Required Addresses on IPv6 Nodes

RFC 4291, "IP Version 6 Addressing Architecture", December 2006, section 2.8 contains a list of addresses that each node is required to have. It has one list of addresses for a "host" and some additional addresses for a "router". So first, some definitions:

A node is any device that has IPv6 implemented on at least one network interface. It can be a general purpose computer (desktop, notebook, tablet, etc). It can be a dedicated purpose device (temperature sensor, router, network connected consumer electronic device, etc). A node can be physical (actual hardware) or virtual (simulated in VirtualBox or VMWare).

A link is any communications medium (wired Ethernet, WiFi, VPN, PPP via modems, simulated internal network in VirtualBox, etc) that can connect two or more IPv6 nodes together at the Link Layer. An Ethernet LAN (including Ethernet cables and switches) is a typical link. The connection between the modem/router from your ISP and the ISP is another link (usually PPP). If you have WiFi router in your house, that creates yet another link (unless you are bridging your LAN to the WiFi system, in which case the Ethernet and WiFi combined are a single link). A link may have one or more /64 IPv6 address blocks valid on it. Two different links would have to have different /64 IPv6 address blocks - a single /64 address block cannot be present on more than one distinct link. A link can be physical (actual hardware) or virtual (simulated in VirtualBox as an "internal network", or similar mechanisms in VMWare).

A network interface is any means of connecting a node to a link, that has the IPv6 protocol implemented on it. This could be via Ethernet, WiFi, USB or even RS-232. It can even be virtual (e.g. a tunnel endpoint or a network interface on a virtual node connected to a virtual link) or bridged to a physical link.

A router is a node that has two or more network interfaces, connected to two or more links, that has packet forwarding enabled between at least two of those links. It can be a dedicated hardware appliance, but can also be a general purpose node (Windows, FreeBSD, Linux, etc) that has multiple network interfaces and has enabled packet forwarding. It may also be running routing protocols (RIP, RIPng, etc) to dynamically update routing tables, but this is not required to be a router.

A host is a node that is not a router. It can still have multiple interfaces (e.g. Ethernet and WiFi, two interfaces connected to the same link, etc), so long as it is not doing packet forwarding between any pair of interfaces.

 

Required Addresses on a Host Node

The following IPv6 addresses are required to be on each Host node:

The loopback address (::1) for each interface. The loopback mechanism is actually its own isolated link that exists inside each interface. It has exactly one unicast address.

The required Link-Local Unicast address for each interface. This is normally automatically generated by the node. It is from the special IPv6 address block fe80::/64.

Any additional Unicast and Anycast addresses that have been assigned to any of the node's interfaces. These addresses can be manually assigned or obtained automatically from SLAAC or DHCPv6.

The following All-Nodes multicast addresses:

ff01::1           All nodes in local interface
ff02::1           All nodes in local link
 
The Solicited Node multicast addresses corresponding to all assigned Unicast and Anycast addresses assigned to any interface on the node. These are from the address block ff02:0:0:0:0:1:ff00::/104. These are automatically generated by the node at the time any Unicast or Anycast address is assigned to the node by any means.
 
Multicast addresses for any other groups which the node has "joined".
 

Required Addresses on a Router Node 

Since a router is a host that also does packet forwarding, it must recognize all of the above addresses listed for a host, as identifying itself. In addition, routers must also recognize the following addreses:

The Subnet-Router Anycast addresses for all interfaces on which it is configured to act as a router (any interfaces involved in packet forwarding). There is one of these addresses for each prefix advertised by an interface. The address consists of the advertised address prefix, followed by a suffix (Interface Identifier) of all zeros. For example, for the prefix 2001:470:3d:3000::/64, the Subnet Router Anycast address is 2001:470:3d:3000::/128. These Anycast addresses are automatically generated by the router.

All other Anycast addresses that have been assigned to any interface, by any means.

