====== IPV6 Ranges ======
From: https://www.ultratools.com/tools/ipv6CIDRToRangeResult?ipAddress=2000%3A%3A%2F3&as_sfid=AAAAAAXLyHZyypM0BkgPd5Oqx1YG0MDrQ8-vzpGpHcpnsRp3jHOqNtbTMx2NmZEjJmThrI7NJlMUP0YsSLkYkdQslC1dUwLLZfgVqrMV1W_y7MdhmgjvOi5q2_ceDAYFZb_4MdM%3D&as_fid=daab81932ddb8c143727fab89d413fffe6058720
Facts about numbers
Also: https://www.numberfacts.com/
2000::/3
To 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
2**125 = 42535295865117307932921825928971026432 Hosts
====== ipv6 survey of implementation ======
From: https://www.mrp.net/ipv6_survey/
During the Joint Techs meeting at Fermilab Ron Broersma of Defense Research and Engineering Network
(DREN) included a scorecard in his presentation that tried to quantify how well major organisations
were embracing IPv6. I thought that this was such a fine idea that I’ve decided to replicate it here.
Also Testing: http://www.ipv6now.com.au/tools.php
IPv6 Testing Tools
IPv6, like any new technology, takes time to implement and operate. Here are some tools to make
checking, tracing and verifying IPv6 easier for you.
====== DUID Conflict between two Computers How to reset DUID ======
From: https://knowledge.zomers.eu/misc/Pages/How-to-reset-the-IPv6-DUID-in-Windows.aspx
duplicate ip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters
Dhcpv6DUID=hex:00,01,00,01,20,57,99,99,99,99,99,98,97,96
reg delete HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v Dhcpv6DUID
====== Disabling RFC 4941 IPv6 Privacy Extensions in Windows ======
From: https://andatche.com/articles/2012/02/disabling-rfc4941-ipv6-privacy-extensions-in-windows/
RFC 4941 defines a series of Privacy Extensions for Stateless Address Autoconfiguration
in IPv6
By default, Windows Vista, Windows 7 and Windows Server 2008 generate random interface IDs
for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses,
rather than using EUI-64 derived interface IDs.1 While these are permanent, so don’t change,
this leads to potential confusion when a host’s expected EUI-64 derived address is unreachable!
Thankfully it’s trivial to disable this behaviour, fire up cmd.exe and issue the following.
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
In addition to this, the RFC states that the use of temporary addresses should be disabled
by default.
The use of temporary addresses may cause unexpected difficulties with some applications.
[snip] Consequently, the use of temporary addresses SHOULD be disabled by default in order
to minimize potential disruptions. Individual applications, which have specific knowledge
about the normal duration of connections, MAY override this as appropriate.
Windows Vista and Windows 7 ignore the advice of the RFC and also configure temporary global
or unique local addresses as per RFC 4941 (EDIT: OS X also does this since 10.7, so do many
Linux distros). This behaviour is disabled by default on Windows Server 2008.
To disable privacy extensions entirely, fire up cmd.exe and issue the following.
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
The changes will take immediate effect without needing to reboot, they’ll also persist
after a reboot.
====== Multicast Address Space Registry ======
From: https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
IPv6 multicast addresses are distinguished from unicast addresses by the
value of the high-order octet of the addresses: a value of 0xFF (binary
11111111) identifies an address as a multicast address; any other value
identifies an address as a unicast address.
====== Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users ======
From: https://www.ripe.net/publications/docs/ripe-690
Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users -
persistent vs non-persistent, and what size to choose
Non-persistent prefixes are considered harmful in IPv6 as you can't avoid issues that may be caused by
simple end-user power outages, so assigning persistent prefixes is a safer and simpler approach.
Furthermore, this avoids the need for expensive logging, increases your chances to offer new business
to customers, and decreases your customer churn.
====== ULA and GUA on the same network ======
From: http://computer-outlines.over-blog.com/article-static-ipv6-networking-part-9-ula-gua-networking-119131164.html
netsh int ipv6 show prefixpolicies
The benefits of using both ULA and GUA in a network
The first benefit is network numbering autonomy. In case of ISP change, or of ISP-attributed
network ID change, we can avoid network renumbering, which is a huge task. We just have to
setup the routers GUA addresses, and can leave most of our servers infrastructure and setups
unchanged ( DNS, AD, ... ).
