Networking

10 things you should know about IPv6 addressing

Although IPv6 adoption seems to be moving at a snail's pace, there's no outrunning it. Brien Posey demystifies some of the addressing issues many admins are still trying to figure out.
[Editor's note: This article has been revised to correct a couple of errors noted by TechRepublic members. Thanks to everyone who contributed their input.]

Over the last several years, IPv6 has been inching toward becoming a mainstream technology. Yet many IT pros still don't know where to begin when it comes to IPv6 adoption because IPv6 is so different from IPv4. In this article, I'll share 10 pointers that will help you understand how IPv6 addressing works.

1: IPv6 addresses are 128-bit hexadecimal numbers

The IPv4 addresses we are all used to seeing are made up of four numerical octets that combine to form a 32-bit address. IPv6 addresses look nothing like IPv4 addresses. IPv6 addresses are 128 bits in length and are made up of hexadecimal characters.

In IPv4, each octet consists of a decimal number ranging from 0 to 255. These numbers are typically separated by periods. In IPv6, addresses are expressed as a series of eight 4-character hexadecimal numbers, which represent 16 bits each (for a total of 128 bits). As we'll see in a minute, IPv6 addresses can sometimes be abbreviated in a way that allows them to be expressed with fewer characters.

2: Link local unicast addresses are easy to identify

IPv6 reserves certain headers for different types of addresses. Probably the best known example of this is that link local unicast addresses always begin with FE80. Similarly, multicast addresses always begin with FF0x, where the x is a placeholder representing a number from 1 to 8.

3: Leading zeros are suppressed

Because of their long bit lengths, IPv6 addresses tend to contain a lot of zeros. When a section of an address starts with one or more zeros, those zeros are nothing more than placeholders. So any leading zeros can be suppressed. To get a better idea of what I mean, look at this address:

FE80:CD00:0000:0CDE:1257:0000:211E:729C

If this were a real address, any leading zero within a section could be suppressed. The result would look like this:

FE80:CD00:0:CDE:1257:0:211E:729C

As you can see, suppressing leading zeros goes a long way toward shortening the address.

4: Inline zeros can sometimes be suppressed

Real IPv6 addresses tend to contain long sections of nothing but zeros, which can also be suppressed. For example, consider the address shown below:

FE80:CD00:0000:0000:0000:0000:211E:729C

In this address, there are four sequential sections separated by zeros. Rather than simply suppressing the leading zeros, you can get rid of all of the sequential zeros and replace them with two colons. The two colons tell the operating system that everything in between them is a zero. The address shown above then becomes:

FE80:CD00::211E:729C

You must remember two things about inline zero suppression. First, you can suppress a section only if it contains nothing but zeros. For example, you will notice that the second part of the address shown above still contains some trailing zeros. Those zeros were retained because there are non-zero characters in the section. Second, you can use the double colon notation only once in any given address.

5: Loopback addresses don't even look like addresses

In IPv4, a designated address known as a loopback address points to the local machine. The loopback address for any IPv4-enabled device is 127.0.0.1.

Like IPv4, there is also a designated loopback address for IPv6:

0000:0000:0000:0000:0000:0000:0000:0001

Once all of the zeros have been suppressed, however, the IPv6 loopback address doesn't even look like a valid address. The loopback address is usually expressed as ::1.

6: You don't need a traditional subnet mask

In IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets, but the subnet ID is built into the address.

In an IPv6 address, the first 48 bits are the network prefix. The next 16 bits are the subnet ID and are used for defining subnets. The last 64 bits are the interface identifier (which is also known as the Interface ID or the Device ID).

If necessary, the bits that are normally reserved for the Device ID can be used for additional subnet masking. However, this is normally not necessary, as using a 16-bit subnet and a 64-bit device ID provides for 65,535 subnets with quintillions of possible device IDs per subnet. Still, some organizations are already going beyond 16-bit subnet IDs.

7: DNS is still a valid technology

In IPv4, Host (A) records are used to map an IP address to a host name. DNS is still used in IPv6, but Host (A) records are not used by IPv6 addresses. Instead, IPv6 uses AAAA resource records, which are sometimes referred to as Quad A records. The domain ip6.arpa is used for reverse hostname resolution.

