IPv6

IPv6 Local Area Network (LAN)

In IPv6, every communication happens over IPv6 packets.

IPv6 doesn't use ARP and so you are protected from all ARP related vulnerabilities (like ARP spoofing). The equivalent of ARP in IPv6 uses link local addresses and ICMPv6.

ip -6 neigh show

IPv4 uses subnet to help move packets in LAN so a IPv4 host cannot directly contact a host that is in a different subnet even if it is in the same broadcast domain.

Unlike IPv4, an IPv6 host can do this; since, IPv6 works on link-local basis. So entire local (link layer) network is reachable.

IPv6 has "unicast" and "multicast" addresses (like IPv4). In IPv6 there is no concept of a "broadcast" address. Instead IPv6 provides properly defined "anycast" address (unlike IPv4).

IPv6 Routing

When a provider providers IPv6 connectivity to an end site/user/customer, they often provide a "link prefix" and a "routed prefix".

Link Prefix is used for connecting the end router/device/CPE to service provider, while 'routed prefix" is usually larger than /64 (like /56) which can be divided and provided by router/device/CPE at the end to downstream hosts/devices (hierarchical routing). So routed prefix is used within the end user/customer site.

By using routed prefix, a single neighbor cache entry for the gateway can serve the purpose.

Instead of link prefix, RFC 4193 (link scopped) addresses can be used to connect a provider to end user/customer.

DHCPv6

If you need stateful IP addresses (meaning same IP is used/allocated to same device on persist basis) you need to eigher use static IP or use HDCPv6. DHCPv6 uses device DUID to assign (lease) IP addresses to hosts.

Note that DHCPv6 doesn't provide default route so you need to run a router advertisement daemon (like radvd) to provide default routes to clients/hosts.

Determine DUID of a new host/device.

Please note that DUID is specific to the machine, not to an interface. DUID-LLT is often times default type of DUID that hosts/devices use.

DUID-LLT and DUID-LL are not predictable or known before booting the host as they depend on mac (which in some cases can be randomized on each boot) as well as order in which interaces come up. For hosts where persistent storage is available, these DUIDs can be (will be) genrated by OS/firmware on first boot and then are usually saved for continued use. So deriving the DUID of the host is very hard problem, don't attempt that.

Instead do inital bootstrap and read the genreated DUID and record it for HDCPv6 uses (and can print this alongside in case of h/w devices).

Linux NeworkManager uses DUID-UUID because DUID-LL/LLT are not guaranteed to remain constant across boots. Generated DUID-UUID gets stored into the leasefile /var/lib/dhcp/dhclient6.leases.

DUID-LL is specifically useful and recommended for cases where the client has no stable storage (Network printers are good example).

Ref: https://serverfault.com/questions/426183/how-does-ipv6-subnetting-work-and-how-does-it-differ-from-ipv4-subnetting

Links:

Ref: [1]: https://www.ietf.org/mail-archive/web/dhcwg/current/msg17419.html [2]: https://www.ietf.org/mail-archive/web/dhcwg/current/msg17421.html