Manually Configuring IPv6 Addresses on an Interface
Problems
You want to manually configure a full IPv6 address on an interface.
Solution
You can configure an IPv6 unicast address on an interface by using a very similar process to how we set up IPv4 addresses in previous chapters of this book:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ipv6 unicast-routing Router1(config)#interface FastEthernet0/0 Router1(config-if)#ipv6 address AAAA::1/64 Router1(config-if)#exit Router1(config)#end Router1#
We can configure an IPv6 Anycast address by using the anycast keyword:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ipv6 unicast-routing Router1(config)#interface FastEthernet0/0 Router1(config-if)#ipv6 address AAFF::1/64 anycast Router1(config-if)#exit Router1(config)#end Router1#
You can specify an IPv6 link-local address by using the link-local keyword:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ipv6 unicast-routing Router1(config)#interface FastEthernet0/0 Router1(config-if)#ipv6 address FE80::1 link-local Router1(config-if)#exit Router1(config)#end Router1#
Discussion
In this recipe, we have manually configured three different types of IPv6 addresses. The first example simply configures a standard globally accessible unicast address. This is similar to the standard IPv4 unicast address:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#ipv6 address AAAA::1/64
Assigning an address to an address like this also enables IPv6 functionality for the interface:
Router1#show ipv6 interface FastEthernet0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20E:84FF:FE24:4E70 Global unicast address(es): AAAA::1, subnet is AAAA::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF24:4E70 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. Router1#
Even though we have only assigned the single global unicast address, AAAA::1/64, to the interface, it now has a link-local address as well, and it has joined several multicast groups. Because we didn't specify the link-local address, the router has created one for us using the standard FE80::/10 prefix and the EUI-64 host address, which we discussed in Recipe 25.1.
In the second example in the Solution section, we have defined an anycast address on this interface:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#ipv6 address AAFF::1/64 anycast
This command is currently only available on certain higher end hardware platforms. After applying this command to the same interface that we were discussing a moment ago, we get the following output:
Router1#show ipv6 interface FastEthernet0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::20E:84FF:FE24:4E70 Global unicast address(es): AAAA::1, subnet is AAAA::/64 AAFF::1, subnet is AAFF::/64 [ANY] Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF24:4E70 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. Router1#
The line with this newly configured anycast address is indicated by [ANY].
Anycast addresses can be extremely useful in allowing several different devices to fulfill a single function. A typical expected use for this feature is the ability to give remote users automatic access to your backup site if the primary site fails, without having to rely on DNS to time out. In this case, you would distribute the same anycast address into the global routing tables, but the backup site would have a metric or a BGP AS_PATH that would make it less desirable from anywhere on the network than the primary site. If the primary site becomes unavailable, the backup site would automatically take over as soon as the global routing protocol had flushed the primary site from its tables. This would likely take less time than waiting for DNS to update globally.
Another potential use for Anycast addresses is to offer several equivalent access points into your network. Remote users will simply find the closest access point through the global routing protocol.
Anycast would not function well as a replacement for protocols like HSRP for two reasons. First, when an IPv6 device communicates with its next-hop router, it uses link-local addresses, not a global address. Second, Anycast addresses work best when a routing protocol distributes them. Then the network will automatically determine which single device to send the packets to. If two or more anycast devices were the same distance away, by virtue of being on the same physical segment, and if both devices received the packet, both would assume that they were the only router receiving the packet and would forward it along. This would lead to duplication of every packet, and result in both added network congestion and protocol confusion.
We note in passing that there is some confusion in some of Cisco's documentation regarding legitimate uses for anycast addresses. The 12.4 configuration guide for IPv6 states that anycast address may only be used by routers, not hosts, and that they may not be used as source addresses in any packets. These restrictions were present in RFC 3513, but were removed in RFC 4291, and are no longer part of the IPv6 standard.
The final example in the Solution section shows how to manually configure a link-local address for the segment:
Router1(config)#interface FastEthernet0/0 Router1(config-if)#ipv6 address FE80::1 link-local
Note that there is no CIDR prefix indicator on link-local addresses. This is because all link-local addresses are assumed to be purely host addresses, and because link-local addresses are not advertised by routing protocols, so the prefix is not relevant.
Now when we look at the show ipv6 interface command we see an interesting change:
Router1#show ipv6 interface FastEthernet0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): AAAA::1, subnet is AAAA::/64 AAFF::1, subnet is AAFF::/64 [ANY] Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. Router1#
Note that the route has replaced the default link-local address with the new one we have defined. These link-local addresses will become more significant in Recipe 25.4 when we start talking about routing protocols.
We should finish this discussion with a brief explanation of the information shown at the end of the show ipv6 interface command, the lines that begin "ND". This referes to the IPv6 Neighbor Discovery process.
The IPv6 protocol includes automatic features that allow devices that share a network segment to discover one another. The Neighbor Discovery protocol is extremely simple, and amounts to little more than simply sending ICMP messages. The values shown in the command output indicate how often the router will send these messages. The two most important pieces of information here are the line that says "ND DAD is enabled", and the lines that describe "ND router advertisements".
DAD stands for Duplicate Address Detection, and is exactly that. When this feature is enabled, and it is enabled by default, the router will periodically send out packets testing to see if anybody else on the segment has taken over its address.
ND router advertisements (RA) packets are ICMP packets that the router sends out periodically to advertise itself as a router uses the default parameters, advertising itself as a router every 200 seconds. And, by default, it will retain information about other routers detected this way for 1,800 seconds.
See Also
Recipe 25.1; Recipe 25.4; RFC 3513; RFC 4291