IPv6 Link local
address
The
purpose of this document is to provide an understanding of IPv6 Link-local
address in a network.
A link-local address is
an IPv6 unicast address that can be automatically configured on any interface
using the link-local prefix FE80::/10 (1111 1110 10) and the interface
identifier in the modified EUI-64 format. Link-local addresses are not
necessarily bound to the MAC address (configured in a EUI-64 format).
Link-local addresses can also be manually configured in the FE80::/10 format
using the ipv6 address link-local command.
These addresses refer
only to a particular physical link and are used for addressing on a single link
for purposes such as automatic address configuration and neighbor discovery
protocol. Link-local addresses can be used to reach the neighboring nodes
attached to the same link. The nodes do not need a globally unique address to
communicate. Routers will not forward datagram using link-local addresses. IPv6
routers must not forward packets that have link-local source or destination
addresses to other links. All IPv6 enabled interfaces have a link-local unicast
address.
So, In a computer network, a link-local address is
a network address that is valid only for communications within the network segment (link) or the broadcast domain that the host is connected to.
Link-local addresses
are usually not guaranteed to be unique beyond a single network segment. Routers therefore do not forward packets with link-local addresses.
For protocols that have only link-local addresses, such as Ethernet, hardware addresses that the
manufacturer delivers in network circuits are unique, consisting of a vendor
identification and a serial identifier.
Link-local addresses for IPv4 are
defined in the address block 169.254.0.0/16, in CIDR notation. In IPv6,
they are assigned with the FE80::/64 prefix. [1]
Video https://supportforums.cisco.com/video/11930026/understanding-ipv6-link-local-address
In this example, the
routers R1, R2 and R3 are connected via serial interface and have the IPv6
addresses configured as mentioned in the network diagram. Loopback addresses
are configured on the routers R1 and R3, and the routers use OSPFv3 to
communicate with each other. This example uses the ping command
to demonstrate the connectivity between the routers using link-local addresses.
The routers R1 and R3 can ping each other with the IPv6 global unicast address,
but not with their link-local address. However, router R2 being directly
connected to R1 and R3 can communicate with both the routers using their
link-local address, because link-local addresses are used only within that
local network specific to the physical interface.
Network Diagram
Router R1
|
!
hostname R1
!
ipv6 cef
!
ipv6 unicast-routing
!
interface Loopback10
no ip
address
ipv6
address 2010::/64 eui-64
!--- Assigned a IPv6 unicast address in EUI-64
format.
ipv6
ospf 1 area 1
!--- Enables OSPFv3 on the interface and
associates
the
interface looback10 to area 1.
!
interface Loopback20
no ip
address
ipv6
address 2020::/64 eui-64
ipv6
ospf 1 area 2
!--- Associates the Interface loopback20 to
area 2.
!
interface Serial0/0
no ip
address
ipv6
address 2001::1/124
ipv6
ospf 1 area 0
!--- Associates the Interface serial0/0 to area
0.
clock
rate 2000000
!
ipv6 router ospf 1
router-id 1.1.1.1
!--- Router R1 uses 1.1.1.1 as router id.
log-adjacency-changes
!
end
|
Router R2
|
Router R3
|
hostname R2
!
ipv6 cef
!
!
!
!
ipv6 unicast-routing
!
!
!
interface Serial0/0
no ip
address
ipv6
address 2001::2/124
ipv6
ospf 1 area 0
clock
rate 2000000
!
!
interface Serial0/1
no ip
address
ipv6
address 2002::1/124
ipv6
ospf 1 area 0
clock
rate 2000000
!
!
!
ipv6 router ospf 1
router-id 2.2.2.2
log-adjacency-changes
!
end
|
!
hostname R3
!
ipv6 cef
!
ipv6 unicast-routing
!
interface Loopback10
no ip
address
ipv6
address 1010::/64 eui-64
ipv6
ospf 1 area 1
!
interface Loopback20
no ip
address
ipv6
address 2020::/64 eui-64
ipv6
ospf 1 area 2
!
interface Serial0/0
no ip
address
ipv6
address FE80::AB8 link-local
ipv6
address 2002::2/124
ipv6
ospf 1 area 0
clock
rate 2000000
!
ipv6 router ospf 1
router-id 3.3.3.3
log-adjacency-changes
!
end
|
Verifying OSPF Configuration
In order to verify the OSPF has been configured properly, use the show ipv6 route ospf command in routers R1 and R3.
show ipv6 route ospf
|
Router R1
R1#show ipv6 route ospf
IPv6 Routing Table - 10 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
OI 1010::C002:1DFF:FEE0:0/128 [110/128]
via FE80::C001:1DFF:FEE0:0, Serial0/0
O 2002::/124 [110/128]
via FE80::C001:1DFF:FEE0:0, Serial0/0
OI 2020::C002:1DFF:FEE0:0/128 [110/128]
via FE80::C001:1DFF:FEE0:0, Serial0/0
Router R3
R3#show ipv6 route ospf
IPv6 Routing Table - 10 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
O 2001::/124 [110/128]
via FE80::C001:1DFF:FEE0:0, Serial0/0
OI 2010::C000:1DFF:FEE0:0/128 [110/128]
via FE80::C001:1DFF:FEE0:0, Serial0/0
OI 2020::C000:1DFF:FEE0:0/128 [110/128]
via FE80::C001:1DFF:FEE0:0, Serial0/0
|
Verifying Link-Local Address Reachability
The routers can ping each other with the global unicast address.
However, when using link-local address only the directly connected networks can
communicate. For example, R1 can ping R3 using global unicast address but the
two routers cannot communicate using link-local addresses. This is shown using
the ping and debug
ipv6 icmp commands
in router R1 and R3. This section provides scenarios to develop a better
understanding about link-local addresses.
