CCNP Route Notes IPv6 Introduction

CCNP Route Notes IPv6 Introduction

IPv6 is an extension of IP with several advanced features:

  • Larger address space.
  • No more need for NAT.
  • Simpler header for increased router efficiency.
  • No more broadcasts.
  • Stateless autoconfiguration.
  • Built-in support for Mobile IP.
  • Built-in support for IPsec security.
  • Rich transition features.
  • Easy IP address renumbering.
  • Capability to have multiple addresses per interface.
  • Routers create link-local addresses for use by IGPs.
  • As with IPv4, the addresses can be provided by the ISP or can be provider independent.

The primary adoption of IPv6 is driven by the need for more addresses. Given the growth in Internet use and the emergence of large groups of Internet users worldwide, this is a significant requirement. Another reason to use IPv6 is growth in the size of the current Internet routing table. IPv4 addresses are not summarized enough to keep the size down, increasing the load on Internet routers. Additionally, although the use of NAT has postponed the need for IPv6, it breaks TCP/IP’s end-to-end networking model.

IPv6 Addressing

IPv4 addresses are 32-bits long and written in dotted decimal, whereas IPv6 addresses are 128 bits and written in hexidecimal. They are typically divided into a 64-bit network portion and a 64-bit host portion. The first 48 bits of the network portion are considered as Global Address Space. These bits consist of the following elements (see Figure 9-1):

  • The first three bits (/3) of a unicast address are always 001.
  • The next 13 bits (/16) identify the Top-Level Aggregator (TLA); the upstream ISP.
  • The next 24 bits (/40) identify the next-level aggregator, or regional ISP.
  • Enterprises are assigned /48 addresses and have 16 bits of subnetting available.

The host portion of the address is last 64 bits. The subnet mask is specified using Classless Interdomain Routing (CIDR) notation. Figure 9-1 shows the address components.


FIGURE 9-1 IPv6 Address Structure

Simplifying an IPv6 Address

There are two ways to shorten the representation of an IPv6 address. Take the example address 2001:0000:0001:0002:0000:0000:0000:ABCD.

  • Leading zeros can be omitted. Doing this would shorten the preceding address to 2001:0:1:2:0:0:0:ABCD.
  • Sequential zeros can be shown as double colons. This is allowed only once per address. Adding this would simplify the above address even further, to 2001:0:1:2::ABCD.

For the exam, be sure that you can distinguish between correct and incorrect IPv6 addresses. For instance, the address
2001::1:2::ABCD is incorrect because it uses double colons twice.

Special Addresses

IPv6 does not support broadcasts but replaces broadcasts with multicasts. IPv6 also uses Anycast, which involves using the same address on two devices. Anycast can be used to implement redundancy and has been backported to IPv4.

Each IPv6 system must recognize the following addresses:

  • Its unicast addresses
  • Link local address (begins with FE80/10)
  • Loopback (::1/128)
  • All-nodes multicast (FF00::1)
  • Site-local multicast (FF02::2)
  • Solicited-nodes multicast (FF02::1:FF00/104)
  • Default route (::/0)

Additionally, some systems also use the following addresses:

  • IPv4 compatible address (::/96 | 32-bit, IPv4 address).
  • Second unicast address shared with another system (anycast).
  • Additional multicast groups.
  • Routers must support subnet-router anycast (all zeros EUI-64).
  • Routers must support local all-routers multicast (FF01::2), link-local (FF02::2), and site-local (FF05:2).
  • Routers must support routing protocol multicast groups.
IPv6 Host Addressing

An IPv6 host can obtain an IP address by manual assignment, by manually assigning the network address only, by using stateless autoconfiguration, or by using DHCPv6. IPv6 is not enabled by default on Cisco routers. To enable IPv6 routing, the command is ipv6 unicast-routing at the global configuration mode.

To ping any IPv6 address, including link-local addresses, use the command ping ipv6 destination-address source exitinterface. Note that you must specify a source.

Manual IP Address Assignment

To manually assign an IPv6 address to a router interface, use the command ipv6 address ipv6-address/prefix-length. The
following example shows a router interface with two IPv6 addresses. In the first address, note leading zeros are omitted in
two of the quartets. In the second address, note the use of the double colons:

Manual Network Assignment

The router can create its own IPv6 address when it knows its network. If the end system has a 64-bit MAC address, it concatenates the network prefix and its MAC address to form an IPv6 address. If the end system has a 48-bit MAC address, it flips the global/local bit (the 7th bit) and inserts 0xFFEE into the middle of the MAC address. The resulting 64-bit number is called the EUI-64 address. The prefix and EUI-64 address are concatenated to form the host IPv6 address. The command is ipv6 address ipv6-prefix::/prefix-length eui-64.

