Thursday, June 9, 2011

IPV6 - Chapter 3 ICMPv6


This white paper discusses ICMPv6 and describes the types of ICMPv6 messages.

Introducing ICMPv6

Internet Control Message Protocol (ICMP) is communication method for reporting packet-handling errors. ICMP for IPv6 (ICMPv6) is the latest version of ICMP. All IPv6 nodes must conduct ICMPv6 error reporting.
ICMPv6 can be used to analyze intranet communication routes and multicast addresses. It incorporates operations from the Internet Group Management Protocol (IGMP) for reporting errors on multicast transmissions, and ICMPv6 packets are used in the IGMP extension Multicast Listener Discovery (MLD) protocol to locate linked multicast nodes. ICMPv6 is also used for operations such as packet Internet groper (ping), traceroute, and Neighbor Discovery.

ICMPv6 message types

Like IPv6, ICMPv6 is a network layer protocol. However, IPv6 sees ICMPv6 as an upper layer protocol because it sends its messages inside IP datagrams. The two types of ICMPv6 message are
  • error messages
  • information messages

ICMPv6 error messages

The ICMPv6 error messages notify the source node of a transmission error. This enables the packet's originator to implement a solution to the reported error and attempt successful transmission. If the type of error message received is unknown, the message is transferred to an upper layer protocol for processing. The type of message is identified with type values ranging from 1 to 127.
Types of packet transmission error messages include
  • Destination Unreachable
  • Parameter Problem
  • Packet Too Big
  • Time Exceeded

Destination Unreachable

A router will communicate a Destination Unreachable message to the source address when a message cannot be delivered due to a cause other than congested network paths. The Destination Unreachable message signals the reason for delivery failure using one of five codes.
Table 1: Destination Unreachable message codes, labels, and causes
Error message code Error message label Cause of message
0 No route to destination A router without a default route to the destination address generates this message.
1 Communication with destination administratively prohibited A packet-filtering firewall generates this message when a packet is denied access to a host behind a firewall.
2 Not a neighbor This error message is sent when the forwarding node does not share a network link with the next node on the route. It applies to packets using a route defined in the IPv6 routing header extension.
3 Address unreachable An error resolving the IPV6 destination address to a link-layer address can trigger this message.
4 Port unreachable The destination address generates this message when there is no transport layer protocol listening for traffic.

Parameter Problem

When an error with either the IPV6 header or extension headers prevents successful packet processing, the router sends a Parameter Problem message to indicate the nature of the problem to the source address.

Packet Too Big

The router forwards a Packet Too Big message to the source address when the transmitted packet is too large for the maximum transmission unit (MTU) link to the recipient address.

Time Exceeded

The router communicates a Time Exceeded message to the source address when the value of the Hop Limit field reaches zero.

ICMPv6 information messages

Messages with type values of 128 and above are information messages. ICMPv6 information messages, as defined in RFC 1885, can include
  • an Echo Request
  • an Echo Reply
The Echo Request and Echo Reply messages are part of ping. The purpose of ping is to determine whether specific hosts are connected to the same network. If the type of information message received is unknown, the message should be deleted.
IGMP and Neighbor Discovery protocol messages are also classed as information messages.

ICMPv6 message fields

ICMPv6 packets are located within the last extension header in the IPv6 packet, and they are identified in the previous Next Header field by a value of 58. All ICMPv6 packets contain three fields and a message body. The ICMPv6 messages fields have certain functions, as shown in the following table.
Table 2: ICMPv6 message fields
Message field Field function
Type An 8-bit field that specifies the type of message and determines the contents of the message body. A value in the Type field from 0 to 127 indicates an error message, and a value from 128 to 255 indicates an information message.
Code An 8-bit field that provides a numeric code for identifying the type of message.
Checksum A 16-bit field that identifies instances of data violation in the ICMPv6 message and header. The value of the Checksum field is determined using the contents of the ICMPv6 Message fields and the IPv6 pseudoheader.
A 16-bit field that identifies instances of data violation in the ICMPv6 message and header. The value of the Checksum field is determined using the contents of the ICMPv6 Message fields and the IPv6 pseudoheader.

