IPV6
Basics
Address are split into:
Unicast
Global - similar to IPv4 public IP addresses. They have a prefix of 2000::/3
Unique local - similar to IPv4 private addresses. There addresses have a prefix of FD00::/8 or FC00::/7
Link local - there addresses are used for sending packet over the local subnet. There addresses have a prefix of FE80::/10.
Anycast
Multicast - prefix with ff00::/8
Packets sent to ::1 are sent to localhost
Packets sent to ::0 are sent on all interfaces.
Designated multicast address (just a few for example):
Address | Scope | Use |
ff02::1 | Link | All nodes |
ff02::2 | Link | All routers |
ff02::5 | Link | OSPF routers |
ff02::a | Link | EIGRP routers |
From <https://github.com/0xbharath/talks/blob/master/pentesting_ipv6/pentesting_IPv6.md>
IPv6 Address Types
Prefix | Example | Designation and Explanation | IPv4 Equivalent |
::/128 | Unspecified This address may only be used as a source address by an initialising host before it has learned its own address. | 0.0.0.0 | |
::1/128 | Loopback This address is used when a host talks to itself over IPv6. This often happens when one program sends data to another. | 127.0.0.1 | |
::ffff/96 | ::ffff:192.0.2.47 | IPv4-Mapped These addresses are used to embed IPv4 addresses in an IPv6 address. One use for this is in a dual stack transition scenario where IPv4 addresses can be mapped into an IPv6 address. See RFC 4038 for more details. | There is no equivalent. However, the mapped IPv4 address can be looked up in the relevant RIR’s Whois database. |
fc00::/7 | fdf8:f53b:82e4::53 | Unique Local Addresses (ULAs) These addresses are reserved for local use in home and enterprise environments and are not public address space. These addresses might not be unique, and there is no formal address registration. Packets with these addresses in the source or destination fields are not intended to be routed on the public Internet but are intended to be routed within the enterprise or organisation. See RFC 4193 for more details. | Private, or RFC 1918 address space: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 |
fe80::/10 | fe80::200:5aee:feaa:20a2 | Link-Local Addresses These addresses are used on a single link or a non-routed common access network, such as an Ethernet LAN. They do not need to be unique outside of that link. Link-local addresses may appear as the source or destination of an IPv6 packet. Routers must not forward IPv6 packets if the source or destination contains a linklocal address. Link-local addresses may appear as the source or destination of an IPv6 packet. Routers must not forward IPv6 packets if the source or destination contains a linklocal address. | |
2001:0000::/32 | 2001:0000:4136:e378: 8000:63bf:3fff:fdd2 | Teredo This is a mapped address allowing IPv6 tunneling through IPv4 NATs. The address is formed using the Teredo prefix, the server’s unique IPv4 address, flags describing the type of NAT, the obfuscated client port and the client IPv4 address, which is probably a private address. It is possible to reverse the process and identify the IPv4 address of the relay server, which can then be looked up in the relevant RIR’s Whois database. You can do this on the following webpage: http://www.potaroo.net/cgi-bin/ipv6addr | No equivalent |
2001:0002::/48 | 2001:0002:6c::430 | Benchmarking These addresses are reserved for use in documentation. They should not be used as source or destination addresses. | 198.18.0.0/15 |
2001:0010::/28 | 2001:10:240:ab::a | Orchid These addresses are used for a fixed-term experiment. They should only be visible on an end-to-end basis and routers should not see packets using them as source or destination addresses. | No equivalent |
