4: Global Unicast Addresses (GUA)
Rick Graziani
Cabrillo College
Rick.Graziani@cabrillo.edu
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward
Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A
Straightforward Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58720-457-6
©
4.1: Purpose and Format of GUA
IPv6 Address Types
IPv6 Addresses
Unicast
Multicast
Anycast
Assigned
Solicited Node
FF00::/8
FF02::1:FF00:0000/104
Global
Unicast
Link-Local
Loopback
Unspecified
Unique
Local
Embedded
IPv4
2000::/3
FE80::/10
::1/128
::/128
FC00::/7
::/80
IPv6 does not have a “broadcast” address.
©
IPv6 Source and Destination Addresses
• IPv6 Source – Always a unicast
(link-local or GUA)
• IPv6 Destination – Unicast,
multicast, or anycast.
IPv4
IPv6
©
Global Unicast Address
IPv6 Internet
•
Global Unicast Address (GUA)
• 2000::/3 (First hextet: 2000::/3 to 3FFF::/3)
• Globally unique and routable
• Similar to public IPv4 addresses
• 2001:DB8::/32 - RFC 2839 and RFC 6890 reserves this range of addresses
for documentation
• These are the addresses we will be referring to the most.
©
Global Unicast Address Range
Global Routing Prefix Subnet ID
001
•
Range:
2000:
3FFF:
Interface ID
0010 0000 0000 0000 :
0011 1111 1111 1111 :
First hextet
Global Unicast Address (GUA)
• 2000::/3
• Range 2000::/64 thru 3fff:fff:fff:fff::/64
• 1/8th of IPv6 address space
IANA’s allocation of IPv6
address space in 1/8th sections
©
Global Unicast Address Range
Global Routing Prefix Subnet ID
001
•
•
Interface ID
Range:
2000::/64 thru 3fff:fff:fff:fff::/64
Except under very specific circumstances, all end users will have a
global unicast address.
• Note: A host (an interface) can potentially have multiple IPv6
addresses on the same or different networks.
Terminology:
• Prefix equivalent to the network address of an IPv4 address
• Prefix length equivalent to subnet mask in IPv4
• Interface ID equivalent to host portion of an IPv4 address
©
Parts of a Global Unicast Address
IPv4 Unicast Address
Network portion
/?
Subnet portion Host portion
32 bits
IPv6 Global Unicast Address
/64
/48
16-bit
Global Routing Prefix
Subnet ID
Interface ID
128 bits
•
•
64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet
16-bit Subnet ID (initially recommended) = 65,536 subnets
©
/64 Global Unicast Address and the 3-1-4 Rule
/48
16 bits
16 bits
16 bits
/64
16 bits
Global Routing Prefix Subnet ID
3
1
16 bits
16 bits
16 bits
16 bits
Interface ID
4
2001 : 0DB8 : CAFE : 0001 : 0000 : 0000 : 0000 : 0100
3 + 1 = 4 (/64) :
4
2001:0DB8:CAFE:0001:0000:0000:0000:0100/64
2001:DB8:CAFE:1::100/64
©
4.2: Subnetting IPv6
Subnetting IPv6
Can you count in hex?
Just increment by 1 in Hexadecimal:
2001:0DB8:CAFE:0000::/64
2001:0DB8:CAFE:0001::/64
2001:0DB8:CAFE:0002::/64 ...
2001:0DB8:CAFE:0009::/64
3-1-4 Rule
2001:0DB8:CAFE:000A::/64
Valid abbreviation is to remove the leading 0s:
2001:DB8:CAFE:1::/64
©
For Demonstration Purposes Only
Extending the Subnet ID
/80
/64
/48
48-bit
16-bit Fixed
32-bit Subnet ID
Global Routing Prefix
Interface
ID
Interface
ID
Subnet ID
Prefix
Note:
• It Global
is highly
recommendedSubnet-ID
to NOT subnet into
the /64
Routing Prefix
Interface ID
interface ID portion of the address to configure subnets.
: 0DB8
: CAFE would
: 0000be
: for
0000
: 0000infrastructure
: 0000 : 0000
• 2001
The only
exception
network
2001 : 0DB8 : CAFE : 0000 : 0001 : 0000 : 0000 : 0000
(router-to-router links, router-to-switch links, etc.).