The following example shows this command and the resulting link-local and global unicast address. Note the interface MAC address and how it relates to the IPv6 addresses.

Stateless Autoconfiguration

One big benefit of IPv6 is stateless autoconfiguration, the capability of a host to automatically acquire an IP address
without needing DHCP. It uses its link-local address and the Neighbor Discovery Protocol (NDP) to do this.
Each device creates a link-local address for itself based on the prefix FE80:: and the interface MAC address. This address
is only valid on the local network. It then uses NDP to make sure that the address is unique.

NDP has several functions in IPv6, including the following:

  • Duplicate Address Discovery (DAD): The host uses Neighbor Solicitation (NS) to send a message to its own address. No response means that the link-local address is unique.
  • Neighbor Discovery: Similar to ARP, the host discovers the link-local address of neighbors using an NS message. This is ICMP type 135. Neighbors respond with an ICMP type 136 message.
  • Router Discovery: IPv6 routers periodically send Router Advertisements (RAs) listing the network prefix. When a host comes online it immediately sends a Router Solicitation (RS) message, asking for prefix information, rather than waiting for the RA. This is sent to the All-routers multicast address.

To configure stateless autoconfiguration, use the interface command ipv6 address autoconfig. Acquiring an address involves the following steps:

  1. The host creates a link-local address
  2. It sends an NS message to its link-local address out the interface.
  3. If there is no reply, DAD declares the address unique.
  4. If the host doesn’t receive an RA, it sends an RS.
  5. A router on the subnet sends an RA, listing its interface prefix.
  6. The host uses that prefix and the interface MAC address to create its IPv6 address.

Use the command show ipv6 interface to verify your configuration. The following example shows this command and the
resulting IPv6 address.


IPv6 supports easy network renumbering. Note in the previous example that lifetimes are listed for the subnet address. When it is time to change the subnet, you can configure the router to advertise the old prefix with a short lifetime and a new prefix with a longer lifetime. You can even configure the router to expire a prefix at a certain date and time. The router sends out an RA with both prefixes and their lifetimes. Hosts then update their addresses. Anyone who has had to renumber a large range of IPv4 addresses can testify to how useful this feature is!

IPv6 Routing

Routing with IPv6 will seem very familiar to you. The same IGPs – RIP, EIGRP, and OSPF – are used as in IPv4; they have been adapted to carry IPv6 routes. BGP extensions allow it to do IPv6 routing. The same rules for metric and administrative distance apply. The commands are very similar too. The main difference in commands is that you need to specify that the command pertains to IPv6, since IPv4 is the default. One big configuration difference is that the network command is no longer used by IGPs to initiate routing. It is enabled at each interface instead. BGP does still use the network command to designate which networks to advertise.

Static Routing

Static routing with IPv6 works exactly like it does with version 4. Aside from understanding the address format, there are
no differences. The syntax for the IPv6 static route command is

The following examples show the command in context as it might be applied. The first line shows a recursive static route that lists a next-hop address. The second line shows a directly connected static default route that lists an outbound interface. The third line shows a fully specified static route, which lists both the next-hop address and the outbound interface.

Verify your configuration with the command show ipv6 route.

RIPng for IPv6

RIP next generation (RIPng) is the IPv6 version of RIP and is defined in RFC 2080. Like RIPv2 for IPv4, RIPng is a distance vector routing protocol that uses a hop count for its metric, has a maximum hop count of 15, and uses split horizon. It uses UDP and still has an administrative distance of 120. RIPng also uses periodic multicast updates—every 30 seconds—to advertise routes. The multicast address is FF02::9. (RIP v2 uses IPv4 address The source address of RIPng updates is the link-local address of the outbound interface.

There are two important differences between the old RIP and the next-generation RIP. First, RIPng supports multiple concurrent processes, each identified by a process number. (This is similar to OSPFv2.) Second, RIPng is initialized in global configuration mode and then enabled on specific interfaces. There is no network command in RIPng.

The following example shows the syntax used to apply RIPng to a configuration. Notice that the syntax is similar to traditional RIP. You must first enable IPv6 routing. The global command to enable RIPng is optional; the router creates it automatically when the first interface is enabled for RIPng. You might need the command for additional configuration, such as disabling split horizon for a multipoint interface, as shown in the example.

Like RIP for IPv4, troubleshoot RIPng by looking at the routing table (show ipv6 route [rip] ), by reviewing the routing protocols (show ipv6 protocols), and by watching routing updates propagated between routers (debug ipv6 rip).