Pinging Link-Local Address
from Remote Network
When the router R1 tries to communicate with router R3 using the
link local address, the router R1 returns with an ICMP time-out message
indicating that the link-local address is locally specific and cannot
communicate to link-local addresses that are outside the directly connected
network.
Pinging R3's Link-Local Address from router R1
|
In Router R1
R1#ping FE80::AB8
!--- Pinging Link-Local Address of router R3.
Output Interface: serial0/0
!--- To ping LLA, output interface must be entered.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::AB8, timeout is 2 seconds:
Packet sent with a source address of FE80::C000:1DFF:FEE0:0
.....
Success rate is 0 percent (0/5)
!--- The ping is unsuccessful and the ICMP packet cannot reach
the destination through serial0/0. This timeout indicates that R1 has not
received any replies from the router R3. |
For
router R2, the routers R1 and R3 are directly connected and can ping the
link-local address of both router R1 and R2 by mentioning the corresponding
interface that is connected to the router. The output is shown here:
Pinging R1 Link-Local Addresses from router R2
|
In Router R2
R2#ping FE80::C000:1DFF:FEE0:0
!--- Pinging Link-Local Address of router R1.
Output Interface: serial0/0
!--- Note that, to ping LLA, output interface
should be mentioned
In our case, R2 connects to R1 via serial0/0.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to
FE80::C000:1DFF:FEE0:0, timeout is 2 seconds:
Packet sent with a source address of
FE80::C001:1DFF:FEE0:0
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 0/19/56 ms
Debug output from R1
R1#
*Mar 1
03:59:53.367: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.371: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.423: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.427: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.463: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.463: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.467: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.467: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
R1#
*Mar 1
03:59:53.471: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
03:59:53.471: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
!--- The debug output shows that the router R2
can
ping router R1's link-local address.
|
Pinging R3 Link-Local Addresses from router R2
|
In Router R2
R2#pingFE80::AB8
!--- Pinging Link-Local Address of router R3.
Output Interface: serial0/1
!--- Note that,to ping LLA,output interface
should be mentioned.
In our case, R2 connects to R3 throught
serial0/1.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::AB8,
timeout is 2 seconds:
Packet sent with a source address of
FE80::C001:1DFF:FEE0:0
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 0/18/60 ms
Debug output from R3
R3#
*Mar 1
04:12:11.518: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.522: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.594: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.598: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.618: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.618: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.622: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.622: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
R3#
*Mar 1
04:12:11.626: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
04:12:11.630: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
!--- The debug output shows that the router R2
can
ping router R3's link-local address.
|
The
link-local address as the name implies, is specific only to that local network.
In other words, the routers can have the same link-local address and still the
directly connected network can communicate with each other without any
conflict. This will not be the same in case of global unicast address. The
global unicast address being routable should be unique in a network. The show
ipv6 interface brief command shows the information about
link-local address on the interface.
show ipv6 interface brief
|
In router R1
R1#show ipv6 interface brief
Serial0/0 [up/up]
FE80::AB8
2001::1
Loopback10 [up/up]
FE80::C000:1DFF:FEE0:0
2010::C000:1DFF:FEE0:0
Loopback20 [up/up]
FE80::C000:1DFF:FEE0:0
2020::C000:1DFF:FEE0:0
In router R3
R3#show ipv6 interface brief
Serial0/0 [up/up]
FE80::AB8
2002::2
Loopback10
[up/up]
FE80::C002:1DFF:FEE0:0
1010::C002:1DFF:FEE0:0
Loopback20 [up/up]
FE80::C002:1DFF:FEE0:0
2020::C002:1DFF:FEE0:0
!--- Shows that R1 and R3's serial interface
has same
link-local address FE80::AB8.
|
In
this example, R1 and R3 are assigned with the same link-local address and R2
can still reach both the routers by specifying the corresponding output
interface.
Pinging R1 and R3's Link-local address from R2
|
Pinging R1's
link-local address from R2
R2#ping FE80::AB8
Output Interface: serial0/0
!--- R2 is connected to R1 through serial0/0.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::AB8,
timeout is 2 seconds:
Packet sent with a source address of
FE80::C001:1DFF:FEE0:0
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 0/26/92 ms
Debug output from R1
R1#
*Mar 1
19:51:31.855: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.859: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.915: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.919: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.947: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.947: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.955: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.955: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
R1#
*Mar 1
19:51:31.955: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:51:31.955: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
Pinging R3's
link-local address from R2
R2#ping FE80::AB8
Output Interface: serial0/1
!--- R2 is connected to R1 through serial0/1.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::AB8,
timeout is 2 seconds:
Packet sent with a source address of
FE80::C001:1DFF:FEE0:0
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 4/28/76 ms
Debug output from R3
R3#
*Mar 1
19:53:38.815: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.819: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.911: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.915: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.923: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.927: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.955: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.955: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
R3#
*Mar 1
19:53:38.963: ICMPv6: Received echo request from FE80::C001:1DFF:FEE0:0
*Mar 1
19:53:38.963: ICMPv6: Sending echo reply to FE80::C001:1DFF:FEE0:0
|
Note: The R2 can ping the link-local address of R1
and R3 only because they are directly connected. R2 cannot ping the link-local
address of the loopback interfaces in routers R1 and R3 as they are not
directly connected. Ping works on link-local addresses only in case of directly
connected networks.
Note: Traceroutes do not work in case of link-local
addresses and return with the %
No valid source address for destination. error
message. This is because IPv6 routers must not forward packets that have
link-local source or destination addresses to other links.