2001 : 0DB8 : CAFE : 0000 : 0002 : 0000 : 0000 : 0000
• Networks with an end
thrusystem attached should be a /64.
2001 : 0DB8 : CAFE : FFFF : FFFE : 0000 : 0000 : 0000
2001 : 0DB8 : CAFE : FFFF : FFFF : 0000 : 0000 : 0000
©
For Demonstration Purposes Only
Subnetting on a Nibble Boundary
/68
/48
Global Routing Prefix
Subnet ID
Interface ID
60 bits
20 bits
/68 Prefix
Subnetting on a nibble (4 bit) boundary makes it easier to list the subnets:
/64, /68, /72, etc.
/68
2001:0DB8:CAFE:0000:0000::/68
2001:0DB8:CAFE:0000:1000::/68
2001:0DB8:CAFE:0000:2000::/68
through

2001:0DB8:CAFE:FFFF:F000::/68
©
For Demonstration Purposes Only
Subnetting within a Nibble
/70
/48
Global Routing Prefix
Subnet ID
Interface ID
58 bits
22 bits
/70 Prefix
Binary
2001:0DB8:CAFE:0000:0000::/70
0000
2001:0DB8:CAFE:0000:0400::/70
0100
2001:0DB8:CAFE:0000:0800::/70
1000
2001:0DB8:CAFÉ:0000:0C00::/70
1100

Four Bits:
• Two leftmost bits:
Subnet-ID
• Two rightmost bits:
Associated with the
Interface ID
©
Do I Need the IPv6 Equivalent to an IPv4 /30?
/127
/48
Global Routing Prefix
Subnet ID
79 bits
•
•
•
1bit
RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links
• Ping-Pong Attack
• Neighbor Cache Exhaustion Issue
There are mitigation techniques for both.
If you want to use a /127, reserve a separate /64 for each /127…. Really!
©
Allocate Separate /64’s
/127
/48
Global Routing Prefix
F001
F000
Subnet ID
79 bits
For each /127 allocate an
entire /64:
2001:DB8:CAFE:F000::/64
2001:DB8:CAFE:F001::/64
And so on...
3 bits 1bit
2001:DB8:CAFE:F000::/64
2001:DB8:CAFE:F000::0/127
2001:DB8:CAFE:F000::1/127
2001:DB8:CAFE:F002::/64
2001:DB8:CAFE:F003::/64
000
2001:DB8:CAFE:F001::/64
2001:DB8:CAFE:F001::0/127
0 or 1
All 0s “::”
can be
confusing
2001:DB8:CAFE:F001::1/127
©
Use a Different Last 3 bits for the Subnet ID
/127
/48
Global Routing Prefix
F001
F000
Subnet ID
79 bits
101
3 bits 1bit
2001:DB8:CAFE:F000::/64
Be careful which two
interfaces addresses you
choose.
::9 and ::A are not on the
same /127 subnet
2001:DB8:CAFE:F000::A/127
0 or 1
2001:DB8:CAFE:F000::B/127
2001:DB8:CAFE:F001::/64
2001:DB8:CAFE:F001::A/127
2001:DB8:CAFE:F001::B/127
©
IPv6 Addressing Plan
•
•
•
•
•
•
RFC 1878 VLSM
IPv4 subnetting is used to help
conserve IPv4 address space.
• Managing a limited space
• VLSM
• /30s for point-to-point links
IPv6 address conservation does not
need to be as aggressive as IPv4.
Developing an address plan that is:
• Makes sense.
• Easy to manage.
NANOG BCOP: IPv6 Subnetting
Cisco: IPv6 Address Guide
RIPE NCC: Preparing an IPv6
Addressing Plan - RIPE Network
©
4.3: IPv6 Address Allocation
IPv6 Address Allocation
Global Routing Prefix
/23 /32
I am getting a /64 at home
/48 /56
/64
Subnet
Sub
ID
Interface ID
*RIR
*ISP Prefix
*Site Prefix
Possible Home Site Prefix
Internet Service
Provider
Subnet Prefix
* This is a minimum allocation. The prefix-length may be shorter if it can be justified.
