Ipv6 eui-64

Hi
Can you please explain me the following points:-

1>When you use EUI-64 on an interface that doesn’t have a MAC address then the router will select the MAC address of the lowest numbered interface on the router.

2>from the article I understood that Eui 64 generates the interface Id for link local and global Unicast addresses.What about the unique local addresses.can we generate the interface Id using Eui 64 for unique local addresses?

Thanks…

Hello Sumant

Just so others can follow, this question pertains to the following lesson:

Some layer two technologies, such as serial connections on a router, do not have MAC addresses. This means that the EUI-64 process cannot be used to obtain an IPv6 address for that interface. In such a case, the router will use the MAC address of the interface with the lowest number. For example, on a router with interfaces Gi0/0, 0/1, 0/2 and 0/3, the MAC address of Gi0/0 will be used to configure the IPv6 address of the serial interface using EUI-64 as it is the lowest numbered interface.

Link local addresses are assigned using various techniques depending on the vendor, operating system etc of each device. One of the methods is indeed to use the EUI-64 process. As for global unicast addresses, the lesson does indeed show you how to configure them using the EUI-64 technique. Now I’m not sure what you mean by unique local addresses. There are only link local and global unicast. There are no other IPv6 addresses that can be assigned to a host. Can you clarify your question?

I hope this has been helpful!

Laz

Hi Laz

Thanks for taking the time to reply.My question is can we apply unique local IPV6 addresses to host and internal interface(lan side)of router and we could do nat translation for unique local address to global unicast address the same wah we do in ipv4.
I know we have plenty of global unicast addresses that we do not need to worry about nat for ipv6.i am just curious to know how we can make use of unique local unicast addresses???

Thanks a lot again for your wonderful explanations as always.

Sumant

Hell Sumant

Thanks for your kind words! I do my best to be as clear and understandable as possible.

Concerning your question, yes it is possible to apply NAT to unique local IPv6 addresses and translate them to global unicast addresses. In order to do so we would employ NAT66, that is Network Address Translation IPv6 to IPv6. This functions exactly the same way as NAT for IPv4, by translating the IPv6 address as well as manipulating the transport layer ports in order to allow PAT. Now although this is possible, it is not very desirable as you stated as well, because we have the appropriate address space to assign each and every internal device with a global unicast address. However, a better alternative to NAT66 is NPTv6.

IPv6-to-IPv6 Network Prefix Translation or NPTv6 isa feature that allows for the translation of IPv6 addresses from one subnet to another without the requirement to rewrite the transport layer headers. This readuces the load on network devices and also does not interfere with the encryption of the full IP payload. This is a huge improvement to traditional NAT because it avoids many of the problems that NAT traditionally introduced into networking. To find out more about NPTv6 take a look at the following Cisco link.

Essentially, the use of these addresses is that you are free to use them on any internal network without the need to for centralised registration. If you start using global unicast addresses on your devices and you allow them to connect directly to the Internet, (without any kind of translation mechanisms) the local ISP will not necessarily route those addresses because they are not registered to you. You can still use them if you use a translation mechanism so the actual address doesn’t appear on the Internet itself, but what if your destination on the Internet just happens to be the same as the IPv6 address you gave to a host on your network (highly unlikely, but possible nonetheless). By using the unique local addresses with a translation mechanism such as NPTv6, you can assign addresses internally as you like while creating the appropriate translation to get on the Internet without fear of conflicting addresses.

I hope this has been helpful!

Laz

Hi Laz
Thanks for reply.i was just going with dhcpv6 configurations both stateful and stateless.i know in slaac the interface I’d is created using Eui-64 but is it true for stateful auto configuration when the client get ipv6 prefix from dhcpv6 server.does it pad ff and fe and invert the 7th bit in case of dhcpv6 a signed address.
In the lesson I could not see ff and fe padded when the client receives ipv6 prefix from dhcpv6 server…

Thanks
Sumant

Hello Sumant.

Take a look at this lesson:
https://networklessons.com/cisco/ccie-routing-switching/ipv6-eui-64-explained/
At the beginning, it shows the FF and FE and the inverted 7th bit. Take a look at this screenshot:

image

Review the lesson and if you need any more information, just let us know!

I hope this has been helpful!

Laz

Hi Lazaros,

I was working with a tutor online and he said that we should not put the command:

int gi0/2.12 
ipv6 address 2001:192:168:12::/64 eui-64

but rather statically assign it to
2001:192:168:12::1/64 because he said it needs to be static for easier access.
Do you agree with this assessment and how is this the case?

Wouldn’t we know what the interface id was going to be based on the port’s mac address anyways which for all my subinterfaces of gi0/2 they would have the same mac address because it’s technically coming off of the gi0/2 so it would be impossible to use eui-64 right?

Lastly, if I wasn’t using sub interfaces could I chose to use either the static /64 or /64 eui-64 ?

The Full Commands We Input:

ipv6 address 2001:192:168:12::1 /64
ipv6 nd other-config-flag
ipv6 dhcp server slaac
ipv6 dhcp pool slaac
dns-server 2001:192:168:16:10
ipv6 unicast-routing

I had multiple sub interfaces this was just for vlan 12 and we had pc use autoconfig

Thanks!

Hello Daniel

Concerning statically assigned IPv6 addresses, it depends upon the host you are assigning it to. In general, if you are addressing a server, a printer, or some other device that you want access to, then it is a good idea to use a statically assigned address, keeping in mind that you are certain that the address will not change.

