IPv6 address: Difference between revisions

An Internet Protocol version 6 address (IPv6 address) is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.

IPv6 is the successor to the first addressing infrastructure of the Internet, Internet Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, in comparison, IPv6 has a vastly enlarged address space.

IPv6 addresses are classified by the primary addressing and routing methodologies common in networking: unicast addressing, anycast addressing, and multicast addressing.^[1]

A unicast address identifies a single network interface. The Internet Protocol delivers packets sent to a unicast address to that specific interface.

An anycast address is assigned to a group of interfaces, usually belonging to different nodes. A packet sent to an anycast address is delivered to just one of the member interfaces, typically the nearest host, according to the routing protocol's definition of distance. Anycast addresses cannot be identified easily, they have the same format as unicast addresses, and differ only by their presence in the network at multiple points. Almost any unicast address can be employed as an anycast address.

A multicast address is also used by multiple hosts that acquire the multicast address destination by participating in the multicast distribution protocol among the network routers. A packet that is sent to a multicast address is delivered to all interfaces that have joined the corresponding multicast group. IPv6 does not implement broadcast addressing. Broadcast's traditional role is subsumed by multicast addressing to the all-nodes link-local multicast group ff02::1. However, the use of the all-nodes group is not recommended, and most IPv6 protocols use protocol-specific link-local multicast groups to avoid disturbing every interface on a given network.

An IPv6 address consists of 128 bits.^[1] For each of the major addressing and routing methodologies, various address formats are recognized by dividing the 128 address bits into bit groups and using established rules for associating the values of these bit groups with special addressing features.

Unicast and anycast addresses are typically composed of two logical parts: a 64-bit network prefix used for routing, and a 64-bit interface identifier used to identify a host's network interface.

The network prefix (the routing prefix combined with the subnet ID) is contained in the most significant 64 bits of the address. The size of the routing prefix may vary; a larger prefix size means a smaller subnet ID size. The bits of the subnet ID field are available to the network administrator to define subnets within the given network. The 64-bit interface identifier is automatically established randomly, obtained from a DHCPv6 server, or assigned manually. (Historically, it was automatically generated from the interface's MAC address using the modified EUI-64 format, but this method is now not recommended for privacy reasons.^[2])

Unique local addresses are addresses analogous to IPv4 private network addresses.

The prefix field contains the binary value 1111110. The L bit is one for locally assigned addresses; the address range with L set to zero is currently not defined. The random field is chosen randomly once, at the inception of the /48 routing prefix.

A link-local address is also based on the interface identifier, but uses a different format for the network prefix.

The prefix field contains the binary value 1111111010. The 54 zeroes that follow make the total network prefix the same for all link-local addresses (fe80::/64 link-local address prefix), rendering them non-routable.

Multicast addresses are formed according to several specific formatting rules, depending on the application.

For all multicast addresses, the prefix field holds the binary value 11111111.

Currently, three of the four flag bits in the flg field are defined;^[1] the most-significant flag bit is reserved for future use.

The four-bit scope field (sc) is used to indicate where the address is valid and unique.

In addition, the scope field is used to identify special multicast addresses, like solicited node.

The sc(ope) field holds the binary value 0010 (link-local). Solicited-node multicast addresses are computed as a function of a node's unicast or anycast addresses. A solicited-node multicast address is created by copying the last 24 bits of a unicast or anycast address to the last 24 bits of the multicast address.

Link-scoped multicast addresses use a comparable format.^[6]

An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits^[a] The groups are separated by colons (:). An example of an IPv6 address is:

The standards provide flexibility in the representation of IPv6 addresses. The full representation of eight four-digit groups may be simplified by several techniques, eliminating parts of the representation. In general, representations are shortened as much as possible. However, this practice complicates several common operations, namely searching for a specific address or an address pattern in text documents or streams, and comparing addresses to determine equivalence. For mitigation of these complications, the Internet Engineering Task Force (IETF) has defined a canonical format for rendering IPv6 addresses in text:^[9]

• The hexadecimal digits are always compared in case-insensitive manner, but IETF recommendations suggest the use of only lower case letters. For example, 2001:db8::1 is preferred over 2001:DB8::1;
• Leading zeros in each 16-bit field are suppressed, but each group must retain at least one digit. For example, 2001:0db8::0001:0000 is rendered as 2001:db8::1:0;
• The longest sequence of consecutive all-zero fields is replaced with two colons (::). If the address contains multiple runs of all-zero fields of the same size, to prevent ambiguities, it is the leftmost that is compressed. For example, 2001:db8:0:0:1:0:0:1 is rendered as 2001:db8::1:0:0:1 rather than as 2001:db8:0:0:1::1. :: is not used to represent just a single all-zero field. For example, 2001:db8:0:0:0:0:2:1 is shortened to 2001:db8::2:1, but 2001:db8:0000:1:1:1:1:1 is rendered as 2001:db8:0:1:1:1:1:1.

