128-bit addresses. No more NAT. Built-in security. But the transition is complex.
IPv4 addresses are exhausted. NAT has been a band-aid for 20 years. IPv6 is the real solution —
128-bit addresses, no more NAT, built-in security. But the transition is complex.
IPv4 gave us about 4.3 billion addresses. That was not enough.
IPv4 — The Problem
32 bits = 2^32 = 4,294,967,296 addresses. Sounds large until you subtract reserved ranges, private blocks, and realize every IoT device, phone, server, and router needs an IP.
IANA exhausted the last IPv4 blocks in 2011. Regional registries ran dry between 2012 and 2019.
IPv6 — The Fix
128 bits = 2^128 = approximately 340 undecillion addresses. That is 340 followed by 36 zeros.
Every device ever manufactured could have thousands of addresses and we would not come close to exhaustion.
NAT Was a Band-Aid
Network Address Translation let multiple devices share one public IP. It works, but breaks end-to-end connectivity,
complicates protocols, and adds latency. IPv6 eliminates the need for NAT entirely.
What Else IPv6 Brings
Stateless address autoconfiguration (SLAAC). Simplified header format. Mandatory support for IPsec.
Multicast replaces broadcast. Neighbor Discovery replaces ARP.
Current Reality
Most networks run dual-stack (both IPv4 and IPv6) during the transition.
Pure IPv6-only networks exist but are rare. You need to understand both and how they coexist.
Your data center has 10,000 devices. Every one gets a globally routable IPv6 address.
No NAT. No PAT. End-to-end reachability between any two points on the Internet.
Slide 3 of 10
Address Format — 128 Bits, 8 Hextets
Written as 8 groups of 4 hex digits separated by colons. Two compression rules make it manageable.
Full uncompressed address:
2001:0db8:0000:0000:0000:ff3e:0051:a0c2
Cyan = significant fields, gold = consecutive groups of all zeros
Within any group of 4 hex digits, remove leading zeros.
0051 becomes 51.
0db8 becomes db8.
You still need at least one digit per group.
Rule 2 — Double Colon (once only)
One consecutive run of all-zero groups can be replaced with ::.
You can only use this trick once per address. If you use it twice, the address becomes ambiguous — the reader cannot know how many zeros to expand back to.
IPv6 has no broadcast. It replaced broadcast with targeted multicast. Know each type by prefix.
2000::/3
Global Unicast
Globally routable. The IPv6 equivalent of public IPv4 addresses. Starts with 2 or 3 in the first hex digit.
fe80::/10
Link-Local
Auto-configured on every interface. Valid only on the local link — not routed. Used for NDP and router discovery.
fc00::/7
Unique Local
Private addressing, similar to RFC 1918 in IPv4 (10.x, 172.16.x, 192.168.x). Not globally routable. Use within an organization.
ff00::/8
Multicast
One-to-many within a group. Replaces IPv4 broadcast. ff02::1 = all nodes, ff02::2 = all routers, ff02::5/6 = OSPF.
(same as unicast)
Anycast
One address assigned to multiple interfaces. Packet delivered to the nearest one. Used for DNS root servers and CDN.
::1
Loopback
Equivalent to 127.0.0.1. Tests the local IP stack without sending anything on the wire.
No broadcast in IPv6. Functions that used broadcast in IPv4 (ARP, DHCP discovery) now use targeted multicast.
This reduces unnecessary traffic on all nodes that are not part of the relevant group.
Slide 5 of 10
SLAAC vs DHCPv6
IPv6 offers two mechanisms for address configuration. Understand when each is used and what EUI-64 contributes.
SLAAC — Stateless Address Autoconfiguration
How: Host generates its own address from the network prefix + interface identifier
Prefix source: Router Advertisement (RA) messages from the local router
No server needed: No DHCPv6 server required. Zero config on the client side.
Interface ID: Derived via EUI-64 or randomized (RFC 4941 privacy extensions)
Limitation: Cannot deliver DNS server addresses natively (need RDNSS option or DHCPv6)
DHCPv6 — Stateful Configuration
How: Client requests address and options from a DHCPv6 server (like DHCPv4)
Stateful: Server tracks every lease — which address was given to which client
Delivers: Address, prefix length, DNS servers, domain name, other options
Stateless DHCPv6: SLAAC handles the address; DHCPv6 only delivers DNS and other options
M and O flags: Router sets M (Managed) flag for stateful DHCPv6, O (Other) for stateless DHCPv6
EUI-64: When a host uses SLAAC, it generates a 64-bit interface ID from its 48-bit MAC address.
Split the MAC in half, insert ff:fe in the middle, then flip the 7th bit (universal/local bit).
Example: MAC 00:1A:2B:3C:4D:5E becomes interface ID 021a:2bff:fe3c:4d5e.
Slide 6 of 10
IPv6 Prefix Lengths — /64 Is Standard
IPv6 uses the same CIDR notation as IPv4, but the conventions are different and more rigid.
/64 — The Standard LAN Prefix
Every IPv6 subnet should be a /64. The first 64 bits are the network prefix; the last 64 bits are the interface identifier.
SLAAC and EUI-64 require exactly /64. Do not use smaller host subnets in IPv6 — the protocol is designed around /64.
/48 — Typical Site Allocation
ISPs typically allocate a /48 to each customer site. A /48 gives you 65,536 possible /64 subnets.
That is one for every VLAN, department, floor, or segment you could ever need.
/128 — Host Route
A /128 is a single host address — all 128 bits specified. Used for loopback (::1/128) and for assigning specific individual addresses.
Equivalent to a /32 host route in IPv4.
ISP allocates /48 to your organization:
2001:db8:acad:0001:0000:0000:0000:0001
Cyan = your /48 prefix (fixed). Gold = subnet ID (16 bits = 65,536 subnets) + interface ID (64 bits).
