What happened to all the ARP messages?
ARP is replaced with neighbour-solicitations in IPv6. It works the same, but it's done over IPv6 instead of via a seperate protocol so it works even over L2 that don't allow multiple protocols to be encapsulated.
Why don't I need DHCP?
Routers on a network send "router-announcements" announcing what prefixes they think are available. Each machine simply takes each prefix, and forms an address based on it's MAC.
Why do I need DHCP?
While router announcements allow clients to automatically configure IPv6 addresses, they don't announce any additional information such as DNS servers. DHCP can also hand out subnets, so your router could ask its "parent" router for ranges for each of it's interfaces.
Why are addresses that begin with fe80: special?
They are link local addresses, they only exist within the link.
These are 6to4 addresses.
These are 6bone addresses used while IPv6 was still experimental, they are deprecated, and may be firewalled across the backbone by the time you read this.
What's the deal with RFC1918?
Site local addresses replaced RFC1918, but were deprecated in favour of ULA.
Is it normal my machine has nearly 100 IPv6 addresses on a single interface?
Why doesn't doing the obvious ping of a link local address work?
Because you've not said which interface it should go out. Since all interfaces have link local addresses it's probable its going out one of those other ones. Probably your loopback interface.
Why shouldn't I assign ...:feed:cafe:babe:f00d as an address to a machine?
The last 8 octets (64 bits) of an address are the host portion of the address. There is a "magic bit" in here, if your address can be bitwised anded with 0200:0000:0000:0000 then this is a "globally unique" address (eg one that is generated based on your MAC). Also the middle two octets specify what type of EUI-64 they are.
Given a mac address, what IPv6 address would be dynamically assigned to this host?
Take the mac address, xor it with 02:00:00:00:00:00, then take the first three octets, insert FF:FE after them, then the last three. The FF:FE says that this was generated by an ethernet MAC address.
What's the story with DAD? and what's he doing on my network?
DAD has nothing to do with parental control, it's all about Duplicate Address Detection. A machine first asks if anyone else is using the same address on a network before using it. If someone else is found to be using the address it will not be used. An address which has been added but hasn't yet passed DAD is marked as "tentative".
I have an MTU of 576 on a link, what happened to my v6 traffic?
576 is the IPv4 minimum maximum-reassembly size for a packet. IPv6 has a minimum MTU instead. It's larger than 576.
Would it be better if it was 1000, 1100, 1200, 1300, 1400, 1500?
No, No, No, Yes, Yes, Yes. The minimum MTU for IPv6 is 1280 bytes.
How am I going to remember all these v6 addresses?
Uhhh, DNS? IPv6 addresses are much more structured than IPv4 addresses, so you can more easily break them up into easily memorised sections.
What's the v6 address for localhost?
ip6-localhost aka ::1
What's the broadcast address on a v6 network?
There is no such thing as "broadcast" on IPv6. The closest concept is the "all nodes multicast address" aka ip6-allnodes aka ff02::1.
How do I enable v6 on the various host types inside my network?
modprobe ipv6
ipv6.exe install
More importantly, quick, how do I turn it off again?
reboot: You can't unload the ipv6 module once it's loaded
If I have an IPv6 address on an interface, does that mean I can talk to v6 hosts on the Internet?
If all you have is addresses beginning with fe80::/16 and none that begin with 2000::/3 then chances are you only have link local addresses and no, you can't talk to other hosts "out there" on the internet
Why does connecting to some hosts on the internet now take a long time, it didn't yesterday! What changed?
Your machine believes it has IPv6 connectivity, but doesn't. It's trying first with IPv6 and waiting for that to timeout before retrying again with IPv4.
My network is v4 only and has a NAT box in front of it to protect me from malicious traffic, how come all of these machines can talk to v6 machines on the internet? How come v6 machines on the internet are successfully talking to them!
With Windows Vista Microsoft has enabled IPv6 by default, and if a Windows machine cannot get a globally scoped (aka "realworld") IPv6 address it will use the Teredo protocol to get one which will bust through NAT.
Whats the story with Site locals?
Site locals were the equivilent to RFC1918 addresses for IPv6. They had the same issues as RFC1918 addresses and were deprecated in favour of ULA.
Where's all this multicast traffic come from?
IPv6 doesn't use broadcast at all. Broadcast packets go to all hosts, some of which may not want to recieve the packet, but have to process it all the same to check that they aren't a packet it cares about. Instead IPv6 uses multicast packets.
What's the HD ratio, and is it important to me?
The Host Density Ratio. Because you get allocated so many IPv6 addresses it's impossible for you to use them all, but you might want more allocations for other reasons. This is used to figure out how much you have used your current allocation.
How do I multihome?
What's a home agent good for and why does my machine want one?
A home agent is used in mobile IP, the ability to have an IP address from somewhere and keep using it even if you're on the other side of the world without having to resort to messy VPN's. Support for Mobile IP is required for IPv6.
Who's IKE and what's he doing in my kernel?
IKE is the Internet Key Exchange protocol used by IPSec to negotiate a session key between two hosts. Support for IPsec is a required feature for IPv6.
How do IPv6 only hosts talk to a IPv4 only host?
By a IPv6-to-IPv4 Transport Relay Translator (TRT). See RFC 3142 for more detail than you care about.
How do IPv4 only hosts talk to IPv6 only hosts?
They don't, unless the IPv6 host initiated the conversation, in which case see previous answer.
Someone once said IPv6 gave me {security, QoS, addresses} for free, are they lying? misinformed? or is there some tiny element of truth?