These methods can lead to very short representations for IPv6 addresses. For example, the localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6 unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::, respectively.

During the transition of the Internet from IPv4 to IPv6, it is typical to operate in a mixed addressing environment. For such use cases, a special notation has been introduced, which expresses IPv4-mapped and IPv4-compatible IPv6 addresses by writing the least-significant 32 bits of an address in the familiar IPv4 dot-decimal notation, whereas the 96 most-significant bits are written in IPv6 format. For example, the IPv4-mapped IPv6 address ::ffff:c000:0280 is written as ::ffff:192.0.2.128, thus expressing clearly the original IPv4 address that was mapped to IPv6.

An IPv6 network uses an address block that is a contiguous group of IPv6 addresses of a size that is a power of two. The leading set of bits of the addresses are identical for all hosts in a given network, and are called the network's address or routing prefix.

Network address ranges are written in CIDR notation. A network is denoted by the first address in the block (ending in all zeroes), a slash (/), and a decimal value equal to the size in bits of the prefix. For example, the network written as 2001:db8:1234::/48 starts at address 2001:db8:1234:0000:0000:0000:0000:0000 and ends at 2001:db8:1234:ffff:ffff:ffff:ffff:ffff.

The routing prefix of an interface address may be directly indicated with the address using CIDR notation. For example, the configuration of an interface with address 2001:db8:a::123 connected to subnet 2001:db8:a::/64 is written as 2001:db8:a::123/64.

The size of a block of addresses is specified by writing a slash (/) followed by a number in decimal whose value is the length of the network prefix in bits. For example, an address block with 48 bits in the prefix is indicated by /48. Such a block contains 2^{128 − 48} = 2⁸⁰ addresses. The smaller the length of the network prefix, the larger the block: a /21 block is 8 times larger than a /24 block.

Colon (:) characters in IPv6 addresses may conflict with the established syntax of resource identifiers, such as URIs and URLs. The colon is conventionally used to terminate the host path before a port number.^[10] To alleviate this conflict, literal IPv6 addresses are enclosed in square brackets in such resource identifiers, for example:

When the URL also contains a port number the notation is:

where the trailing 443 is the example's port number.

For addresses with other than global scope (as described in § Address scopes), and in particular for link-local addresses, the choice of the network interface for sending a packet may depend on which zone the address belongs to. The same address may be valid in different zones, and in use by a different host in each of those zones. Even if a single address is not in use in different zones, the address prefixes for addresses in those zones may still be identical, which makes the operating system unable to select an outgoing interface based on the information in the routing table (which is prefix-based).

In order to resolve the ambiguity in textual addresses, a zone index must be appended to the address. The zone index is separated from the address by a percent sign (%).^[11] Although numeric zone indices must be universally supported, the zone index may also be an implementation-dependent string. The link-local address

could be expressed by

or

The former (using an interface name) is customary on most Unix-like operating systems (e.g., BSD, Linux, macOS).^[12] The latter (using an interface number) is the only syntax on Microsoft Windows, but as support for this syntax is mandatory per standard, it is also available on other operating systems.^[c]

BSD-based operating systems (including macOS) also support an alternative, non-standard syntax, where a numeric zone index is encoded in the second 16-bit word of the address. E.g.:

In all operating systems mentioned above, the zone index for link-local addresses actually refers to an interface, not to a zone. As multiple interfaces may belong to the same zone (e.g. when connected to the same network), in practice two addresses with different zone identifiers may actually be equivalent, and refer to the same host on the same link.^[d]

When used in uniform resource identifiers (URI), the use of the percent sign causes a syntax conflict, therefore it must be escaped via percent-encoding,^[13] e.g.:

In Microsoft Windows operating systems, IPv4 addresses are valid location identifiers in Uniform Naming Convention (UNC) path names. However, the colon is an illegal character in a UNC path name. Thus, the use of IPv6 addresses is also illegal in UNC names. For this reason, Microsoft implemented a transcription algorithm to represent an IPv6 address in the form of a domain name that can be used in UNC paths. For this purpose, Microsoft registered and reserved the second-level domain ipv6-literal.net on the Internet (although they gave up the domain in January 2014^[14]). IPv6 addresses are transcribed as a hostname or subdomain name within this namespace, in the following fashion:

is written as

This notation is automatically resolved locally by Microsoft software, without any queries to DNS name servers.

