IPv6 Deep Dive

How It Works

IPv4 has 4,294,967,296 addresses. That seemed like plenty in 1981. As of today, there are over 15 billion internet-connected devices, and that number grows by millions per month. IPv4 address exhaustion is not a future concern — it happened. IANA distributed the last top-level /8 blocks in February 2011. All five Regional Internet Registries have reached their final allocations. The entire internet runs on borrowed time through NAT, CGNAT, and increasingly aggressive address reclamation.

IPv6 solves this with a 128-bit address space: 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. But IPv6 is not just "more addresses." It is a redesigned network layer that eliminates NAT, simplifies the header, enables stateless autoconfiguration, and restores the end-to-end principle that NAT destroyed.

IPv6 Address Format

An IPv6 address is 128 bits, written as eight groups of four hexadecimal digits separated by colons:

2001:0db8:85a3:0000:0000:8a2e:0370:7334

Shortening rules reduce verbosity:

1. Leading zeros in each group can be omitted: 2001:db8:85a3:0:0:8a2e:370:7334
2. Consecutive all-zero groups can be replaced with :: (once per address): 2001:db8:85a3::8a2e:370:7334
3. The loopback address is ::1 (127 zero bits followed by a 1)
4. The unspecified address is :: (all zeros)

Address Types and Scopes

IPv6 does not have broadcast. Three address types replace it:

Type	Purpose	Example
Unicast	One-to-one communication	2001:db8::1
Multicast	One-to-many communication (replaces broadcast)	ff02::1 (all nodes on link)
Anycast	One-to-nearest (same address on multiple nodes)	Used for DNS root servers, CDN routing

Address scopes determine reachability:

Link-local (fe80::/10) — automatically configured on every IPv6 interface. Valid only on the local link. Used for NDP, router discovery, and as next-hop addresses in routing tables. These addresses are mandatory and always present.

Global unicast (2000::/3) — the equivalent of IPv4 public addresses. Globally routable and assigned by SLAAC or DHCPv6. The current allocation space starts with 2 or 3.

Unique local (fc00::/7, practically fd00::/8) — the IPv6 analog of RFC 1918 private addresses (10.x, 172.16.x, 192.168.x). Routable within a site but not on the public internet.

SLAAC: Zero-Configuration Addressing

Stateless Address Autoconfiguration is one of IPv6's most elegant features. A device can configure itself with a globally routable address without any DHCP server:

1. Interface comes up — the device generates a link-local address from fe80::/10 plus an interface identifier (derived from the MAC address via EUI-64, or randomized via privacy extensions)
2. Router solicitation — the device sends an ICMPv6 Router Solicitation to the all-routers multicast address ff02::2
3. Router advertisement — a router responds with the network prefix (e.g., 2001:db8:1::/64), the default gateway, and configuration flags
4. Address generation — the device combines the /64 prefix with its interface identifier to form a globally routable address
5. Duplicate Address Detection (DAD) — the device sends a Neighbor Solicitation for its new address. If no response comes back, the address is confirmed unique

# View IPv6 addresses on an interface
ip -6 addr show eth0

# Typical output:
# inet6 fe80::1a2b:3c4d:5e6f:7a8b/64 scope link        ← link-local (always present)
# inet6 2001:db8:1::a1b2:c3d4/64 scope global dynamic   ← global (from SLAAC)

# Monitor Router Advertisements
radvdump  # on Linux, shows RA contents in real time

DHCPv6 exists for environments that need centralized address assignment, DNS server configuration, or address logging. It can run in stateful mode (assigns addresses like DHCPv4) or stateless mode (SLAAC assigns addresses, DHCPv6 only provides DNS and other options). The choice is signaled by flags in the Router Advertisement: the M flag triggers stateful DHCPv6, the O flag triggers stateless.

NDP: Neighbor Discovery Protocol

NDP replaces ARP, ICMP Router Discovery, and ICMP Redirect from IPv4. It runs over ICMPv6 and uses five message types:

Message	ICMPv6 Type	Purpose
Router Solicitation	133	Host asks for Router Advertisements
Router Advertisement	134	Router announces prefix, default route, and flags
Neighbor Solicitation	135	Address resolution (replaces ARP) and DAD
Neighbor Advertisement	136	Response to Neighbor Solicitation
Redirect	137	Router tells host about a better next-hop

NDP is more secure than ARP by design — it uses ICMPv6 with link-local source addresses and can be protected by SEND (SEcure Neighbor Discovery, RFC 3971), though SEND deployment remains rare. In practice, RA Guard and DHCPv6 Guard on switches provide the primary defense against rogue routers and rogue DHCP servers.