The second benefit is network isolation. As ULA can't reach the Internet, and can't be reached,
we can isolate some key components from the outside world ( AD Server, internal Data Server, .. ),
leaving them with ULA-only connectivity.
The benefits of using a GUA-only network :
When using only GUA on our network, we have a somewhat easier to manage and troubleshoot network.
====== IPV6 Ripe Recommeded Troubleshooting ======
From: https://www.ripe.net/publications/docs/ripe-631
From: http://isp.test-ipv6.com/
This BCOP provides a basic and generic foundation for any user centric helpdesk that deals with
IPv6 residential ISP customer connectivity. The focus is on techniques and solutions for the most
common IPv6 user connectivity issues.
MacOS/Linux/other Unix system: "dig isp.test-ipv6.com +short"
Windows: "nslookup isp.test-ipv6.com"
====== IPV6 Address Types ======
From: https://www.ripe.net/participate/member-support/lir-basics/ipv6_reference_card.pdf
Good Summary reference Card
====== ipv6 literal domain designation ======
2603-2332-f02-e5f0-9bb9-8749-29f7-47a0.ipv6-literal.net
====== ICMPv6 Message Types ======
From: http://ipv6.com/articles/general/ICMPv6.htm
Also See: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/22974-icmpv6codes.html
{{http://ipv6.com/images/diagrams/ICMPv6_2.gif}}
====== IPV6 address planning ======
From: https://www.safaribooksonline.com/library/view/ipv6-address-planning/9781491908211/ch04.html
{{https://www.safaribooksonline.com/library/view/ipv6-address-planning/9781491908211/images/ipap_0401.png}}
====== IPv6 Subnetting Made Easy ======
From: http://techxcellence.net/2011/05/09/v6-subnetting-made-easy/
{{http://techxcellence.net/img/v6-hexit-bit-range.png}}
The method presented here is for the quick subnetting in your head, which you
should get by practice. So it works well for a small number of subnets (16 max)
but can be expanded for any number of subnets.
{{http://techxcellence.net/img/quick-v6-subnet-chart.png}}
====== IPv6 Subnet Cheat Sheet and IPv6 Cheat Sheet Reference ======
From: http://www.crucial.com.au/blog/2011/04/15/ipv6-subnet-cheat-sheet-and-ipv6-cheat-sheet-reference/
IPv6 Subnet Calculator NOT REQUIRED!
In most cases a subnet calculator will not be required, since IPv6 using hex (hexadecimal) – and
so long as the prefix length is a multiple of 4, it makes it quite easy. For example (this is also
where the table “IPv6 Subnet Reference IP Address” comes in a lot of handy above):
2402:9400:1234:1234::/64
2402:9400:1234:123X::/60
2402:9400:1234:12XX::/56
2402:9400:1234:1XXX::/52
2402:9400:1234:XXXX::/48
2402:9400:123X:XXXX::/44
2402:9400:12XX:XXXX::/40
2402:9400:0000:0000:0000:0000:0000:0001
XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
||| |||| |||| |||| |||| |||| ||||
||| |||| |||| |||| |||| |||| |||128
||| |||| |||| |||| |||| |||| ||124
||| |||| |||| |||| |||| |||| |120
||| |||| |||| |||| |||| |||| 116
||| |||| |||| |||| |||| |||112
||| |||| |||| |||| |||| ||108
||| |||| |||| |||| |||| |104
||| |||| |||| |||| |||| 100
||| |||| |||| |||| |||96
||| |||| |||| |||| ||92
||| |||| |||| |||| |88
||| |||| |||| |||| 84
||| |||| |||| |||80
||| |||| |||| ||76
||| |||| |||| |72
||| |||| |||| 68
||| |||| |||64
||| |||| ||60
||| |||| |56
||| |||| 52
||| |||48
||| ||44
||| |40
||| 36
||32
|28
24
====== Network Troubleshooting Tools, IPv4 and IPv6 ======
From: https://kb.wisc.edu/ns/page.php?id=12364
=== Windows: Vista, 7, Server 2008 and higher ===
Ping for IPv4 ping -4
Ping for IPv6 ping -6
Traceroute for IPv4 tracert -4
Traceroute for IPv6 tracert -6
Interface Info ipconfig /all
IPv4 Route table netsh interface ipv4 show route
IPv6 Route table netsh interface ipv6 show route
IPv4 arp table arp -a
IPv6 ndp table netsh interface ipv6 show neighbors
====== IPv6 Neighbor Discovery Mechanisms ======
From: http://www.sixscape.com/joomla/sixscape/index.php/technical-backgrounders/tcp-ip/ip-the-internet-protocol/ipv6-internet-protocol-version-6/ipv6-neighbor-discovery/ipv6-neighbor-discovery-mechanisms
There are nine Neighbor Discovery mechanisms that are implemented using the various Neighbor Discovery messages. These mechanisms are at the heart of IPv6.
