IPv6 addresses via EUI-64: Points above i
This small article (once again) explains why IPv6 addresses are generated in such a strange, at first glance, way.
Those who understand the meaning of the procedure EUI-48 -> EUI-64 -> Modified EUI-64, the article is unlikely to enrich with new knowledge. The rest - welcome under cat.
By the nature of the activity, one often hears the comment “WHY ?!” about the mechanism for generating IPv6 addresses using EUI-64. For beginners in IPv6, it seems that it is assigned as follows: we take the MAC address, add the day the device was manufactured, Uruguay's zip code and temperature behind, throw everything into the mixer and get a unique IPv6. But in fact, all procedures have a very simple and understandable explanation.
')
MAC addresses. Used in many protocols (almost all IEEE 802-dot), including 802.3 (aka Ethernet) and 802.11 (aka WiFi). 48 bits, hex format, everything.
IEEE believes that the name MAC-48 does not reflect the essence, therefore it is correct to say “ EUI-48 ”.
In addition to 48-bit identifiers, 64-bit ones are also used. EUI-64 . Examples of protocols: FireWire, ZigBee, 802.15.4, 6LoWPAN and, as expected, IPv6.
Pros? For example, more addresses (48 bits will end by 2100, bid-bid), and you can also include EUI-48 as a subset.
Actually, the first step has nothing to do with IPv6. IEEE pre-reserved EUI-64 [24-bit] FF FE [24-bit] for addresses derived from EUI-48. Hence the generation mechanism: cut the MAC in half and write FFFE between the halves.
Thus, in step 1, we simply make from EUI-48 (read, MAC) a longer EUI-64 , which is used in IPv6.
And again, a tour of the MAC-addresses. Take the binary representation of the address. The first byte is important for us, or rather the low byte and the next byte. Since they will be transmitted backwards through the network, they can be called “first” and “second”, or “seventh” and “eighth” with equal success.
Thank you for the picture Wikipedia
The youngest bit is called Individual / Group , aka Multicast . If it is 0, then the destination is a node. If 1, then the frame with the default destination address will flood to all ports.
Example:
Neighboring bit - Unique / Local . Determines whether this address is considered unique or local (read: it was invented by the local administrator). If the bit is 0, then the address in theory corresponds to any organization ( list, for example ). If 1 - most likely, they invented themselves.
Example:
Corollary:
Cool, but why invert the U / L bit?
And this is just for convenience.
Take two routers. One will use theusual powder to use a unique MAC, which he inherited from his grandfather-Xerox, and on the other we will assign our “criminal” MAC address according to the will of the admin’s left heel.
Turn on IPv6 on the interface and feel the difference:
Because of the extra hextext, the admin of the first routerall the time cursed his hands typing more characters and was forced to retire for health reasons due to abrasion of the fingertips on the keyboard, and the second admin lived happily ever after.
As you can see, by inverting the bit on the second router, the additional hextet is “reduced” in the address. The unique addresses from inversion are usually neither hot nor cold, because they are rarely "beautiful." But locally assigned MAC-addresses will thus allow to generate more convenient IPv6-addresses.
Summarizing, in IPv6 to obtain the interface identifier, the MAC address is first converted to EUI-64 (cut in half, FFFE is inserted between the halves), and then, for our convenience, the U / L bit is inverted. And now I understand why.
A spoon of tar:
The mechanism for obtaining an EUI-64 address can also be called “NSA Kind Joy”: on any network, regardless of the prefix, it will give the same rather unique identifier, by which it will be easy to track the movement of the device. Therefore, for the sake of privacy and security for, modern OS on end devices generate addresses randomly.
IPv6, although at first glance it seems to be a stranger from space, is in fact quite logical and even, miraculously, convenient. Hope the information was helpful. And if the stars converge as necessary, and laziness is self-winning, I will try to write more articles on the topic of IPv6.
Those who understand the meaning of the procedure EUI-48 -> EUI-64 -> Modified EUI-64, the article is unlikely to enrich with new knowledge. The rest - welcome under cat.
By the nature of the activity, one often hears the comment “WHY ?!” about the mechanism for generating IPv6 addresses using EUI-64. For beginners in IPv6, it seems that it is assigned as follows: we take the MAC address, add the day the device was manufactured, Uruguay's zip code and temperature behind, throw everything into the mixer and get a unique IPv6. But in fact, all procedures have a very simple and understandable explanation.