# View the NDP neighbor table (equivalent of arp -a)
ip -6 neigh show

# Send a Neighbor Solicitation manually
ndisc6 2001:db8:1::1 eth0

The IPv6 Header

The IPv6 header is deliberately simpler than IPv4:

Field	Size	Notes
Version	4 bits	Always 6
Traffic Class	8 bits	Equivalent to IPv4 ToS/DSCP
Flow Label	20 bits	Identifies packet flows for QoS — unique to IPv6
Payload Length	16 bits	Length of everything after the header
Next Header	8 bits	Identifies the next header (TCP=6, UDP=17, ICMPv6=58, or extension headers)
Hop Limit	8 bits	Equivalent to IPv4 TTL
Source Address	128 bits
Destination Address	128 bits

What IPv6 removed: no header checksum (handled by upper layers and link-layer checksums), no fragmentation fields (routers do not fragment in IPv6 — the source must perform Path MTU Discovery), no options field (replaced by extension headers in a chain). The fixed 40-byte header enables faster hardware processing.

Transition Mechanisms

The internet cannot switch from IPv4 to IPv6 overnight. Three transition strategies exist:

Dual-stack — every device runs both IPv4 and IPv6. Applications use Happy Eyeballs (RFC 8305) to race IPv4 and IPv6 connections simultaneously and use whichever connects first. This is the dominant strategy and what most cloud providers implement.

NAT64/DNS64 — for IPv6-only networks that need to reach IPv4-only servers. DNS64 synthesizes AAAA records for IPv4-only domains by embedding the IPv4 address in a well-known IPv6 prefix (typically 64:ff9b::/96). The NAT64 gateway receives IPv6 packets destined for this prefix, extracts the embedded IPv4 address, and translates the packet. T-Mobile US runs their entire mobile network this way.

464XLAT — extends NAT64 for applications that use literal IPv4 addresses. A CLAT (Customer-side translator) on the device provides a local IPv4 address and translates to IPv6. The traffic crosses the IPv6 network, hits the PLAT (Provider-side translator, a NAT64 gateway), and reaches the IPv4 internet. Android implements CLAT natively.

# Test IPv6 connectivity
ping6 google.com
curl -6 https://ipv6.google.com

# Check if dual-stack is working
curl https://test-ipv6.com/ip/?callback=test 2>/dev/null

# Test NAT64 translation (from an IPv6-only host)
dig AAAA ipv4only.arpa  # Returns the NAT64 prefix if DNS64 is active

Cloud Deployment: Dual-Stack in Practice

AWS VPC supports dual-stack subnets where EC2 instances receive both an IPv4 address and an IPv6 address. Key operational details:

• VPCs can have both IPv4 CIDR blocks and IPv6 /56 blocks (Amazon-provided or BYOIP)
• Subnets are assigned /64 prefixes from the VPC's IPv6 block
• Security groups and NACLs need rules for both address families — IPv6 rules are separate
• Egress-only internet gateway provides outbound IPv6 connectivity without allowing inbound connections — the IPv6 analog of NAT gateway's outbound-only behavior
• Application Load Balancers support dualstack mode, accepting both IPv4 and IPv6 connections on the frontend

GCP provides dual-stack VPCs with IPv6 on load balancers, GKE pod networking, and Cloud DNS AAAA records. Kubernetes itself supports dual-stack pod networking, assigning both IPv4 and IPv6 addresses to pods and supporting dual-stack Services.

Why IPv6 Is Faster

In practice, IPv6 connections are often measurably faster than IPv4 — not because IPv6 is inherently faster, but because of what it avoids:

1. No NAT traversal. IPv4 packets traverse multiple NAT layers (home router, CGNAT). Each NAT device adds latency and is a potential bottleneck. IPv6 packets go end-to-end.
2. Newer paths. IPv6 routing infrastructure was deployed more recently and often uses more direct paths. IPv4 routing carries legacy peering arrangements.
3. Less middlebox interference. IPv4 traffic passes through firewalls, proxies, and NATs that inspect and sometimes modify packets. IPv6 traffic typically has a cleaner path.
4. Happy Eyeballs picks the winner. When dual-stack is available, the client races both protocols. If IPv6 is faster (as it often is on mobile networks), the application uses it automatically.

Meta, Google, and Facebook have all published data showing that IPv6 connections have lower latency and higher throughput compared to IPv4 for the same endpoints, particularly on mobile networks where CGNAT overhead is significant.