66 Chapter 2 IP Addressing
You can add UDP ports to the list of broadcast packets that will be forwarded by using the
ip forward-protocol udp port
port - the destination UDP port number
You can add additional UDP broadcast packets that will be unicast-forwarded by using the ip
forward-protocol udp port command in global configuration mode, where port is the UDP
port number or related keyword for which to enable forwarding. You can also turn off the default
and additionally configured UDP broadcast packets that will be sent by using the no version of the
command. The following is an example of turning off the TFTP and TACACS service from being
forwarded to the helper address, turning on the Citrix client locator service, and configuring the
IP address of 220.127.116.11 as the helper address reachable through interface Ethernet0:
Router(config)#no ip forward-protocol udp tftp
Router(config)#no ip forward-protocol udp 49
Router(config)#ip forward-protocol udp 1604
Router(config-if)#ip helper-address 18.104.22.168
Decimal-to-Binary Conversion Chart
For your convenience, Table 2.12 provides a decimal-to-binary chart to help you with your IP
addressing. The vertical column of four digits is the leftmost binary digits, and the horizontal
row of four digits is the rightmost bits of each octet.
An Overview of IPv6 Addressing
The IPv6 addressing scheme has been developed to be compatible with the current IPv4 address-
ing standard, which allows the new IPv6 networks to coexist with IPv4 networks. IPv6 increases
the size of the address space from 32 bits to 128 bits, which provides
340,282,366,920,938,463,463,374,607,431,768,211,456, or 3.4 × 1038, addresses. IPv6 also
improves routing, security, and quality of service (QoS) features, while simplifying the IP
header. The IPv6 addressing architecture is described in RFC 3513, which defines how the
address space will be utilized.
Let’s talk about how IPv6 addresses are represented.
An Overview of IPv6 Addressing 67
TABLE 2.12 Decimal-to-Binary Chart
0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
0000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0001 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0010 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
0011 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
0100 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
0101 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
0110 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
0111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
1000 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143
1001 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
1010 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175
1011 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
1100 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207
1101 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223
1110 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
1111 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
IPv6 Address Format
Unlike the usual dotted-decimal format of the IPv4 address, IPv6 is represented by hexadecimal
numbers. A hexadecimal number is equivalent to four bits, also known as a nibble because it is half
a byte, and is numbered 0–9 and A–F. A represents 10 and F represents 15, and they are not case-
sensitive. The IPv6 address is a 32-digit hexadecimal numeric value, in eight four-digit clusters,
known as fields, separated by colons (:), representing the 128-bit address. Here is an example of a
valid IPv6 address: 1041:0000:130B:0000:0000:09C0:586C:1305.
There are some techniques used to shorten the IPv6 address. One of these techniques is to
omit leading 0s in the address field, so 0000 can be compressed to just 0 and 09C0 can be com-
pressed to 9C0. You can omit leading 0s but not trailing 0s. The previous IPv6 address example
68 Chapter 2 IP Addressing
could be shortened to 1041:0:130B:0:0:9C0:586C:1305. Another technique is to use double
colons (::) to represent a contiguous block of 0s. Again, the previous IPv6 address can be further
shortened to 1041:0:130B::9C0:586C:1305.
For some IPv6 addresses, this technique can really shorten the address. For example, the IPv6
address FF01:0:0:0:0:0:1 can be compressed to FF01::1. There is a limitation in using double
colons on the address. You can use it only once in any address, because if two double colons are
placed in the same address, there will be no way to identify the size of each block of 0s.
Let’s not forget about what is called the subnet mask in IPv4 terms but in the IPv6 world is
called the address prefix. The IPv6 prefix is used to distinguish which portion of the address rep-
resents the network identifier. The slash (/) followed by the prefix length is the format used for
IPv6 and is the same format used by CIDR for IPv4 addresses. The prefix length is a decimal
value that indicates the number of high-order contiguous bits that comprise the network por-
tion of the IPv6 address. An example of using the prefix is 1041:0:130B::9C0:586C:1305/64.
If the IPv6 address ends in a double colon, it can be omitted. For example, the IPv6 address
8010:968:8680:265::/64 can be written as 8010:968:8680:265/64.