They're on crack

Because of the huge amount of IPv6 address space, it's harder to scan for computers. However this won't stop worms/crackers/whatever from just being smarter about which ranges they scan. Each machine leaves "trails" in webserver/dns logs etc, so it's probable that they'll find your computer anyway.

IPv6 mandates support for IPSec in all hosts, so you'll be able to assume that anyone out there on the Internet will be able to do IPsec, so you can encrypt more of your traffic.


They're on crack. The only remote element of truth in this is the "flow label" in the IPv6 header, a 20 bit code that appears to have no use what so ever.


Yup. You can also get IPv4 addresses for free from your RIR if you ask too :)

What are the pitfalls with v6 addresses and DNS?

They're long. Really long. And you have to type them in backwards. You're almost certainly going to typo it at least four or five times per address. Automate this.

DNS packets over UDP are limited to 512 bytes before they are truncated and are retried using TCP. Don't return too much stuff in one query.

There are AAAA and A6 records. Everyone uses AAAA, nobody uses A6.

Do I need to update my resolvers?
Your resolver needs support for:
  • Sending and recieving DNS queries to IPv6 addresses.
  • AAAA records.
Your resolver should support:
  • A6 records, and perhaps synthesizing AAAA requests from them.
  • EDNS0 to avoid the 512 byte limitations of DNS.
What's ULA, do I need it?
ULA standards for Unique Local Addressing. The idea behind ULA is that everyone gets their own (probably) unique IPv6 RFC1918-like address space. This is important so you can join multiple ULA networks together without having to resort to nasty NAT hacks.
Should I give dialup users a /20, /32, /48, /56, /64, /120, /127, or /128? What about DSL users? What about colo'd users? What about my fridge?
/20 /32 /48 /56 /64 /120 /127 /128
Dialup No No Maybe Perhaps Maybe No No Maybe
DSL/Cable No No Probably Maybe Probably Not No No Probably not
Colo Unlikely Probably not Maybe Possibly Probably No No Maybe
Fridge No No No No No No No Yes
Whats the v6 equivilent tool for traceroute? ping?
traceroute6/tracepath6, ping6, scamper, etc...
Given an IPv6 address, can you derive it's MAC address?
What are the privacy implications of this?
It means someone can track a computer uniquely even as it moves between networks. A "super cookie".
How are these problems addressed?
By using privacy addresses where a new IPv6 address is chosen for anonymous outgoing tcp connections every hour. These addresses usually have a lifetime of 24 hours. This means after a day of uptime your machine will probably have 25 addresses on it.
What's 6to4? ISATAP? 6over4? Teredo? SHIM6?
6to4 is a way of automatically generating a /48 of globally scoped ("realworld") IPv6 addresses from a single globally scoped IPV4 address
(Intra Site Automatic Tunnel Addressing Protocol) This is a way of getting a link local IPv6 address from an IPv4 address
This is another way of getting a link local IPv6 address from an IPv4 address, it differs from ISATAP in that it requires that the IPv4 network supports multicast
A transition mechanism for getting a globally scoped ("realworld") IPv6 address even though the host machine is behind NAT and doesn't have any globally scoped ("realworld") IPv6 addresses.
SHIM6 is a working group developing system(s) to multihome IPv6 machines without having to announce extra routes into the global routing table.
Are these acronyms going to haunt my nightmares?
How do I do NAT in an IPv6 world?
You don't. The closest you'll get is SHIM6.
What's AH and why is that going to mean I can't screw with my users traffic anymore?
Authentication header -- an IPsec feature that all IPv6 stacks are required to implement that means that machines authenticate where packets came from, and that they've not been modified in transit.
What's ESP and is that going to make firewalling troublesome?
Encrypted Secure Payload -- an IPsec feature that all IPv6 stacks are required to implement that means that the payload of a packet is encrypted.
And what's the story with QoS?
QoS is the same as you would normally do, as far as I know nothing changes with IPv6.
How on earth am I going to find 2108 customers in two years to keep APNIC happy?
You only need 200 custoemrs within 2 years to get an apnic allocation.