©
Global Routing Prefix determines number of /64 subnets *
/64
2001:DB8:0000:0000:0000:0000:0000:0000
64-bit Interface ID
/60 = 16 /64’s
/56 = 256 /64’s
/52 = 4,096 /64’s
/32 = 65,536 /48’s
/48 = 65,536 /64’s (Many sites will get this prefix length)
/44 = 1,048,576 /64’s
/40 = 16,777,216 /64’s
/36 = 268,435,456 /64’s
/32 = 4,294,967,296 /64’s
©
PI versus PA Address Space
RIR
/32
Global Routing Prefix
/48
ISP
Subnet
ID
Interface ID
Provider Independent (PI) Address Space
• Address space that is assigned by the RIR.
• Remains assigned to the customer regardless of provider
• No prefix renumbering needed if change providers
Provider Aggregatable (PA) Address Space
• Address space that is typically assigned by an ISP to a customer.
• Change provider, must get new address space
• Customer must do prefix renumbering (Helpful IETF RFCs)
©
4.4: Configuring a Static GUA
Configuring a Global Unicast Address
Global Unicast
Overview only
Manual
Dynamic
Stateless
Static
IPv6
unnumbered
Stateful
SLAAC
DHCPv6
SLAAC +
DHCPv6
DHCPv6-PD
Similar to IPv4 unnumbered
Static + EUI 64
•
Details, including the operations and configurations of SLAAC (Stateless Address
Autoconfiguration) in Lesson 7 and DHCPv6 in Lessons 8.
©
Static GUA
Configuration
2001:DB8:CAFE:1::/64
:100
:100
A
B
G0/0
:1
:1
G0/1
2001:DB8:CAFE:3::/64
R1
:1
S0/0/0
2001:DB8:CAFE:2::/64
R1(config)#interface gigabitethernet 0/0
R1(config-if)#ipv6 address 2001:db8:cafe:1::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
No space
•
•
•
•
Exactly the same as an IPv4 address only different.
No space between IPv6 address and Prefix-length.
IOS commands for IPv6 are very similar to their IPv4 counterpart.
All 0’s and all 1’s are valid IPv6 host IPv6 addresses.
©
Static GUA
Configuration
2001:DB8:CAFE:1::/64
:100
:100
A
B
G0/0
:1
:1
G0/1
2001:DB8:CAFE:3::/64
R1
:1
S0/0/0
2001:DB8:CAFE:2::/64
R1(config)#interface gigabitethernet 0/1
R1(config-if)#ipv6 address 2001:db8:cafe:2::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ipv6 address 2001:db8:cafe:3::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
I love the 3-1-4
rule and
subnetting IPv6!

The ipv6 unicast-routing global configuration command is required for
forward IPv6 packets – it is not required to configure IPv6 addresses.
©
Verifying
Address Using
Running
Configuration
2001:DB8:CAFE:1::/64
:100
:100
A
B
G0/0
:1
:1
G0/0
2001:DB8:CAFE:3::/64
R1
:1
S0/0/0
2001:DB8:CAFE:2::/64
R1# show running-config
<output omitted for brevity>
interface GigabitEthernet0/0
no ip address
IPv4 address
duplex auto
speed auto
ipv6 address 2001:DB8:CAFE:1::1/64
!
IPv6 address
©
Verifying Unicast Addresses on R1
R1# show ipv6 interface brief
GigabitEthernet0/0
[up/up]
FE80::FE99:47FF:FE75:C3E0
2001:DB8:CAFE:1::1
! <output omitted>
•
•
•
•
Link-local unicast address
Global unicast address
Link-local and global unicast addresses are displayed.
Link-local address automatically created when (before) the global
unicast address is.
Link-local addresses are used for communicating with other devices on
the same link (not routable).
We will discuss link-local addresses in Lesson 5.
©
Static GUA Configuration on PC
Same as IPv4 devices:
• Servers, printers, routers, etc.
Can also be a linklocal unicast address
of the router.
©
Verifying Unicast Addresses on PC
PCA> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix :
IPv6 Address. . . . . . . . . . : 2001:db8:cafe:1::100
Link-local IPv6 Address . . . . : fe80::50a5:8a35:a5bb:66e1
Default Gateway
. . . . . . . : 2001:db8:cafe:1::1
•
•
Link-local addresses are created automatically.