Now let’s talk about the three types of IPv6 addresses.
IPv6 Address Types
IPv6 defines three types of addresses: unicast, anycast, and multicast. A unicast address is used to
represent a single interface on a device. A packet that is sent to a unicast address is delivered to the
interface identified by that address.
An anycast address is used to identify multiple different interfaces. A packet that is sent to an
anycast address will be delivered to the closest interface that has that anycast address assigned.
The routing protocol will determine which device will get the packet, based on shortest distance.
A multicast address is used to address a set of interfaces (within a certain scope) that will receive
the same packet. This is not unlike the way multicast works in the IPv4 world, except that there are
a lot more multicast addresses available. Let’s discuss each of these address types in greater detail.
IPv6 Unicast Address
There are different types of unicast addresses:
Global unicast address
Site-local unicast address
Link-local unicast address
IPv4-mapped IPv6 address
IPv4-compatible IPv6 address
The other type of unicast address, 0:0:0:0:0:0:0:1, or ::1, is the loopback address and per-
forms the same function as 127.0.0.1 does in IPv4. It is used to identify a transmission sent by
a node back to itself, usually for testing purposes, and should never leave the sending node. This
cannot be assigned to a physical interface, and IPv6 routers do not forward traffic either sourced
from or destined to this address.
An Overview of IPv6 Addressing 69
Global Unicast Address
The IPv6 aggregatable global unicast address is the equivalent to the Class A, B, or C IPv4 address.
Theoretically, a global unicast address is any address that is not one of the other named types,
which accounts for 85 percent of the IPv6 address space. But IANA has been limited to allocating
only aggregatable global unicast addresses, which begin with binary 001, a portion of the address
known as the global unicast format prefix, which is 2000::/3 in IPv6 hexadecimal notation. This
is still the largest block of assigned IPv6 addresses and represents 1⁄8 of the total address space.
The structure of global unicast addresses enables aggregation of the routing prefixes that will
limit the number of routing table entries in the global routing table. Global unicast addresses are
aggregated upward through an organization and eventually to the Internet service providers
(ISPs). Figure 2.7 shows that global unicast addresses, which start with binary 001, are made up
of a global routing prefix, followed by a subnet ID, and finally an interface ID.
FIGURE 2.7 IPv6 global unicast address format
Provider Site Host
3 bits 45 bits 16 bits 64 bits
Global Routing Prefix Subnet ID Interface ID
Global unicast addresses are required to have 64-bit interface identities in the extended universal
identifier (EUI-64) format. IPv6 uses a modified EUI-64 format to identify a unique interface on a
network segment. This modified EUI-64 is based on the Data Link layer (MAC) address of an inter-
face. It usually inserts the 16-bit value of 0xFFFE between the 24-bit vendor ID and the 24-bit
vendor-supplied unique extension identifier of the MAC address. Also the modified EUI-64 format
says that the u-bit, which is usually set to 0 by the manufacturer to signify a globally unique value
of the address, must be inverted, or set to 1, which indicates that the address may have a less official
value that must only be unique on a local level. This gives the administrator the freedom and flexi-
bility to design a locally significant addressing scheme for links, such as serial links and tunnel end-
points, which do not have burned-in hardware addresses from which to create an interface ID.
Figure 2.8 shows how this modification would take place.
A MAC address of 0060.08D2.7B4B will be converted to the 64-bit identifier of
0260.08FF.FED2.7B4B. This identifier is then used to create an IPv6 address such as
Site-Local Unicast Address
Site-local unicast addresses are similar in concept to the RFC 1918 Intranet address space for
IPv4 networks. These addresses can be used to restrict communication to a specific portion of
the network or to assign addresses for a network that is not connected to the global Internet
without requiring a globally unique address space. IPv6 routers will not forward traffic with
site-local source or destination addresses outside the boundary of the site’s network.
70 Chapter 2 IP Addressing
FIGURE 2.8 Converting a MAC address to an EUI-64 address
Vendor Identifier Unique Extension Identifier
24 bits 24 bits
VVVVVV1VVVVVVVVVVVVVVVVV 1111111111111110 UUUUUUUUUUUUUUUUUUUUUUUU
The site-local unicast addresses use the prefix range FEC0::/10, which is padded with 38 0s
and then appends the 16-bit subnet identifier, followed by the 64-bit interface ID. Figure 2.9
shows the format of the site-local unicast address.