The Neighbor Discovery mechanisms are:
Router Discovery
Prefix Discovery
Parameter Discovery
Stateless Address Autoconfiguration (SLAAC)
Address Resolution (mapping IPv6 addresses to Link Layer addresses)
Next Hop Determination
Neighbor Unreachability Detection (NUD)
Duplicate Address Detection (DAD)
Redirect
====== Well-known IPv6 multicast addresses ======
From: http://en.wikipedia.org/wiki/Multicast_address
Address Description
ff02::1 All nodes on the local network segment
ff02::2 All routers on the local network segment
ff02::5 OSPFv3 All SPF routers
ff02::6 OSPFv3 All DR routers
ff02::8 IS-IS for IPv6 routers
ff02::9 RIP routers
ff02::a EIGRP routers
ff02::d PIM routers
ff02::16 MLDv2 reports (defined in RFC 3810)
ff02::1:2 All DHCP servers and relay agents on the local network segment (defined in RFC 3315)
ff02::1:3 All LLMNR hosts on the local network segment (defined in RFC 4795)
ff05::1:3 All DHCP servers on the local network site (defined in RFC 3315)
ff0x::c Simple Service Discovery Protocol
ff0x::fb Multicast DNS
ff0x::101 Network Time Protocol
ff0x::108 Network Information Service
ff0x::181 Precision Time Protocol (PTP) version 2 messages (Sync, Announce, etc.) except peer delay measurement
ff02::6b Precision Time Protocol (PTP) version 2 peer delay measurement messages
ff0x::114 Used for experiments
Address Description
ff02:0000:0000:0000:0000:0000:0000:0001 All nodes on the local network segment
ff02:0000:0000:0000:0000:0000:0000:0002 All routers on the local network segment
ff02::5 OSPFv3 All SPF routers
ff02::6 OSPFv3 All DR routers
ff02::8 IS-IS for IPv6 routers
ff02::9 RIP routers
ff02::a EIGRP routers
ff02::d PIM routers
ff02::16 MLDv2 reports (defined in RFC 3810)
ff02:0000:0000:0000:0000:0000:0001:0002 All DHCP servers and relay agents on the local network segment
(defined in RFC 3315)
ff02:0000:0000:0000:0000:0000:0001:0003 All LLMNR hosts on the local network segment (defined in RFC 4795)
ff05:0000:0000:0000:0000:0000:0001:0003 All DHCP servers on the local network site (defined in RFC 3315)
ff0x::c Simple Service Discovery Protocol
ff0x::fb Multicast DNS
ff0x::101 Network Time Protocol
ff0x::108 Network Information Service
ff0x::181 Precision Time Protocol (PTP) version 2 messages (Sync, Announce, etc.) except peer delay measurement
ff02::6b Precision Time Protocol (PTP) version 2 peer delay measurement messages
ff0x::114 Used for experiments
====== ipv6 testing windows command line ======
From: http://billspeers.com/?q=node/259
nmap -6 --script=broadcast-dhcp6-discover
netsh int ipv6 show prefixpolicies
netsh interface ipv6 show address
netsh interface ipv6 show interface
netsh interface ipv6 show neighbors
netsh interface ipv6 delete neighbors
netsh interface ipv6 show destinationcache
netsh interface ipv6 delete destinationcache
netsh interface ipv6 show route
netsh interface ipv6 show joins
route print
tracert
Pathping
Ping
ipconfig /displaydns
netsh interface ipv6 show ipstats
netsh interface ipv6 show global
Netsh dns show state
Name Resolution Policy Table Options
Query Failure Behavior : Always fall back to LLMNR and NetBIOS if the name does not exist in DNS
or if the DNS servers are unreachable when on a private network
Query Resolution Behavior : Resolve only IPv6 addresses for names
Network Location Behavior : Never use Direct Access settings
Machine Location : Outside corporate network
Direct Access Settings : Configured and
From: https://technet.microsoft.com/en-us/library/ee624049(v=ws.10).aspx
nslookup for ipv6
use the –q=aaaa command-line parameter to request only IPv6 addresses in the response. The
syntax is nslookup –q=aaaa IntranetFQDN IntranetDNSServerIPv6Address (example: nslookup –q=aaaa dc1.corp.contoso.com 2002:836b:2:1::5efe:10.0.0.1).