')
Let's start by adding FFFE .
MAC addresses. Used in many protocols (almost all IEEE 802-dot), including 802.3 (aka Ethernet) and 802.11 (aka WiFi). 48 bits, hex format, everything.
IEEE believes that the name MAC-48 does not reflect the essence, therefore it is correct to say “ EUI-48 ”.
In addition to 48-bit identifiers, 64-bit ones are also used. EUI-64 . Examples of protocols: FireWire, ZigBee, 802.15.4, 6LoWPAN and, as expected, IPv6.
Pros? For example, more addresses (48 bits will end by 2100, bid-bid), and you can also include EUI-48 as a subset.
Actually, the first step has nothing to do with IPv6. IEEE pre-reserved EUI-64 [24-bit] FF FE [24-bit] for addresses derived from EUI-48. Hence the generation mechanism: cut the MAC in half and write FFFE between the halves.
Thus, in step 1, we simply make from EUI-48 (read, MAC) a longer EUI-64 , which is used in IPv6.
Step 2 - Bit Inversion
And again, a tour of the MAC-addresses. Take the binary representation of the address. The first byte is important for us, or rather the low byte and the next byte. Since they will be transmitted backwards through the network, they can be called “first” and “second”, or “seventh” and “eighth” with equal success.
Thank you for the picture Wikipedia
The youngest bit is called Individual / Group , aka Multicast . If it is 0, then the destination is a node. If 1, then the frame with the default destination address will flood to all ports.
Example:
Addresses 01: 00: 00: 00: 00: 01 and 03: 12: 34: 56: 78: 90 - multicast. On the nodes they can not be assigned.
Neighboring bit - Unique / Local . Determines whether this address is considered unique or local (read: it was invented by the local administrator). If the bit is 0, then the address in theory corresponds to any organization ( list, for example ). If 1 - most likely, they invented themselves.
Example:
Address 02: 00: 00: AB: CD: EF we came up with ourselves (U / L bit is 1), but address 04: DA: D2: AB: CD: EF, most likely belongs to some piece of hardware from Cisco.
Corollary:
Almost all unique MAC addresses will have the first byte multiple of 4 (04, 08, 0, 10, 14, etc.). Do the invented addresses, respectively, even, but not a multiple of 4, that is, 02, 06, 0A and so on.
Cool, but why invert the U / L bit?
And this is just for convenience.
Take two routers. One will use the
R1-unique#show interfaces Fa0/0 FastEthernet0/0 is administratively down, line protocol is down Hardware is Gt96k FE, address is 0000.0000.0001 (bia 0018.1845.f0e2) !U/L 0, ( Xerox) R2-local#show interfaces Fa0/0 FastEthernet0/0 is administratively down, line protocol is down Hardware is Gt96k FE, address is 0200.0000.0001 (bia 0018.1845.f0e2) !U/L 1, Turn on IPv6 on the interface and feel the difference:
R1-unique#sh ipv6 interface brief FastEthernet0/0 [administratively down/down] FE80::200:FF:FE00:1 R2-local#show ipv6 interface brief FastEthernet0/0 [administratively down/down] FE80::FF:FE00:1 Because of the extra hextext, the admin of the first router
As you can see, by inverting the bit on the second router, the additional hextet is “reduced” in the address. The unique addresses from inversion are usually neither hot nor cold, because they are rarely "beautiful." But locally assigned MAC-addresses will thus allow to generate more convenient IPv6-addresses.
Summarizing, in IPv6 to obtain the interface identifier, the MAC address is first converted to EUI-64 (cut in half, FFFE is inserted between the halves), and then, for our convenience, the U / L bit is inverted. And now I understand why.
A spoon of tar:
The mechanism for obtaining an EUI-64 address can also be called “NSA Kind Joy”: on any network, regardless of the prefix, it will give the same rather unique identifier, by which it will be easy to track the movement of the device. Therefore, for the sake of privacy and security for, modern OS on end devices generate addresses randomly.
IPv6, although at first glance it seems to be a stranger from space, is in fact quite logical and even, miraculously, convenient. Hope the information was helpful. And if the stars converge as necessary, and laziness is self-winning, I will try to write more articles on the topic of IPv6.
Source: https://habr.com/ru/post/245323/
All Articles