Recent Microsoft operating systems use a random 64-bit Interface ID for linklocal address… (coming soon)
©
Verifying IPv6 Connectivity
PCA> ping 2001:db8:cafe:1::1
Pinging 2001:db8:cafe:1::1 from 2001:db8:cafe:1::100 with 32 bytes
of data:
Reply
Reply
Reply
Reply
from
from
from
from
2001:db8:cafe:1::1:
2001:db8:cafe:1::1:
2001:db8:cafe:1::1:
2001:db8:cafe:1::1:
time=1ms
time=1ms
time=1ms
time=1ms
Ping statistics for 2001:db8:cafe:1::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
PCA>
©
IPv6 General Prefix: Making your life easier
Router(config)# ipv6 general-prefix ?
WORD General prefix name
Router(config)# ipv6 general-prefix MyGUA 2001:db8:cafe::/48
Router(config)# interface gigabitethernet 0/0
Router(config-if)# ipv6 address MyGUA 0:0:0:88::1/64
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface gigabitethernet 0/1
Router(config-if)# ipv6 address MyGUA 0:0:0:99::1/64
Router(config-if)# no shutdown
Router(config-if)# end
Router# show ipv6 interface brief
GigabitEthernet0/0
[up/up]
FE80::7EAD:74FF:FECC:5380
2001:DB8:CAFE:88::1
GigabitEthernet0/1
[[up/up]
FE80::7EAD:74FF:FECC:5381
2001:DB8:CAFE:99::1
<output omitted>
• The general-prefix option can be used
as a short-cut or alias for just about
any command requiring an IPv6
address, addressing, ACLs, etc.
©
IPv6 General Prefix: Renumbering
Router(config)# no ipv6 general-prefix MyGUA 2001:db8:cafe::/48
Router(config)# ipv6 general-prefix MyGUA 2001:db8:beef::/48
Router(config-if)# end
Router# show ipv6 interface brief
GigabitEthernet0/0
[up/up]
FE80::7EAD:74FF:FECC:5380
2001:DB8:BEEF:88::1
GigabitEthernet0/1
[[up/up]
FE80::7EAD:74FF:FECC:5381
2001:DB8:BEEF:99::1
<output omitted>
Router# show running-config
<partial output>
ipv6 general-prefix MyGUA 2001:DB8:BEEF::/48
!
interface GigabitEthernet0/0
ipv6 address MyGUA ::88:0:0:0:1/64
!
interface GigabitEthernet0/1
ipv6 address MyGUA ::99:0:0:0:1/64
!
• It is also greatly simplifies network
renumbering and allows for automated
prefix definition.
©
4.5: Configuring a Static GUA with EUI64
Configuring a Static GUA + EUI-64
Global Unicast
Manual
Dynamic
Stateless
Static
IPv6
unnumbered
Stateful
SLAAC
DHCPv6
SLAAC +
DHCPv6
DHCPv6-PD
Similar to IPv4 unnumbered
Static + EUI 64
©
Configuring a Static GUA + EUI-64
R1(config)# interface gigabitethernet 0/1
R1(config-if)# ipv6 address 2001:db8:cafe:99::/64 ?
eui-64 Use eui-64 interface identifier
<cr>
All 0s is ok!
R1(config-if)# ipv6 address 2001:0db8:cafe:99::/64 eui-64
R1(config-if)#
R1
G0/1
2001:DB8:CAFE:99::/64
A 64-bit Interface ID is created with EUI64 using:
• 48-bit MAC address
• Inserting 16 bits: FF-FE
• Flipping the U/L (Universal/Local) bit
©
Modified EUI-64 Format (Extended Unique Identifier–64)
OUI (24 bits)
00
03
Device Identifier (24 bits)
6B
E9
D4
80
Insert FF-FE
00
03
6B
FF
FE
E9
D4
80
00
03
6B
FF
FE
E9
D4
80
FF
FE
E9
D4
80
0000 0000
0010
U/L bit flipped
02
03
6B
©
Configuring a Static GUA + EUI-64
R1(config)# interface gigabitethernet 0/1
R1(config-if)# ipv6 address 2001:db8:cafe:99::/64 eui-64
R1# show interface gigabitethernet 0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 0003.6be9.d480 (bia 0003.6be9.d480)
<output omitted>
64-bit prefix from configuration
64-bit Interface
R1# show ipv6 interface gigabitethernet 0/1
ID using EUI-64
GigabitEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::203:6BFF:FEE9:D480
Global unicast address(es):
2001:DB8:CAFE:99:203:6BFF:FEE9:D480,
EUI-64: 48-bit MAC address
subnet is 2001:DB8:CAFE:99::/64
with FFFE (16 bits) inserted
<output omitted>
and 7th bit flipped
©
4.6: Overview of Dynamic IPv6 Address
Allocation (SLAAC and DHCPv6)
Dynamic IPv6 Address Allocation
Global Unicast
Overview only
Manual
Dynamic
Stateless
Static
IPv6
unnumbered
Stateful
SLAAC
DHCPv6
SLAAC +
DHCPv6
DHCPv6-PD
Similar to IPv4 unnumbered
Static + EUI 64
©
Dynamic IPv4 Address Allocation
I need IPv4 addressing
information from a DHCP server.
