An IPv6 home network is possible

In this post, we present an example of an IPv6 network operation, based on a home network setup that is a PC (Windows) and a box (an internet box provided by an ISP that supports IPv6). In the first paragraphs, we talk about some general motivations to use IPv6 instead of IPv4. Then, we present our network setup that is up and working, before we deep into understanding its basic operation.

Still IPv4?

Historically, an IPv4 is doing just fine to connect networks and hosts in general, and particularily, home networks (PC, printer, or other IP devices behind an internet box or a router) to our preferred ISP, an internet (as a service) provider, until many limitations arise mostly related to networks and applications exponential growth and their huge demand on the available address space, some advanced security schemes support, QoS (quality of service) and more other aspects related to the operation of these networks.

IPv6 motivations

IPv6 was presented as a solution to many of those limitations : almost infinite address space, the structure of the IP address itself provides support and integration of many protocols, ease of operation, security support, etc. and my preferred, one interface could have multiples purpose IP addresses… (this is not present in IPv4 or very limited to a secondary of fallback same purpose IP).

We’ll see in this post, a simple application (a home network setup) of IPv6 some basic concepts.

IP version 4 and 6 (no 5!)

Let’s recall that IP (internet protocol) in general refers to the logical addressing of equipments (hosts, clients, routers, switches, objects, etc.) in a given IP network that functions at layer 3 of OSI (open systems interconnection) standard. From this point of view version 4 and 6 are the same.

Some differences exist with regard to the format of the IP packets: in version 4 we use 32 bit or 4 bytes to encode an ip address that is compound by : subnet part and a host part (as per VLSM), but are not limited to and may extend to the logic of design and operation of such networks themselves.

On the other hand, a version 6 IP address is 128 bit or 16 bytes and depending on the purposeand scope of the addressing (unicast : public, unique local, link-local; anycast; multicast) may include some of those fields : an interface identifier (host), subnet id, routing prefix, Local bit, group ID (multicast group), flags, (multicast operation), etc.

Network setup

To check some of the operation (traffic management, addressing, routing, network management protocols, etc.) of IPv6, we mount the test lab setup presented in the next figure:

In this figure, the client connects to the server through internet and both use IPv6. Our box and the internet support IPv6 operation either natively or by translation. The switch does not need to run IPv6 as it operates on Ethernet frames at layer 2 with reference to the OSI model.

We check that our equipment are supportive of IPv6 operation. Only the client/server hosts and routers (in internet and the box) are concerned by this: the switch that is working at OSI layer 2 does not need to read IP packet at all for its operation, only handles frames…

PC configuration

Next, in our PC under Windows, we check that the option is into play under the interface configuration settings shown in the next figure:

We check on the pop-up output that the IPv6 protocol support is present and enabled. Depending on your Windows system (mine is Windows 11) here are the steps to show this pop-up: Access network and settings ou your PC, click on Ethernet on the left side menu, Choose to modify the adapter’s options on the right side menu, A new (legacy) window opens showing the network connexions in the old fashion, Right click on the interface and choose the Properties to get the output show in the next figure.

Using the command line (CLI), as shown in the next figure, we check what IP information is present under our interface. I have almost 6 IPv6 addresses attached to the same interface: one is link-local (scoped to one attached link), unique local (private in the same administrative domain, using fd00::/8 space), and global ones (in the space 2a00::/12 assigned by IANA).

The CLI output of the command ipconfig, we check the active interface is configured by 6 IPv6 in addition to one IPv4 interface. You may notice also the no subnetwork is associated with the IPv6 addresses… the information is already included in the structure of the IPv6 address. To get details about this structure, please refer to this article: IPv6 Wikipedia.

Box configuration

Another fact about my setup, is that my box accepts IPv6 configuration from the ISP (on the wan interface) by default and could not be disabled. The ISP provides the IPv6 configuration (in addition to the IPv4 one) by default and could not be disabled neither on my subscription account… the only option to deactivate IPv6 in my network is directly on my equipments one by one (if no Active Directory or another configuration management) for example.

