• An IPv6 address is 128 bits
  • There are 340,282,366,920,938,463,463,374,607,431,768,211,456 IPv6 addresses
  • Since IPv6 addresses are so long, they are typically written in hexadecimal; eight groups of four hexadecimal characters, separated by colons
    • e.g. 1bc3:bd75:1229:6679:404e:998e:4050:bc8b (randomly generated — this address is not used as far as I know)
    • IPv6 addresses are commonly even shorter than this — see Shortening/Abbreviating IPv6 Addresses

Why IPv6?

(As opposed to IPv4)

  • The primary reason is that there aren’t enough IPv4 addresses available
    • There are 4,294,967,296 (2^32) IPv4 addresses available — that’s not enough for every internet-connected device!
    • When IPv4 was designed its creators did not foresee the Internet being as large as it is today
    • We’ve known about this problem for a long time - Other solutions have been used
      • VLSM (CIDR), private IPv4 addresses, and NAT have been used to conserve the IPv4 address space
      • None of these were enough to solve the problem outright — IPv6 is the long-term solution

Address Types

The following types of addresses exist in IPv6. All are featured on the CCNA Exam Topics list:


Global Unicast

  • Global Unicast IPv6 addresses are public addresses which can be used over the Internet
  • Must register to use them. Because they are public addresses, it is expected that they are globally unique
  • Originally defined as the 2000: :/3 block (2000: : to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)
    • Now defined as all addresses which aren’t reserved for other purposes

Unique Local

  • Unique local IPv6 addresses are private addresses which cannot be used over the Internet
  • You do not need to register to use them. They can be used freely within internal networks and don’t need to be globally unique ( * ). They can’t be routed over the Internet
  • Uses the address block FC00::/7 ( FC00: : to FDFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF )
  • However, a later update requires the 8th bit to be set to 1, so the first two digits must be FD
      • The global ID (see below) should be unique so that addresses don’t overlap when companies merge
  • Example address: FD45:93AC:8A8F:0001:0000:0000:0000:0001
    • ’FD’ indicates a unique local address
    • ’45:93AC:8A8F’ is the 40-bit global ID - this should be randomly generated
    • ’0001’ is the 16-bit ‘subnet identifier’ used by the enterprise to make various subnets
    • The last 64 bits/4 quartets are the ‘interface identifier’, the host porting of the address
  • Link-local IPv6 addresses are automatically generated on IPv6-enabled interfaces
  • Use command (config-if)#ipv6 enable on an interface to enable IPv6 on that interface — a Link-local address will be generated
  • Uses address block FE80::/10 (FE80: : to FEBF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)
  • However, the standard states that the 54 bits after FE80/10 should all be 0, so you won’t see link local addresses beginning with FE9, FEA, or FEB. Only FE8.
  • The interface ID is generated using EUI-64 rules
  • Link-local means that these addresses are used for communication within a single link (subnet). Routers will not route packets with a link-local destination IPv6 address
  • Common uses of Link-local addresses:
    • routing protocol peerings (OSPFv3 uses link-local addresses for neighbor adjacencies)
    • next-hop addresses for static routes
    • Neighbor Discover Protocol (NDP, IPv6’s replacement for ARP) uses link-local addresses to function


  • One-to-many — One source to all destinations that have joined the specific multicast group
  • IPv6 uses range FF00::/8 for multicast (FF00: : to FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF)
  • Note: IPv6 doesn’t use broadcast: there is not broadcast address in IPv6
    • You can still send a message to all nodes with FF02::1

Common Multicast Addresses
PurposeIPv6 AddressIPv4 Address
All nodes/hosts
(Functions like a broadcast message)
All routersFF02::2224.0.0.2
All OSPF routersFF02::5224.0.0.5
All OSPF DRs/BDRsFF02::6224.0.0.6
All RIP routersFF02::9224.0.0.9
All EIGRP routersFF02::A224.0.0.10
Link to original

Multicast Address Scopes

IPv6 defines multiple multicast ‘scopes’ which indicate how far the packet should be forwarded. The addresses in the above table all use the ‘link-local’ scope (FF02), which stays in the local subnet. Here are the IPv6 Multicast Scopes:

  • Interface-local (FF01): The packet doesn’t leave the local device. Can be used to send traffic to a service within the local device.
  • Link-local (FF02): The packet remains in the local subnet. Routers will not route the packet between subnets.
  • Site-local (FF05): The packet can be forwarded by routers. Should be limited to a single physical location (not forwarded over a WAN)
    • It’s technically up to the network engineer(s) to configure the scope of the LAN. It is certainly possible to (mis?)configure a network to sent ‘site-local’ traffic over a WAN.
  • Organizational-local (FF08): Wider in scope than site-local (an entire company/organization)
    • Again, up to network engineers/admins to configure the actual scope
  • Global (FF0E): No boundaries; Possible to route over the Internet.