nslookup isp.test-ipv6.com
nslookup Domain.com 2001:4860:4860::8888
nslookup -q=aaaa Domain.com 2001:4860:4860::8888
nmap -6 --script=targets-ipv6-multicast-echo.nse --script-args 'newtargets' -sL -d1 -oA c:\\temp\\nmap.txt
====== pfsense ipv6 with comcast ======
[[software:pfsense#pfsense ipv6 with comcast]]
From: http://undergroundmod.com/2016/08/25/pfsense-ipv6-with-comcast/
From: https://r.wundrd.net/article/pfsense-ipv6-comcast/
go to Status: Interfaces page.
Under your WAN interface section, you should see an IPv6 address (in addition to link local),
a subnet mask ipv6 of 64, and a gateway ipv6.
Note the ISP DNS Servers section should contain ipv6 addresses. Record one of those for later testing.
Under the LAN interface section, you should see an IPv6 address (in addition to link local), and a
subnet mask ipv6 of 64
====== netconf ======
From: http://www.v6edu.com/index.php/products/99-netconf
Also: http://www.v6edu.com/images/apps/NetConf32.msi
NetConf is a native (non-Web) application for Windows Vista and Windows Server 2008 or later that
provides a GUI alternative to the netsh command line interface. It provide much more control and
information than the Microsoft supplied GUI network management tools, especially for IPv6. NetConf
will run and install on Windows XP and Windows Server 2003 but some of the advanced functions will
not work due to missing IPv6 functionality on those platforms. For example, on those platforms you
cannot disable Router Discovery, so SLAAC will always happen. You can disable Prefix Information
being sent in Router Advertisements on some IPv6 routers or firewalls to stop SLAAC from happening,
but that will affect all nodes in the subnet.
====== NetConf Dual Stack Network Configuration ======
From: http://www.sixscape.com/joomla/sixscape/index.php/products
NetConf is a native (non-Web) application for Windows Vista and Windows Server 2008 or later that
provides a GUI alternative to the netsh command line interface. It provide much more control and
information than the Microsoft supplied GUI network management tools, especially for IPv6. NetConf
will run and install on Windows XP and Windows Server 2003 but some of the advanced functions will
not work due to missing IPv6 functionality on those platforms. For example, on those platforms you
cannot disable Router Discovery, so SLAAC will always happen. You can disable Prefix Information
being sent in Router Advertisements on some IPv6 routers or firewalls to stop SLAAC from happening,
but that will affect all nodes in the subnet.
====== Link Local Multicast Name Resolution ======
From: http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Overview-Link-Local-Multicast-Name-Resolution.html
Now that DNS name resolution has failed, the computer will send a multicast name query out using the
UDP protocol. All of the other devices on the network will receive the query. Assuming that these computers
are running Windows Vista or Longhorn Server (meaning that they are link local multicast name resolution
enabled), they will compare the query to their own host name. Assuming that the requested host is not
prohibited from responding to link local multicast name resolution queries, the computer will send a
unicast message to the computer that sent the query. This message will contain the host’s IP address.
====== IPv6 Stateless Address Autoconfiguration (SLAAC) ======
From: https://www.youtube.com/watch?v=zbkBa8Zl568
From: https://tools.ietf.org/html/rfc4862 Good info
Addresses are generated by Host
The stateless mechanism allows a host to
generate its own addresses using a combination of locally available
information and information advertised by routers. Routers advertise
prefixes that identify the subnet(s) associated with a link, while
hosts generate an "interface identifier" that uniquely identifies an
interface on a subnet. An address is formed by combining the two.
In the absence of routers, a host can only generate link-local
addresses. However, link-local addresses are sufficient for allowing
communication among nodes attached to the same link.