EIGRP for IPv6

EIGRP has been expanded to support IPv6, although you need to verify that your specific version of IOS is capable of doing this. EIGRP for IPv6 is based on the IPv4 version, and the two can run in tandem on the same router and on the same interfaces. EIGRP is still an advanced distance vector routing protocol that uses a complex metric. EIGRP still has a reliable update mechanism and uses DUAL to retain fall-back paths. Like EIGRP in IPv4, it sends multicast hellos every 5 seconds. (But the multicast address is now FF02::A.) Messages are exchanged using the interface link-local address as the source address. This leads to the possibility that two routers with interfaces on different subnets can now form an EIGRP adjacency.

Like RIPng, there is no more network command; EIGRP routing is enabled at each interface. You must assign a router ID in the format of a 32-bit IPv4 address. It does not need to be a routable address. One important thing to note is that the protocol starts off in the shutdown state. You must no shut it before routing will begin. Auto-summarization is disabled by default in IPv6 EIGRP.

The following example shows how to enable IPv6 EIGRP:

Like EIGRP for IPv4, troubleshoot by looking at the routing table (show ipv6 route), by reviewing the routing protocols (show ipv6 protocols), and by monitoring neighbors (show ipv6 eigrp neighbors).

IPv6 EIGRP can summarize routes at the interface, and the stub feature is also available, just as with the IPv4 version. The following example shows a sample configuration for IPv6 EIGRP, with both summarization and stub routing enabled. Notice that the routing protocol is enabled under each interface:


OSPFv3 was one of the first routing protocols available for IPv6 and because of its open-standard heritage, it is widely supported in IPv6. OSPFv3, which supports IPv6, is documented in RFC 2740. Like OSPFv2, it is a link-state routing protocol that uses the Dijkstra algorithm to select paths. Routers are organized into areas, with all areas touching area 0.

OSPFv3 routers use the same packet types as OSPFv2, form neighbors in the same way, flood and age LSAs identically, and support the same NBMA topologies and techniques such as NSSA and on-demand circuits. It can run concurrently with OSPFv2 because each version maintains its own databases and runs a separate SPF calculation.

OSPFv3 differs from its predecessors principally in its new address format. OSPFv3 advertises using multicast addresses FF02::5 and FF02::6 but uses its link-local address as the source address of its advertisements. This means that OSPF can
form adjacencies with neighbor routers that are not on the same subnet. Multiple instances of OSPFv3 can run on each link. Authentication is no longer built in but relies on the underlying capabilities of IPv6.

OSPFv3 configuration is similar to RIPng and EIGRP. The routing process is created and routing properties are assigned to it. As with EIGRP, you must create a router ID in 32-bit dotted decimal format. The router ID is not automatically created in OSPFv3. Interfaces are associated with the OSPF process under interface configuration mode.

Assuming that ipv6 unicast-routing and interface IP addresses are already in place, the commands to implement basic OSPFv3 are shown in the following example.

As illustrated in the following example, route summarization is still configured under the OSPF routing process. Stub routing is also configured under the routing process, using the same commands as with OSPFv2. The default costs and interface priorities can be overridden at each interface. This example shows how these commands might look on an actual router.

Troubleshoot OSPFv3 just like OSPFv2. Start by looking at show ipv6 route to verify routes have been advertised. Assuming the route is in the routing table, test reachability using ping ipv6. You can also look at the OSPF setup using show ipv6 ospf process interface, show ipv6 ospf, or show ipv6 ospf database.

MP-BGP for IPv6

Multiprotocol BGP (RFC 2858) involves two new extensions to BGP4 that enable BGP to carry reachability information for other protocols, such as IPv6, multicast IPv4, and MPLS. The extensions enable NEXT_HOP to carry IPv6 addresses and NLRI (network layer reachability information) to an IPv6 prefix. An address-family command is added to the BGP configuration to enable this.

Router ID must be manually configured in an all-IPv6 implementation and is a 32-bit dotted decimal number. Unlike the IGPs, configuration is done under the BGP router configuration mode, not at the interface. Neighbors are configured under the global BGP configuration mode but must be activated under the IPv6 address family mode. Any policies or networks relevant to this mBGP extension are also configured under the address family. The following example shows the BGP commands as they might be applied.

To verify your BGP configuration, use the commands show bgp ipv6 unicast summary and show ipv6 route bgp.

RIPng Redistribution

You can run multiple instances of RIPng on the same router by giving them different process tags in the global RIP configuration. Be sure to use the correct tag when you enable RIP on each interface.