The following All-Routers multicast addresses:

ff01::2           All routers in local interface
ff02::2           All routers in local link
ff05::2           All routers in local site
 
NOTE: In practice ff01::1 and ff05::2 are not observed in FreeBSD routers.

 

Node Example

Node Lawrence-pc (running Windows 7) has one Ethernet interface, connected to a single link. Therefore it is a host node.

Its MAC address is 50-46-5d-6b-7a-54. It has the Router Discovery option enabled (so it is doing SLAAC). It has the Randomize Identifiers option enabled (so it is not using EUI-64). It has the Temporary Addresses option disabled (it will not generate a temporary address for each advertised prefix).

Two prefixes are advertised on its link: 2001:470:3d:3000::/64 and fda4:73c2:e5b8:1000::/64. There is a stateful DHCPv6 server available, that manages the address pool 2001:470:3d:3000::4:0000/96.

This host will accept incoming packets whose destination address is any of the following:

The following addresses are assigned to it:

fe80::2030:9139:9cd5:ab52               Automatic Link Local Unicast
2001:470:3d:3000::2:1                   Manually assigned Global Unicast
2001:470:3d:3000::4:57db                DHCPv6 assigned Global Unicast
2001:470:3d:3000:2030:9139:9cd5:ab52    Global Unicast from SLAAC
fea4:73c2:e5b8:1000:2030:9139:9cd5:ab52 ULA Unicast from SLAAC
 
The following Solicited Node Multicast addresses were automatically generated for the Unicast addresses (there are no Anycast addresses):
 
ff02::1:ff02:1        For the manually assigned Global Unicast address
ff02::1:ff04:57db     For the DHCPv6 assigned Global Unicast address
ff02::1:ffd5:ab52     For both SLAAC generated Global Unicast addresses
 
The following multicast addresses were automatically generated by the node (no applications are running that have joined any other multicast groups): 
 
ff01::1        All nodes in local interface (by RFC 2941)
ff02::1        All nodes in local link (by RFC 2941)
ff02::c        Simple Service Discovery protocol
ff02::1:3      Link-Local Multicast Name Resolution protocol
 
The last two addresses are automatically generated on all Microsoft Windows nodes, and are not usually found on other platforms.
 

Router Example (6in4 tunneled IPv6)

Node fw1 is a Sixscape SolidGate firewall. SolidGate is based on FreeBSD. Firewalls are just fancy routers that have more sophisticated ways to filter traffic. It has two physical network interfaces, em0 (external) and em2 (internal). It also has one virtual interface, gif0 (6in4 tunnel endpoint). The external link (to IPv4-only ISP) has no IPv6 on it, so fw1 is not forwarding IPv6 packets between em0 and em2. Node fw1 is forwarding IPv6 packets between gif0 and em2. Therefore fw1 is an IPv6 router. It happens to be forwarding IPv4 packets between em0 and em2 network interfaces, so fw1 is also an IPv4 router.

 

em0, physical Etherrnet, connected to the external link (to IPv4-only ISP). Since this firewall connects to the IPv6 Internet via the gif0 tunnel instead of via the external interface, there is no IPv6 configured on the WAN interface (it is IPv4 only). It therefore has no IPv6 addresses, either unicast or multicast.

 

em2, physical Ethernet connected to the internal link (main company LAN). Its MAC address is 00:90:0b:1b:57:62. This interface does not have SLAAC enabled (all addresses are manually configured or happen automatically). It is running a Router Advertisement daemon, so it is a source of RA messages. It advertises two /64 address prefixes, 2001:470:3d:3000::/64 and fda4:73c2:e5b8:1000::/64 to the internal link.