Checksum field

Before sending an ICMP message, a system calculates a checksum to place in the Checksum field. The checksum is calculated as follows:
  • if the ICMP message contains an odd number of bytes, the system adds an imaginary trailing byte equal to zero
  • the extra byte is used in the checksum calculation but is not sent with the message
  • a pseudoheader, containing source and destination IP addresses, the payload length, and the Next Header byte for ICMP is added to the message
  • the pseudoheader is used for checksum generation only and not transmitted
  • the receiving system verifies the checksum by using the same calculation process as the sending system
  • if the checksum is correct, ICMP accepts the message
  • if the checksum is incorrect, ICMP discards the message

Threats to message integrity

ICMPv6 messages can be subject to malicious attacks. For example, the source address of the message may be concealed by an alternative address, the message body may be modified, or the message may be intercepted and forwarded to an address other than the intended destination.
The ICMPv6 authentication mechanism can be applied to ICMPv6 messages to ensure that packets are sent to the intended recipient. A checksum calculation can also be generated, using the value of the data contents to safeguard the integrity of the source address, destination address, and the message body.

Neighbor discovery

The IPv6 Neighbor Discovery protocol incorporates the IPv4 functions of Address Resolution Protocol (ARP), ICMP Router Discovery messages, and ICMP Redirect messages to communicate information across the network. IPV6 nodes use Neighbor Discovery protocol to
  • trace the data-link layer address of local-link multicast neighbors
  • determine the accessibility of neighbors
  • monitor neighbor routers
The Neighbor Discovery protocol utilizes five informational message types to assist in neighbor discovery
  1. Type 133 – Router Solicitation
  2. Type 134 – Router Advertisement
  3. Type 135 – Neighbor Solicitation
  4. Type 136 – Neighbor Advertisement
  5. Type 137 – Redirect

Type 133 – Router Solicitation

The Router Solicitation message is multicast to all routers by a host to prompt routers to generate router advertisement messages.

Type 134 – Router Advertisement

Routers transmit Router Advertisement messages in response to a host's Router Solicitation message. Periodically, routers use Router Advertisement messages to identify themselves to hosts on a network.

Type 135 – Neighbor Solicitation

A key responsibility of ICMP is the mapping of IP addresses to data-link layer addresses. It uses simple strategy to do this – a node multicasts a request to all hosts on the network and requests an Ethernet addresses corresponding to a particular IP address in a Neighbor Solicitation message.

Type 136 – Neighbor Advertisement

A Neighbor Advertisement message takes much the same form as a Neighbor Solicitation message. The advertisement includes the target's IP address, and through an option, it also includes the target's data-link layer address.

Type 137 – Redirect

ICMPv6 uses the Neighbor Redirect message to inform the originator node of a more efficient network route for delivery of the forwarded message. Routers forward the ICMPv6 message and transmit a Redirect message to the local-link address of the originator node if
  • a more effective first hop route is identified on the same local link as the originator node
  • the originator uses a global IPv6 source address to transmit a packet to a local-link neighbor
  • the packet was not addressed to the router that received it
  • the target address of the packet is not a multicast address


Internet Control Message Protocol for IPv6 (ICMPv6) is communication method for reporting packet-handling errors on an IPv6 network. The two message types are information messages and error messages. ICMPv6 is also used for operations such as packet Internet groper (ping), traceroute, and Neighbor Discovery.

IPV6 - Chapter 2 - Addressing architecture in IPv6


This white paper discusses IPv6 addressing and compares it with IPv4. It outlines the three types of IPv6 address – unicast, multicast, and anycast. It also discusses types of unicast addresses and IEEE 802 addressing.

IPv6 addressing

Comparing IPv4 and IPv6 addresses

IPv4 contains a 32-bit address space, which provides for 2^32 – or 4,294,967,296 – addresses. The IPv6 128-bit address spaces allows for 2^128 – or 340,282,366,920,938,463,374,607,431,768,211,456 or 3.4 × 10^38 – possible addresses.
The current allocation of IPv6 addresses is determined according to the value of their high order bits. These values are fixed and also known as a Format Prefix (FP). 