If the IPv6 address contains a zone index, it is appended to the address portion after an 's' character:

is written as

Every IPv6 address, except the unspecified address (::), has a scope,^[11] which specifies in which part of the network it is valid.

For unicast addresses, two scopes are defined: link-local and global.

Link-local addresses and the loopback address have link-local scope, which means they can only be used on a single directly attached network. All other addresses (including unique local addresses) have global (or universal) scope, which means they are potentially globally routable and can be used to connect to addresses with global scope anywhere, or to addresses with link-local scope on the directly attached network.

Unique local addresses have global scope, but they are not globally administered. As a result, only other hosts in the same administrative domain (e.g., an organization), or within a cooperating administrative domain are able to reach such addresses, if properly routed. As their scope is global, these addresses are valid as a source address when communicating with any other global-scope address, even though it may be impossible to route packets from the destination back to the source.

Anycast addresses are syntactically identical to and indistinguishable from unicast addresses. Their only difference is administrative. Scopes for anycast addresses are therefore the same as for unicast addresses.

For multicast addresses, the four least-significant bits of the second address octet (ff0s::) identify the address scope, i.e. the domain in which the multicast packet should be propagated. Predefined and reserved scopes are:

All other scopes are unassigned and available to administrators for defining additional regions.

The management of IPv6 address allocation process is delegated to the Internet Assigned Numbers Authority (IANA)^[16] by the Internet Architecture Board and the Internet Engineering Steering Group. Its main function is the assignment of large address blocks to the regional Internet registries (RIRs), which have the delegated task of allocation to network service providers and other local registries. The IANA has maintained the official list of allocations of the IPv6 address space since December 1995.^[17]

In order to allow efficient route aggregation, thereby reducing the size of the Internet routing tables, only one-eighth of the total address space (2000::/3) is currently allocated for use on the Internet. The rest of the IPv6 address space is reserved for future use or for special purposes. The address space is assigned to the RIRs in blocks of /23 up to /12.^[18]

The RIRs assign smaller blocks to local Internet registries that distribute them to users. These are typically in sizes from /19 to /32.^[19][20][21] Global unicast assignment records can be found at the various RIRs or other websites.^[22]

The addresses are then typically distributed in /48 to /56 sized blocks to the end users.^[23] IPv6 addresses are assigned to organizations in much larger blocks as compared to IPv4 address assignments—the recommended allocation is a /48 block which contains 2⁸⁰ addresses, being 2⁴⁸ or about 2.8×10¹⁴ times larger than the entire IPv4 address space of 2³² addresses and about 7.2×10¹⁶ times larger than the /8 blocks of IPv4 addresses, which are the largest allocations of IPv4 addresses. The total pool, however, is sufficient for the foreseeable future, because there are 2¹²⁸ (exactly 340,282,366,920,938,463,463,374,607,431,768,211,456) or about 3.4×10³⁸ (340 undecillion) unique IPv6 addresses.

Each RIR can divide each of its multiple /23 blocks into 512 /32 blocks, typically one for each ISP; an ISP can divide its /32 block into 65536 /48 blocks, typically one for each customer;^[24] customers can create 65536 /64 networks from their assigned /48 block, each having 2⁶⁴ (18,446,744,073,709,551,616) addresses. In contrast, the entire IPv4 address space has only 2³² (exactly 4,294,967,296 or about 4.3×10⁹) addresses.

By design, only a small fraction of the address space will be used actively. The large address space ensures that addresses are almost always available, which makes the use of network address translation (NAT) for the purposes of address conservation unnecessary. NAT has been increasingly used for IPv4 networks to help alleviate IPv4 address exhaustion.

Provider-independent address space is assigned directly to the end user by the RIRs from the special range 2001:678::/29 and allows customers to make provider changes without renumbering their networks.

Internet exchange points (IXPs) are assigned special addresses from the ranges 2001:7f8::/32, 2001:504::/30, and 2001:7fa::/32^[25] for communication with their connected ISPs.

Root name servers have been assigned addresses from the range 2001:7f8::/29.^[26]

The lowest address within each subnet prefix (the interface identifier set to all zeroes) is reserved as the subnet-router anycast address.^[1] Applications may use this address when talking to any one of the available routers, as packets sent to this address are delivered to just one router.

