The Idiosyncrasies of IPv6 on Cisco Devices

Let's take a look at various idiosyncrasies of the IPv6 configuration on Cisco IOS layer 3 equipment, to gain a deeper understanding of how it behaves.

IPv6 is a new beast that can be intimidating at times. Even the most seasoned network professionals may find it confusing, especially since most of us have been “brought up” on IPv4. Indeed, you’ve probably become so proficient with IPv4 that you can do subnetting in your sleep!

But IPv6 is so different that it can be disconcerting to some. Among the difficulties involved is how particular vendors implement and activate the protocol on their equipment and how IPv6 enabled interfaces subsequently behave. This is also the case for IPv6 enabled Cisco routers and layer 3 switches.

In this article, we’ll take a look at various idiosyncrasies of the IPv6 configuration on Cisco IOS layer 3 equipment, to gain a deeper understanding of how it behaves on such devices.

A word about IPv6 and Cisco

Basic IPv6 functionalities were introduced in Cisco IOS version 12.2(2)T, which was actually released in January of 2003. So, the commands and the functionality have been around for a very long time.

For those that have become intimately familiar with IPv4, changing gears and understanding the logic and philosophy behind IPv6 implementations on Cisco routers can be somewhat difficult. We need to forget what we know about configuring IPv4 and approach IPv6 configuration from scratch.

For example, when I first worked with IPv6 on a Cisco device, I had configured an interface to function using IPv6. At some point, I wanted to disable it and use IPv4 again. I continually tried the

no ipv6 enable

command on the interface, but simply couldn’t get rid of the configuration!  

This is just one of the idiosyncrasies of IPv6 configuration that we’ll clarify shortly.

If you’re mystified about what IPv6 is and how it differs from IPv4, it may be worthwhile to check out our IPv4 versus IPv6 article before moving on.

For the purposes of this article, I’ll be using Cisco IOSv Version 15.9(3)M2 in a Cisco Modeling Labs environment. The commands should be identical for virtually all Cisco IOS layer 3 devices.

Configuring IPv6 on a Cisco router

All Cisco IOS devices start off with IPv6 disabled. To enable IPv6, you do so on a per interface basis.

Enabling IPv6 on a Cisco IOS device

IPv6 can be enabled in one of three ways, by:

  1. simply enabling it on the interface using the appropriate command
  2. assigning a static IPv6 address
  3. enabling the stateless autoconfig feature

Let’s take a look at how we can achieve all three of these options:

Enabling IPv6 on an interface

This requires just one simple command in the interface configuration mode:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface GigabitEthernet0/0
Router(config-if)#ipv6 enable
Router(config-if)#

That’s all there is to it.

But wait, we haven’t assigned an IPv6 address yet, what do you mean we’ve enabled IPv6? Well actually, we have. The device has automatically created what is known as an IPv6 link-local address on this interface. You can see it here:

Router#show ipv6 interface GigabitEthernet0/0
GigabitEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5054:FF:FE10:60C7
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
	FF02::1
	FF02::1:FF10:60C7
  MTU is 1500 bytes
!<-- output omitted -->

Among other things observed here, you can see that IPv6 is enabled on the interface, and a link-local IPv6 address has been assigned to the interface. That’s all it takes to enable IPv6. You’ll also notice that this interface has joined two multicast group addresses.  

We’ll talk about those shortly.

Assigning an IPv6 address to an interface

Instead of using the ipv6 enable command, you can simply assign an IPv6 global unicast address to the interface.  Let’s remove the command we applied above, and statically assign an IPv6 address of 2001::1/64 to the interface.

Router(config-if)#no ipv6 enable
Router(config-if)#ipv6 address 2001::1/64
Router(config-if)#

See what effects that has on the IPv6 state of the interface:

Router#show ipv6 interface GigabitEthernet0/0
GigabitEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5054:FF:FE10:60C7
  No Virtual link-local address(es):
  Global unicast address(es):
	2001::1, subnet is 2001::/64
  Joined group address(es):
	FF02::1
	FF02::1:FF00:1
	FF02::1:FF10:60C7
  MTU is 1500 bytes
!<-- output omitted -->

Even without the ipv6 enable command, we’ve enabled IPv6 on the interface. There’s a link-local address, and now we also see the global unicast address we assigned. Also, notice that the interface has joined three multicast group addresses.

At this point, we can choose to add the ipv6 enable command to the interface or even to negate it with the no ipv6 enable command, but neither of these commands will have any effect. Since an IPv6 address has been assigned, the interface will always be IPv6 enabled.

Before we look in detail why we see this behavior, let’s observe the third way in which IPv6 can be enabled.

Enabling IPv6 autoconfig on the interface

Remove the IPv6 global unicast address we configured, and this time, let’s use the IPv6 autoconfiguration feature. We can do all this with the following commands:

Router(config)#inter gig 0/0
Router(config-if)#no ipv6 address
Router(config-if)#ipv6 address autoconfig
Router(config-if)#

How’s that altered the results on the IPv6 configuration status of the interface?

Router#show ipv6 interface GigabitEthernet0/0
GigabitEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5054:FF:FE10:60C7
  No Virtual link-local address(es):
  Stateless address autoconfig enabled
  No global unicast address is configured
  Joined group address(es):
	FF02::1
	FF02::1:FF10:60C7
  MTU is 1500 bytes
!<-- output omitted -->

Notice the following:

  • IPv6 is enabled
  • A link-local address is assigned
  • No global unicast address is assigned
  • Stateless address autoconfig is enabled, which is a result of the command we applied
  • The interface has joined two multicast address groups

One thing we can ask ourselves here is why is there no global unicast address configured?  