8: IPv6 can tunnel its way across IPv4 networks

One of the things that has caused IPv6 adoption to take so long is that IPv6 is not generally compatible with IPv4 networks. As a result, a number of transition technologies use tunneling to facilitate cross network compatibility. Two such technologies are Teredo and 6to4. Although these technologies work in different ways, the basic idea is that both encapsulate IPv6 packets inside IPv4 packets. That way, IPv6 traffic can flow across an IPv4 network. Keep in mind, however, that tunnel endpoints are required on both ends to encapsulate and extract the IPv6 packets.

9: You might already be using IPv6

Beginning with Windows Vista, Microsoft began installing and enabling IPv6 by default. Because the Windows implementation of IPv6 is self-configuring, your computers could be broadcasting IPv6 traffic without your even knowing it. Of course, this doesn't necessarily mean that you can abandon IPv4. Not all switches and routers support IPv6, just as some applications contain hard-coded references to IPv4 addresses.

10: Windows doesn't fully support IPv6

It's kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does not fully support IPv6 in all the ways you might expect. For example, in Windows, it is possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for example). However, you can't do this with IPv6 addresses because when Windows sees a colon, it assumes you're referencing a drive letter.

To work around this issue, Microsoft has established a special domain for IPv6 address translation. If you want to include an IPv6 address within a Universal Naming Convention, you must replace the colons with dashes and append .ipv6.literal.net to the end of the address -- for example, FE80-AB00--200D-617B.ipv6.literal.net.

Note: This article is also available as a PDF download.


About

Brien Posey is a seven-time Microsoft MVP. He has written thousands of articles and written or contributed to dozens of books on a variety of IT subjects.

43 comments
dwhunt3542
dwhunt3542

Thanks for putting this together, it is awesome. I was looking for for something condensed to share with my team so they would at least be familiar with IPv6 and the address abbreviations. This is exactly what I was looking for. 

John_Baird
John_Baird

In paragraph 10, the special domain is not .ipv6.literal.net. The domain should be entered as .ipv6-literal.net

Brien_Posey
Brien_Posey

I have recently updated the article to clarify some of the subject matter and to address some of the concerns that have been expressed. It is important to note however, that this article is intended to be an introductory piece that was written for the benefit of those who may never have been exposed to IPv6. It was never intended to be an expert level piece, nor does it address every nuance of IPv6 addressing.

k4rros
k4rros

"The IPv4 addresses we?re all used to seeing are made up of four numerical octets" I think the word you're searching for is "four DECIMAL octets" since hexadecimal is still technically "numerical". Even so, this still isn't correct as IPv4 is equally capable of being expressed as hexadecimal. Try this... ping 0x7f.0.0.1 ...that should work just fine.

kevinmchambers
kevinmchambers

Just a question of curiosity: Will adopting IPv6 knock offline an older OS, such as Windows 2000,9x, older Mac and Linux operating systems?

yattwood
yattwood

I'm a DBA, not a network/DNS person - so be gentle (ha) Can y'all suggest some good places to get _accurate_ IPV6 information? I've searched the Net, but since I know next to nothing about IPV6 - I don't know how to judge the accuracy of what I'm reading....I'm most interested in IPV6 and (you guessed it) - Oracle, in terms of SQL*Net. I'm also interested in how this could affect setting up MC Service Guard (or other 'failover' solutions) as well as storage (NetApp, EMC, etc)

Gis Bun
Gis Bun

Seems the makes of the workgroup/home routers/switches will end up "screwing" the buyers as I think very few workgroup/home routers out there support ipv6. As for the issue with Windows not supporting ipv6, few use \\www.xxx.yyy.zzz\c$ as it should already be in the DNS. Not mentioned but ipv6 starts with Vista/Server 2008. No XP or Server 2003 support.