However, this is a little bit of an “IPv4” mentality and is not completely based on the capabilities of IPv6. IPv6 has been designed to be less hands-on and more automatic and intuitive. The use of EUI-64 to obtain an IPv6 address saves time in the configuration as well as determining subnets and addressing. And it will always be unique because the MAC address from which it is derived is unique.

Yes, that is correct. But even if you don’t calculate it yourself, you can always see what address has been assigned simply using show commands.

The only thing to keep in mind is that if you are using subinterfaces, all subinterfaces of the same physical interface will adopt the same MAC address. So you cannot configure two subinterfaces to use EUI-64 with the same prefix. If you try to do this, you will get the following result:

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#inter gig 0/1.10
R3(config-subif)#ipv6 enable 
R3(config-subif)#ipv6 address 2001:192:168:12::/64 eui-64 
R3(config-subif)#inter gig 0/1.20                         
R3(config-subif)#ipv6 enable 
R3(config-subif)#ipv6 address 2001:192:168:12::/64 eui-64 
%GigabitEthernet0/1.20: Error: 2001:192:168:12:5054:FF:FE1B:42A8/64 is in use on GigabitEthernet0/1.10
R3(config-subif)#

Because the same MAC is used, it would result in the exact same IPv6 address. So there you would have to use another prefix (meaning the subinterfaces would be in different subnets, which would be the case most of the time) or you would have to statically assign one of them.

I hope this has been helpful!

Laz

Hi Lazaros,

Thanks for clearing that up for me. In regards to the subinterfaces that does make sense about the mac address. But wouldn’t it be easier for a ping to just static assign the interface id rather than have to learn each burnt in mac address of each interfaced assigned by eui-64 I think that was my tutors thinking still not sure though?
and if you already assign a static address or eui-64 do you still need to write ipv6 enable or is it automatic?

Also, I have heard that many ISPs will give /64 global prefixes instead of the 48 global prefix in this case what would a two network subnet look like say if we were assigned and address 2001:1234:2222:2411::/64

Lastly, I have realized that when I type show ipv6 route that the next hop shows as the link local address instead of the interfaces global ip address why is that?

Hello Daniel

When configuring an IPv6 address on an interface using a command like ipv6 address 2001:192:168:12::/64 eui-64, it doesn’t take resources to “learn each burnt in mac address”. When you apply the command, the address is set. The idea is that it would take much longer for you to statically assign IPv6 addresses to all hosts within your subnet, especially if you have, say, 1000 hosts. Would you want to configure them all by hand? And what happens if you make a mistake and assign the same address to two devices? You can see that when you scale up the number of hosts, the ease of the EUI-64 option becomes apparent. If you have only 5 hosts, sure, statically assign them no problem. But for many more, EUI-64 is definately an advantage.

Take a look at this post:

If you wanted to separate this address into two subnetworks, you could do this:

  • 2001:1234:2222:2411::/65
  • 2001:1234:2222:2411:8000:/65

But typically you wouldn’t use a prefix like /65, you’d want to separate it at a full hex digit, which means prefixes typically are multiples of four. So you would probably separate it into 16 subnets like this:

  • 2001:1234:2222:2411::/68
  • 2001:1234:2222:2411:1000::/68
  • 2001:1234:2222:2411:2000::/68
  • 2001:1234:2222:2411:3000::/68
  • 2001:1234:2222:2411:4000::/68
  • 2001:1234:2222:2411:E000::/68
  • 2001:1234:2222:2411:F000::/68

For IPv6, the next hop always uses the link-local address of the next-hop router, along with the exit interface. More information can be found here:

I hope this has been helpful!

Laz

Hi Lazaros, thank you for the in depth answer. I am still a little unsure as to why we could go /60 if we are given a global prefix by the ip of a /64 my understanding is that we would have to borrow from the host portion in that case and it would have to be higher than /64 like /65 etc… I talked to another tutor and he wrote what I posted below about how the first /48 are the site prefix or global prefix and the last 16 bits are always for subnetting is this the case? Then why do people talk about getting a /64 from the ISPs? Also for the link-local if routers only use next hop link locals then why can use use a global address for a next hop in a static ipv6 route and then does that mean OSPFv3 only uses link-local as their next hop or global?

Hello Daniel

Yes, you are correct about the prefixes, they should be higher as you say. I have since corrected my previous post.

Now concerning the prefixes delivered by ISPs, there is no hard and fast rule that says that ISPs must deliver /64 prefixes or /48 prefixes. These are general guidelines that many organizations do follow but not all. Also remember that the ISP that delivers the prefix to the end customer may also be a customer themselves, of another ISP, from whom they purchased the IPv6 address space. So they may have been provided the /48 which they break down further into /64 for their customers.

So it really depends on the policies provided by your ISP. Keep in mind that the various sections of an IPv6 address, that is the global routing prefix, the subnet ID and the interface ID are actually of variable sizes. You can see more detail in the following post as well.

Finally, about the use of link-local addresses for routing protocols, routing protocols can actually use global unicast addresses as next-hop addresses, but that’s not the default behavior of protocols such as OSPFv3. You can for example create a static route to a global unicast address and it will work just fine.

I hope this has been helpful!

Laz

Thank you Lazaros. So if on the CCNA they said an ISP gave you a /64 and how would you subnet it would it be safe to assume that the first 48 are the global id and the last 16 are for subnetting?

Hello Daniel

Yes, that is the IANA recommended format to be used. You can see this in RFC 3587 that defines the Global Unicast Address Format both generally, with varying sizes of each section, as well as the specific recommendation of /48 for global routing prefix, 16 bits for subnet ID, and 64 bits for the interface ID.

I hope this has been helpful!

Laz