A step by step understanding of our network operation

To focus on IPv6 operation let’s deactivate the support of IPv4 (the only option to do that is on my test PC). Make sure though that you do not break any other network service (that does not support IPv6) : shared printers, NAS, etc.; confirm by using the ipconfig command under the windows terminal: only interface IPv6 configuration shows up. In addition to the previous point, you may notice some different performance also… speed, bandwidth, etc. having into mind that we’re changing the end-to-end network if not physically, logically.

ipconfig the IPv6 configuration

The ipconfig command output shows the gateway configured by a link-local IP address (starting by fe80::). To build the layer 2 frame that is needed to forward IPv6 packet to internet, ICMPv6 (Internet Control and Management Protocol) Network Discovery or ND (equivalent to ARP in IPv4 network) is used to map the IPv6 logical address to the corresponding MAC physical address.

netsh the IPv6 configuration

To check the content of the NDP (ICMPv6 network Discovery Protocole) table, we use the command netsh as per the next figure.

Using the CMD CLI we issue netsh keyword to access the netsh prompt, from their we specify interface ipv6 and then we issue the command show neighbors to see what IPv6 addresses are on the network and their MAC addresses

ICMPv6 into play

The procedure (ICMPv6) allows also the information about routing capability (by gateways or routers on the local link) to be also exchanged and include some security check (DUD or Duplicate Address Detection for example). On the basis of this information, SLAAC or Stateless Address Autoconfiguration is put into play at PC level to properly configure the interfaces of IPv6 operation.

Now how my test PC gets a public IPv6 address? one logical (by elimination) hypothesis is that my box (the router that receives its IPv6 configuration from the ISP) plays this role by sending messages to hint (giving information on the public prefix, for example) on the dynamic (automatic) configuration my test PC should process and apply to get to the internet.

Wireshark the packets

This is my guess! lets confirm by checking on the wire (using Wireshark) all of this. By using Wireshark, we’re looking for packets sent by my router (box) and the information contained in those packets to possibly help my PC setup an accurate dynamic configuration to get access to behind the local network, internet.

In Wireshark, we check that Router Advertisements are being sent periodically by the router (identified by its unique MAC) to the multicast address ff02::1 (to all hosts). These messages contains information about prefix information (global unique routable) and even the DNS to use.

Please note that all this work (of dynamic configuration) has been done without the use of DHCPv6 (IP version 6 of DHCP) or any centralized and configuration tracking solution.

Processing the host part of the IPv6 address

Another question that may arise is how my test PC calculates the interface or host part of the IPv6 address it uses? The presence of FFFE in the address indicates the use of the EUI-64 method that uses physical MAC addresses for this purpose, otherwise, it is a random value… which is another important security feature.

Let’s conclude and further our investigation

In this post we’ve introduced IPv6 using a simple example of a home network (setup). Some interesting features have been already shown including : the possbility for an interface to be configured with many routable or not routable, gloabl or unique, unicast, anycast or multicast, addresses at the same time; the no need to configure those interface manually or through DHCP to gain access to internet; some security applied to duplicate address detection, protocol message advertisement, etc.

In the next posts, we will focus on the operation of IPv6 in the core (internet) network and especially try to understand how our box wan interface gets configured with IPv6 information before it passes it to the local network. In the core network we would expect routing protocols such ISIS, OSPF, BGP, etc. that support the operation of IPv6… and services.

In this post, we’ve checked also the operation of IPv6 dynamic configuration operation using show commands in Windows CLI, GUI and Wireshark, a packet capturing tool… we checked that IPv6 relies on ICMPv6 (that includes NDP, Ping, Traceroute, etc.) to accomplish a similar operation to ARP and DHCP in IPv4 networks.

We mentioned also that the operation of an IPv6 network does not interfere with the operation of an IPv4 network. Only servers or clients that support IPv6 could access to the this network: the other legacy users are logically isolated. We could imagine to have both networks operating in parallel or divide our global mixed network into two parts each in a specific protocol using address translation or equivalent to communicate in between (such in migration scenarios).

In addition to these features, no NAT (address translation) was needed, to allow my PC get access to internet, at all, as all the equipments have their own public IP addresses dynamically configured from the router advertised information… still we need to double check (in upcoming post about the same subject) that our network is not accessible from the outside, if this address information is known!

Hope this post reading was enjoyable! don’t hesitate to share your taughts and ideas… to enrich it even more.

atlink'admin

Learn More →

Leave a Reply

Table of Contents