Table 1: The current allocation of IPv6 address space
Status of allocation space FP in binary Fraction of the address space
Reserved 0000 0000 1/256
Unassigned 0000 0001 1/256
Reserved for Network Service Access Point (NSAP) allocation 0000 001 1/128
Reserved for Internet Packet Exchange (IPX) allocation 0000 010 1/128
Unassigned 0000 011 1/128
Unassigned 0000 1 1/32
Unassigned 0001 1/16
Aggregatable global unicast addresses 001 1/8
Unassigned 010 1/8
Unassigned 011 1/8
Unassigned 100 1/8
Unassigned 101 1/8
Unassigned 110 1/8
Unassigned 1110 1/16
Unassigned 1111 0 1/32
Unassigned 1111 10 1/64
Unassigned 1111 110 1/128
Unassigned 1111 1110 0 1/512
Link-local unicast addresses 1111 1110 10 1/1024
Site-local unicast addresses 1111 1110 11 1/1024
Multicast addresses 1111 1111 1/256

Address representation

IPv4 addresses use dotted decimal notation, whereby the address is divided into octets. Each octet in an IPv4 address is assigned a decimal value from 0 to 255. IPv6 addresses are represented using the format
Each X represents a 16-bit section of the 128-bit address and is converted to four hexadecimal digits separated by colons. For example,
This address represented in binary is:
1110110010111101000000001101001100000000000000001011001100 1111011000011110000101000000000000000000010111001101001111 010100011100
The IPv6 address is divided into 16-bit boundaries
110110010111101 0000000011010011 000000000000000 011001100111101 1000011110000101 000000000000000 001011100110100 111010100011100
The first four digits conform to the unassigned prefix value 1110, which represents 1/16 of all IPv6 addresses.
In instances where a zero is the first digit in the 4-digit hexadecimal number, the zero can be omitted. When an IPv6 address consists of a series of zeros, a double colon (::) can be used in place of the zeros. For example, you would use 3450::3 to display the address
The IPv6 prefix specifies the bits within the address that are assigned fixed values. The prefix can also be the network identifier. IPv6 prefixes for address ranges, routes, and subnet identifiers are expressed in address/prefix-length notation. This uses the structure of classless interdomain routing (CIDR) notation employed by IPv4. For example, a subnet prefix would be expressed as

Types of IPv6 address

IPv4 uses broadcast addressing, whereby every network node must process all broadcast requests. This is an inefficient routing process, as most broadcasts are not relevant to the majority of nodes on the network.
The three types of addressing employed by IPv6 are
  • unicast
  • multicast
  • anycast

Unicast addresses

Unicast addresses are 128-bit fields that identify a single IPv6 interface. They contain information that refers exclusively to the associated interface, and packets sent to a unicast address will be forwarded to the relevant interface.
Like IPv4 addresses, unicast addresses can be split into two parts:
  • the subnet prefix
  • the interface ID
The subnet prefix is used to route the packet. The distance of the router from the specified interface address influences the length of the subnet prefix, which in turn can determine the length of the interface ID. The interface ID identifies the network node associated with the target IPv6 interface.

Multicast addresses

IPv6 multicast addresses identify a set of interfaces that are usually assigned to different nodes. Packets transmitted to a multicast address are sent to all interfaces linked to that address. Multicast addresses cannot be the source address for a packet – they can only be the destination address.
A graphic of the structure of the IPv6 multicast address format, from RFC 2373. It includes the following fields: Flgs field, Scope field, Group ID field, and a reserved field with a value of zero.
IPv6 multicast address format
IPv6 multicast addresses consist of four fields. The Format Prefix field is an 8-bit field that identifies the packet's destination as a multicast address. The Flgs field contains 4-bit flags. The fourth or lowest order bit of the Flgs field specifies whether the multicast address is transient or well known – the first three bits have not yet been assigned a function.
The Scope field specifies the scope of the multicast address group. The scope can range from including nodes on only the local network to nodes at any IPv6 global address. The multicast group is represented by the value in the 112-bit Group ID field.
Table 2: Values for the Scope field
Defined Value Type of scope
0 Reserved
1 Node-local scope
2 Link-local scope
5 Site-local scope
8 Organization-local scope
E Global scope
F Reserved

Anycast addresses

Anycast addressing identifies a set of interfaces that are usually assigned to different nodes. Multiple nodes can share anycast addresses, but only one node can receive the packets from the anycast address. Packets transmitted to an anycast address are sent to the nearest interface associated with that address. Anycast addresses are assigned to routers, rather than hosts, and they cannot be used as source addresses.
  • Internet service provider (ISP)
  • routing domain
  • subnet