FIGURE 2.9 Site-local unicast address
0 Subnet ID Interface ID
38 bits 16 bits 64 bits
Link-Local Unicast Address
A link-local unicast address is used in the neighbor discovery protocol and is used only on the
local link network. This is used by the stateless auto-configuration process for devices to dis-
cover the Data Link layer address of the network and to find and keep track of neighbors. A
link-local unicast address uses the prefix range FE80::/10, which is padded with 54 0s, followed
by the 64-bit interface ID. Figure 2.10 shows the format of the link-local unicast address.
FIGURE 2.10 Link-local unicast address
0 Interface ID
54 bits 64 bits
An Overview of IPv6 Addressing 71
IPv4-Compatible IPv6 Address
As a transition mechanism, the IPv4-compatible IPv6 address is used to tunnel IPv6 packets over
an IPv4 infrastructure, without the need to preconfigure tunnels through the IPv4 network. This
address type embeds an IPv4 address in the low-order 32 bits. It pads all 96 high-order bits with
0s. It is used between two interfaces that support both the IPv4 and IPv6 protocol stacks, but are
separated by devices that support only IPv4, and the format is 0:0:0:0:0:0:A.B.C.D, or ::A.B.C.D,
where A.B.C.D is the IPv4 unicast address. Nodes that are assigned IPv4-compatible IPv6
addresses perform automatic tunneling. Whenever a node with one of these addresses sources or
receives an IPv6 packet whose next hop is over an IPv4 interface, it must encapsulate the IPv6
packet within an IPv4 packet before sending it out. Conversely, these nodes must be prepared to
accept IPv4 packets with IPv6 packets encapsulated within. In addition to the information found
in RFC 3513, RFC 2893 gives additional details concerning IPv4-compatible IPv6 addresses.
IPv4-Mapped IPv6 Address
This type of address also embeds an IPv4 address in the low-order 32-bits, but with 0s in only
the first 80 high-order bits and 1s in the next 16 bits—bits 81 to 96. This address type is used
by devices that support both IPv4 and IPv6 protocol stacks in order that they may commu-
nicate with devices that support only IPv4. On the dual-stack device, an IPv6 application that
is sending traffic to the IPv4 device’s IPv4-mapped IPv6 address will recognize the meaning
of this type of address and send IPv4 packets—not IPv6 packets—to that destination. In other
words, this type of addressing mechanism does not encapsulate IPv6 packets within IPv4
packets. Conversely, if such a node receives a pure IPv4 packet that must be forwarded into
the IPv6 domain, the dual-stack node will create the IPv4-mapped IPv6 address, to be used as
the IPv6-header source address, from the incoming packet’s original IPv4 source address. So
any return traffic will be known by the dual-stack node to be destined for an IPv4-only inter-
face, and will be forwarded as such. IPv4-mapped IPv6 addresses are even more of a transition
mechanism, and their address format is ::FFFF:A.B.C.D, where A.B.C.D is the IPv4 unicast
address. A common use for this type of address is when an IPv6-enabled DNS server responds
to the request of a dual IPv6/IPv4 node with the IP address of an IPv4-only node. The DNS
server returns the IPv4-mapped IPv6 address, and the dual node knows what to do from there.
An unspecified IPv6 address is a special address that is used as a placeholder by a device that does
not have an IPv6 address. This might happen when the node requests an address from a DHCP
server or when the duplicate address detection packet is sent. The format is 0:0:0:0:0:0:0:0 but can
be represented by 0::0 or just ::/128. This IPv6 address cannot be assigned to any interface and
should not be used as a destination address.
IPv6 Anycast Address
An IPv6 anycast address is a global unicast address that is assigned to many interfaces in dif-
ferent devices on the network. This means that this same network address is assigned to more
than one interface on the network. A packet that is sent to an anycast address will be delivered
to the closest interface with that anycast address. The closest interface is determined by the rout-
ing protocol being used. Because anycast addresses are global unicast addresses, there is no way
to tell that a global unicast address is also an anycast address.