An interesting thing about RIPng is that the multiple instances exchange routing information with each other if they use the same multicast group and UDP port number. To keep the route information separate, you need to configure each instance to use a different port. Do this under the global RIPng configuration mode for each process. You can keep the default multicast group:

Remember to do this on all routers in the RIP process. If you need to share routes between the two processes, you can control the redistribution by configuring it on the desired routers. You can further control it by using a route map to modify the redistribution. With a route map you can set the seed metric for specific routes, or filter routes that should not be redistributed, just as you can with IPv4 routing. The command to redistribute Process2 routes into Process1 would look like this:

Redistribution between other IPv6 routing protocols use the same commands and follow most of the same rules as IPv4 routing protocols.

Integrating IPv4 and IPv6

There are several strategies for migrating from IPv4 to IPv6. Each of these strategies should be considered when organizations decide to make the move to IPv6 because each has positive points to aiding a smooth migration. It should also be

said that there does not have to be a global decision on strategy—your organization might choose to run dual-stack in the United States, go completely to IPv6 in Japan, and use tunneling in Europe. The transition mechanisms include

  • Dual stack: Running IPv6 and IPv4 concurrently on the same interface.
  • Tunneling: Routers that straddle the IPv4 and IPv6 worlds encapsulate IPv6 traffic inside IPv4 packets.
  • Translation: Using an extension of NAT, NAT protocol translation (NAT-PT), to translate between IPv4 and IPv6 addresses.
Tunneling IPv6 over IPv4

A tunnel serves as a virtual point-to-point link between IPv6 domains. It doesn’t matter what the underlying IPv4 structure is if there is IP reachability between the tunnel endpoints. This exam covers five ways to tunnel IPv6 over IPv4:

  • Manual Tunnels
  • GRE Tunnels
  • 6to4 Tunnels
  • IPv4-Compatible IPv6 Tunnels
  • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Manual Tunnels

When you manually create the tunnel, the source and destination IP addresses are IPv4 addresses because IPv4 is the transport protocol. You might want to use loopback addresses for increased stability. IPv6 addresses go on the tunnel interfaces because IPv6 is the passenger protocol. Because IPv6 considers the tunnel a point-to-point link, the address of each end of the tunnel is in the same subnet. Include the command tunnel mode IPv6IP in tunnel configuration mode to enable IPv6 over IP encapsulation.

To verify your configuration you can use the commands debug tunnel or show interface tunnel int-number.

GRE Tunnels

GRE is the default tunnel mode for Cisco routers. It provides more flexibility because it is protocol-agnostic. It can carry
multiple protocols and can use multiple protocols for its transport, including IPv6 and routing protocols.

Configuring an IPv4 GRE tunnel to carry IPv6 traffic is the same as configuring a manual tunnel except you do not have to specify the tunnel mode because GRE is the default. You can allow a routing protocol on the tunnel interface, too. The process is the same as enabling it on a physical interface.

To configure a completely IPv6 GRE tunnel, use IPv6 interface addresses as the tunnel source and destination. Give the tunnel endpoints IPv6 addresses, too. You need a command to identify that the transport protocol is IPv6. That command, given in tunnel configuration mode, is tunnel mode gre ipv6.

6to4 Tunnels

This technique dynamically creates tunnels that IPv6 considers point-to-multipoint interfaces. You use the reserved prefix
2002::/16 in your IPv6 domain and then add the IPv4 address of the dual-stack router on the other side of the IPv4 domain as the next 32 bits of the network address. This means you need to translate that IP address into hexadecimal.

When IPv6 traffic arrives at an edge dual-stack router with a destination IPv6 prefix of 2002::/16, the router looks at the first 48 bits, derives the embedded IPv4 address from them, and uses it to determine the packet destination. The router then encapsulates the IPv6 packet in an IPv4 packet with the extracted IPv4 address as the packet destination.

Configure a tunnel as before, using IPv4 addresses as the source, but do not manually specify a destination. Give the tunnel an IPv6 address as previously described, with the tunnel destination embedded in its prefix. The tunnel mode command is tunnel mode ipv6ip 6to4.

Each router needs a route to its peer on the other side of the IPv4 network. The only current options for this are static routes and BGP.

IPv4-Compatible IPv6 Tunnels

This type of tunnel has been deprecated. It encodes the IPv4 address of the tunnel source in the lowest 32 bits of the IPv6 tunnel address and then pads the rest of the bits with zeros. It uses the tunnel mode command tunnel mode ipv6ip autotunnel.