Types of unicast addresses

The types of IPv6 unicast addresses include
  • aggregatable global unicast addresses
  • link-local addresses
  • site-local addresses
  • special IPv6 addresses
Aggregatable global unicast addresses are intended to provide efficient routing and are similar to the public IPv4 address. They share the structure of site-local address after the first 48 bits.
The aggregatable global unicast address structure contains the following five fields:
  • the 13-bit Top-Level Aggregation Identifier field
  • the 8-bit Reserved field
  • the 24-bit Next-Level Aggregation Identifier field
  • the 16-bit Site-Level Aggregation Identifier field
  • the 64-bit Interface ID field
A graphic that represents the structure of the aggregatable global unicast address. The graphic displays each field name and the relevant bit size.
Aggregatable global unicast address structure
Both site-local and link-local addresses are types of local-use unicast address. Nodes use link-local addresses to communicate with neighbor nodes on the same network link. They are also used for Neighbor Discovery protocol transmissions. Site-local addresses are used to transmit messages to nodes within the same site. Such addresses are not accessible to nodes on external sites.

Special IPv6 addresses

The two types of special IPv6 addresses are
  • unspecified address
  • loopback address
The unspecified address does not identify an interface or target address. It can be used as a source to confirm the identity of an undefined address and to mark the absence of an IPv6 address. Loopback addresses identify a loopback interface, whereby a node can use a loopback address to send a message to itself.

Compatibility addresses

The compatibility addresses are designed to assist with the transition from IPv4 to IPv6. This form of address can support both host types and contains the following addresses:
  • IPv4-compatibile address
  • IPv4-mapped address
  • 6to4 address

IPv6-compatible addresses

IPv6/IPv4 nodes that use IPv6 for communication use IPv4-compatible addresses. IPv4-compatibile addresses can be the destination address for IPv6 messages. For IPv6 messages to be forwarded to this destination, they are encapsulated within IPv4 headers.

IPv4-mapped addresses

The IPv4-mapped addresses represent an IPv4 node that can only be used on the IPv4 infrastructure to an IPv6 node. This type of address cannot be the source or destination address of an IPv6 packet.

6to4 addresses

The 6to4 address is a tunneling technique that enables two nodes that support both IPv4 and IPv6 to communicate.

IEEE 802 addresses

Institute of Electrical and Electronics Engineers (IEEE) 802 addresses are 48-bit addresses that identify network adapters. They consist of two parts:
  • the 24-bit company ID
  • the 24-bit extension ID, or board ID
The graphic displays the 48-bit IEEE 802 address structure. It is divided into two 24-bit fields: the IEEE administered company ID field and the Manufacturer selected extension ID field.
48-bit IEEE 802 address
The company ID identifies the manufacturer of the network adapter, and the extension ID is the unique global identifier of the network adapter.
IEEE 802 has two defined bits:
  • Universal/Local (UL)
  • Individual/Group (I/G)
The UL bit in the first byte specifies whether the IEEE 802 address is administered locally or universally, and the I/G bit in the first byte indicates whether the address is unicast (local) or multicast (group).
The IEEE 802 address is also known as the
  • hardware address
  • media access control (MAC) address
  • physical address

IEEE EUI-64 addresses

The IEEE EUI-64 address provides a larger addressing space than the IEEE 802 address by increasing the extension ID to 40 bits. IEEE 802 addresses can be mapped to EUI-64 addresses by adding the 16-bits 0×FFFE – or 1111 1111 1111 1110 – between the company ID and the extension ID.
A graphic that represents the conversion of 48-bit IEEE 802 addresses to EUI 64 addresses. The bit size is increased to 64-bits with the insertion of two 8-bit fields: OxFF and OxFE.
Converting IEEE 802 to an EUI-64 address
EUI-64 addresses can be mapped to an interface identifier for IPv6 unicast addresses by replacing the 1 with 0 or 0 with 1 in the U/L bit in the EUI-64 address. To map an IEEE 802 address to an IPv6 interface identifier, the IEEE 802 address must first be converted to EUI-64.