The 128 highest addresses within each /64 subnet prefix are reserved to be used as anycast addresses.^[27] These addresses usually have the first 57 bits of the interface identifier set to 1, followed by the 7-bit anycast ID. Prefixes for the network can be of any length for routing purposes, but subnets are required to have a length of 64 bits. The address with value 0x7e in the 7 least-significant bits is defined as a mobile IPv6 home agents anycast address. The address with value 0x7f (all bits 1) is reserved and may not be used. No more assignments from this range have been made, so all the remaining values, 0x00 through 0x7d, are reserved as well.

There are a number of addresses with special meaning in IPv6.^[28] The IANA maintains a registry of these special-purpose addresses.^[29] They represent less than 2% of the entire address space:

• ::/128 – The address with all zero bits is called the unspecified address (corresponding to 0.0.0.0/32 in IPv4). This address must never be assigned to an interface and is to be used only in software before the application has learned its host's source address appropriate for a pending connection. Routers must not forward packets with the unspecified address.

Applications may listen on one or more specific interfaces for incoming connections, which are shown in listings of active internet connections by a specific IP address (and a port number, separated by a colon). When the unspecified address is shown it means that an application is listening for incoming connections on all available interfaces.

In routing table configuration, the unspecified address may be used to represent the default route address (corresponding to 0.0.0.0/0 in IPv4) for destination addresses (unicast, multicast and others) not specified elsewhere in a routing table.

• ::1/128 – The loopback address is a unicast localhost address. This address corresponds to 127.0.0.1/8 in IPv4.
  If an application in a host sends packets to this address, the IPv6 stack loops these packets back on the same virtual interface.
• fe80::/10 – Addresses in the link-local prefix are only valid and unique on the local subnet. This address range is comparable to the auto-configuration addresses 169.254.0.0/16 of IPv4.
  Within this prefix only one /64 subnet is allocated (there are 54 zero bits), yielding an effective format of fe80::/64. The least significant 64 bits were previously chosen as the interface hardware address constructed in modified EUI-64 format, but are now pseudo-random values for privacy. A link-local address is required on every IPv6-enabled interface and applications may rely on the existence of a link-local address even when there is no IPv6 routing.

• fc00::/7 — Unique local addresses (ULAs) are intended for local communication^[39] (comparable to IPv4 private addresses 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16).
  They are routable only within a set of cooperating sites. The block is split into two halves. The lower half of the block (fc00::/8) was intended for globally allocated prefixes, but an allocation method has yet to be defined. The upper half (fd00::/8) is used for probabilistically unique addresses in which the /8 prefix is combined with a 40-bit locally generated pseudorandom number to obtain a /48 private prefix. The procedure for selecting a 40-bit number results in only a negligible chance that two sites that wish to merge or communicate encounter address collisions, but can use the same /48 prefix.^[39]

• ::ffff:0:0/96 — This prefix is used for IPv6 transition mechanisms and designated as an IPv4-mapped IPv6 address.
  With a few exceptions, this address type allows the transparent use of the transport layer protocols over IPv4 through the IPv6 networking application programming interface. In this dual-stack configuration, server applications only need to open a single listening socket to handle connections from clients using IPv6 or IPv4 protocols. IPv6 clients are handled natively by default, and IPv4 clients appear as IPv6 clients at their IPv4-mapped IPv6 address. Transmission is handled similarly; established sockets may be used to transmit IPv4 or IPv6 datagram, based on the binding to an IPv6 address, or an IPv4-mapped address.
• ::ffff:0:0:0/96 — A prefix used for IPv4-translated addresses. These are used by the Stateless IP/ICMP Translation (SIIT) protocol.^[40]
• 64:ff9b::/96 — The well-known prefix. Addresses with this prefix are used for automatic IPv4/IPv6 translation.^[30]
• 64:ff9b:1::/48 — A prefix for locally translated IPv4/IPv6 addresses. Addresses with this prefix can be used for multiple IPv4/IPv6 translation mechanisms like NAT64 and SIIT.^[31] Compared to 64:ff9b::/96, these addresses contain their translated IPv4 address in positions 48-63 and 72-87.^[30] This means that for every IPv4 address a /88 IPv6 prefix is assigned to the device. This enables similar use cases as 6to4, where a single public IPv4 address gets translated into a prefix. This way, only one level of NAT is required and the devices do not need to do NAT66 internally if they need additional addresses, e.g. for P2P interfaces or docker containers.
• 2002::/16 — This prefix was used for 6to4 addressing (prefix from the IPv4 network, 192.88.99.0/24, was also used).
  The 6to4 addressing scheme is deprecated.^[36]