2002::/16 | 2002:cb0a:3cdd:1::1 | 6to4 A 6to4 gateway adds its IPv4 address to this 2002::/16, creating a unique /48 prefix. As the IPv4 address of the gateway router is used to compose the IPv6 prefix, it is possible to reverse the process and identify the IPv4 address, which can then be looked up in the relevant RIR’s Whois database. You can do this on the following webpage: http://www.potaroo.net/cgi-bin/ipv6addr | There is no equivalent but 192.88.99.0/24 has been reserved as the 6to4 relay anycast address prefix by the IETF. |
2001:db8::/32 | 2001:db8:8:4::2 | Documentation These addresses are used in examples and documentation. They should never be source or destination addresses. | 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 |
2000::/3 | Global Unicast Other than the exceptions documented in this table, the operators of networks using these addresses can be found using the Whois servers of the RIRs listed in the registry at: http://www.iana.org/assignments/ipv6- unicast-address-assignments | No equivalent single block | |
ff00::/8 | ff01:0:0:0:0:0:0:2 | Multicast These addresses are used to identify multicast groups. They should only be used as destination addresses, never as source addresses. | 224.0.0.0/4 |
IPv6 Command Line Tools:
ping6- IPv6 ping tool
traceroute6- IPv6 tracing tool
tracepath6 – IPv6 tracing tool
ip -6 – For configuring/viewing IPv6 interfaces and routes
ipv6calc – IPv6 subnet calculator
tcpdump ip6 – packet sniffing on IPv6
snoop inet6 – packet sniffing on IPv6
IPv6 Subnet Size Reference Table
IPv6 CIDR S Subnet | Number of IPs |
/128 | 1 |
/127 | 2 |
/126 | 4 |
/125 | 8 |
/124 | 16 |
/123 | 32 |
/122 | 64 |
/121 | 128 |
/120 | 256 |
/119 | 512 |
/118 | 1,024 |
/117 | 2,048 |
/116 | 4,096 |
/115 | 8,192 |
/114 | 16,384 |
/113 | 32,768 |
/112 | 65,536 |
/111 | 131,072 |
/110 | 262,144 |
/109 | 524,288 |
/108 | 1,048,576 |
/107 | 2,097,152 |
/106 | 4,194,304 |
/105 | 8,388,608 |
/104 | 16,777,216 |
/103 | 33,554,432 |
/102 | 67,108,864 |
/101 | 134,217,728 |
/100 | 268,435,456 |
/99 | 536,870,912 |
/98 | 1,073,741,824 |
/97 | 2,147,483,648 |
/96 | 4,294,967,296 |
/95 | 8,589,934,592 |
/94 | 17,179,869,184 |
/93 | 34,359,738,368 |
/92 | 68,719,476,736 |
/91 | 137,438,953,472 |
/90 | 274,877,906,944 |
/89 | 549,755,813,888 |
/88 | 1,099,511,627,776 |
/87 | 2,199,023,255,552 |
/86 | 4,398,046,511,104 |
/85 | 8,796,093,022,208 |
/84 | 17,592,186,044,416 |
/83 | 35,184,372,088,832 |
/82 | 70,368,744,177,664 |
/81 | 140,737,488,355,328 |
/80 | 281,474,976,710,656 |
/79 | 562,949,953,421,312 |
/78 | 1,125,899,906,842,624 |
/77 | 2,251,799,813,685,248 |
/76 | 4,503,599,627,370,496 |
/75 | 9,007,199,254,740,992 |
/74 | 18,014,398,509,481,985 |
/73 | 36,028,797,018,963,968 |
/72 | 72,057,594,037,927,936 |
/71 | 144,115,188,075,855,872 |
/70 | 288,230,376,151,711,744 |
/69 | 576,460,752,303,423,488 |
/68 | 1,152,921,504,606,846,976 |
/67 | 2,305,843,009,213,693,952 |
/66 | 4,611,686,018,427,387,904 |
/65 | 9,223,372,036,854,775,808 |
Residential – /64 | 18,446,744,073,709,551,616 |
/63 | 36,893,488,147,419,103,232 |
/62 | 73,786,976,294,838,206,464 |
/61 | 147,573,952,589,676,412,928 |
/60 | 295,147,905,179,352,825,856 |
/59 | 590,295,810,358,705,651,712 |
/58 | 1,180,591,620,717,411,303,424 |
/57 | 2,361,183,241,434,822,606,848 |
/56 | 4,722,366,482,869,645,213,696 |
/55 | 9,444,732,965,739,290,427,392 |
/54 | 18,889,465,931,478,580,854,784 |
/53 | 37,778,931,862,957,161,709,568 |
/52 | 75,557,863,725,914,323,419,136 |
/51 | 151,115,727,451,828,646,838,272 |
/50 | 302,231,454,903,657,293,676,544 |
/49 | 604,462,909,807,314,587,353,088 |
Business – /48 | 1,208,925,819,614,629,174,706,176 |
/47 | 2,417,851,639,229,258,349,412,352 |
/46 | 4,835,703,278,458,516,698,824,704 |
/45 | 9,671,406,556,917,033,397,649,408 |
/44 | 19,342,813,113,834,066,795,298,816 |
/43 | 38,685,626,227,668,133,590,597,632 |
/42 | 77,371,252,455,336,267,181,195,264 |
/41 | 154,742,504,910,672,534,362,390,528 |