Mostina
Mostina

I think that it is the early way to for a administrator who want to become network technician thanks Freeman Blackie

karl.werner
karl.werner

Helpful article, especially for someone who hasn't had to do a lot at the v6 level. One question, when I do an ipconfig in windows, what does the number following the % sign represent?

aoj
aoj

In item 6, shouldn?t it say bits instead of characters? That is, the first 6 hexdigits are network prefix and so on?

robkraft
robkraft

I do not know a lot about IPV6 and this article did teach me a few things, such as why some addresses have ::: in them with no values between the colons, but I am not sure all the examples are valid. On #4 does FE80:CD00:0000:0000:0000:0000:211E:729C really translate to FE80:CD00::211E:729C? Shouldn't it be FE80:CD00::::211E:729C? And on #10, the author discusses colons but does not show a colon in the example. I think a tech editor should have reviewed this article, but items #2, #3, and #5 were of value to me. Thanks to the author for those. My opinion about the adoption of IPv6 is that it is neither slow nor fast. I think the delay is just that it is not a high-priority project for businesses to take the time to do it. What pressing business problem does it solve? In most cases, none. Yes, I push for it myself, but it is not as important, right now, as many other projects facing us.

KJQ
KJQ

Ouch. I don't know what the intended purpose of this article is, but it is misleading and just plain wrong on a number of points. Most of us in the IT profession know about IPv6. The "reluctance" to implement it is not on our part, but on the part of non-IT budget approvers who don't want to spend the money to upgrade current infrastructure (i.e. routers & firewalls) until they absolutely have to. IPv6 will only be adopted widespread when businesses can't do their business any more with IPv4.