When using the autoconfig keyword for the IPv6 address configuration, we are telling the interface to obtain an IPv6 address using a mechanism called StateLess Address Auto-Configuration or SLAAC, which is unique to IPv6.  

Using SLAAC, IPv6 interfaces are able to discover any IPv6 routers on the network segment they are connected to. If a router is discovered, it will respond with the required information for the interface to obtain an IPv6 global unicast address.

In our example here, there is no such router on the network segment, and that is why we see no IPv6 global unicast address assigned to the interface.

However, let’s create an IPv6 router, add it to the network segment and see the behavior of the interface:

Router#show ipv6 interface GigabitEthernet0/0
GigabitEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5054:FF:FE10:60C7
  No Virtual link-local address(es):
  Stateless address autoconfig enabled
  Global unicast address(es):
	2001:1234::5054:FF:FE10:60C7, subnet is 2001:1234::/64 [EUI/CAL/PRE]
  	valid lifetime 2591991 preferred lifetime 604791
  Joined group address(es):
	FF02::1
	FF02::1:FF10:60C7
  MTU is 1500 bytes
!<-- output omitted -->

This additional information indicates that a global unicast address has been added, and it will be valid for a specific amount of time.

Deductions and digging deeper

From the above configurations and output, we can come to some conclusions and also include several additional statements that will make this whole configuration more understandable.

The benefits of the “ipv6 enable” command

One may think that we don’t really need this command if we assign a static or an autoconfig IPv6 address. Although this is true, by using this command in all cases, we can ensure that IPv6 remains enabled on this interface even if you, or your network admin successor sometime in the future, remove all IPv6 address configurations.  

This ensures that even if such changes are made, IPv6 remains enabled on the interface, and it retains its IPv6 link-local address.

The link-local address

Assigning a global unicast IPv6 address is not a prerequisite to enabling IPv6.  

The telltale sign that IPv6 has been enabled (beyond the blatant statement in the output of the show ipv6 interface command) is the link-local address. If you have that, then IPv6 is up and running. Indeed, the link-local address is the one that is used for exchanging dynamic routing protocol messages, for employing SLAAC, and for use with the Neighbor Discovery Protocol (NDP) employed extensively by IPv6.

One additional way to enable IPv6 is to statically assign an IPv6 link-local address via the ipv6 address link-local command. Just make sure that the address is within the valid link-local range of FE80::/10, otherwise you will get an error message.

The global unicast address

This address is unnecessary for basic communications employed by routers. Actually, a router can function using simply its link-local addresses.  

The global unicast address is only necessary when accessing that router’s management interface remotely, from a network segment that is not directly connected to one of the router’s interfaces. Otherwise, a router is quite content making do only with its link-local addresses.

Global unicast addresses are primarily used by the hosts or user equipment that is carrying user data, such as PCs, mobile phones, IP cameras, or IP phones, for example.

The nature of the interface

With the configurations we’ve applied here, the interface of the Cisco router is essentially configured to operate as an IPv6 host.  To enable IPv6 routing on a Cisco IOS device, so that IPv6 packets received on one interface will be routed to another, employ the following command:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ipv6 unicast-routing
Router(config)#

Once this command is activated in global configuration mode, the device acts as a router and begins sending Router Advertisements as part of its IPv6 router functionality.

Multicast IPv6 address groups

As we saw in all IP enabled cases, the interfaces were added to two or more multicast IPv6 address groups. These will take a little more explaining to understand, but suffice it to say that these addresses are extensively leveraged by NDP.  

I’m sure you’ve heard that IPv6 has eliminated broadcast communication on a network segment. Well, these little gems are what make this innovation possible.

Conclusion

By looking at the practical configuration of IPv6 on a Cisco IOS device and seeing the resulting behavior from applying specific commands, we can see how IPv6 behaves in the IOS environment. Not only that, we can also gain a deeper understanding of the various newly introduced intricacies of the IPv6 protocol.

This article gives you an opportunity to begin digging deeper into IPv6.  

There’s so much more to say, about how SLAAC functions in detail, about the NDP protocol, as well as the use of multicast in IPv6 to name just a few topics.  

What would you like us to write about in the future, to help you get the most out of your IPv6 implementation? Let us know in the comments below!

Lazaros Agapidis

Lazaros Agapidis

Lazaros Agapidis is a telecommunications and networking specialist with over twenty years of experience in network design, architecture, deployment, and management. He’s worked with multiple wired and wireless technologies including IP networks, fiber optics, Wi-Fi, as well as mobile communication networks. He has developed training content and courses for multiple vendors, and has been directly involved with teaching telecommunications for more than a decade. Over the years, he’s gained valuable first-hand experience from working on various large-scale telecom projects from both the enterprise as well as the telecom provider point of view.

What do you think about this article?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About us

RouterFreak is a blog dedicated to professional network engineers. We
focus on network fundamentals, product/service reviews, and career advancements.

Disclaimer

As an Amazon Associate, I earn from qualifying purchases.

RouterFreak is supported by its audience. We may receive a small commission from the affiliate links in this post, at no extra cost to our readers.

Topics

Recommended

NFA