IPv6 Protocol

Baidu AI

IPv6 notes

IPv6 address segments of China

IPv6 Carriers
240e::/20 China Telecom
2409:8000::/20 China Mobile
2408:8000::/20 China Unicom

IPv6 Protocol

IPv6 Header Format

IPv6 Header Format

Field Description
Version 4-bit Internet Protocol version number = 6.
Traffic Class 8-bit traffic class field.
Flow Label 20-bit flow label.
Payload Length 16-bit unsigned integer. Length of the IPv6 payload, i.e., the rest of the packet following this IPv6 header, in octets. (Note that any extension headers present are considered part of the payload, i.e., included in the length count.)
Next Header 8-bit selector. Identifies the type of header immediately following the IPv6 header. Uses the same values as the IPv4 Protocol field.
Hop Limit 8-bit unsigned integer. Decremented by 1 by each node that forwards the packet. The packet is discarded if Hop Limit is decremented to zero.
Source Address 128-bit address of the originator of the packet.
Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient, if a Routing header is present).

IPv6 Extension Header: Routing Header

The following diagram provides the format of the IPv6 extension header Routing header. The field descriptions from RFC 2460 are below it.

IPv6 Routing Header

Field Description
Next Header 8-bit selector. Identifies the type of header immediately following the Routing header. Uses the same values as the IPv4 Protocol field.
Hdr Ext Len 8-bit unsigned integer. Length of the Routing header in 8-octet units, not including the first 8 octets.
Routing Type 8-bit unsigned integer. identifier of a particular Routing header variant.
Segments Left 8 bits
type-specific data Variable-length field, of format determined by the Routing Type, and of length such that the complete Routing header is an integer multiple of 8 octets long.

IPv6 Type 0 Routing Header

The following diagram provides the format of the IPv6 Type 0 Routing header. The field descriptions from RFC 2460 are below it.

IPv6 Type 0 RH

Field Description
Next Header 8-bit selector. Identifies the type of header immediately following the Routing header. Uses the same values as the IPv4 Protocol field.
Hdr Ext Len 8-bit unsigned integer. Length of the Routing header in 8-octet units, not including the first 8 octets.
Routing Type 0.
Segments Left 8-bit unsigned integer. Number of route segments remaining, i.e., number of explicitly listed intermediate nodes still to be visited before reaching the final destination.
Reserved 32-bit reserved field. Initialized to zero for transmission; ignored on reception.
Address[1..n] Vector of 128-bit addresses, numbered 1 to n.

Malicious Use of Type 0 Routing Headers

Attackers can maliciously use IPv6 Type 0 Routing headers to bypass packet filters (IPv6 access-list policies) or anycast addressing and routing. These headers can also be used to perform reflected denial of service (DoS) attacks, spoofing, double spoofing, and amplification attacks (ping-pong attacks that can cause link saturation and potential performance issues through added CPU processing).

This memo includes article to the threats on the use of routing headers, and specifies that IPv6 type 0 routing header processing should be disabled by default.

Disabling Processing of Type 0 Routing Header Packets

1
2
3
4
# In the chains of INPUT/OUTPUT/FORWARD, this rule must be at the top
:~$ ip6table --insert INPUT 0 --match rt --rt-type 0 --jump DROP
:~$ ip6table --insert OUTPUT 0 --match rt --rt-type 0 --jump DROP
:~$ ip6table --insert FORWARD 0 --match rt --rt-type 0 --jump DROP

IPv6 Vs IPv4

IPv6 address IPv4 address Meaning
FE80::/10 169.254.0.0/16 Link-local address(链路本地地址),The IP address is automatically generated when the network card does not obtain an IP address (it can communicate with other local hosts through this IP), and this address cannot be routed
::1/128 127.0.0.1/8 Loopback Address(本机回环地址)
::/128 0.0.0.0/0 default route(默认路由)
FD00::/8 192.168.0.0/16 Site-Local address (私网地址)
FD00::/8 172.0.0.1/8 Site-Local address (私网地址)
FEC0:/10 192.168.0.0/16 Site-Local address (私网地址),已废弃
FEC0:/10 172.0.0.1/8 Site-Local address (私网地址),已废弃
FF00::/8 224.0.0.0/8 Multicast address(组播地址)
FF01::1 224.0.0.1 All Nodes in interface-local (所有-节点地址)
FF01::2 224.0.0.2 All Routers in interface-local (所有-路由器地址)
FF02::1 224.0.0.1 All Nodes in link-local (所有节点地址)
FF02::2 All Routers in link-local (链路中所有路由器组播地址)
FF05::1 All Routers in site-local (私网中所有路由器组播地址)
FF02::5 224.0.0.5 OSPFv3 链路状态(内部)路由协议的组播
FF02::6 224.0.0.6 OSPFv3 designated Routers 链路状态(内部)路由协议的保留组播地址
FF02::9 224.0.0.9 RIPng 距离向量(内部)路由协议的保留组播地址
FF02::A 224.0.0.10 Reserved Multicast Addresses for EIGRP Routing Protocol
FF0X::101 224.0.1.1 Network Time Protocol NTP