This interface has the following Unicast addresses. Either can be used as a default gateway address by internal nodes.

fe80::290:bff:fe1b:5762  Link-Local Unicast (automatically generated)
2001:470:3d:3000::1      Global Unicast, manually configured
 
Since this interface is advertising two prefixes via Router Advertisements, it has two automatically generated Anycast addresses:
 
2001:470:3d:3000::    Subnet-Router Anycast for the global prefix
fda4:73c2:e5b8:1000:: Subnet-Router Anycast for the ULA prefix
 
The following Solicited Node Multicast addresses were automatically generated for the above addresses:
 
ff02::1:ff00:1        For 2001:470:3d:3000::1
ff02::1:ff1b:5762     For fe80::290:bff:fe1b:5762
 
Note: ff02::1:ff00:0, for the two Anycast addresses, was not found.
 
The following multicast addresses were automatically generated by the node (no applications are running that have joined any other multicast groups):
 
ff01::1        All nodes in local interface (by RFC 2941)
ff02::1        All nodes in local link (by RFC 2941)
ff02::2        All routers in local link (by RFC 2941)
 
Note: ff01::2 (all routers in local interface) and ff05::2 (all routers in local site) were not found.

 

gif0, virtual, endpoint of 6in4 tunnel.

Tunnel endpoints are handled a little differently than regular interfaces. It has local and remote IPv4 addresses, as well as local and remote IPv6 addresses. The one on this firewall happens to be routing the entire 2001:470:3d:3000::/52 address block thorugh the tunnel.

 

Router Example (native IPv4 and IPv6)

Node vrouter1 is a homebrew virtual router created with FreeBSD 9.1, running in VirtualBox. It has two virtual network interfaces, em0 (external) and em1 (internal). Both the external link and internal link have native IPv4 and IPv6 on tham, and vrouter1 is forwarding IPv4 and IPv6 packets between interfaces em0 and em1. Therefore vrouter1 is a Dual Stack router

 

em0 (external), virtual network interface bridged to the main physical LAN link. Its MAC address is 08:00:27:e0:f2:1f. This interface does not have SLAAC enabled (all addresses are manually configured or happen automatically).

This interface has the following Unicast addresses.

fe80::a00:27ff:fee0:f21f          Auto-generated Link-Local Unicast
2001:470:3d:3000:172:20:10:1      Manually configured Global Unicast
 
The following Solicited Node Multicast addresses were automatically generated for the above addresses:
 
ff02::1:ffe0:f21f     For fe80::a00:27ff:fee0:f21f
ff02::1:ff10:1        For 2001:470:3d:3000:172:20:10:1

Since vrouter1 is a router, em0 has the following multicast addresses:

ff01::1        all nodes on local interface (by RFC 2941)
ff02::1        all nodes on local link (by RFC 2941)
ff02::2        all routers on local link (by RFC 2941)

Note: ff01::2 (all routers in local interface) and ff05::2 (all routers in local site) were not found.

 

em1 (internal), virtual network interface, connected to virtual link "int1". It is running a Router Advertisement daemon, so it is a source of RA messages. It advertises one /64 address prefix, 2001:470:3d:3001::/64.

It has the following Unicast addresses:

fe80::a00:27ff:fe13:77d5          Auto-generated Link-Local Unicast
2001:470:3d:3001::1               Manually configured Global Unicast

Either of these addresses can be used as a default gateway by internal nodes on virtual link "int1". The link local is preferred.

Since this interface is advertising one prefix via Router Advertisements, it has one automatically generated Anycast addresses:
 
2001:470:3d:3001::    Subnet-Router Anycast for the global prefix

It has Solicited Node Multicast addresses for each of the Unicast addresses:

ff02::1:ff00:1       for Unicast 2001:470:3d:3001::1
ff02::1:ff13:77d5    for Unicast fe80::a00:27ff:fe13:77d5
 
Note: ff02::1:ff00:0 (for Anycast 2001:470:3d:3001::) was not found

Since vrouter1 is a router, em1 has the following multicast addresses:

ff01::1        all nodes on local interface
ff02::1        all nodes on local link
ff02::2        all routers on local link

Note: ff01::2 (all routers in local interface) and ff05::2 (all routers in local site) were not found.