ISATAP Tunnels

ISATAP tunnels are similar to the other two tunnels techniques in that an IPv4 address is encoded into the IPv6 address.
It is meant to be used within a site, between hosts and routers, although it can be used between sites.
The tunnel source address is an IPv4 address. Do not specify a tunnel destination. The IPv6 address of the tunnel itself
combines the network prefix, 0000:5EFE, and the 32-bit IPv4 tunnel source address. The IPv4 address is encoded into the
least significant 32 bits of the address. You can use any network prefix. The tunnel interface link-local address still starts
with FE80 and then uses 0000:5EFE plus the encoded IPv4 address.
For instance, the link-local address of a tunnel that uses as its source is
The unicast IPv6 address of that same tunnel interface, assuming that prefix 2001:1:2:3/64 was assigned to the interface, is
ISATAP tunnels do not support multicast. A route is needed to the tunnel destination if it is in a different subnet; this can
be either a static route or a BGP route.

Using Address Translation

Instead of replacing IPv4, there are several ways to coordinate the functioning of IPv4 and v6 concurrently. NAT-Protocol Translation is an example of this coexistence strategy. NAT-PT does bidirectional translation between IPv4 and IPv6 addresses. Use it when hosts using IPv4 need to establish a session with hosts using IPv6, and vice versa. If hosts communicate using DNS names, a DNS Application Layer Gateway (DNS ALG) can resolve names to both IPv4 and IPv6 addresses.

To enable NAT-PT on a router, use the command ipv6 nat on each interface in which traffic needs to be translated. You must also configure at least one NAT-PT prefix. This is used to decide which traffic to NAT; only traffic matching the prefix will be translated. This is configured either at the global configuration mode (to apply to the entire router) or at the interface configuration mode (to apply only to traffic on that interface.) The command is ipv6 nat prefix prefix/prefixlength.

Static NAT-PT

You can use either static or dynamic mapping of addresses. To configure static translation of an IPv6 address to an IPv4
address, use the global command:

To configure static mapping of an IPv4 address to an IPv6 address, use the global command:

Dynamic NAT-PT

Dynamic mapping draws from a pool of addresses to temporarily assign to hosts. You need to create a pool of addresses and then configure NAT-PT to use that pool. You can optionally control the traffic to be mapped by using an access list or

route map. To create the pool and enable NAT-PT for IPv4 to IPv6 translation, use the global commands:

To create the pool and enable NAT-PT for IPv6 to IPv4 translation, use the global commands:

Verify NAT-PT operation with the commands show ip nat translations, show ip nat statistics, show ipv6 nat translations, and show ipv6 nat statistics.

IPv6 Link Types

IPv6 recognizes three types of links:

  • Point-to-point
  • Point-to-multipoint
  • Multiaccess
Point-to-Point Links

Recall that an IPv6 interface uses its MAC address to create its link-local address. A serial link has no MAC address associated with it, so it uses one from an Ethernet interface. You can manually configure the link-local address to make it more recognizable. Be sure to begin the IPv6 address with the link-local prefix FE80.

Point-to-point links do not necessarily need global unicast addresses. The routers can communicate with only link-local addresses, but you could not reach those interfaces from off the network because the link-local is not a routable address.

Point-to-Multipoint Links

For point-to-multipoint links, such as Frame Relay, you must map the destination IPv6 address to the correct DLCI, just as with IPv4. The difference is that with IPv6 you must also map the link-local address to the DLCI because it is used as the next hop for routing. So for each DLCI, you must have at least two mappings: the remote router’s IPv6 global unicast
address and the remote router’s link-local address. The map command is

In a hub-and-spoke topology, the hub must be configured for IPv6 unicast routing for the spokes to communicate with each other.

Multiaccess Links

Devices on multiaccess links, such as Ethernet, build a table mapping destination Layer 3 addresses to Layer 2 addresses, whether you use IPv4 or IPv6. IPv4 uses a separate protocol, ARP, to do this. In IPv6 the process is built into the IPv6 protocol with the Neighbor Discovery process. It uses ICMPv6.

An IPv6 device sends a Neighbor Solicitation (NS) multicast with a prefix of FE02. The neighbor responds with a Neighbor Advertisement (NA) message listing its MAC address. As with ARP, these mappings have a set lifetime (called the reachable time), so an NS can also be sent periodically to verify that a neighbor is still reachable.

To add a static entry to the Neighbor Discovery table, use the command ipv6 neighbor ipv6-address interfacetype interfacenumber hardware-address. A static address does not age out of the table.

Display the mappings with the show ipv6 neighbors command.

More Resources

About the author


Leave a Comment