Common Protocols

  • ICMPv6: Internet Control Message Protocol version 6 is an upgraded implementation of ICMP to accommodate IPv6 requirements. The protocol is used for diagnostic functions, error and information messages, and statistical purposes. ICMPv6’s Neighbor Discovery Protocol replaces ARP and helps discover neighbors and routers on a link.
  • DHCPv6: Dynamic Host Configuration Protocol version 6 is an implementation of DHCP. IPv6-enabled hosts do not need any DHCPv6 servers to obtain IP addresses because they can be configured automatically. They also do not need DHCPv6 to locate DNS servers because DNS can be discovered and configured through the ICMPv6 Neighbor Discovery Protocol; however, DHCPv6 servers can also be used to provide this information.
  • DNS: There is no new version of DNS, but it is now equipped with an extension to support querying IPv6 addresses. Added a new AAAA (quad-A) record to reply to IPv6 query messages. DNS can now reply with two IP versions (4 and 6) without any change in the query format.

ICMPv6 Protocol

ICMPv6 Packet
Bit offset 0-7 8-15 16–31
0 Type Code Checksum
32 Message body
ICMPv6 Type
Type Code
Value name Meaning Value name Meaning
ICMPv6 Error Messages
1 destination-unreachable Destination unreachable 0 no-route no route to destination
1 communication-prohibited communication with destination administratively prohibited
2 beyond-scope beyond scope of source address
3 address-unreachable address unreachable
4 port-unreachable port unreachable
5 failed-policy source address failed ingress/egress policy
6 reject-route reject route to destination
7 Error in Source Routing Header
2 packet-too-big Packet too big 0
3 time-exceeded Time exceeded 0 ttl-zero-during-transit hop limit exceeded in transit
1 ttl-zero-during-reassembly ragment reassembly time exceeded
4 parameter-problem Parameter problem 0 bad-header erroneous header field encountered
1 unknown-header-type unrecognized Next Header type encountered
2 unknown-option unrecognized IPv6 option encountered
100 Private experimentation
101 Private experimentation
127 Reserved for expansion of ICMPv6 error messages
ICMPv6 Informational Messages
128 echo-request Echo Request 0
129 echo-reply Echo Reply 0
130 Multicast Listener Query (MLD) 0 There are two subtypes of Multicast Listener Query messages:
  • General Query, used to learn which multicast addresses have listeners on an attached link.
  • Multicast-Address-Specific Query, used to learn if a particular multicast address has any listeners on an attached link.
These two subtypes are differentiated by the contents of the Multicast Address field, as described in section 3.6 of RFC 2710
131 Multicast Listener Report (MLD) 0
132 Multicast Listener Done (MLD) 0
133 router-solicitation Router Solicitation (NDP) 0
134 router-advertisement Router Advertisement (NDP) 0
135 neighbour-solicitation Neighbor Solicitation (NDP) 0
136 neighbour-advertisement Neighbor Advertisement (NDP) 0
137 redirect Redirect Message (NDP) 0
138 Router Renumbering 0 Router Renumbering Command
1 Router Renumbering Result
255 Sequence Number Reset
139 ICMP Node Information Query 0 The Data field contains an IPv6 address which is the Subject of this Query.
1 The Data field contains a name which is the Subject of this Query, or is empty, as in the case of a NOOP.
2 The Data field contains an IPv4 address which is the Subject of this Query.
140 ICMP Node Information Response 0 A successful reply. The Reply Data field may or may not be empty.
1 The Responder refuses to supply the answer. The Reply Data field will be empty.
2 The Qtype of the Query is unknown to the Responder. The Reply Data field will be empty.
141 Inverse Neighbor Discovery Solicitation Message 0
142 Inverse Neighbor Discovery Advertisement Message 0
143 Multicast Listener Discovery (MLDv2) reports
144 Home Agent Address Discovery Request Message 0
145 Home Agent Address Discovery Reply Message 0
146 Mobile Prefix Solicitation 0
147 Mobile Prefix Advertisement 0
148 Certification Path Solicitation (SEND)
149 Certification Path Advertisement (SEND)
151 Multicast Router Advertisement (MRD)
152 Multicast Router Solicitation (MRD)
153 Multicast Router Termination (MRD)
155 RPL Control Message
200 Private experimentation
201 Private experimentation
255 Reserved for expansion of ICMPv6 informational messages

References:

  • wikipedia-icmpv6
  • wikipedia-ipv6
  • rfc2460
  • IPv6 Type 0 Routing Header Processing
  • IPv6 Type 0 Routing Headers