19. IPv6 Core
IPv6 header anatomy, address scopes, modified EUI-64, SLAAC, Neighbor Discovery, Duplicate Address Detection, and RA-based DNS.
1. 17.1 - IPv6 Header
IPv6 keeps the base header fixed at 40 bytes. Routers only need the fields required for forwarding: traffic class, flow label, payload length, next header, hop limit, and the two 128-bit addresses.
| IPv4 field | IPv6 equivalent | Operational effect |
|---|---|---|
| IHL | Removed | Base header is always 40 bytes; options move to extension headers. |
| Total Length | Payload Length | Counts extension headers plus upper-layer payload, not the base header. |
| Protocol | Next Header | Names TCP, UDP, ICMPv6, or the next extension header in a chain. |
| TTL | Hop Limit | Same loop-prevention role with a clearer name. |
| Header Checksum | Removed | Routers avoid recalculating a checksum every hop. |
| Fragment flags / offset | Fragment extension header | Only sources fragment; routers send ICMPv6 Packet Too Big. |
| Options | Extension headers | Optional processing is explicit through the Next Header chain. |
| None | Flow Label | Can identify a flow for special treatment, though many networks ignore it. |
2. 17.2 - Address Architecture
IPv6 addresses are 128 bits written as eight colon-separated hex groups. Leading zeros in a group can be omitted, and one longest all-zero run can become ::. IPv6 has no broadcast; multicast and anycast cover the useful cases without flooding every node.
The standard subnet size is /64. A common mental model is /48 for the site, 16 bits of local subnet numbering, and a 64-bit interface ID. Link-local fe80::/10 addresses exist on every interface and are never routed.
3. 17.3 - EUI-64 Interface ID Generation
Modified EUI-64 derives a stable 64-bit interface ID from a 48-bit MAC address by inserting FF:FE in the middle and flipping the universal/local bit of the first byte. The result is deterministic and easy to troubleshoot, but it leaks a stable hardware-derived identity.
Minimal C Demo - EUI-64 Address Builder
4. 17.4 - SLAAC
Stateless Address Autoconfiguration lets a host self-configure from Router Advertisements. The router supplies prefix information, lifetimes, default-route behavior, and optionally DNS servers through RDNSS; the host supplies its own interface ID and validates uniqueness with DAD.
The RA A flag allows autonomous address configuration. The M flag points hosts toward stateful DHCPv6 for addresses, while the O flag points them toward stateless DHCPv6 for non-address options. Privacy extensions replace EUI-64 with randomized interface IDs that rotate over time.
Minimal C Demo - SLAAC Flag Walkthrough
5. 17.5 - Neighbor Discovery Protocol
NDP replaces ARP, router discovery, redirects, and parts of address autoconfiguration with ICMPv6 messages. The core message types are Router Solicitation 133, Router Advertisement 134, Neighbor Solicitation 135, Neighbor Advertisement 136, and Redirect 137.
Address resolution sends a Neighbor Solicitation to the target address's solicited-node multicast group. Only nodes that joined that group process the request, so IPv6 avoids the broad L2 broadcast behavior of ARP.
| Message | Type | Purpose |
|---|---|---|
| RS | 133 | Host asks routers to advertise immediately. |
| RA | 134 | Router advertises prefixes, default route lifetime, MTU, and optional DNS. |
| NS | 135 | Resolve a neighbor or test a tentative address during DAD. |
| NA | 136 | Answer NS, announce address ownership, or refresh reachability. |
| Redirect | 137 | Router tells a host a better on-link next hop exists. |
Minimal C Demo - NDP Neighbor Resolution
6. 17.6 - Duplicate Address Detection
DAD verifies that an address is unique on the local link before the interface can use it. The node sends a Neighbor Solicitation with source :: and target equal to the tentative address. No response means the address can be assigned; a Neighbor Advertisement means a duplicate exists.
DAD always matters for link-local addresses because routers, DHCPv6, and NDP all depend on link-local reachability. A malicious host can abuse this by answering every DAD probe; switch policies, SEND, and first-hop security features are the usual mitigations.
7. 17.7 - RDNSS and DNSSL
RDNSS and DNSSL let Router Advertisements carry recursive DNS server addresses and DNS search domains. That makes a pure SLAAC network practical without stateless DHCPv6, as long as the host OS honors the RA DNS options.
RDNSSoption type 25 carries recursive DNS server IPv6 addresses and a lifetime.DNSSLoption type 31 carries DNS search-list domains and a lifetime.- Short lifetimes let routers withdraw stale DNS information quickly after renumbering or failover.
8. Interview Prep
| Question | Answer checkpoint |
|---|---|
| What did IPv6 remove from the IPv4 base header? | Header checksum, in-router fragmentation fields, IHL, and inline options. |
Why is /64 special? | SLAAC and many NDP assumptions expect a 64-bit interface ID on normal LAN prefixes. |
| What is the EUI-64 U/L bit flip? | XOR the first MAC byte with 0x02 after inserting FF:FE. |
| How does NDP avoid ARP-style broadcast? | NS packets target solicited-node multicast groups derived from the low 24 bits of the IPv6 address. |
| What does DAD failure mean? | A Neighbor Advertisement claimed the tentative address, so the host must reject it and try another IID or require manual repair. |