22 Oct 2013

Breaking down an IPv6 address

Let's take a long hard look at an IPv6 address. Amazon supply IPv6 addresses with their EC2 cloud computers. When you fire up an EC2 virtual machine, you get an IPv6 address like this.

fe80::2000:aff:fea7:f7c

There's a lot of meaning packed into that strange-looking identifier. A few companies have tackled IPv6 but to most it's just plain confusing. Why is it so confusing? And how can you decipher what it means?

Connect to your AWS EC2 instance, find your network interface and its IPv6 address, and let's do some serious IPv6 breakdown.

The name of your EC2 network interface is eth0

Every physical computer has sockets with cables plugged into them and so does your virtual EC2 machine. Each network socket has a stack of names and addresses (MAC, IPv4, and IPv6) and a stack of networking software to do the talking. These are collectively referred to as "the interface".

Use the ip addr command to display lots of information about your EC2 network interfaces.

 [ec2-user@ip-10-167-15-124 ~]$ ip addr    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host     valid_lft forever preferred_lft forever    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 22:00:0a:a7:0f:7c brd ff:ff:ff:ff:ff:ff     inet 10.167.15.124/26 brd 10.167.15.127 scope global eth0     inet6 fe80::2000:aff:fea7:f7c/64 scope link     valid_lft forever preferred_lft forever    [ec2-user@ip-10-167-15-124 ~]$   
That's a dozen lines packed with details, written in a shorthand that makes it hard to read. At this low level, you have to take more care describing your work to others. As with all common collective terms like "server" and "cloud", "interface" is an easy way to describe the big picture but not so great for details. IPv6 is one of those details.

Information overload is confusing

In the land of film and TV, the sound engineer has to listen to a constant barrage of noise and learn to pick out the details that are important. It's the same for the system administrator – the CLI (Command Line Interface) fills up with data and you learn to see the good stuff and filter out the rest.

All that information displayed by the ip addr command is organized into two numbered sections, for the two network interfaces, lo and eth0:

  • The lo name is short for loopback, a name left over from the days of soldered wires. The lo interface is only meant for use within this EC2 machine, not to talk to the outside world.
  • The eth0 name is short for Ethernet interface number 0 - Ethernet is the dominant networking technology (after winning the 1980s protocol wars) and 0 is from IT's traditional way of counting (no, there is no good reason to start from 0 instead of 1). The eth0 interface is what customers use – including you and your SSH client - so that's what we care about.

We can ignore the lo section and stare at the eth0 section until details start to emerge.

My IPv6 address is fe80::2000:aff:fea7:f7c

The IPv6 address is on this line.

inet6 fe80::2000:aff:fea7:f7c/64 scope link

You can filter out the words on either side of the big address. The word at the start of the line - inet6 - is a label. Like all text in the world of Linux, it is abbreviated to save on typing and display space. The words scope link tell network administrators that this is a normal address for sending and receiving information (there are a few variations on this theme to meet obscure needs).  

The /64 bit stuck on the end of that string fe80::2000:aff:fea7:f7c/64 is a leftover from IPv4 days. It's called CIDR (Classless Inter-Domain Routing) - it's a network administrator thing. CIDR is used to split an address in half – the first part is used as an address for the network and the second part as an address for the computer.

This /64 isn't required. IPv6 isn't like IPv4. That fe80 field at the start means the same thing to a network administrator.

Hexadecimal is confusing

The IPv6 address show by that ip addr command is fe80::2000:aff:fea7:f7c. That's a translation, not the original address. An IPv6 address that a computer sees is not fe80::2000:aff:fea7:f7c – it is 128 zeros and ones in a great big long row.

Binary data is no good for people so an IPv6 address is translated into hexadecimal, split into 8 fields, and colons are placed between these eight fields. It's a system that only a scientist can love.

Each field is a collection of four hexadecimal digits, like that fe80 at the start. Now I've mentioned three different number systems, which is enough to put off most people.

  • binary digits are 0 and 1. The computer uses these.
  • The decimal digits that everyone knows are 1, 2, 3, 4, 5, 6, 7, 8 and 9.
  • There are sixteen hexadecimal digits - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e and f.

The IPv6 rules are confusing

If an IPv6 address is 8 sets of hexadecimal digits, what's going on with fe80::2000:aff:fea7:f7c?  That's six sets, not eight. And no way are there four digits in each part.

This address does not follow the pattern of 8 sets of 4 hexadecimal digits. If you count the fields around the colons, you get six. A couple of fields seem to be missing entirely, and those six fields vary in size.

  • The first field is fe80 - that's OK, it's four hexadecimal digits.
  • The second field doesn't have any digits at all.
  • The fourth one – aff – only has three digits.

What's happened is your operating system started out with an IPv6 address that is 8 fields of four digits, like this.

fe80:0000:0000:0000:2000:0aff:fea7:0f7c

Then it applied a couple of IPv6 address shortening rules.

Rule #1: You can replace a big string of zeros with the symbol "::".

The OS uses this rule to turn fe80:0000:0000:0000:2000:0aff:fea7:0f7c into:

fe80::2000:0aff:fea7:0f7c

Your SSH server listens to all interfaces. In IPv6 speak, the address for all interfaces is all zeros, like this: 0000:0000:0000:0000:0000:0000:0000:0000. The OS uses this rule to change this really long address into the really short:

::

Using your sysadmin skills, enter the command netstat –an, which displays lots of network interface information (this command is safe – it makes no changes). See if you can spot that symbol in the list it displays.

Rule #2: You can remove the leading zeros in a field.

The OS uses this rule to turn fe80::2000:0aff:fea7:0f7c into:

fe80::2000:aff:fea7:f7c

Practice, practice, practice

An IPv6 address is built in this way to make the Internet work. The Internet is full of machines that need to figure out how to communicate automatically, without human intervention. It's hard for us poor humans to make the shift from IPv4 to IPv6, but it will make the Internet a better place.

Like everything in life, IPv6 takes practice. The more you work on IPv6, the more you will see through the cloud of confusion to the clever engineering.

No comments:

Post a Comment