IPv6 addresses

As we prepare to enable IPv6 on the “static self-managed” wires, there are a few aspects to IPv6 addressing which you need to know.

The most obvious difference between IPv4 and IPv6 addresses is that the latter are 128 bits log.  They’re conventionally divided up into eight 16-bit chunks, written in hex and separated by colons.  Leading zeros can be omitted, and the longest consecutive run of all-zero chunks can be elided to “::”.

For global addresses, this 128-bit space is divided up into two 64-bit parts: there’s a 64-bit prefix, which essentially identifies the site and the subnet within it; and there’s a 64-bit “interface identifier” (“IID”) which identifies the host within the subnet.

So, for example 2001:630:3c1:33::1:15 has a prefix of
2001:630:3c1:33::, which itself breaks down to the University’s prefix of 2001:630:3c1:: and the subnet number 33, and an IID of ::1:15.

The prefix is fixed for the subnet, and is generally obtained automatically from the Router Advertisement packets which our switches multicast every few seconds on all of our IPv6-enabled subnets.  The IID is formed in one of three ways:

  1. It can be set explicitly by the host’s manager (in some system-specific way). We can support this, and can enter explicit addresses into the inf.ed.ac.uk domain.  We prefer not to do things this way, though, because it means liaison with machines’ managers, which can take time, and is more prone to errors.  The example above is one of these explicit addresses.
  2. The host can configure itself using StateLess Address AutoConfiguration (“SLAAC”).  This uses the host’s MAC address, transformed in a couple of simple ways, to produce an address which is unique to the machine while requiring no management intervention.  For example, 2001:630:3c1:2:4a0f:cfff:fe5b:e69a is the IPv6 address of one of the student lab machines.  Because we have the MAC addresses registered for all of the machines on the SM164 and SM197 wires we can automatically generate DNS entries in inf.ed.ac.uk, making the entire process completely automatic.  This is the mechanism we prefer.
  3. It can be a “privacy address”, generated periodically by the host in a cryptographically secure way such that it is very unlikely to duplicate any other IID on the subnet.  The reason for this type of address is that it avoids the possibility that a laptop might be tracked across networks as its owner moves from site to site, as would be the case if it were to use a fixed SLAAC-style IID.  For servers it makes little sense to use this type of address, and because it changes frequently we have no way to to add it to our DNS.  The distribution you have installed on your servers may have this turned on if its main audience is laptops and non-enterprise users.  If so, we strongly suggest you turn it off, though how you do so will be system-dependent.

There is one other form of address which your machine will have.  This is a “link-local” address, using fe80:: as its prefix and a SLAAC-style IID part.  Traffic for addresses of this form is never routed off-subnet.  Within the subnet it is just as valid an address as one of the above forms, and can be used anywhere a global address can be used.  It can’t go in the DNS, though, which makes it inconvenient for anything other than low-level network management tasks.  Your IPv6 default router address will probably be link-local, for example.

The address-search box on the netmon front page knows how to handle all of the above forms, though the information available for privacy addresses is necesarily more limited than for the other forms.

The home page for the development project which introduced IPv6 to Informatics has a number of useful links, including to the relevant RFCs.

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to IPv6 addresses

  1. richard says:

    If you have a Mac running a recent version of MacOS, you will get a “privacy address” as described above. As with servers, this makes little sense for desktop Macs.

    There appears to be a sysctl net.inet6.ip6.use_tempaddr which can be set to 0 to disable privacy addresses, but I can’t find any official Apple documentation about it.

Leave a Reply