====== DAD Duplicate Address Discovery ======
From: https://www.youtube.com/watch?v=O1JMdjnn0ao
notice to exclude solicited Node Multicast address FF02::1:FFxx:xxxx from filter sent to
ff02::16 MLDv2 reports
multicast IPv6 match last 32 bits of layer 2 address 33:33:00:00:00:16
====== IPv6 Addressing (TechRef) ======
From: https://technet.microsoft.com/en-us/library/dd392266(v=ws.10).aspx
{{ https://i-technet.sec.s-msft.com/dynimg/IC197198.gif?direct&600 |}}
good overview
====== IPv6 Addressing Structure ======
From: https://www.youtube.com/watch?v=cLsdeZ_4lZc
{{ :systems:ipv6-addressing-structure.png?600 |}}
{{ http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/images/chalk_0810img1.gif }}
====== Link-local address ======
From: http://en.wikipedia.org/wiki/Unique_local_address
In the Internet Protocol Version 6 (IPv6), the address block
FE80::/10 = 1111:1110:1000 has been reserved for link-local unicast addressing
== Generation of Link-Local Address in Windows ==
From:https://technet.microsoft.com/en-us/magazine/2007.08.cableguy.aspx
IPv6 Autoconfiguration Behavior for Windows Vista
Computers running Windows Vista® or Windows Server® 2008 by default generate random interface IDs for
non-temporary autoconfigured IPv6 addresses, including public and link-local addresses, rather than
EUI-64-based interface IDs. A public IPv6 address is a global address that is registered in DNS and
is typically used by server applications for incoming connections, such as a Web server.
== Generation from MAC address EUI-48 ==
From: http://packetlife.net/blog/2008/aug/4/eui-64-ipv6/
48 bits + 16 as follows
Organizationally Unique Identifier (OUI) and FFFE and the NIC specific part.
====== Unique Local Address (ULA) ======
From: http://en.wikipedia.org/wiki/Unique_local_address
In October 2005, RFC 4193 was published, reserving the address block
fc00::/7 for use in private IPv6 networks and defining the associated term
unique local addresses.
DEPRECIATED: fec0::/10 for site-local addresses
====== Solicited Node Multicast Group and Neighborhood Discovery ======
Network Discovery - Multicast - DAD (Duplicate Address Detection)
From: https://www.youtube.com/watch?v=O1JMdjnn0ao
Arc form IPV4 becomes Neighborhood Discovery in IPV6
Computer and devices are found through
Neighborhood Solicitation (NS - 135)
and Neighborhood Advertizement ( NA - 136)
Network connections automatically join the Solicited Node Multicast Group based on last 24 bits xx:xxxx
FF02::1:FFxx:xxxx = FF02:0000:0000:0000:0000:0001:FFxx:xxxx
Network connections automatically join the Global Solicited Node Multicast Group
FF02::1 = FF02:0000:0000:0000:0000:0000:0000:0001
FE80:: Link Local
2xxx:: Global Unicast
3xxx:: Global Unicast
FFxx:: Multicast
====== IPv6 Tools Private ipv6 Address Range ======
Private ipv6 address range
From: https://www.sixxs.net/tools/grh/ula/
IPv6 ULA (Unique Local Address) RFC4193 registration
This page allows you to generate and then 'register' your IPv6 ULA (Unique Local Address)
RFC4193 prefix. Note that this does not concern ULA-Central, though this system could easily
handle that too. When you have registered your ULA prefix here, it allows others to check up
if they accidentally generated the same prefix, before using it. This should absolutely minimize
the number of collisions for ULA space. We hope that everybody using ULA prefixes register their
prefixes here, to avoid these collisions.
https://www.ultratools.com/ipv6Tools
The UltraTools IPv6 provide calculators,IP address converters and real-time lookups to assist you with your day-to-day system administration tasks.
[[http://www.simpledns.com/private-ipv6.aspx]]
Here is a unique private IPv6 address range generated just for you (refresh page to get another one):
In IPv6 there is a special "Unique Unicast" IP range of fc00::/7 which should be used for this as per
RFC4193.
The official definition looks like this:
| 7 bits |1| 40 bits | 16 bits | 64 bits |
+--------+-+------------+-----------+----------------------------+
| Prefix |L| Global ID | Subnet ID | Interface ID |
+--------+-+------------+-----------+----------------------------+
In practice such address will always start with "fd" because the 8th (L) bit must be one.
{{:systems:privateipv6addressrange.png?633|}}