No Subnet Mask Notation
IPv6 uses only CIDR prefix notation — no dotted-decimal subnet masks.
There is no such thing as a 255.255.0.0 mask in IPv6. It is always /prefix.
Link-Local Always fe80::/64
Every interface auto-generates a link-local address in the fe80::/64 range using EUI-64 or random interface ID.
This happens before any router advertisement is received.
Slide 7 of 10
Transition Technologies — Getting From IPv4 to IPv6
You cannot flip a switch on the entire Internet. These mechanisms allow coexistence and gradual migration.
Coexistence
Dual-Stack
Every device runs both IPv4 and IPv6 simultaneously. Uses whichever protocol the destination supports. The most common real-world approach. Requires both stacks to be maintained.
Tunneling
6to4
Encapsulates IPv6 packets inside IPv4 for transit across an IPv4-only network. Uses relay routers. Automatic but complex. Deprecated in many environments due to security concerns.
Tunneling
Teredo
Tunnels IPv6 through IPv4 UDP, specifically designed to work through NAT devices. Useful when the host is behind a NAT that blocks other tunneling. Used by Windows as a fallback mechanism.
Tunneling
ISATAP
Intra-Site Automatic Tunnel Addressing Protocol. Tunnels IPv6 over IPv4 within an enterprise network. Interface identifier is derived from the IPv4 address. Primarily a Microsoft technology.
Tunneling
GRE Tunnel
Generic Routing Encapsulation. Manually configured tunnel between two routers to carry IPv6 over an IPv4 backbone. Simple and explicit — configure both endpoints with matching tunnel addresses.
Translation
NAT64
Translates IPv6 packets to IPv4 and back. Allows IPv6-only hosts to communicate with IPv4-only destinations. Works with DNS64, which synthesizes AAAA records for IPv4-only services.
Exam priority: Know dual-stack, 6to4, and NAT64 conceptually. Understand that tunneling carries one protocol inside another.
GRE is manually configured; 6to4 and Teredo are automatic. Dual-stack is the simplest and most widely deployed.
Slide 8 of 10
NDP — Neighbor Discovery Replaces ARP
IPv6 does not use ARP. Neighbor Discovery Protocol handles address resolution, router discovery, and duplicate detection.
ICMPv6 Message
Type
Purpose
IPv4 Equivalent
Router Solicitation (RS)
133
Host asks "Is there a router on this link? Please send me your RA."
No direct equivalent
Router Advertisement (RA)
134
Router periodically announces prefix, default gateway, M and O flags, MTU, hop limit.
DHCP server offer (partial)
Neighbor Solicitation (NS)
135
Host asks "Who has IPv6 address X? Tell me your MAC." Also used for DAD.
ARP Request
Neighbor Advertisement (NA)
136
Host replies "I have address X, my MAC is Y." Response to NS.
ARP Reply
Redirect
137
Router tells a host to use a better next-hop for a particular destination.
ICMP Redirect
DAD — Duplicate Address Detection: Before using a new address, a host sends a Neighbor Solicitation
for its own address. If another device responds, the address is in use. This prevents IPv6 address conflicts automatically.
Slide 9 of 10
IPv4 vs IPv6 — Key Differences
Both protocols route packets — but the architecture differences are significant for troubleshooting and design.
IPv4
Address size: 32-bit, ~4.3 billion total
Notation: Dotted-decimal (192.168.1.1)
Address assignment: Manual or DHCPv4
Address resolution: ARP (broadcast-based)
Broadcast: Yes — all hosts on subnet receive
NAT: Required to extend address space
IPsec: Optional, externally added
Header size: Variable (20-60 bytes)
Fragmentation: Routers can fragment packets
Checksum: Header includes checksum field
IPv6
Address size: 128-bit, 340 undecillion total
Notation: Colon-hex (2001:db8::1)
Address assignment: SLAAC or DHCPv6
Address resolution: NDP (multicast-based)
Broadcast: No — multicast is used instead
NAT: Not needed — globally unique addresses
IPsec: Built-in, mandatory support
Header size: Fixed at 40 bytes
Fragmentation: Only source host fragments
Checksum: No header checksum (handled by Layer 4)
The fixed 40-byte header makes IPv6 faster to process in hardware. No fragmentation by routers means cleaner forwarding paths.
No checksum means less per-hop computation — upper-layer protocols (TCP/UDP) already checksum their data.
Slide 10 of 10 | N10-009 Obj 1.4
IPv6 — The Future That Is Already Here
IPv4 is exhausted. Your data center is moving to dual-stack. Every device gets a global unicast address starting with
2001: — no NAT required. Link-local fe80:: addresses auto-configure on every interface.
NDP replaces ARP. SLAAC and Router Advertisements replace DHCP for basic configuration.
When IPv6-only hosts need to reach IPv4 servers, NAT64 bridges the gap.
The transition is complex but the destination is a cleaner, more scalable Internet.
5 Facts to Carry Out of This Presentation
1IPv6 is 128-bit. Two compression rules: drop leading zeros in each group, use :: once for consecutive zero groups.
2Address types by prefix: 2000::/3 global unicast, fe80::/10 link-local, fc00::/7 unique local, ff00::/8 multicast.
3SLAAC = host builds its own address from RA prefix + EUI-64 interface ID. DHCPv6 = server assigns address like DHCPv4.
4NDP replaces ARP: NS/NA = address resolution, RS/RA = router discovery, DAD = duplicate detection. No broadcast in IPv6.
5Transition: dual-stack (both protocols), tunneling (6to4/Teredo/GRE carry IPv6 over IPv4), NAT64 (translates between the two).