/40 | 309,485,009,821,345,068,724,781,056 |
/39 | 618,970,019,642,690,137,449,562,112 |
/38 | 1,237,940,039,285,380,274,899,124,224 |
/37 | 2,475,880,078,570,760,549,798,248,448 |
/36 | 4,951,760,157,141,521,099,596,496,896 |
/35 | 9,903,520,314,283,042,199,192,993,792 |
/34 | 19,807,040,628,566,084,398,385,987,584 |
/33 | 39,614,081,257,132,168,796,771,975,168 |
ISP – /32 | 79,228,162,514,264,337,593,543,950,336 |
/31 | 158,456,325,028,528,675,187,087,900,672 |
/30 | 316,912,650,057,057,350,374,175,801,344 |
/29 | 633,825,300,114,114,700,748,351,602,688 |
/28 | 1,267,650,600,228,229,401,496,703,205,376 |
/27 | 2,535,301,200,456,458,802,993,406,410,752 |
/26 | 5,070,602,400,912,917,605,986,812,821,504 |
/25 | 10,141,204,801,825,835,211,973,625,643,008 |
/24 | 20,282,409,603,651,670,423,947,251,286,016 |
/23 | 40,564,819,207,303,340,847,894,502,572,032 |
/22 | 81,129,638,414,606,681,695,789,005,144,064 |
/21 | 162,259,276,829,213,363,391,578,010,288,128 |
/20 | 324,518,553,658,426,726,783,156,020,576,256 |
/19 | 649,037,107,316,853,453,566,312,041,152,512 |
/18 | 1,298,074,214,633,706,907,132,624,082,305,024 |
/17 | 2,596,148,429,267,413,814,265,248,164,610,048 |
/16 | 5,192,296,858,534,827,628,530,496,329,220,096 |
/15 | 10,384,593,717,069,655,257,060,992,658,440,192 |
/14 | 20,769,187,434,139,310,514,121,985,316,880,384 |
/13 | 41,538,374,868,278,621,028,243,970,633,760,768 |
/12 | 83,076,749,736,557,242,056,487,941,267,521,536 |
/11 | 166,153,499,473,114,484,112,975,882,535,043,072 |
/10 | 332,306,998,946,228,968,225,951,765,070,086,144 |
/9 | 664,613,997,892,457,936,451,903,530,140,172,288 |
/8 | 1,329,227,995,784,915,872,903,807,060,280,344,576 |
IPv6 Subnet Reference Prefix Lengths
Note: The IP address above is an IP address allocated to Crucial Paradigm.
Example of /64 Allocations:
/64 IPv6 allocations are usually given to end users, who do not require any VLANs. It allows auto configuration, or SLAAC so makes life a lot easier when configuring.
It is fairly easy to calculate /64 allocations, and a subnet calculator is not required. In fact this is the case with assigning IPv6 allocations, it can be done fairly easily without any calculator (I’ll demonstrate this later in the reference sheet):
Example of /48 Allocations:
/48 allocations are usually provided to business, who require additional VLANs or may require the range to be split up. Using a /48 allocation would allow them to do so.
IPv6 Subnet Calculator NOT REQUIRED!
In most cases a subnet calculator will not be required, since IPv6 using hex (hexadecimal) – and so long as the prefix length is a multiple of 4, it makes it quite easy. For example (this is also where the table “IPv6 Subnet Reference IP Address” comes in a lot of handy above):
IPv6 Address Scopes
::/128 unspecified address
::1/128 localhost
fe80::/10 link local
fc00::/7 unique local unicast (RFC 4193)
fc00::/8 centrally assigned by unkown, routed within a site (RFC 4193)
fd00::/8 free for all, global ID must be generated randomly with pseudo-random algorithm, routed within a site (RFC 4193)
ff00::/8 multicast, following after the prefix ff there are 4 bits for flags and 4 bits for the scope
::ffff:0:0/96 IPv4 to IPv6 Address, eg: ::ffff:10.10.10.10 (RFC 4038)
2000::/3 global unicast
2001::/16 /32 subnets assigned to providers, they assign /48, /56 or /64 to the customer
2001:db8::/32 reserved for use in documentation
2001:678::/29 Provider Independent (PI) adresses and anycasting TLD nameservers
2002::/16 6to4 scope, 2002:c058:6301:: is the 6to4 public router anycast (RFC 3068)
Interface Configuration Linux:
#ifconfig eth0 inet6 add 2402:9400:1234:1234::1/64
Configuring SLAAC (auto configuration) on Redhat/CentOS flavours of Linux: You can do this by enabling IPv6 on an interface which is already configured automatically on boot.
Last updated