  • A new feature of IPv6
  • Anycast is ‘one-to-one-of-many’ — there are multiple possible destinations, but traffic is only sent to one of them
  • Multiple routers are configured with the same IPv6 address
    • They use a routing protocol to advertise the address
    • When hosts send packets to that destination address, routers will forward it to the nearest router configured with that IP address (based on routing metric)
  • There is no specific address range for anycast addresses. Use a regular unicast address (global unicast, unique local) and specify it as an anycast type:
    • (config-if)#ipv6 address 2001:db8:1:1::99/128 anycast

Other Notable Addresses

  • :: = The unspecified IPv6 address
    • Can be used when a device doesn’t know its IPv6 address
    • IPv6 default routes are configured to ::/0
    • IPv4 equivalent:
  • ::1 = The loopback address
    • Used to test the protocol stack on the local device
    • Messages sent to this address are processed within the local device, but not sent to other devices.
    • IPv4 equivalent: address range

Address Representation Conventions


IPv6 addresses can be shortened by a couple rules:

  • Leading 0s can be removed
    • Ex.: 005b:0002:dbf0:00ac:e496:0006:5755:0ff2 5b:2:dbf0:ac:e496:6:5755:ff2
  • Consecutive quartets of all 0s can be replaced with a double colon (::)
    • Ex.: 2607:f8b0:4002:0c09:0000:0000:0000:008a 2607:f8b0:4002:c09::8a
      • (This one’s actually one of Google’s IPv6 addresses)
      • Note that you can combine both methods!
    • Consecutive 0 quartets can only be abbreviated once in an address (else you wouldn’t know where to put all the omitted 0s)
      • Ex.: 1bc3::404e::bc8b — Two sets of double colons, five missing quartets. How do we distribute them? Three left and two right? Who knows.
      • Say it is three on the left… this would be the best way to abbreviate the address:
        • 1bc3::404e:0:0:bc8b
Example Shortened Addresses
Full Addr.Shortenend

Standardized Representations

In the past, developers and engineers had discretion to display IPv6 addresses as they pleased; to use upper or lower-case hexadecimal characters, whether and how to use the IPv6 abbreviation techniques . RFC 5952 establishes clear standards for how IPv6 addresses are to be represented. The following is a summary of those rules:

  • Leading 0s must be removed
  • The longest string of all-0 quartets must be represented with ::
    • If there are two equal-length choices, use :: to shorten the one on the left
  • Hexadecimal characters must be written with lower-case characters, e.g. 0xa,b,c,d,e,f not 0xA,B,C,D,E,F

While vendors and industry professionals are required to follow these rules to be considered in strict compliance with technical standards, and it is certainly best practice to do so, individuals and organizations neglect them very regularly. Cisco themselves often display IPv6 addresses with upper-case hexadecimal characters, in the show ipv6 interface brief command, for example.

Deviation from these rules is unlikely to break anything, but they make the addresses easier to write (especially the abbreviations), so it’s worth making a good-faith effort to follow them anyway.

IPv6 uses a distinct header from IPv4’s. Note that IPv6 uses a fixed header length. It is always 40 bytes, unlike IPv4’s header which has a variable length.

Fixed Header Format

Compare to Header


  • Length
    • 4 bits
    • Indicates the version of IP being used
    • Fixed value of 6 (0b0110) to indicate IPv6
  • Traffic Class
    • 8 bits
    • Used for QoS (Quality of Service), to indicate high-priority traffic
    • For example IP phone traffic, live video calls, etc., will have a Traffic Class value which gives them priority over other traffic
  • Flow Label
    • 20 bits
    • Used to identify specific traffic ‘flows’ (communications between a specific source and destination)
  • Payload Length
    • 16 bits
    • Indicates the length of the payload (the encapsulated Layer 4 segment) in bytes
    • The length of the IPv6 header itself isn’t included, because it’s always 40 bytes
  • Next Header
    • 8 bits
    • Indicates the type of the ‘next header’ (the header of the encapsulated segment), for example TCP or UDP
    • Same function as the ‘Protocol’ field in the IPv4 header
  • Hop Limit
    • 8 bits
    • The value in this field is decremented by 1 by each router that forwards it. If it reaches 0 the packet is discarded
    • Same as IPv4’s ‘TTL’
  • Source/Destination Address
    • 128 bits each
    • The IPv6 addresses of the packet’s source and its intended destination

Neighbor Discovery Protocol (NDP)

NDP is a protocol used with IPv6 that serves various functions, one of which is to replace Address Resolution Protocol (ARP). This ARP-like function uses ICMPv6 and solicited-node multicast addresses to learn the MAC address of other hosts. ARP, by comparison, uses broadcast messages for the same purpose.

