Computer Networks

IPv6 Features

IPv6 is not just 'longer addresses'. It's a redesign of the network layer: autoconfiguration without DHCP, no broadcast, mandatory multicast, extension headers instead of options. Understanding these differences is critical for a modern network engineer.

**Mobile operators:** T-Mobile, Verizon, Jio use IPv6-only with NAT64. Your app must work in such an environment
**Cloud native:** Kubernetes supports dual-stack. Service mesh (Istio) actively uses IPv6 for sidecar communication
**IoT:** Billions of devices get global IPv6 addresses via SLAAC without needing DHCP infrastructure

Предварительные знания

IPv6: The Future Is Already Here

SLAAC and DHCPv6

IPv6 has two ways to automatically obtain an address: **SLAAC** (Stateless Address Autoconfiguration) and **DHCPv6**. They can work together, complementing each other.

**RDNSS:** RFC 8106 added DNS to Router Advertisement. Now SLAAC can work entirely without DHCPv6. But not all OSes support RDNSS.

DHCPv6 works differently from DHCPv4:

Host received RA with M=0, O=1. How will it get the default gateway?

Neighbor Discovery Protocol (NDP)

**NDP (Neighbor Discovery Protocol)** replaces ARP and does much more: router discovery, autoconfiguration, neighbor reachability detection, duplicate detection.

**Neighbor Solicitation/Advertisement** - analogous to ARP request/reply:

**NUD (Neighbor Unreachability Detection):** NDP periodically checks that a neighbor is still alive. If a host doesn't respond - the entry is deleted. ARP has no such mechanism.

How is Neighbor Solicitation in IPv6 better than ARP Request in IPv4?

ICMPv6 - The Heart of IPv6

**ICMPv6** is critically important for IPv6 to function. Unlike IPv4, where ICMP can be partially blocked, blocking ICMPv6 **breaks the network** - NDP, PMTUD, and SLAAC all stop working without it.

**Packet Too Big:** In IPv6, routers do NOT fragment packets (only the sender can). Without ICMPv6 Type 2, Path MTU Discovery is impossible - large packets are silently dropped.

The IPv6 header is simpler than IPv4 - rarely used fields were removed:

**Extension Headers** replace Options and are processed only by the end host (not routers).

Why is blocking ICMPv6 'Packet Too Big' critical in IPv6?

Dual-Stack and Happy Eyeballs

**Dual-Stack** - the main transition strategy: a device has both IPv4 and IPv6 addresses simultaneously. Applications choose the protocol based on availability.

**Problem:** If IPv6 exists but is broken (misconfiguration, firewall), the connection will hang for 20-30 sec before falling back to IPv4.

**Happy Eyeballs (RFC 8305)** solves this problem - it tries both protocols in parallel:

All modern browsers and OSes implement Happy Eyeballs. The fallback delay is configurable (usually 200-300ms).

A site has A and AAAA records. The client has IPv6 configured but a firewall blocks it. What will the user see with Happy Eyeballs?

Tunneling and NAT64

When dual-stack is not possible, **tunneling** (IPv6 inside IPv4) or **translation** (NAT64/DNS64) is used. This allows IPv6-only clients to communicate with IPv4-only servers.

**HE.net Tunnel Broker:** A free service for getting IPv6 via tunnel. Useful if your ISP doesn't provide IPv6.

**NAT64 + DNS64** - the modern solution for IPv6-only networks (mobile operators):

IPv6 isn't needed as long as IPv4 with NAT works

IPv4 addresses are already exhausted; new networks are built IPv6-only with NAT64

IANA distributed the last IPv4 blocks in 2011. Regional registries ran out by 2015-2020. New addresses can only be purchased (~$50/IP). Mobile operators are massively switching to IPv6-only - cheaper and more scalable. Apple has required IPv6-only support for the App Store since 2016.

A mobile operator uses IPv6-only with NAT64. An app makes a request to a server that only has IPv4. What happens?

Key Ideas

**SLAAC** lets hosts get an address automatically from Router Advertisement without a server. DHCPv6 supplements with DNS and other options
**NDP** replaces ARP and adds: Router Discovery, SLAAC, DAD, Neighbor Unreachability Detection. Uses ICMPv6
**ICMPv6** is critically important - must not be blocked! Without Packet Too Big, PMTUD breaks; without NDP messages - the entire network fails
**Happy Eyeballs** ensures fast connections in dual-stack. **NAT64/DNS64** connects IPv6-only clients with IPv4 servers

Вопросы для размышления

Why did IPv6 designers decide not to carry broadcast over from IPv4?
How does Happy Eyeballs affect performance for users with unstable IPv6?
What security issues does NDP create without SeND (Secure NDP)?

