Link Local IPv6 Addresses, How Link Local IPv6 addresses are generated
The IPv6 addresses starting with FE in hexadecimals represent link–local IPv6 addresses. Link–local addresses cannot be routed to public networks and limited to the local network. Link–local addresses are auto–configured (or auto–generated plug–and–play) addresses (Stateless addresses) similar to IPv4 APIPA addresses (169.254.0.0/16). Typically, getting an APIPA IPv4 address in an IPv4 network is because of some network error, but link–local addresses are IPv6 addresses which can be used for local communication. A link–local address is for use on a single link and should never be routed.
IPv6 link–local addresses are identified among IPv6 addresses by reserving the left most 64 bits as 1111111010000000 0000000000000000 0000000000000000 0000000000000000 (translates to FE80 in hexadecimals). IPv6 link-local addresses are used by devices for communicating with other nodes on the same link. The scope of an IPv6 link–local address is the local link.
IPv6 link–local addresses are auto–generated and many international technology leaders generate IPv6 link–local addresses from MAC Address of the interface.
View the following output of show command "show ipv6 interface gigabitEthernet 0/0", in a Cisco router.
OmniSecuR1#show ipv6 interface gigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::C800:EFF:FE74:8 No Virtual link-local address(es): Global unicast address(es): 2001:4AF1::28, subnet is 2001:4AF1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:28 FF02::1:FF74:8 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 26049) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses.
The output shows the IPv6 link–local address as FE80::C800:EFF:FE74:8, for interface gigabitEthernet 0/0. How this IPv6 link–local address as FE80::C800:EFF:FE74:8 is auto generated by the router? Read below.
We already know the first 64 binary bits of IPv6 link–local addresses are reserved as 1111111010000000 0000000000000000 0000000000000000 0000000000000000 (FE80::/64 in hexadecimals, is the link–local IPv6 address prefix).
Next, view the interface information of the same interface mentioned above using the IOS command "show interfaces gigabitEthernet 0/0". The MAC address of interface gigabitEthernet 0/0 is ca00.0e74.0008.
OmniSecuR1#show interfaces gigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is ca00.0e74.0008 (bia ca00.0e74.0008) MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 <output omitted>
Now we have the IPv6 link–local address of interface gigabitEthernet 0/0 as FE80::C800:EFF:FE74:8 and MAC address as ca00.0e74.0008.
The IPv6 link–local addresses are made from the first 64-bit reservation (FE80::/64) and remaining bits are taken from the MAC address of the interface. But, MAC addresses are 48 bit numbers. 64+48 is only 112 bits to form IPv6 address (IPv6 addresses are 128 bit in length). What about the remaining 16 bits (128-112=16)?
The answer is, an hexadecimal number "FF:FE" is added in between the MAC address of the related interface to form the complete 128 bit IPv6 link–local addresses. Also the 7th bit (from left) in the MAC address is flipped. Which means, if the 7th bit in the MAC address (from left) is 1, change it to 0 or if the 7th bit (from left) in the MAC address is 0, change it to 1. Refer the following table.
MAC Address | CA00.0E74.0008 |
MAC Address (FF:FE added to make it 64 bit Host Part) |
CA00.0EFF:FE74.0008 |
64 bit Host Part | CA00.0EFF:FE74.0008 |
64 bit Host Part (in binaries) | 1100101000000000:0000111011111111:1111111001110100:0000000000001000 |
64 bit Host Part (in binaries and 7th bit flipped) | 1100100000000000:0000111011111111:1111111001110100:0000000000001000 |
64 bit Host Part (in hexadecimals and 7th bit flipped) | C800:0EFF:FE74:0008 |
IPv6 Link local IPv6 address (Combining Link local IPv6 address prefix FE80:0000:0000:0000 with derived host part) |
FE80:0000:0000:0000:C800:0EFF:FE74:0008 |
The above IPv6 link–local address we got from combining FE80::/64 prefix part and then the MAC Address part, can be further simplified as FE80::C800:EFF:FE74:8/64. Please refer the following link to learn more about how to simplify an IPv6 address.
Note that I had noticed by default some Microsoft Operating Systems are not following the above method for auto generating the IPv6 Link Local addresses (for network security). Cisco IOS, GNU/Linux Operating Systems and Unix Operating Systems are following the above method by default for auto–generating IPv6 link–local addresses.
Written by Jajish Thomas.
Last updated on 17th May, 2024.