72 Chapter 2 IP Addressing
Therefore, any device configured with an anycast address will have to be configured explicitly
to recognize the address as an anycast address. You will never see traffic from an anycast address
because you cannot source IPv6 traffic using an anycast address; it is used only for destination
traffic. In fact, RFC 3513 suggested using anycast addresses only for routers—not end nodes—
until the complexities of their use could be determined in the real world.
IPv6 Multicast Address
In the IPv6 world, there is no such thing as broadcast traffic because it is all multicast traffic—no
more broadcast storms. IPv6 multicast traffic has a prefix of FF00::/8 and is used as an identifier
for a set of interfaces that want to receive the same packets. This is very similar to the way multi-
cast works in the IPv4 world, with one exception. IPv6 multicast traffic can be limited to a certain
scope. The octet after the initial 0xFF prefix defines the public/private nature and scope of the
multicast address. The first nibble of the octet determines if this is a transient (0001) or permanent
(0000) multicast address, with the first three bits always set to 0. A permanent multicast address
is a well-known or IANA-assigned address. A transient address is locally assigned. The second
nibble determines the scope of the multicast address and can be one of the following:
Interface-local, for loopback multicast transmissions only (0001–1)
The remaining 112 bits are used for the multicast group ID. This means that you can have
millions of multicast groups. The following are the special reserved multicast addresses used to
identify specific functions:
FF01::1—All nodes within the interface-local scope (only within this device)
FF02::1—All nodes on a local link (link-local scope)
FF01::2—All routers within the interface-local scope
FF02::2—All routers on a local link
FF05::2—All routers in the site (site-local scope)
FF02::1:FFXX:XXXX—Solicited-node multicast address, where XX:XXXX is the lower-
order 24 bits of the IPv6 address of an interface.
The TTL—time to live—value is not used in IPv6 multicast to define scope.
Exam Essentials 73
The solicited-node multicast addresses are used in neighbor solicitation messages to assist
with neighbor discovery. An IPv6 node must join the associated solicited-node multicast group
for every unicast or anycast address assigned. Neighbor solicitation messages are not covered
because they are beyond the scope of this study guide.
IP addresses can be separated into Classes A, B, C, D, and E. Class D is used for multicast traffic,
and Class E is currently not being used. The first octet identifies to which class it belongs:
Class A addresses have first octets in the range from 0 to 127, Class B addresses have first octets
from 128 to 191, and Class C addresses have first octets from 192 to 223. CIDR is used to easily
identify the subnet mask of an IP address with slash notation, as well as to allow ISPs to assign
non-classful address space to customers, thus reducing wasted addresses. VLSM is used to allow
a network to be variably subnetted to make more efficient use of the IP addresses available.
Some routing protocols allow for VLSM (e.g., RIPv2 and EIGRP) because they transmit the
mask of the network within the routing update.
Route summarization reduces the number of routes needed to represent a set of networks.
This preserves the resources, such as memory and processor cycles, on the routers in the net-
work. When two or more subnets of the same classful network are separated by a different
classful network, this makes the separated network discontiguous and will result in the inabil-
ity to reduce the number of advertisements and subsequent routing table entries. For some
routing protocols that automatically summarize routes, this can cause reachability problems,
so you need to use a classless routing protocol and disable automatic summarization, if it is
With the global shortage of IPv4 address space, a new protocol has been introduced that will
alleviate this problem without affecting end-to-end functionality. IPv6 not only greatly increases
the number of IP addresses available, but it also brings improvements and new features to the IP
protocol. These features are an expanded number of multicast addresses, the ability to natively
support IPSec and QoS, and automatically determining the local subnet address without using
DHCP by using the stateless auto-configuration process. IPv6 brings new features and concepts to
networking that you will need to know.
Understand VLSM. Variable-length subnet masks enable a classful network to contain sub-
networks of varying sizes. This allows a more efficient use of the network address space. For
point-to-point links you can use a 30-bit or the new 31-bit mask, both of which allow for only
two hosts, without requiring the same mask used on a LAN segment.