Связанные уроки

sec-01

Computer Networks

IPv6 Features

**Mobile operators:** T-Mobile, Verizon, Jio use IPv6-only with NAT64. Your app must work in such an environment
**Cloud native:** Kubernetes supports dual-stack. Service mesh (Istio) actively uses IPv6 for sidecar communication
**IoT:** Billions of devices get global IPv6 addresses via SLAAC without needing DHCP infrastructure

Предварительные знания

IPv6: The Future Is Already Here

SLAAC and DHCPv6

IPv6 has two ways to automatically obtain an address: **SLAAC** (Stateless Address Autoconfiguration) and **DHCPv6**. They can work together, complementing each other.

**RDNSS:** RFC 8106 added DNS to Router Advertisement. Now SLAAC can work entirely without DHCPv6. But not all OSes support RDNSS.

DHCPv6 works differently from DHCPv4:

Host received RA with M=0, O=1. How will it get the default gateway?

Neighbor Discovery Protocol (NDP)

**NDP (Neighbor Discovery Protocol)** replaces ARP and does much more: router discovery, autoconfiguration, neighbor reachability detection, duplicate detection.

**Neighbor Solicitation/Advertisement** - analogous to ARP request/reply:

**NUD (Neighbor Unreachability Detection):** NDP periodically checks that a neighbor is still alive. If a host doesn't respond - the entry is deleted. ARP has no such mechanism.

How is Neighbor Solicitation in IPv6 better than ARP Request in IPv4?

ICMPv6 - The Heart of IPv6

**ICMPv6** is critically important for IPv6 to function. Unlike IPv4, where ICMP can be partially blocked, blocking ICMPv6 **breaks the network** - NDP, PMTUD, and SLAAC all stop working without it.

**Packet Too Big:** In IPv6, routers do NOT fragment packets (only the sender can). Without ICMPv6 Type 2, Path MTU Discovery is impossible - large packets are silently dropped.

The IPv6 header is simpler than IPv4 - rarely used fields were removed:

**Extension Headers** replace Options and are processed only by the end host (not routers).

Why is blocking ICMPv6 'Packet Too Big' critical in IPv6?

Dual-Stack and Happy Eyeballs

**Dual-Stack** - the main transition strategy: a device has both IPv4 and IPv6 addresses simultaneously. Applications choose the protocol based on availability.

**Problem:** If IPv6 exists but is broken (misconfiguration, firewall), the connection will hang for 20-30 sec before falling back to IPv4.

**Happy Eyeballs (RFC 8305)** solves this problem - it tries both protocols in parallel:

All modern browsers and OSes implement Happy Eyeballs. The fallback delay is configurable (usually 200-300ms).

A site has A and AAAA records. The client has IPv6 configured but a firewall blocks it. What will the user see with Happy Eyeballs?

Tunneling and NAT64

When dual-stack is not possible, **tunneling** (IPv6 inside IPv4) or **translation** (NAT64/DNS64) is used. This allows IPv6-only clients to communicate with IPv4-only servers.

**HE.net Tunnel Broker:** A free service for getting IPv6 via tunnel. Useful if your ISP doesn't provide IPv6.

**NAT64 + DNS64** - the modern solution for IPv6-only networks (mobile operators):

IPv6 isn't needed as long as IPv4 with NAT works

IPv4 addresses are already exhausted; new networks are built IPv6-only with NAT64

A mobile operator uses IPv6-only with NAT64. An app makes a request to a server that only has IPv4. What happens?

Key Ideas

**SLAAC** lets hosts get an address automatically from Router Advertisement without a server. DHCPv6 supplements with DNS and other options
**NDP** replaces ARP and adds: Router Discovery, SLAAC, DAD, Neighbor Unreachability Detection. Uses ICMPv6
**ICMPv6** is critically important - must not be blocked! Without Packet Too Big, PMTUD breaks; without NDP messages - the entire network fails
**Happy Eyeballs** ensures fast connections in dual-stack. **NAT64/DNS64** connects IPv6-only clients with IPv4 servers

Вопросы для размышления

Why did IPv6 designers decide not to carry broadcast over from IPv4?
How does Happy Eyeballs affect performance for users with unstable IPv6?
What security issues does NDP create without SeND (Secure NDP)?

Связанные уроки

sec-01

IPv6 Features

Предварительные знания

SLAAC and DHCPv6

Neighbor Discovery Protocol (NDP)

ICMPv6 - The Heart of IPv6

Dual-Stack and Happy Eyeballs

Tunneling and NAT64

Key Ideas

Related Topics

Вопросы для размышления

Связанные уроки

IPv6 Features

Предварительные знания

SLAAC and DHCPv6

Neighbor Discovery Protocol (NDP)

ICMPv6 - The Heart of IPv6

Dual-Stack and Happy Eyeballs

Tunneling and NAT64

Key Ideas

Related Topics

Вопросы для размышления

Связанные уроки