gidonl
gidonl

Useless article and not accurate

PhilippeV
PhilippeV

Lots of errors in this article, which introduces new "myths" instead of removing them. Really, an article with a so poor quality should have NEVER been featured by TechRepublic. Of course there are not 128 "characters", but 128 bits. The secion about subnetmask is completely wrong ! And some sentence is completely wrong, such as "the IPv6 loopback address doesn?t even look like a valid address. The loopback address is usually expressed as ::1". Of course "::1" is a perfectly valid IPv6 address ! And the article speaks about "The domain ip6.arpa is used for reverse hostname resolution.", but it does not show how ! The syntax used in the arpa domain is completely different, and still uses dots between digits (instead of colon), and digits cannot be abbreviated (implied) using a double colon notation. In fact EACH hexadecimal digit has to be written, starting from the left-most (most-significant) in the IPv6 standard non abbreviated notation as the domain, and prepending each hex digit sucessively as a subdomain with a dot separator. E.g. "2001:BEEF::ABCD" would be resolved in DNS as the domain: d.c.b.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.e.b.1.0.0.2.ip6.arpa. This means that recursive inverse resolution will require a lot of requests. But of course, most reverse resolutions will only need to be performed only the most significant 48-bit prefix, and the most significant 16-bit prefix is generally wellknown in all DNS systems, so they can be queried directly. So an inverse resolution will first query: b.1.0.0.2.ip6.arpa., then e.b.1.0.0.2.ip6.arpa., then e.e.b.1.0.0.2.ip6.arpa., then f.e.e.b.1.0.0.2.ip6.arpa. ... up to 0.0.0.0.f.e.e.b.1.0.0.2.ip6.arpa. And inverse resolution will stop there, because after that point, there will generally be no DNS server resolving the rest of the sub-domains reprensenting the low-order digits of the IPv6 address, as they will be assigned only by an ISP which may delegate the full /48 block to a client who has no obligation of running a DNS server. Some ISPs (like providers of IPv6 to IPv4 tunnels or proxies) may subdivide it and will implement an inverse resolution up to the /64 block. But the final 64-bits of the address will almost never be resolved to a domain name, as they will be only within an area of a final client. Some IPv6 address blocks however have an IPv4-compatible address block, where the first 96 bits are fixed and wellknown, and the final least-significant 32 bits are mapped equally to the 32-bits of an IPv4 address. ONLY This part may still be represented using the wellknown decimal dotted representation (grouping bits by bytes shown in decimal). There's no warranty that any bits after the /64 bits prefix will be mapped this way in any IPv6 address block: clients may allocate their 64-bit addressing space as they want, mapping some parts with IPv4 local addresses if they want, or mapping 48-bit Ethernet addresses of physical interfaces, and creating subdomains (i.e. local subnet mask) as they want (for example when mpaaing hosts on several subnetworks, for example across multiple ISPs, each one with its own local prefix). The article has then completely forgotten the point of IPv6 : ease of mapping local addresses within a large local addressing space, which will completely deprecate things like NAT and their commplex management rules (notably for managing the address conversion tables). Ipv6 was designed to work automatically on "multihomed" environment, allowing competition and transparency across ISPs and access networks, without having to reconfigure the hosts with complex routing tables. Finally the statement "Windows does not fully support IPv6" is completely wrong. In fact Windows has been the first to propose a working implementation for IPv6, long before the numerous bugs were corrected in the early Linux distributions (and most of them did not even have one, this had to be manually configured, and did not wotk with LOTS of services). The author simply forgets the fact that an IPv6 address in its usual notation does not even wualify as a valid domain name. This is also true for using it in URLs, such as HTTP, where the IPv6 address MUST be surrounded between [brackets] to avoid also the confusion with port numbers. The bad thing about IPv6 is in fact its use of colons, instead of dots, but not the fact that it uses hexadecimal (which is good as decimal would have made IPv6 addresses representations much too long). For this reason, Microsoft had to create a syntax to make the IPv6 address look like a valid domain name. There was no choice only because IPv6's use of the colon was not compatible with the syntax of URLs (remember that Microsoft's approach to networks is based on domain names, but NOT on interface IP addresses, which have never been manageable, also because NOBODY owns any IP address delegation which may change at any time : users are instructed to change their IP mappings, and that's why we have a DNS server in almost all private networks today) The myth of a "permanent IP address" has been used for too long, and even today, the remaining few IPv4 addresses will like change much more often now that its addressing space is very limited : all ISPs are trying to optimize their own usage and delegations, and are billing IPv4 addresses more than before, to force their clients to count the IPv4 addresses they really need. Almost ALL IPv4 addresses are now very unstable (except for very few core DNS servers in the Internet infrastructure and used to resolve the "root" domain), even for wellknown websites (which are now very frequently accessible through a cloud of proxies offered by CDNs : this is needed for performance as well as security against DDoS because all these proxies are isolating and splitting the access network into multiple areas; this is often needed as well for commercial or legal reasons, to control how Internet clients can connect to some restricted web services, or to help deliver them more targeted advertizing).

cabanossi-21666366011136960807907799337173
cabanossi-21666366011136960807907799337173

A lot of noise about a complex addressing system which was apparently obsolete before birth, NAT having long since solved the problems of restricted address space for most places. It may however be worthwhile to consider asking the initial early adopters of ipv4 whoc bought numbers of class A address ranges whether they need all their internal address space to be routable in the public internet, seeing that this exposes their internal networks unnecessarily when they could easily do with other solutions.

alkesh.patel
alkesh.patel

What about TCP/UDP ports? How do they work? How will Firewalls work with IPv6 addresses?

capek
capek

I'm no expert on IPv6, but a few errors and simplifications are apparent. First, I think it would be clearer to say that IPv6 addresses are 128-bit long bit strings which we choose to represent with up to 8 4-hex digit numbers separated by colons. Each of those groups of 4 hex digits really represents 16 bits, and the 8 taken together are the full 128 bit address. (In IPv4, we usually represent the 32 bit address as 4 decimal numbers in the range 0-255, although octal representation, using commas instead of periods, is also acceptable. In section 6, you confuse characters with bits. I think you mean that the first 48 bits (of the 128-bit v6 address) are the network prefix, the next 16 bits are the subnet ID, and the last 64 bits are the interface identifier. And here's a question: Do IPv6 addresses change the handling of port numbers? Since the IPv6 address resolves to an interface, I guess they do not. Doesn't the use of a colon to indicate the port number introduce ambiguities when the double-colon notation is used?

Editor's Picks