DHCP Server
DHCP Client
Here is your IPv4
address, subnet mask,
default gateway and
DNS server addresses.
©
ICMPv6
Internet Control Message
Protocol for IPv6
•
•
•
ICMPv6 than just “messaging” but “how
IPv6 conducts business”.
ICMPv6 Neighbor Discovery (RFC
4861) – used in dynamic address
allocation.
More later!
©
Once again… ICMPv6 Neighbor Discovery
ICMPv6 informational messages used by Neighbor
Discovery (RFC 4861):
•
•
Router Solicitation Message
Router Advertisement Message
• Used for dynamic address allocation.
•
•
Neighbor Solicitation Message
Neighbor Advertisement Message
• Used with address resolution (IPv4 ARP)
and with DAD
•
Redirect Message (Similar to ICMPv4)
Router-Device
Messaging
Device-Device
Messaging
©
It Begins with the RA Message
ICMPv6 Router Advertisement
ICMPv6 Router Solicitation
Multicast: To all
IPv6 devices,
let me tell you how
to do this …
•
•
•
Multicast: To all
IPv6 routers, I need
IPv6 address
information
DHCPv6
Server
I might not even be
needed. 
An ICMPv6 Router Advertisement (RA) suggests to all IPv6 devices on the
link how it will receive IPv6 Address Information.
Sent periodically by an IPv6 router or…
… when the router receives a Router Solicitation message from a host.
©
It Begins with the RA Message
ICMPv6 Router Advertisement
Router(config)# ipv6 unicast-routing
DHCPv6
Server
Router Advertisement (RA) Message
• Part of ICMPv6 (Internet Control Message Protocol for IPv6)
• RA messages are sent by an “IPv6 router”, ipv6 unicast-routing command
• Forwards IPv6 Packets
• Enables IPv6 dynamic routing
• Sends ICMPv6 Router Advertisements
• Routers can be configured with IPv6 addresses without being an IPv6 router.
• IPv6 static routes can be configured but the router will only forward locally
generated packets – it will not forward packets that transit through the router.
©
Option 1 and 2: Stateless Address Autoconfiguration
Router Advertisement:
3 Options
• DHCPv6 Server does not maintain state of addresses
Option 3: Stateful Address Configuration
• Address received from DHCPv6 Server
Router(config)# ipv6 unicast-routing
DHCPv6
Option 1: SLAAC – No DHCPv6 (Default on Cisco routers)
DHCPv6 Server
“I’m everything you need (Prefix, Prefix-length, Default Gateway)”
Option 2: SLAAC + Stateless DHCPv6 for DNS address
“Here is my information but you need to get other information such
as DNS addresses from a DHCPv6 server.” (DNS can be in RA)
RA
Option 3: All addressing except default gateway – DHCPv6
“I can’t help you. Ask a DHCPv6 server for all your information.”
©
Dynamic IPv6 Address Allocation
Global Unicast
Manual
Dynamic
Lesson 7
Stateless
Static
IPv6
unnumbered
Stateful
SLAAC
DHCPv6
SLAAC +
DHCPv6
DHCPv6-PD
Similar to IPv4 unnumbered
Static + EUI 64
Lesson 8
•
•
ICMPv6 – Lesson 9
ICMPv6 Neighbor Discovery including packet captures – Lesson 10
©
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward
Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A
Straightforward Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58720-457-6
©
4: Global Unicast Addresses (GUA)
Rick Graziani
Cabrillo College
Rick.Graziani@cabrillo.edu