Two message types are used:

  1. Neighbor Solicitation (NS) = ICMPv6 Type 135
  2. Neighbor Advertisement (NA) = ICMPv6 Type 136

IPv6-enabled devices will keep MAC addresses in a ‘Neighbor Table’ instead of an ARP table. You can view it with the show ipv6 neighbor command.

Another important function of NDP allows hosts to automatically discover routers on the local network.

Again, two messages are used for this:

  1. Router Solicitation (RS) = ICMPv6 Type 133
    • Sent to multicast address ff02::2 (all routers)
    • Asks all routers on the local link to identify themselves
    • Sent when an interface is enabled/host is connected to the network
  2. Router Advertisement (RA) = ICMPv6 Type 134
    • Send to multicast address ff0s::1 (all nodes)
    • The router announces its presence, as well as other information about the link
    • Sent in response to RS messages
    • Also sent periodically, even if the router hasn’t received a RS

Solicited-Node Multicast Address

An IPv6 solicited-node multicast address is calculated from an unicast address:

ff02:0000:0000:0000:0000:0001:ff + Last 6 hex digits of unicast address

Ex.: unicast address 2001:0db8:0000:0001:0f2a:4fff:fea3:00b1



Stateless Address Auto-Configuration — a system for automatically determining a device’s own IPv6 address.

  • First the host uses NPD RS/RA messages to learn the IPv6 prefix of the local link
    • Ex.: 2001:db8::/64
  • Then the device, using that prefix, will generate an IP address
    • The address is either randomly or using EUI-64, depending on the manufacturer
  • Use ipv6 address autoconfig
    • Note that unlike configuring EUI-64, you don’t need to manually enter the network prefix — the device will use NDP to learn it automatically

Note that SLAAC is a standard function of IPv6 that will be available on all devices, not just Cisco products, although they will use different commands for configuration.

Duplicate Address Detection (DAD)

Allows hosts to check if other devices on the local link are using the same IPv6 address.

  • Any time an IPv6-enabled interface initializes (no shutdown applied), or an IPv6 address is configured (manually, by SLAAC, or any other way), it performs DAD

Uses two NDP messages: NS and NA

  • The host will send an NS to its own IPv6 address. If it doesn’t get a reply, it knows the address is unique
    • If it does get a reply then the address is already taken — how this is dealt with depends on the device’s particular configuration, manufacturer, etc. But there should always be at least an error or warning message

Static Routing

Static routing in IPv6 works essentially the same as with IPv4. That said, the two are separate processes on the router, and they keep separate routing tables.

Unlike IPv4, IPv6 routing is disabled by default on Cisco routers. You can enable it with the ipv6 unicast-routing command while in global configuration mode. If IPv6 routing is left disabled then the router will still be able to send and receive IPv6 traffic, but it will not route IPv6 traffic (i.e. it will not forward it between networks).

The Routing Table

Display the IPv6 routing table with show ipv6 route. Like with IPv4, a connected network route is automatically added for each connected network and a local host route is automatically added for each address configured on the router.


There may also be a multicast address that sends traffic via a null interface. This route simply discards multicast traffic. It might seem at first that this (automatically configured) route would interfere with some important routing functions (NDP, for example) but if you were to test it, you’d find that it doesn’t. That is because this entry is entered into the unicast routing table — none of these routes interact with multicast messages at all, unless multicast is (for some reason) disabled on the router, in which case this route prevents multicasts from being forwarded as unicast.

Configuring Static Routes

The command for adding an IPv6 static route is: #ipv6 route (destination/prefix-length) {next-hop | exit-interface [next-hop]} [ad]

There are a few types of static route:

  • Directly Attached static route: Only the exit interface is specified
    • ipv6 route (destination/prefix-length) (exit-interface)
    • Note: in IPv6 you CANNOT use directly attached static routes if the interface is an Ethernet interface
  • Recursive static route: Only the next-hop is specified
    • ipv6 route (destination/prefix-length) (next-hop)
    • ’Recursive’ as the router must look up not only the destination address in the routing table, but must then (recursively) look up the next-hop address as well
  • Fully Specified static route: Both the exit interface and next hop are specified
    • ipv6 route (destination/prefix-length) (exit-interface) (next-hop)
  • Floating static route: Configure an AD higher than that of the network’s dynamic routing protocol(s)
    • Used as a backup to dynamically learned routes

When configuring a default route use ::/0 as the destination IP.

If the next-hop address is a Link Local address, then you will also need to specify the exit interface (it must be fully specified). This is because the router is not able to figure out on its own which interface that route belongs to.