IPv6 addresses are 128-bits long, and they are assigned to interfaces and sets of interfaces. Unicast addresses identify single interfaces, and they are divided into the subnet prefix and the interface ID. The subnet prefix is used to specify routing, and the interface ID identifies the target interface. Multicast addresses identify a set of interfaces that are usually assigned to different nodes. Anycast addresses also identify a set of interfaces assigned to different nodes, but a packet with an anycast address is routed to the nearest interface having that address. Types of unicast address include aggregatable global unicast addresses, special addresses, and compatibility addresses.


IPV6 - Chapter 1 - Introduction

Total of 3.403×10^38 tottal address in IPV6.

IPV6 is a new version of the internet protocol, designed as a successor to ipv4.
The changes from IPV4 to IPV6 are predominantly in the following areas:
  1. Addressing
  2. Header Format
  3. Flow
  4. Extensions and Options
  5. Authentication and Privacy

1. The most significant change in the upgrade from IPV4 to IPV6 is the increase in addressing space from 32 bits to 128 bits. This new addressing capability can cope with the accelerating usage of the internet. IPV6 changes the addressing types by introducing any-cast addressing and discarding the broadcast address employed by IPV4

2. IPV4 headers contain at least 12 fields, which can vary in length from 20 to 60 bytes.
IPV6 has simplified the header formatting structure by using a fixed length of 40byts. The reduction in the number of fields that needs to be processed allows for more effective networking routing. IPV6 changes the packet fragmentation principle by enabling fragmentation to be conducted by source node only. This also reduces the number of fields required in the packet header. The format of the packet header is simplified in IPV6 by the removal of the check-sum field. IPV6 focuses on routing packets, and the check-sums are implemented in higher level protocols, such as UDP and TCP

3. IPV4 processes each packet individually at intermediate routers. These routers do not record packet details for future handling of similar packets. IPV6 introduces the concept if packets in a flow. A flow is series of packets in a stream of data that require special handling. An example of a flow is a  stream of real-time video data.IPV6 routers can monitor flows and log consistent information for the effective handling of flow packets.

4. IPV4 adds options to the end if the IP header , whereas IPV6 adds options to separate extension headers. This means that, in IPV6, the option header is processes only when a packet contains options.The use of extension headers to contain options obviates the need for all routers to examine certain options.For example, in IPV6, only the source node can fragment a packet, therefore the only nodes that need to examine the fragmentation extension header are the source and destination nodes.

5. The two security extensions employed by IPV6 are
  • authentication header
Packet authentication is implemented through message-digest functions. The sender calculates a  message digest or hash on the packet being sent. The results of this calculation are contained in the authentication header. The packet recipient performs a hash on the received packet and compares the  result against the value in the authentication header. Matching values confirm that the packet traveled from source to destination without violation. Differing values indicate that the packet was modified during transition.

  • encapsulating security payload (ESP) header
The ESP header can encrypt the payload field in an IPV6 packet or the entire packet, ensuring data integrity as it is forwarded across the network. Encrypting the entire packet ensures that packet data, such as the source and destination addresses, are not intercepted during transmission. Encrypted packets are transported within another IPV6 packet that functions as a security gateway.

Header Structure of IPV4 & IPV6

The IPV4 packet header has a 32 bit or 4 byte boundary.
It contains
  • Ten fields
Contains: Version, Header Length, Type of Service, Total length, Identifier, Flags, Fragment Offset, Time to Live, Protocol, Header Check-sum
  • Two addresses
Source Address and Destination Address
  • Options
Options + Padding

The IPV6 packets header expands on the IPV4 header by providing 64 bit, or 8byt, boundary. All IPV6 headers are 40 bytes in total. It contains a simpler header format of
  • Six Fields
Version, Traffic Class, Flow Label, Payload Length, Next Header & Hop Limit
  • Two Addresses
Source Address and Destination Address

Extension Headers
IPV4 implements a complex method for the inclusion of options in the routing of packets. The IPV4 packet structure can vary in size from 20-60 bytes, and IPV4 options are included as extra data. As a result, options may be forwarded without being processed or be processed at each router. Such inefficient routing can lead developers to avoid the use of options.
IPV6 implements a new variety of extension headers to improve the routing of packets with options.Instead of incorporating options into the IPV6 header, the options are placed in separate extension headers appended to the IPV6 header and identified by the Next Header field.
Extension headers - with the exception of hop-by-hop options header - are not processed until they reach the destination address. Each extension header is a multiple of 8 octets in length, preserving the 64-bit alignment for subsequent headers.