4d/64 scope global dynamic
       valid_lft 2588363sec preferred_lft 601163sec
    inet6 fe80::21a:4dff:fe56:1f4d/64 scope link
       valid_lft forever preferred_lft forever

The host has received the fc00:1::/64 prefix from the router and configured an address with it.

There is also an option to redistribute DNS server information using RADVD:

 [admin@MikroTik] > ip dns set secondary-dns=fc00:1::2
 [admin@MikroTik] > ip dns print
             primary-dns: 10.0.0.1
           secondary-dns: fc00:1::2
 ...
 [admin@MikroTik] > ipv6 nd set [f] advertise-dns=yes

You will need a running client side software with Router Advertisement DNS support to take advantage of the advertised DNS information.

For more information and configuration options refer to Ipv6 Neighbor Discovery.

Properties

Property Description
address (Address/Netmask; Default: ) Ipv6 address. Allowed netmask range is 0..128
advertise (yes | no; Default: no) Whether to enable stateless address configuration. The prefix of that address is automatically advertised to hosts using ICMPv6 protocol. The option is set by default for addresses with prefix length 64. Note that the prefix length must be equal to 64 for host autoconfiguration to work. Read more >>
comment (string; Default: ) Descriptive name of an item
disabled (yes | no; Default: no) Whether address is disabled or not. By default it is disabled
eui-64 (yes | no; Default: no) Whether to calculate last 64 bits of that address using interface's MAC address. Read more >>
interface (string; Default: ) Name of an interface on which Ipv6 address is set.


Read-only properties

Property Description
actual-interface (string) Actual interface on which address is set up. For example, if address was configured on ethernet interface and ethernet interface was added to bridge, then actual interface is bridge not ethernet.
dynamic (yes | no) Whether address is dynamically created
global (yes | no) Whether address is global
invalid (yes | no)
link-local (yes | no) Whether address is link local



[ Top | Back to Content ]