Saturday, March 5, 2016

Is this IPv6-link-local address (as reported by Windows) correct? If so, why?



From what I read online, an IPv6 link-local address is generated by taking the network interface's MAC address, inserting an FF:FE word into the middle of it, OR'ing in some additional bits, et voila: e.g. MAC address 00:3E:E1:c6:20:c2 corresponds to IPv6 link-local address fe80::23e:e1ff:fec6:20c2%en0, and a program that knows the MAC address can compute the IPv6 address, or vice-versa.



That seems to work fine on my Macintosh, but on my co-worker's Windows machine we see this (from ipconfig's output):



Connection-specific DNS Suffix  . :

Link-local IPv6 Address . . . . . : fe80::eb:b41:3e4c:fd9e%11
IPv4 Address. . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :


Here it looks like the network interface's MAC address (which is 0b:41:3e:4c:fd:9e ) has had only the byte "eb" OR'd in to the front of it, rather than inserting ff:fe into the middle as I would have expected.



Can anyone explain why that is? i.e. is Windows doing something contrary to the IPv6 link-local address specification here, or is it just using some other acceptable MAC->IPv6 convention that I'm unaware of? Or perhaps vendors are just allowed to do whatever they want when generating an fe80 address from a MAC address?


Answer




It's not that a link-local address is required to be generated from the MAC address; it never has been a requirement. You can manually assign link-local addresses on many devices.



What you are seeing with Windows is the use of Privacy Extensions and random addressing. Instead of the original way of assigning a SLAAC Interface ID, Privacy Extensions and random address generation were introduced. This is the default for Windows, but it can be disabled.



See RFC 4862, IPv6 Stateless Address Autoconfiguration and RFC 4941, Privacy Extensions for Stateless Address Autoconfiguration in IPv6.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...