- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
In the last post of this IPv6 tutorial, I introduced link-local and site-local IPv6 addresses. The problem with local-use unicast addresses is that they are not unique because they can be reused. Everything is fine as long as duplicate addresses are in networks of different organizations (sites). However, within in an organization, local-use addresses can also be assigned multiple times.
IPv6 zone ID ^
The purpose of zone IDs is to distinguish these addresses. For instance, if host A has two NICs that are connected to two different links (subnets), the same local-link address could have been used for NIC 1 on host A and on host B that is on the link of host A's NIC 2. To distinguish this ambiguous link-local address, host A uses the interface index of NIC 1 as the zone ID for the local IP address.
For site-local addresses, the operating system uses the site ID (also called the scope ID). If a host is only connected to one site, this ID is always 1.
You can display the interface indexes on a host with the command "netsh interface ipv6 show address level=verbose". If you launch the ipconfig command, you can see the local-link and site-local addresses with their zone IDs. The syntax for identifying the zone is address%zone_ID. This is an example of a link-local IP address with zone ID 11: fe80::bd0f:a8bc:6480:238b%11.
Note that the zone ID is only known at the local host that assigned it. I think in practice you will seldom be bothered with zone IDs as you don't have to configure them manually.
Unique local IPv6 unicast address ^
Even with the use of zone IDs, you should probably avoid having ambiguous IP addresses in your network. Instead of site-local addresses, you can work with unique local IPv6 unicast addresses. These local-use addresses are also not routed across the Internet; however, like global IPv6 addresses, they are unique. Well, more or less, as you will soon see.
The prefix of unique local IPv6 unicast addresses is FC00::/7. The eighth bit is the Local flag and is set to 1 for local addresses. A Local flag with 0 has not yet been defined. Perhaps this could be a way to make local IPv6 addresses global? Anyway, until IPv6, creators have made up their mind, the prefix of unique local IPv6 unicast addresses is FD00::/8. Don't worry if you don't really understand this; all you really have to know about unique local IPv6 unicast addresses is this:
The next 40 bits are for the global ID and are randomly set. The following 16 bits are the subnet ID, which you can use for hierarchical addresses within your organization. As usual, the last 64 bits are the interface ID.
The trick with the random global ID is that it makes it somewhat unlikely for duplicate local addresses to occur on a site or even in the networks of two merging organizations. Actually, the probability that two organizations use the same global ID for their unique local IPv6 addresses is 1/240=9.1 10-13. Winning the Lotto jackpot is a few magnitudes more likely. However, what the IPv6 creators didn't take into account is that Murphy's Law rules in all networks. Hence, "relatively unique local IPv6 unicast addresses" would probably have been a better name. 😉
Subscribe to 4sysops newsletter!
In the next post in this IPv6 tutorial, I will discuss the special IPv6 addresses: unspecified address, IPv4-mapped address, 6to4 addresses, IPv6 multicast address, and solicited-node address.