Typically, an enterprise will receive IPv6 addresses in /48 blocks from their ISP, and IPv6 subnets typically have a /64 prefix. Thus, there are usually 16 bits to use to make subnets. The remaining 64 bits are used for hosts.

Finding the Network Address of a Subnet

If the prefix length is, say, /64 then it’s easy. Just set everything after the 64th bit (the second half of the address) to 0s:

  • Host Address:1bc3:bd75:1229:6679:0000.0000.0000.0001/64
  • Network Address: 1bc3:bd75:1229:6679:0000.0000.0000.0000/64
  • Which is shortened to: 1bc3:bd75:1229:6679::/64 Each quartet is 16 bits, prefix that’s a multiple of 16 is easy!

Prefixes that are multiples of 4 are also very easy:

  • Host Address: 1bc3:bd75:1229:6679:0000:0000:1200:0001/56
  • Network Address: 1bc3:bd75:1229:6600:0000:0000:0000:0000/56
  • Shortened: 1bc3:bd75:1229:6600::/56
    • Note you can’t drop the 0s in the 6600 quartet; regardless of the prefix you can only ever drop leading 0s

Things get more complicated with prefixes that aren’t multiples of four:

  • Host Address: 1bc3:bd75:1229:6679:404e:014e:0050:0011/93
    • The prefix includes the first 23 characters and the first bit of the 24th character — 0xE, in this example
    • We need to convert that one Hex character to binary, then change all bits but the first to 0s
      • 0xE = 0d14 = 0b1110 0b1000 = 0d8 = 0x8
  • Network Address: 1bc3:bd75:1229:6679:404e:0148:0000:0000/93
  • Shortened: 1bc3:bd75:1229:6679:404e:148::/93


Extended Unique Identifier (EUI)

Typically called EUI-64 or modified EUI-64. EUI-64 is a method of converting a MAC address (48 bits) into a 64-bit interface identifier. This identifier can then be used as the host portion of a /64 IPv6 address.

IPv6, EUI-64

Link to original

How to convert the MAC address:

  1. Divide the MAC address in half
    • 1234 5678 90AB 1234 56 | 78 90AB
  2. Insert FFFE in the middle
    • 1234 56FF FE78 90AB
  3. Invert the 7th bit (that will be the 3rd bit of the second number)
    • 1234 56FF FE78 90AB 1034 65FF FE78 90AB
      • 0x2 = 0b0010 0b0000 = 0x0
  4. Done! The EUI-64 Interface Identifier is 1034 65FF FE78 90AB
Why invert the 7th bit?

A fair question…

  • MAC addresses can be divided into two types:
    • UAA (Universally Administered Address)
      • Uniquely assigned to the device by the manufacturer
    • LAA (Locally Administered Address)
      • Manually assigned by an admin (with the mac-address command on the interface or protocol. Doesn’t have to be globally unique.)
  • You can identify a MAC as UAA or LAA by its 7th bit, called the U/L bit (Universal/Local bit):
    • 0 = UAA
    • 1 = LAA
  • In the context of IPv6 addresses/EUI-64, the meaning of the U/L bit is reversed:
    • 0 = the MAC the EUI-64 ID was made from was LAA
    • 1 = the MAC the EUI-64 ID was made from was UAA

Wait… that didn’t explain it? Hmm…


The motivation for inverting the “u” bit when forming the interface identifier is to make it easy for system administrators to hand configure local scope identifiers when hardware tokens are not available. This is expected to be case for serial links, tunnel end-points, etc. The alternative would have been for these to be of the form 0200:0:0:1, 0200:0:0:2, etc., instead of the much simpler ::1, ::2, etc. -RFC 2373 section 2.5.1

So it’s for the sake of convenience… Makes sense, I suppose.


  • (config)#ipv6 unicast-routing
    • Enables IPv6 routing on the router
  • (config-if)#ipv6 enable
    • Enable IPv6 on a selected interface
  • (config-if)#ipv6 address 2001:db8:0:1::1/64
    • Configure an IPv6 address on an interface
  • #show ipv6 interface brief
    • Show some basic information about IPv6 interfaces — basically the same as show ip interface brief but for IPv6 instead of IPv4 (that’s gonna be pretty common here)
  • (config-if)#ipv6 address 2001:db8::/64 eui-64
    • Configure an IPv6 address using the interface’s MAC address as the host portion per EUI-64 rules
  • #show ipv6 neighbor
    • Show the IPv6 neighbor table — the NDP equivalent of an IPv4 ARP table
  • (config-if)#ipv6 address autoconfig
    • Automatically configure an IPv6 address for the interface using SLAAC
  • #show ipv6 route
    • Display the IPv6 routing table
  • #ipv6 route (destination/prefix-length) {next-hop | exit-interface [next-hop]} [ad]
    • Configure an IPv6 static route