Help
The ABCs of IPv6 Addresses
The most widely known aspect of IPv6, and really the only one that matters to DNS, is the length of the IPv6 address: 128 bits, four times as long as IPv4’s 32-bit address. The preferred representation of an IPv6 address is eight groups of as many as four hexadecimal digits, separated by colons. For example:
2001:0db8:0123:4567:89ab:cdef:0123:4567
The first group, or quartet, of hex digits (2001, in this example) represents the most significant (or highest-order) sixteen bits of the address. In binary terms, 2001 is equivalent to 0010000000000001.
Groups of digits that begin with one or more zeros don’t need to be padded to four places, so you can also write the previous address as:
2001:db8:123:4567:89ab:cdef:123:4567
Each group must contain at least one digit, though, unless you’re using the :: notation. The :: notation allows you to compress sequential groups of zeros. This comes in handy when you’re specifying just an IPv6 prefix. For example:
2001:db8:dead:beef::
specifies the first 64 bits of an IPv6 address as 2001:db8:dead:beef and the remaining 64 as zeros.
You can also use :: at the beginning of an IPv6 address to specify a suffix. For example, the IPv6 loopback address is commonly written as:
::1
or 127 bits of zero followed by a single one bit. You can even use :: in the middle of an address as shorthand for contiguous groups of zeros:
2001:db8:dead:beef::1
You can use the :: shorthand only once in an address, since more than one would be ambiguous.
IPv6 prefixes are specified in a format similar to IPv4’s CIDR notation. As many bits of the prefix as are significant are expressed in the standard IPv6 notation, followed by a slash and a decimal count of exactly how many significant bits there are. So the following four prefix specifications are equivalent (though obviously not equivalently terse):
2001:db8:dead:beef:0000:00f1:0000:0000/96 2001:db8:dead:beef:0:f1:0:0/96 2001:db8:dead:beef::f1:0:0/96 2001:db8:dead:beef:0:f1::/96
IPv6 is similar to IPv4 in that it supports variable-length network masks, and addresses are divided into network and host portions. However, in IPv6, there are recommended network masks for networks and subnets: the first 48 bits of an IPv6 address should identify a particular end site and a 64-bit prefix should identify one of up to 65,536 subnetworks at the site identified by the “parent” 48-bit prefix. As of this writing, all global unicast IPv6 addresses on the Internet (addresses that are unique and globally routable) have prefixes that begin with the binary value 001 (equivalent to 2000::/3). These are assigned by Regional Internet Registries (RIRs) and Internet service providers. The prefix itself may be hierarchical, with an RIR responsible for allocating higher-order bits to various ISPs, and ISPs responsible for allocating the lowest-order bits of the prefix to its customers.
After the end-site prefix, unicast IPv6 addresses typically contain another 16 bits that identify the particular subnetwork within an end site, called the subnet ID. The remaining bits of the address identify a particular network interface and are referred to as the interface ID.
Here’s a diagram that shows how these parts fit together:
| 48 bits | 16 bits | 64 bits | +------------------------+-----------+----------------------------+ | prefix | subnet ID | interface ID | +------------------------+-----------+----------------------------+ / \ | +------------------------------------\ | 3bits | 9bits | 12-20bits | 16-24bits | +----------+----------+--------------+--------------------------+ | IETF | IANA | RIR | RIR or ISP | +----------+----------+--------------+--------------------------+
As you can see in the diagram, the 48-bit prefix is made up of several parts. As previously mentioned, the first three bits are assigned by IETF to indicate “Global Unicast Space.” The next nine bits are assigned by IANA to a particular RIR (for example, 2620::/12 is assigned to ARIN, the American Registry for Internet Numbers). The RIR then assigns prefixes to ISPs and end users ranging from 24 to 48 bits (the RIR controls between 12 and 36 bits). Finally, in an ISP’s address space, the ISP can assign the bits after its RIR-assigned prefix up to the /48 allocated to each customer end site.
Coincidentally, Movie University just arranged to get IPv6 connectivity from our ISP. The ISP assigned us a /48-sized IPv6 network, 2001:db8:cafe::/48, which we’ll subnet using the scheme just described into /64-sized subnetworks.
Note: What’s this fe80:: address?
If you’re poking around on a Unix or Linux system with ifconfig, netstat or the like, you may notice that your host’s network interfaces already have IPv6 addresses assigned to them, starting with the quartet “fe80.” These are link-local scoped addresses, derived automatically from the interfaces’ hardware addresses. The link-local scope is significant—you can’t access these addresses from anywhere but the local subnet, so don’t use them in delegation, masters substatements, and the like. Use global unicast addresses assigned to the host instead. You probably shouldn’t even use link-local addresses in the configuration of resolvers on the same subnet if there’s any chance that those resolvers will move (e.g., if they’re on laptops or other mobile devices).
Learn more about this topic from DNS and BIND on IPv6.
If you're preparing to roll out IPv6 on your network, this concise book provides the essentials you need to support this protocol with DNS. You'll learn how DNS was extended to accommodate IPv6 addresses, and how you can configure a BIND name server to run on the network. This book also features methods for troubleshooting problems with IPv6 forward- and reverse-mapping, techniques for helping islands of IPv6 clients communicate with IPv4 resources, and many other topics.
